{"id":20643,"date":"2021-12-07T14:38:05","date_gmt":"2021-12-07T14:38:05","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=20643"},"modified":"2021-12-07T14:38:08","modified_gmt":"2021-12-07T14:38:08","slug":"whispers","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/whispers\/","title":{"rendered":"Whispers : Identify Hardcoded Secrets In Static Structured Text"},"content":{"rendered":"\n<p><strong>Whispers <\/strong>is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI\/CD pipeline.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Detects<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Passwords<\/li><li>API tokens<\/li><li>AWS keys<\/li><li>Private keys<\/li><li>Hashed credentials<\/li><li>Authentication tokens<\/li><li>Dangerous functions<\/li><li>Sensitive files<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Supported Formats<\/strong><\/p>\n\n\n\n<p>Whispers is intended to be a <strong>structured text<\/strong> parser, not a code parser.<\/p>\n\n\n\n<p>The following commonly used formats are currently supported:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>YAML<\/li><li>JSON<\/li><li>XML<\/li><li>.npmrc<\/li><li>.pypirc<\/li><li>.htpasswd<\/li><li>.properties<\/li><li>pip.conf<\/li><li>conf \/ ini<\/li><li>Dockerfile<\/li><li>Dockercfg<\/li><li>Shell scripts<\/li><li>Python3<\/li><\/ul>\n\n\n\n<p>Python3 files are parsed as ASTs because of native language support.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Declaration &amp; Assignment Formats<\/strong><\/p>\n\n\n\n<p>The following language files are parsed as text, and checked for common variable declaration and assignment patterns:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>JavaScript<\/li><li>Java<\/li><li>Go<\/li><li>PHP<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Special Formats<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AWS credentials files<\/li><li>JDBC connection strings<\/li><li>Jenkins config files<\/li><li>SpringFramework Beans config files<\/li><li>Java Properties files<\/li><li>Dockercfg private registry auth files<\/li><li>Github tokens<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Installation<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>From PyPI<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">pip3 install whispers\n<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>From GitHub<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">git clone https:\/\/github.com\/Skyscanner\/whispers <br>cd whispers <br>make install <\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>CLI<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">whispers --help\nwhispers --info\nwhispers source\/code\/fileOrDir\nwhispers --config config.yml source\/code\/fileOrDir\nwhispers --output \/tmp\/secrets.yml source\/code\/fileOrDir\nwhispers --rules aws-id,aws-secret source\/code\/fileOrDir\nwhispers --severity BLOCKER,CRITICAL source\/code\/fileOrDir\nwhispers --exitcode 7 source\/code\/fileOrDir\n<\/pre>\n\n\n\n<p><strong>Python<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">from whispers.cli import parse_args\nfrom whispers.core import run\n\nsrc = \"tests\/fixtures\"\nconfigfile = \"whispers\/config.yml\"\nargs = parse_args([\"-c\", configfile, src])\nfor secret in run(args):\n  print(secret)<\/pre>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Config<\/strong><\/p>\n\n\n\n<p>There are several configuration options available in Whispers. It\u2019s possible to include\/exclude results based on file path, key, or value. File path specifications are interpreted as globs. Keys and values accept regular expressions and several other parameters. There is a default configuration file built-in that will be used if you don&#8217;t provide a custom one.<\/p>\n\n\n\n<p><code>config.yml<\/code> should have the following structure:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">include:\n  files:\n    - \"**\/*.yml\"\n\nexclude:\n  files:\n    - \"**\/test\/**\/*\"\n    - \"**\/tests\/**\/*\"\n  keys:\n    - ^foo\n  values:\n    - bar$\n\nrules:\n  starks:\n    message: Whispers from the North\n    severity: CRITICAL\n    value:\n      regex: (Aria|Ned) Stark\n      ignorecase: True<\/pre>\n\n\n\n<p>The fastest way to tweak detection (ie: remove false positives and unwanted results) is to copy the default <a href=\"https:\/\/github.com\/Skyscanner\/whispers\/blob\/master\/whispers\/config.yml\">config.yml<\/a> into a new file, adapt it, and pass it as an argument to Whispers.<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code>whispers --config config.yml --rules starks src\/file\/or\/dir<\/code><\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Custom Rules<\/strong><\/p>\n\n\n\n<p>Rules specify the actual things that should be pulled out from key-value pairs. There are several common ones that come built-in, such as AWS keys and passwords, but the tool is made to be easily expandable with new rules.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Custom rules can be defined in the main config file under <code>rules:<\/code><\/li><li>Custom rules can be added to <a href=\"https:\/\/github.com\/Skyscanner\/whispers\/blob\/master\/whispers\/rules\">whispers\/rules<\/a><\/li><\/ul>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">rule-id:  # unique rule name\n  description: Values formatted like AWS Session Token\n  message: AWS Session Token  # report will show this message\n  severity: BLOCKER           # one of BLOCKER, CRITICAL, MAJOR, MINOR, INFO\n\n  key:        # specify key format\n    regex: (aws.?session.?token)?\n    ignorecase: True   # case-insensitive matching\n\n  value:      # specify value format\n    regex: ^(?=.*[a-z])(?=.*[A-Z])[A-Za-z0-9\\+\\\/]{270,450}$\n    ignorecase: False  # case-sensitive matching\n    minlen: 270        # value is at least this long\n    isBase64: True     # value is base64-encoded\n    isAscii: False     # value is binary data when decoded\n    isUri: False       # value is not formatted like a URI\n\n  similar: 0.35        # maximum allowed similarity between key and value \n                       # (1.0 being exactly the same)<\/pre>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Plugins<\/strong><\/p>\n\n\n\n<p>All parsing functionality is implemented via plugins. Each plugin implements a class with the <code>pairs()<\/code> method that runs through files and returns the key-value pairs to be checked with rules.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted has-vivid-green-cyan-color has-black-background-color has-text-color has-background\">class PluginName:\n    def pairs(self, file):\n        yield \"key\", \"value\"<\/pre>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link\" href=\"https:\/\/github.com\/Skyscanner\/whispers\" target=\"_blank\" rel=\"noreferrer noopener\">Download<\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI\/CD pipeline. Detects Passwords API tokens AWS keys Private keys Hashed credentials Authentication tokens Dangerous functions Sensitive files Supported Formats [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":20645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[579,4492],"class_list":["post-20643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-cli","tag-whispers"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Whispers : Identify Hardcoded Secrets In Static Structured Text<\/title>\n<meta name=\"description\" content=\"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/whispers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Whispers : Identify Hardcoded Secrets In Static Structured Text\" \/>\n<meta property=\"og:description\" content=\"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/whispers\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-07T14:38:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-07T14:38:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Whispers : Identify Hardcoded Secrets In Static Structured Text\",\"datePublished\":\"2021-12-07T14:38:05+00:00\",\"dateModified\":\"2021-12-07T14:38:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/\"},\"wordCount\":373,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728\",\"keywords\":[\"CLI\",\"Whispers\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/whispers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/whispers\/\",\"name\":\"Whispers : Identify Hardcoded Secrets In Static Structured Text\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728\",\"datePublished\":\"2021-12-07T14:38:05+00:00\",\"dateModified\":\"2021-12-07T14:38:08+00:00\",\"description\":\"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/whispers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Whispers : Identify Hardcoded Secrets In Static Structured Text","description":"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/whispers\/","og_locale":"en_US","og_type":"article","og_title":"Whispers : Identify Hardcoded Secrets In Static Structured Text","og_description":"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials","og_url":"https:\/\/kalilinuxtutorials.com\/whispers\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-12-07T14:38:05+00:00","article_modified_time":"2021-12-07T14:38:08+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/whispers\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/whispers\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Whispers : Identify Hardcoded Secrets In Static Structured Text","datePublished":"2021-12-07T14:38:05+00:00","dateModified":"2021-12-07T14:38:08+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/whispers\/"},"wordCount":373,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","keywords":["CLI","Whispers"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/whispers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/whispers\/","url":"https:\/\/kalilinuxtutorials.com\/whispers\/","name":"Whispers : Identify Hardcoded Secrets In Static Structured Text","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","datePublished":"2021-12-07T14:38:05+00:00","dateModified":"2021-12-07T14:38:08+00:00","description":"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/whispers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/whispers\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEh-gUdz8j3Hd7Ukm7xMECs9UneZBDuSkUeqcAm4Q6Sw33_TAYEkGOHZESMCkKIgY4xSo8YjVyBFRDVspVGAtQcoJKELPygysUli6kMoci1WpPsjSQpemvOrXDsL7Wa1xRBvy1Q78OBTVQappglEePGHBenQgGDUtZ0uNXkBcofuasV2P4ScMlXiAmtP=s728","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":21204,"url":"https:\/\/kalilinuxtutorials.com\/whispers-2\/","url_meta":{"origin":20643,"position":0},"title":"Whispers : Identify Hardcoded Secrets In Static Structured Text","author":"R K","date":"January 19, 2022","format":false,"excerpt":"Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI\/CD pipeline. Detects PasswordsAPI tokensAWS keysPrivate keysHashed credentialsAuthentication tokensDangerous functionsSensitive files Supported Formats Whispers is\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhkkvomAOGOtGYEpNXMK54e2an3tyF00cP-w-gILOtsX3yVzB7l6C87BLxronVFdrJVkFO-2TBi49HG-17Nf1HLV8htqGGSRVJVKNW4UU8QY_gO-Yhy_O-1uKcNvz-ueod3-Ihm7b9EbXZQwThogRyB2ekFx860GEjnZ0pgjzg3eO9Lfyq_j6pRpsba=s676","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhkkvomAOGOtGYEpNXMK54e2an3tyF00cP-w-gILOtsX3yVzB7l6C87BLxronVFdrJVkFO-2TBi49HG-17Nf1HLV8htqGGSRVJVKNW4UU8QY_gO-Yhy_O-1uKcNvz-ueod3-Ihm7b9EbXZQwThogRyB2ekFx860GEjnZ0pgjzg3eO9Lfyq_j6pRpsba=s676 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhkkvomAOGOtGYEpNXMK54e2an3tyF00cP-w-gILOtsX3yVzB7l6C87BLxronVFdrJVkFO-2TBi49HG-17Nf1HLV8htqGGSRVJVKNW4UU8QY_gO-Yhy_O-1uKcNvz-ueod3-Ihm7b9EbXZQwThogRyB2ekFx860GEjnZ0pgjzg3eO9Lfyq_j6pRpsba=s676 1.5x"},"classes":[]},{"id":15053,"url":"https:\/\/kalilinuxtutorials.com\/allsafe\/","url_meta":{"origin":20643,"position":1},"title":"Allsafe : Intentionally Vulnerable Android Application","author":"R K","date":"July 26, 2021","format":false,"excerpt":"Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like a CTF and more like a real-life application that uses modern libraries and technologies. Additionally, I have included some Frida based challenges for you to explore. Have fun and happy\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":32118,"url":"https:\/\/kalilinuxtutorials.com\/nmap-analysis-tool\/","url_meta":{"origin":20643,"position":2},"title":"Nmap Analysis Tool &#8211; Enhancing Network Security Through Advanced Analysis And Reporting","author":"Varshini","date":"February 23, 2024","format":false,"excerpt":"This CLI python script is designed to be used by security consultants, IT admins and network engineers to do two things, compare two Nmap XML files to create a spreadsheet that compares IPs, ports and services between the files, and create a markdown report using GPT. Screenshots Features Comprehensive Nmap\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYfsA-JabUHC59LKf_vnpSKW8XE4gsadJQEIfBlCi1M0klcK9bdvuEJQSYbImtE7umXUVuSQCMbKcrqQDGktkh1EPpT3ZHG66zyP34yYESpUn9bgyqYN4v7NcpQuhOkUpcrOMEfWfSh0tizJlf-7Dae8B9iP9oIW9CByVpI6P_qdrlzh6Prt5Vk5WfT8xN\/s16000\/Water%20Securing%20System%20Defences%20%284%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYfsA-JabUHC59LKf_vnpSKW8XE4gsadJQEIfBlCi1M0klcK9bdvuEJQSYbImtE7umXUVuSQCMbKcrqQDGktkh1EPpT3ZHG66zyP34yYESpUn9bgyqYN4v7NcpQuhOkUpcrOMEfWfSh0tizJlf-7Dae8B9iP9oIW9CByVpI6P_qdrlzh6Prt5Vk5WfT8xN\/s16000\/Water%20Securing%20System%20Defences%20%284%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYfsA-JabUHC59LKf_vnpSKW8XE4gsadJQEIfBlCi1M0klcK9bdvuEJQSYbImtE7umXUVuSQCMbKcrqQDGktkh1EPpT3ZHG66zyP34yYESpUn9bgyqYN4v7NcpQuhOkUpcrOMEfWfSh0tizJlf-7Dae8B9iP9oIW9CByVpI6P_qdrlzh6Prt5Vk5WfT8xN\/s16000\/Water%20Securing%20System%20Defences%20%284%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYfsA-JabUHC59LKf_vnpSKW8XE4gsadJQEIfBlCi1M0klcK9bdvuEJQSYbImtE7umXUVuSQCMbKcrqQDGktkh1EPpT3ZHG66zyP34yYESpUn9bgyqYN4v7NcpQuhOkUpcrOMEfWfSh0tizJlf-7Dae8B9iP9oIW9CByVpI6P_qdrlzh6Prt5Vk5WfT8xN\/s16000\/Water%20Securing%20System%20Defences%20%284%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYfsA-JabUHC59LKf_vnpSKW8XE4gsadJQEIfBlCi1M0klcK9bdvuEJQSYbImtE7umXUVuSQCMbKcrqQDGktkh1EPpT3ZHG66zyP34yYESpUn9bgyqYN4v7NcpQuhOkUpcrOMEfWfSh0tizJlf-7Dae8B9iP9oIW9CByVpI6P_qdrlzh6Prt5Vk5WfT8xN\/s16000\/Water%20Securing%20System%20Defences%20%284%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYfsA-JabUHC59LKf_vnpSKW8XE4gsadJQEIfBlCi1M0klcK9bdvuEJQSYbImtE7umXUVuSQCMbKcrqQDGktkh1EPpT3ZHG66zyP34yYESpUn9bgyqYN4v7NcpQuhOkUpcrOMEfWfSh0tizJlf-7Dae8B9iP9oIW9CByVpI6P_qdrlzh6Prt5Vk5WfT8xN\/s16000\/Water%20Securing%20System%20Defences%20%284%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26832,"url":"https:\/\/kalilinuxtutorials.com\/aura\/","url_meta":{"origin":20643,"position":3},"title":"Aura : Python Source Code Auditing And Static Analysis On A Large Scale","author":"R K","date":"September 11, 2022","format":false,"excerpt":"Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the codeenable\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh9uJ2T8s7Id3KreDoShm1q3vk8fUYf44jfdhcpQq2MZxAelf3HJ13NibzAvZybuEnB7CbrmZhRpKABaqHqcjTjO1uPieATRd1eHgyrIowHGUVfrUWnlv6G3lq4k7-bxlgC5i32LtLpg8QvUJcz3KFLa026WAB688kYi4Ar3eVybSdDcXnI9Z1AdxJx\/s728\/Aura-Python-Source-Code-Auditing-And-Static-Analysis-On.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh9uJ2T8s7Id3KreDoShm1q3vk8fUYf44jfdhcpQq2MZxAelf3HJ13NibzAvZybuEnB7CbrmZhRpKABaqHqcjTjO1uPieATRd1eHgyrIowHGUVfrUWnlv6G3lq4k7-bxlgC5i32LtLpg8QvUJcz3KFLa026WAB688kYi4Ar3eVybSdDcXnI9Z1AdxJx\/s728\/Aura-Python-Source-Code-Auditing-And-Static-Analysis-On.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh9uJ2T8s7Id3KreDoShm1q3vk8fUYf44jfdhcpQq2MZxAelf3HJ13NibzAvZybuEnB7CbrmZhRpKABaqHqcjTjO1uPieATRd1eHgyrIowHGUVfrUWnlv6G3lq4k7-bxlgC5i32LtLpg8QvUJcz3KFLa026WAB688kYi4Ar3eVybSdDcXnI9Z1AdxJx\/s728\/Aura-Python-Source-Code-Auditing-And-Static-Analysis-On.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh9uJ2T8s7Id3KreDoShm1q3vk8fUYf44jfdhcpQq2MZxAelf3HJ13NibzAvZybuEnB7CbrmZhRpKABaqHqcjTjO1uPieATRd1eHgyrIowHGUVfrUWnlv6G3lq4k7-bxlgC5i32LtLpg8QvUJcz3KFLa026WAB688kYi4Ar3eVybSdDcXnI9Z1AdxJx\/s728\/Aura-Python-Source-Code-Auditing-And-Static-Analysis-On.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":3309,"url":"https:\/\/kalilinuxtutorials.com\/nodejsscan-static-security-code-scanner\/","url_meta":{"origin":20643,"position":4},"title":"NodeJsScan &#8211; Static Security Code Scanner For Node.js Applications","author":"R K","date":"November 27, 2018","format":false,"excerpt":"NodeJsScan is a static security code scanner (SAST) for Node.js applications. Configure & Run Install Postgres and configure SQLALCHEMY_DATABASE_URI in core\/settings.py pip3 install -r requirements.txt python3 migrate.py # Run once to create database entries required python3 app.py # Testing Environment gunicorn -b 0.0.0.0:9090 app:app --workers 3 --timeout 10000 # Production\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1481,"url":"https:\/\/kalilinuxtutorials.com\/reverseapk-android-applications\/","url_meta":{"origin":20643,"position":5},"title":"ReverseAPK &#8211; Quickly Analyze And Reverse Engineer Android Applications","author":"R K","date":"June 7, 2018","format":false,"excerpt":"Now and then, you may have a circumstance to figure out your current APKs for legitimate analysis investigation reasons, for example, making queries on the application source for getting more inside data. ReverseAPK will quickly analyze and reverse engineer android applications. Also Read\u00a0Best Hacking Books, Tools & Resources 2018 ReverseAPK\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/20643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=20643"}],"version-history":[{"count":1,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/20643\/revisions"}],"predecessor-version":[{"id":20644,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/20643\/revisions\/20644"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/20645"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=20643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=20643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=20643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}