Cybersecurity-Projects/PROJECTS/intermediate/dlp-scanner
dependabot[bot] 04bccaf58a
chore(deps): bump soupsieve in /PROJECTS/intermediate/dlp-scanner
Bumps [soupsieve](https://github.com/facelessuser/soupsieve) from 2.8.3 to 2.8.4.
- [Release notes](https://github.com/facelessuser/soupsieve/releases)
- [Commits](https://github.com/facelessuser/soupsieve/compare/2.8.3...2.8.4)

---
updated-dependencies:
- dependency-name: soupsieve
  dependency-version: 2.8.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-09 21:25:59 +00:00
..
learn docs: update learn/ for dlp-scanner audit changes 2026-04-10 17:29:15 -04:00
src/dlp_scanner fix: remove unused imports and merge comparison in dlp-scanner 2026-04-11 07:27:25 -04:00
tests feat: dlp scanner — multi-format data loss prevention scanner 2026-04-10 17:14:30 -04:00
.dlp-scanner.yml feat: dlp scanner — multi-format data loss prevention scanner 2026-04-10 17:14:30 -04:00
.env.example feat: dlp scanner — multi-format data loss prevention scanner 2026-04-10 17:14:30 -04:00
.gitignore feat: dlp scanner — multi-format data loss prevention scanner 2026-04-10 17:14:30 -04:00
.style.yapf feat: dlp scanner — multi-format data loss prevention scanner 2026-04-10 17:14:30 -04:00
LICENSE add: AGPL 3.0 license files to hash-cracker, ebpf tracer, dlp scanner 2026-04-11 05:56:43 -04:00
README.md fix: update READMEs for ebpf tracer & dlp scanner 2026-04-11 05:38:49 -04:00
install.sh feat: dlp scanner — multi-format data loss prevention scanner 2026-04-10 17:14:30 -04:00
justfile fix: update READMEs for ebpf tracer & dlp scanner 2026-04-11 05:38:49 -04:00
pyproject.toml chore(deps): bump lxml in /PROJECTS/intermediate/dlp-scanner 2026-04-21 23:13:03 +00:00
uv.lock chore(deps): bump soupsieve in /PROJECTS/intermediate/dlp-scanner 2026-07-09 21:25:59 +00:00

README.md

██████╗ ██╗     ██████╗       ███████╗ ██████╗ █████╗ ███╗   ██╗
██╔══██╗██║     ██╔══██╗      ██╔════╝██╔════╝██╔══██╗████╗  ██║
██║  ██║██║     ██████╔╝█████╗███████╗██║     ███████║██╔██╗ ██║
██║  ██║██║     ██╔═══╝ ╚════╝╚════██║██║     ██╔══██║██║╚██╗██║
██████╔╝███████╗██║           ███████║╚██████╗██║  ██║██║ ╚████║
╚═════╝ ╚══════╝╚═╝           ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝

Cybersecurity Projects Python License: AGPLv3

Data Loss Prevention scanner for files, databases, and network traffic.

This is a quick overview. Security theory, architecture, and full walkthroughs are in the learn modules.

What It Does

  • Scans files (PDF, DOCX, XLSX, CSV, JSON, XML, YAML, Parquet, Avro, archives, emails) for PII, credentials, financial data, and PHI
  • Scans databases (PostgreSQL, MySQL, MongoDB, SQLite) with schema introspection and sampling
  • Scans network captures (PCAP/PCAPNG) with protocol parsing, TCP reassembly, and DNS exfiltration detection
  • Confidence scoring pipeline: regex match, checksum validation (Luhn, Mod-97, Mod-11), context keyword proximity, entity co-occurrence
  • Maps findings to compliance frameworks (HIPAA, PCI-DSS, GDPR, CCPA, SOX, GLBA, FERPA)
  • Reports in console (Rich tables), JSON, SARIF 2.1.0, or CSV

Quick Start

bash install.sh
dlp-scan file ./data

[!TIP] This project uses just as a command runner. Type just to see all available commands.

Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin

Usage

dlp-scan file ./data/employees/              # scan a directory
dlp-scan file ./report.pdf -f json           # scan a file, JSON output
dlp-scan db postgres://user:pass@host/db     # scan PostgreSQL
dlp-scan db sqlite:///path/to/local.db       # scan SQLite
dlp-scan network capture.pcap               # scan network traffic
dlp-scan file ./data -f sarif -o results.sarif  # SARIF for CI/CD
dlp-scan report convert results.json -f csv  # convert report format
dlp-scan report summary results.json         # print summary stats

Global Options

--config, -c    Path to YAML config file
--verbose, -v   Enable debug logging
--version       Show version

Output Formats

Format Flag Use Case
Console -f console Interactive review with Rich tables
JSON -f json Structured analysis and archival
SARIF -f sarif GitHub code scanning, CI/CD integration
CSV -f csv Compliance team export, spreadsheet import

Stack

Language: Python 3.12+

CLI: Typer 0.15+ with Rich integration

Detection: Regex + checksum validators + Shannon entropy + context keyword scoring

File Formats: PyMuPDF, python-docx, openpyxl, xlrd, defusedxml, lxml, pyarrow, fastavro, extract-msg

Databases: asyncpg (PostgreSQL), aiomysql (MySQL), pymongo async (MongoDB), aiosqlite (SQLite)

Network: dpkt (PCAP parsing), TCP reassembly, DPI protocol identification, DNS exfiltration heuristics

Config: Pydantic 2.10+ models with YAML config loading (ruamel.yaml)

Quality: ruff, mypy (strict), yapf, pytest + hypothesis, structlog

Configuration

Copy .dlp-scanner.yml to your project root and customize. Key settings:

detection:
  min_confidence: 0.20        # minimum score to report
  enable_rules: ["*"]         # glob patterns for rule IDs
  allowlists:
    values: ["123-45-6789"]   # suppress known test values

output:
  format: "console"           # console, json, sarif, csv
  redaction_style: "partial"  # partial, full, none

Learn

This project includes step-by-step learning materials covering security theory, architecture, and implementation.

Module Topic
00 - Overview Prerequisites and quick start
01 - Concepts DLP theory and real-world breaches
02 - Architecture System design and data flow
03 - Implementation Code walkthrough
04 - Challenges Extension ideas and exercises

License

AGPLv3