Plug&Play - one line installation with Docker.
Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com
.
Currently supports:
Filter results with a built-in heuristic engine.
Enhance results with IOLs (Indicators Of Leak):
Allows to ignore public sources, (e.g., "junk" repositories by web crawlers).
OOTB ignore list of common "junk" sources.
Acknowledge a leak, and only get notified if the source has been modified since the previous scan.
Built-in ELK to search for data in leaks (including full index of Git repositories with IOLs).
Notify on new leaks
cd Leaktopus
cp .env.example .env
docker-compose up -d
In addition to the basic personal access token option, Leaktopus supports Github App authentication. Using Github App is recommended due to the increased rate limits.
To use Github App authentication, you need to create a Github App and install it on your organization/account. See Github's documentation for more details.
After creating the app, you need to set the following environment variables:
GITHUB_USE_APP=True
GITHUB_APP_ID
GITHUB_INSTALLATION_ID
- The installation id can be found in your app installation.GITHUB_APP_PRIVATE_KEY_PATH
(defaults to /app/private-key.pem
)Mount the private key file to the container (see docker-compose.yml
for an example). ./leaktopus_backend/private-key.pem:/app/private-key.pem
* Note that GITHUB_ACCESS_TOKEN
will be ignored if GITHUB_USE_APP
is set to True
.
If you wish to update your Leaktopus version (pulling a newer version), just follow the next steps.
git pull
# Force image recreation
docker-compose up --force-recreate --build
The built-in heuristic engine is filtering the search results to reduce false positives by:
OpenAPI documentation is available in http://{LEAKTOPUS_HOST}:8000/apidocs.
Service | Port | Mandatory/Optional |
---|---|---|
Backend (API) | 8000 | Mandatory |
Backend (Worker) | N/A | Mandatory |
Redis | 6379 | Mandatory |
Frontend | 8080 | Optional |
Elasticsearch | 9200 | Optional |
Logstash | 5000 | Optional |
Kibana | 5601 | Optional |
The above can be customized by using a custom docker-compose.yml file.
As for now, Leaktopus does not provide any authentication mechanism. Make sure that you are not exposing it to the world, and doing your best to restrict access to your Leaktopus instance(s).
Contributions are very welcomed.
Please follow our contribution guidelines and documentation.