# Sonarleaks
<img src="assets/logo.jpg" alt="drawing" width="100"/>
## Summary
SonarCloud is a SAST SaaS platform built onto SonarQube.
During my DevSecOps journey, I recently discovered that [Sonarcloud](https://sonarcloud.io/) (From SonarSource) offers the possibility to explore public projects.
After working on [Postleaks](https://github.com/cosad3s/postleaks) and popularity of some other similars projects (like [swaggerHole](https://github.com/Liodeus/swaggerHole)) related to public data on SaaS, the `Explore` button triggers my curiosity.
I created this small tool to get basic infos about Sonarcloud projects from the `Explore` tab. Some of them **are from private source repository, or can be related to a company which misconfigured the repository visibility**.
**It becomes juicy when the results provides the source code AND the static analysis.**
## Usage
```bash
❯ sonarleaks -h
usage: sonarleaks [-h] [--top] [--loc LOC] [-k KEYWORD] [-kf KEYWORD_FILE] [--private] [--source]
Sonarleaks 🛰️💧 Search for private code published to Sonarcloud.
options:
-h, --help show this help message and exit
--top Filter on top public projects
--loc LOC Filter on minimum of lines of code
-k KEYWORD Keyword (company, project, etc.)
-kf KEYWORD_FILE Keywords file
--private Only display components linked to potential private repository.
--source Only display components with available source code.
```
### Examples
***Top public projects, with minimum 500000 lines of code, with private repository and source code available***
`❯ sonarleaks --top --loc 500000 --source --private`
***Projects related to keyword `Salesforce`***
`❯ sonarleaks -k salesforce`
Raw data
{
"_id": null,
"home_page": "https://github.com/cosad3s/sonarleaks",
"name": "sonarleaks",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "leaks, sonarcloud, osint, bugbounty",
"author": "S\u00e9bastien Copin",
"author_email": "cosad3s@outlook.com",
"download_url": "https://files.pythonhosted.org/packages/dd/c6/8897e8b9b1f7fd8b561135c9a8959f073527041504f17d712fc59c9bdbc4/sonarleaks-1.0.0.tar.gz",
"platform": null,
"description": "# Sonarleaks\n\n<img src=\"assets/logo.jpg\" alt=\"drawing\" width=\"100\"/>\n\n## Summary\n\nSonarCloud is a SAST SaaS platform built onto SonarQube.\n\nDuring my DevSecOps journey, I recently discovered that [Sonarcloud](https://sonarcloud.io/) (From SonarSource) offers the possibility to explore public projects.\nAfter working on [Postleaks](https://github.com/cosad3s/postleaks) and popularity of some other similars projects (like [swaggerHole](https://github.com/Liodeus/swaggerHole)) related to public data on SaaS, the `Explore` button triggers my curiosity.\n\nI created this small tool to get basic infos about Sonarcloud projects from the `Explore` tab. Some of them **are from private source repository, or can be related to a company which misconfigured the repository visibility**. \n**It becomes juicy when the results provides the source code AND the static analysis.**\n\n\n\n## Usage\n\n```bash\n\u276f sonarleaks -h\nusage: sonarleaks [-h] [--top] [--loc LOC] [-k KEYWORD] [-kf KEYWORD_FILE] [--private] [--source]\n\nSonarleaks \ud83d\udef0\ufe0f\ud83d\udca7 Search for private code published to Sonarcloud.\n\noptions:\n -h, --help show this help message and exit\n --top Filter on top public projects\n --loc LOC Filter on minimum of lines of code\n -k KEYWORD Keyword (company, project, etc.)\n -kf KEYWORD_FILE Keywords file\n --private Only display components linked to potential private repository.\n --source Only display components with available source code.\n```\n\n### Examples\n\n***Top public projects, with minimum 500000 lines of code, with private repository and source code available***\n\n`\u276f sonarleaks --top --loc 500000 --source --private`\n\n\n\n***Projects related to keyword `Salesforce`***\n\n`\u276f sonarleaks -k salesforce`\n\n\n",
"bugtrack_url": null,
"license": "GPL-3.0 License",
"summary": "Sonarleaks",
"version": "1.0.0",
"project_urls": {
"Homepage": "https://github.com/cosad3s/sonarleaks"
},
"split_keywords": [
"leaks",
" sonarcloud",
" osint",
" bugbounty"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7721a50fc7b15b1d83c0200c82cce0170b44a13443232e902a75c55c30bca3ad",
"md5": "b3341dd96cef69f84159e35380241c8f",
"sha256": "cbfae1f91e47c012718143e09b738ca11133cca83849734f2f490395f66b4e6e"
},
"downloads": -1,
"filename": "sonarleaks-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b3341dd96cef69f84159e35380241c8f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 17793,
"upload_time": "2024-09-09T11:55:57",
"upload_time_iso_8601": "2024-09-09T11:55:57.449317Z",
"url": "https://files.pythonhosted.org/packages/77/21/a50fc7b15b1d83c0200c82cce0170b44a13443232e902a75c55c30bca3ad/sonarleaks-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "ddc68897e8b9b1f7fd8b561135c9a8959f073527041504f17d712fc59c9bdbc4",
"md5": "17ec88bd399449f0fcb46a929d561422",
"sha256": "5aff7aeb369161a183b53e43386a118d6c26a66b6093d95f3400b9831d061476"
},
"downloads": -1,
"filename": "sonarleaks-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "17ec88bd399449f0fcb46a929d561422",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 18891,
"upload_time": "2024-09-09T11:55:59",
"upload_time_iso_8601": "2024-09-09T11:55:59.066600Z",
"url": "https://files.pythonhosted.org/packages/dd/c6/8897e8b9b1f7fd8b561135c9a8959f073527041504f17d712fc59c9bdbc4/sonarleaks-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-09 11:55:59",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cosad3s",
"github_project": "sonarleaks",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "sonarleaks"
}
JSON
