rip-rip
A terminal-based security auditing tool that scans local repositories and web applications for exposed secrets, misconfigurations, and vulnerabilities. Built in Rust for speed. Read-only and safe — it never modifies your files.
Installation
$ npx rip-rip
$ npm install -g rip-rip
Click a command to copy. Requires Node.js / npm.
Usage
$ rip # interactive scan
$ rip --auto scan /path/to/project # CI/CD mode
$ rip scan --web --url https://example.com
$ rip --json scan # JSON output
Features
Secret Detection
Lightning-fast secret scanning powered by the grep-searcher engine. Detects API keys, tokens, passwords, and credentials across 15+ languages.
.env Scanning
Smart .env file parsing with trivial value filtering. Identifies exposed environment variables and sensitive configuration.
Web Vulnerability Scanning
Detects exposed .env, .git/config, and backup files. Analyzes security headers (CSP, HSTS, X-Frame-Options) and enumerates endpoints.
CI/CD Integration
Auto mode (--auto) for GitHub Actions, GitLab CI, and other pipelines. TOML configuration files for team-shareable settings.
15+ Languages
JavaScript, TypeScript, Python, Ruby, PHP, Java, Go, Rust, C/C++, C#, YAML, JSON, and more.
Safe & Read-Only
No file modifications, no external server communication. Minimal permissions required. Fully open source.