Cybersecurity-Projects/PROJECTS/intermediate/credential-enumeration
CarterPerez-dev a40d064009 fix(credential-enumeration): rename .nimble to credenum.nimble
Nim package names cannot contain hyphens, so `nimble install -y nph`
in the lint workflow aborted on `validatePackageName` before nph could
be installed, causing the Nim lint job to fail with `nph: command not
found`. Renaming the manifest to match the binary name resolves it
and lets contributors run nimble inside the project.
2026-04-29 01:23:40 -04:00
..
learn fix(credential-enumeration): rename .nimble to credenum.nimble 2026-04-29 01:23:40 -04:00
src feat: sbom generator & vulnerability matcher + docstrings across 6 projects 2026-04-08 23:53:40 -04:00
tests fix(credential-enumeration): rename .nimble to credenum.nimble 2026-04-29 01:23:40 -04:00
.gitignore feat: credential enumeration complete 2026-04-04 20:21:19 -04:00
Justfile feat: credential enumeration complete 2026-04-04 20:21:19 -04:00
LICENSE feat: credential enumeration complete 2026-04-04 20:21:19 -04:00
README.md feat: credential enumeration complete 2026-04-04 20:21:19 -04:00
config.nims feat: credential enumeration complete 2026-04-04 20:21:19 -04:00
credenum.nimble fix(credential-enumeration): rename .nimble to credenum.nimble 2026-04-29 01:23:40 -04:00
install.sh fix(credential-enumeration): rename .nimble to credenum.nimble 2026-04-29 01:23:40 -04:00

README.md

 ██████╗██████╗ ███████╗██████╗ ███████╗███╗   ██╗██╗   ██╗███╗   ███╗
██╔════╝██╔══██╗██╔════╝██╔══██╗██╔════╝████╗  ██║██║   ██║████╗ ████║
██║     ██████╔╝█████╗  ██║  ██║█████╗  ██╔██╗ ██║██║   ██║██╔████╔██║
██║     ██╔══██╗██╔══╝  ██║  ██║██╔══╝  ██║╚██╗██║██║   ██║██║╚██╔╝██║
╚██████╗██║  ██║███████╗██████╔╝███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║
 ╚═════╝╚═╝  ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝  ╚═══╝ ╚═════╝ ╚═╝     ╚═╝

Cybersecurity Projects Nim License: AGPLv3 MITRE ATT&CK

Post-access credential exposure detection for Linux systems, written in Nim.

This is a quick overview. Security theory, architecture, and full walkthroughs are in the learn modules.

What It Does

  • Scans Linux home directories for exposed credentials across 7 categories
  • Detects unprotected SSH keys, plaintext cloud credentials, browser credential stores, shell history secrets, keyrings, Git tokens, and application credentials
  • Classifies findings by severity based on file permissions and exposure risk
  • Reports in terminal with color-coded output or structured JSON for automation
  • Compiles to a single static binary with zero runtime dependencies

Quick Start

bash install.sh
credenum

[!TIP] This project uses just as a command runner. Type just to see all available commands.

Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin

Stack

Language: Nim 2.2+ (ORC memory management)

Build: Just, Nimble, musl (static linking), UPX (compression), zigcc (cross-compilation)

Testing: Nim unittest, Docker (integration tests with planted credentials)

Learn

This project includes step-by-step learning materials covering security theory, architecture, and implementation.

Module Topic
00 - Overview Prerequisites and quick start
01 - Concepts Security theory and real-world breaches
02 - Architecture System design and data flow
03 - Implementation Code walkthrough
04 - Challenges Extension ideas and exercises

License

AGPL 3.0