vcsmap on


Plugin-based tool to scan public version control systems for sensitive information.

vcsmap already includes a couple of plugins. Each plugin looks for files that match a certain search query, and extracts the right data from those files.

Each plugin has a @search_string that is used to search for matching files, and a couple of regex matchers to extract the needed data. Of course you don't need to use regex, it's also possible to parse the file (e.g. with JSON), as long as your plugin returns a valid table_header and matching credentials.