Skip to content
Public project

evidence-sanitizer

Creates sanitized copies of evidence files by replacing known sensitive values with deterministic markers and reporting only rule IDs and counts.

Type
Public project
Status
In progress
  • Python
  • CLI tooling
  • secure evidence handling
  • redaction rules
  • pentest workflows
  • report preparation
  • local-first processing
  • python
  • cli
  • security-tooling
  • evidence-handling
  • pentest-workflows

evidence-sanitizer is a local-first CLI for sanitizing authorized pentest evidence before it is pasted into reports, tickets, notes, PoCs, or shared internally.

It creates a sanitized copy of a single text file, replacing known sensitive values such as Authorization headers, cookies, API keys, query parameters, JSON fields, and form values with deterministic redaction markers.

The tool is intentionally small, predictable, and reviewable. It never modifies the source file in place, does not send data over the network, and reports only fixed rule IDs and counts — never raw detected values.

It is not a full DLP system and does not guarantee removal of every secret. The goal is to make evidence handling safer and more consistent while keeping manual review as the final control.