grep — Security

Security Patterns

Find potential secrets in code (API keys, tokens, passwords)

grep -rnPi '(api[_-]?key|token|password|secret)\s*[:=]' --include='*.{py,sh,yaml,yml,json,conf}' .

Find private keys

grep -rl 'BEGIN.*PRIVATE KEY' --include='*.pem' --include='*.key' .

Find world-readable files in /etc

find /etc -type f -perm -o+r -exec grep -l 'password' {} + 2>/dev/null

Certificate expiry check via grep

openssl x509 -in cert.pem -noout -text | grep -A2 'Validity'

Certificate SANs extraction

openssl x509 -in cert.pem -noout -text | grep -oP '(?<=DNS:)[^,\s]+'

Find SUID binaries

find / -perm -4000 -type f 2>/dev/null | grep -v '/proc\|/sys'

Audit SSH config for weak settings

grep -nP '(PermitRootLogin\s+yes|PasswordAuthentication\s+yes|PermitEmptyPasswords\s+yes)' /etc/ssh/sshd_config