# Jecretz

Jira secrets hunter by sahadnk72¹, rewritten for Wekan⁴.

• Connects to Wekan API with provided credentials to obtain legitimate API key.¹
• Collects description and custom fields of all cards available to given user.¹
• Uses regex to attempt to locate secrets within retrieved data.¹
  • Custom regex rules are based on jecretz'
  • Regex matching code is based on jecretz'

• Command line usage and options

python jecretz.py [Wekan URL] [Username] [Password]
python jecretz.py -v [Wekan URL] [Username] [Password]

• -v: Enable verbose output
• [Wekan URL]: The URL of the Wekan site, including the trailing slash. Ex: http://localhost/
• [Username]: The username to authenticate to Wekan with.
• [Password]: The password of the given user.

Dependencies are included in requirements.txt and can be installed by running:

pip install -r requirements.txt

• certifi==2024.8.30
• charset-normalizer==3.3.2
• idna==3.8
• requests==2.32.3
• truffleHogRegexes==0.0.7
• urllib3==2.2.2

1. sahadnk72. (2020, Jun 11). jecretz
2. Microsoft. (2023, Oct 25). Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
3. Mandiant. (2023, Sept 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

4. WeKan ® Open-Source Kanban