Dashboard — Git Leak Explorer

Analysis Dashboard

https://startup-api.io

⚠️ CRITICAL SECRETS DETECTED 3

GitHub Token	.github/workflows/deploy.yml	ghp_16C7e42F292c6912E7710c838347Ae178B4a
Slack Token	.env.production	xoxb-263594206-2162371917-token_removed
Generic API Key	src/db/prisma.ts	access_token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.DEMO'

View Secrets Report →

🛡 Hardening & Config 4 failures

HEAD	EXPOSED
refs_heads	OK
packed_refs	OK
index	EXPOSED
objects_root	EXPOSED
logs	OK
config	EXPOSED
stash	OK
info_refs	OK

Full Diagnostic →

⏳ Recent History 6 commits

HEAD: aeed18f2

aeed18f	ci: add GitHub Actions deploy workflow	2025-02-28
ae7e256	feat: add rate limiting middleware	2025-02-25
c0bf4de	fix: rotate leaked Slack token (oops)	2025-02-20
e9d7744	feat: JWT authentication	2025-02-15
b8d7d33	init: project scaffold	2025-02-10
REFLOG	temp: hardcode token for staging test (REVERTED)	ORPHAN

Explore Timeline →

👤 Identities (OSINT)

3

Identified Authors

Developers and emails extracted from history.

View User List →

📂 Files (.git Index) 12 files

src/app.ts	Remote ↗
src/auth/jwt.ts	Remote ↗
src/routes/auth.ts	Remote ↗
src/routes/users.ts	Remote ↗
src/middleware/rateLimit.ts	Remote ↗
src/controllers/authController.ts	Remote ↗
src/db/prisma.ts	Remote ↗
.github/workflows/deploy.yml	Remote ↗

+4 more files

Full Listing →

🌐 Infrastructure Map 5

API_ENDPOINT	/api/v1/auth/login	src/routes/auth.ts
API_ENDPOINT	/api/v1/users	src/routes/users.ts
EXTERNAL_HOST	api.startup-api.io	src/app.ts
EXTERNAL_HOST	hooks.slack.com	src/middleware/rateLimit.ts
IP_ADDRESS	10.0.1.42	.env.production

Open Infrastructure Map (5) →

🔨 Brute-Force Files 4

.env.production	VERSIONED
.github/workflows/deploy.yml	VERSIONED
../../../etc/shadow	LOCAL
package.json	VERSIONED

Full Brute-Force Report →

📦 Packfiles 0

No packfiles detected.

⚠️ Other Leaks (--full-scan) 0

No additional leaks.