leaky-repo

1
#########################################################################################################
2
# We break secrets into two categories, "risk" and "informative".
3
# Lines that are "risk" presents an actual risk, "informative" discloses potentially sensitive or useful information.
4
# The CSV counts any line containing risk as "Risk", and lines with Informatives as "Informative".
5
# Lines with both risk and informative are treated as a single line of risk to simplify counting.
6
# Lines with multiple risks or informatives are still counted as 1.
7
#########################################################################################################
8
# name,num_risk,num_informative
9
.bash_profile,6,5
10
.bashrc,3,3
11

12
# Here the users are informative, the auth is risk. 
13
# The URLs may be informative in rare cases, but will likely
14
# just be docker hub in most cases.
15
.docker/.dockercfg,2,2
16
# Same as above
17
.docker/config.json,2,2
18

19
# For all 4 firefox profiles:
20
# Risk: encryptedUsername, encryptedPassword
21
# Informative: hostname, timeCreated, timeLastUsed, timePasswordChanged, timesUsed
22
.mozilla/firefox/logins.json,8,20
23
.ssh/id_rsa,1,0
24
.ssh/id_rsa.pub,0,1
25
cloud/.credentials,2,2
26
cloud/.s3cfg,1,2
27
cloud/.tugboat,1,2
28
cloud/heroku.json,1,1
29
db/dump.sql,10,0
30
db/mongoid.yml,1,0
31
etc/shadow,1,0
32
filezilla/recentservers.xml,3,3
33
filezilla/filezilla.xml,2,1
34
high-entropy-misc.txt,0,2
35
misc-keys/cert-key.pem,1,0
36

37
# Putty has both public and private keys
38
misc-keys/putty-example.ppk,1,1
39
proftpdpasswd,1,0
40
web/ruby/config/master.key,1,0
41
web/ruby/secrets.yml,3,0
42
web/var/www/.env,6,4
43
.npmrc,2,1
44
web/var/www/public_html/wp-config.php,9,3
45
web/var/www/public_html/.htpasswd,1,0
46
.git-credentials,1,0
47

48
# Risk: userPassword, sshPassphrase, sshUserPassword
49
# Informative: serverHost, sshHost, sshUserName, userName
50
db/robomongo.json,3,4
51
web/js/salesforce.js,1,0
52
.netrc,2,0
53
hub,1,1
54
config,1,3
55
db/.pgpass,1,0
56
ventrilo_srv.ini,2,0
57
web/var/www/public_html/config.php,1,3
58
db/dbeaver-data-sources.xml,1,0
59

60
# Risk: password
61
# Informative: hostname, username
62
.esmtprc,2,1
63
web/django/settings.py,1,0
64

65
# Risk: password
66
# Informative: host, username, remotePath
67
deployment-config.json,3,1
68

69
# Risk: password, passphrase (for private key)
70
# Informative: host, user, remote
71
.ftpconfig,3,2
72

73
# Risk: password
74
# Informative: hostname, username
75
.remote-sync.json,1,2
76

77
# Risk: password
78
# Informative: host, remotePath, username
79
.vscode/sftp.json,1,3
80

81
# Risk: password
82
# Informative: host, remote_path, user
83
sftp-config.json,1,3
84

85
# Risk: fileTransfer password
86
# Informative: webServer name+url
87
.idea/WebServers.xml,1,1