HN Showcase
Back to browse
GitHub Repository

Detection tells you a key is real; geiger tells you whether it's dangerous.

4 starsGo

Geiger – A blast radius triage tool for any credential

by thesubtlety·Jun 12, 2026·3 points·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemNiche GemShip It

Read-only recon for leaked creds tells you impact before you rotate everything.

Strengths
  • Dry-run default prevents accidental exploitation while validating live credentials safely.
  • Integrates directly with existing TruffleHog and Gitleaks scanner output formats.
  • Ranks access by blast radius instead of simple valid or invalid.
Weaknesses
  • Bleeding-edge Go 1.25+ requirement might block older CI/CD pipelines.
  • Limited provider support compared to established commercial cloud security platforms.
Category
Security
Target Audience

Security engineers, incident responders, DevOps teams

Similar To

Prowler · ScoutSuite · TruffleHog

Similar Projects

SecurityMid

Keychains – Prevent LLM/OpenClaw agents from leaking API credentials

Agents never touch raw tokens — you swap literal credentials for template variables and a proxy injects scoped secrets server-side while surfacing one‑click approval links to humans. It also fingerprints machines, uses SSH key auth, and tries to infer minimal OAuth scopes per request, which is a neat user-in-the-loop model. The obvious trade-off is centralizing trust in the proxy and the integration work for every provider, but the UX for human approvals and instant revocation is compelling.

Big BrainSolve My ProblemSlick
severin
103mo ago