[Name] - EXC Analyzer
[Already packaged] - Yes. Debian-compatible source packages (.deb, tar.gz packages) are available.
[Willingness to package] - Yes, I want my tool to come built-in in Kali Linux, and I'll update its package myself when there's an update.
[Version] - 1.3.2 (Git tag v1.3.2, released 2025-12-06)
[Activity] - Project started in 2024. It is actively developed with continuous testing. The most recent tagged release is v1.3.2, published on January 28, 2026.
[Homepage] - https://github.com/exc-analyzer/exc (source) / https://exc-analyzer.web.app/ (product site)
[Download] - https://github.com/exc-analyzer/exc/releases/tag/v1.3.2 (includes .deb, tar.gz and source artifacts)
[Author(s)] - EXC Team (Contact: [email protected], [email protected])
[License] - MIT License.
[Description] - EXC Analyzer is a professional command-line toolkit for auditing GitHub repositories and users. It reports repository health, contributor trends, workflow hygiene, and security posture; detects anomalous commits/users; and performs multi-stage secret scanning (dorking, commit sweep, deep file scan). Localization (EN/TR), rate-limit aware API handling, and secure token storage are built-in.
[Features] - Intelligence Gathering Deep-dive into repository metadata contributor impact and historical anomalies
Security Auditing Score repository security posture audit GitHub Actions workflows and scan for secrets in commits/files
Dork Scanning Powerfully search public code using GitHub dorks to find sensitive exposures
User Profiling Analyze user activity patterns potential anomalies and contributions
Smart Rate-Limiting Handles API quotas automatically with intelligent pausing and retries
Localization Localization is currently available in English and Turkish but the infrastructure is ready to expand to a wider range of languages through community contributions.
[Update and/or dependency checking] - The tool uses the Debian package manager (apt) or pip for dependency management. It features built-in GitHub API rate-limit awareness.
[Programming language] - Python 3. Uses standard packaging utilities like setup.py and pyproject.toml.
[Hardcoding] - No. The tool does not contain hardcoded directories or paths. It follows the Filesystem Hierarchy Standard (FHS) and uses the keyring library for secure storage.
[Dependencies] - The tool requires the following Python libraries:
requests, aiohttp (>=3.8.0), packaging, colorama, importlib_resources, and keyring.
[Missing] - None. All libraries are available in standard repositories.
[Old] - This tool require no old version of a dependency.
[Kaboxer] - No, this tool is a native Python application and does not require Kaboxer isolation.
[Similar tools] - gitleaks, trufflehog, gitrob.
[How to install] - Installation via the official .deb package:
(Debain/Linux)
https://github.com/exc-analyzer/exc/releases/download/v1.3.2/exc-analyzer_1.3.2-1_all.deb (Download)
sudo apt install ./exc-analyzer_1.3.2-1_all.deb
(Windows)
pip install exc-analyzer
[System-wide installation] - Yes. Supports system-wide installation via /usr/bin/exc.
[How to use] - Initialize token: exc login, analyze repo security: exc analysis owner/repo, scan secrets: exc scan-secrets owner/repo, audit workflows: exc actions-audit owner/repo.
[Pentest use case] - Essential for the OSINT and Information Gathering phases of a penetration test. The tool leverages asynchronous requests (aiohttp) to perform high-speed, automated auditing of large-scale GitHub organizations, identifying leaked secrets (API keys, passwords, tokens) and misconfigured CI/CD workflows. It uniquely enhances operational security by storing sensitive API tokens in the system's native credential store (via keyring) instead of plain text files, preventing local credential exposure. Additionally, it helps identify insider threats and anomalous user behavior by analyzing contributor trends and repository health, making it a robust asset for both red-team engagements and incident response audits. | 
