gshark
Scan for sensitive information easily and effectively.
The Lens
gshark watches public code for your secrets before someone else finds them. It scans GitHub, GitLab, Searchcode, and Postman for leaked API keys, tokens, and credentials that match rules you define, then surfaces the hits in a web dashboard. The job it does is the same one GitGuardian charges for: catching the AWS key an employee pasted into a public gist before it turns into a bill or a breach. It is open source under Apache-2.0.
This is a real application to run, not a script. There is a Go backend, a Vue frontend, and a database, plus API tokens for each source you want to scan. Budget an afternoon to stand it up and some ongoing care to tune rules so you are not drowning in false positives. Once it is running, it is yours: your data never leaves your infrastructure, which matters when the thing you are searching for is your own leaked credentials.
Solo developers and small teams who mostly need to watch their own org: gshark is a solid free option and the self-hosting is manageable. Larger security teams that want managed coverage, validity checking, and a support line will still find GitGuardian or similar worth paying for. If you only need to scan your own repos in CI, lighter tools like gitleaks or trufflehog may be a better fit than standing up a whole platform.
The catch: a tool that hunts for exposed secrets across public code is dual-use by nature, and the docs lean heavily Chinese. Nothing wrong with either, but factor in the reading and the responsibility before you point it at the whole internet.
Free vs Self-Hosted vs Paid
fully freeFree: Apache-2.0, the entire platform. All four sources (GitHub, GitLab, Searchcode, Postman), the rule engine, the dashboard.
Self-hosted: The only option. Go backend plus Vue frontend plus a database, configured with API tokens per source. Plan for setup and rule-tuning time.
Paid: None from the project. The paid equivalent is a managed service like GitGuardian, which trades the setup work for a subscription and adds validity checks and support.
Free and open source under Apache-2.0. You pay in setup and tuning time instead of a GitGuardian subscription.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
Similar Tools
License: Apache License 2.0
Use freely. Patent grant included.
Commercial use: ✓ Yes
About
- Owner
- Neal Caffery (User)
- Stars
- 1,035
- Forks
- 156
Explore Further
More tools in the directory
career-ops
AI-powered job search system built on Claude Code. 14 skill modes, Go dashboard, PDF generation, batch processing.
56.7k ★kitty
If you live in the terminal, kitty is made for you! Cross-platform, fast, feature-rich, GPU based.
33.7k ★owncast
Take control over your live stream video by running it yourself. Streaming + chat out of the box.
11.4k ★