reddit hackernews mail facebook facebook linkedin
Whispers

Whispers

Identify hardcoded secrets in static structured text.

Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CD pipeline.

Detects:
- Passwords
- API tokens
- AWS keys
- Private keys
- and many more...

The following commonly used formats are currently supported:
- YAML
- JSON
- XML
- .npmrc
- .pypirc
- .htpasswd
- and many more...

The following language files are parsed as text, and checked for common variable declaration and assignment patterns:
- JavaScript
- Java
- Go
- PHP

Special Formats:
- AWS credentials files
- JDBC connection strings
- Jenkins config files
- and many more...