Nim package names cannot contain hyphens, so `nimble install -y nph` in the lint workflow aborted on `validatePackageName` before nph could be installed, causing the Nim lint job to fail with `nph: command not found`. Renaming the manifest to match the binary name resolves it and lets contributors run nimble inside the project. |
||
|---|---|---|
| .. | ||
| learn | ||
| src | ||
| tests | ||
| .gitignore | ||
| Justfile | ||
| LICENSE | ||
| README.md | ||
| config.nims | ||
| credenum.nimble | ||
| install.sh | ||
README.md
██████╗██████╗ ███████╗██████╗ ███████╗███╗ ██╗██╗ ██╗███╗ ███╗
██╔════╝██╔══██╗██╔════╝██╔══██╗██╔════╝████╗ ██║██║ ██║████╗ ████║
██║ ██████╔╝█████╗ ██║ ██║█████╗ ██╔██╗ ██║██║ ██║██╔████╔██║
██║ ██╔══██╗██╔══╝ ██║ ██║██╔══╝ ██║╚██╗██║██║ ██║██║╚██╔╝██║
╚██████╗██║ ██║███████╗██████╔╝███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║
╚═════╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝
Post-access credential exposure detection for Linux systems, written in Nim.
This is a quick overview. Security theory, architecture, and full walkthroughs are in the learn modules.
What It Does
- Scans Linux home directories for exposed credentials across 7 categories
- Detects unprotected SSH keys, plaintext cloud credentials, browser credential stores, shell history secrets, keyrings, Git tokens, and application credentials
- Classifies findings by severity based on file permissions and exposure risk
- Reports in terminal with color-coded output or structured JSON for automation
- Compiles to a single static binary with zero runtime dependencies
Quick Start
bash install.sh
credenum
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Stack
Language: Nim 2.2+ (ORC memory management)
Build: Just, Nimble, musl (static linking), UPX (compression), zigcc (cross-compilation)
Testing: Nim unittest, Docker (integration tests with planted credentials)
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0