explaingit

ruoji6/database_scan

Analysis updated 2026-06-24

27GoAudience · ops devopsComplexity · 3/5Setup · easy

TLDR

A Go CLI that scans MySQL, Postgres, MSSQL, Oracle, Redis and compatible databases for sensitive data like ID numbers, phones, secrets, and bank cards, then exports terminal or Excel reports.

Mindmap

mindmap
  root((database-scan))
    Inputs
      DB credentials
      Mode and severity flags
      fscan result files
    Outputs
      Terminal table
      Excel report
      Sample rows
    Use Cases
      Audit dev DBs for prod data
      Find leaked secrets
      Sweep many hosts from fscan
    Tech Stack
      Go
      MySQL
      PostgreSQL
      Redis
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan a dev database to find leaked production PII like ID numbers or bank cards

USE CASE 2

Pipe an fscan host list into database_scan to audit every database it found

USE CASE 3

Generate an Excel evidence report of sensitive columns with masked sample rows

What is it built with?

GoMySQLPostgreSQLOracleRedis

How does it compare?

ruoji6/database_scanaasixh/devgrepjiangmuran/claude-in-box
Stars272724
LanguageGoGoGo
Setup difficultyeasyeasymoderate
Complexity3/52/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 30min

Needs network access and credentials to the target database, plus appropriate authorization to scan it.

In plain English

This is a Go command-line tool that scans a database looking for sensitive personal information. The intended use is on development databases, where the operator wants to find out whether real production data, such as Chinese national ID numbers, mobile phone numbers, addresses, account names, passwords, email addresses, bank card numbers, or API tokens and secrets, has leaked into the dev environment. A wide range of database engines are supported out of the box. Native drivers exist for MySQL, MariaDB, MSSQL, PostgreSQL, Oracle, and Redis. Any MySQL protocol compatible database such as TiDB, OceanBase, PolarDB-MySQL, Doris, StarRocks, and GBase-MySQL also works, and so does any PostgreSQL protocol compatible database such as OpenGauss, GaussDB, Kingbase, Highgo, and PolarDB-Postgres. The tool can reach these databases directly or through a SOCKS5 or HTTP CONNECT proxy. There are four detection modes selected with --mode. Field-content is the default and first locates likely sensitive columns by their table and column names, then scans the contents of those columns. Field-name only checks the names. Content scans every column's data without name hints. All runs everything. There are also four severity levels: high covers ID numbers, passwords, secrets, and bank cards, medium covers phone numbers and emails, low covers addresses and account names, and all runs every level. Results come out either as a colored terminal table or as an Excel file with one sheet per matched table, where the top half lists the flagged columns and the bottom half shows sample rows. Sample values can be masked with --mask. A --fscan flag tells the tool to read a result file produced by the fscan network scanner, pull database credentials from it, and run the sensitive-data scan against every host that fscan found. Both fscan v2.1.2 and 1.8.4 output formats are supported. Other useful flags include --sql for running a custom SQL query, --workers to scan tables in parallel, --limit to cap the number of sample rows per table, --timeout for per-query timeout, --include-system to also scan system schemas, --no-color and --no-banner for clean output suitable for reports, and --table to restrict scanning to one specific table. Passwords can be omitted on the command line so the tool prompts for hidden input, keeping them out of shell history.

Copy-paste prompts

Prompt 1
Run database_scan against a MySQL dev DB in field-content mode at high severity with masked sample values
Prompt 2
Feed an fscan v2.1.2 result file into database_scan and output one Excel sheet per matched table
Prompt 3
Add a custom SQL query and limit sample rows per table to 20 when scanning a Postgres instance through a SOCKS5 proxy
Prompt 4
Write a CI job that runs database_scan with --no-color and fails the build if any high-severity hits appear

Frequently asked questions

What is database_scan?

A Go CLI that scans MySQL, Postgres, MSSQL, Oracle, Redis and compatible databases for sensitive data like ID numbers, phones, secrets, and bank cards, then exports terminal or Excel reports.

What language is database_scan written in?

Mainly Go. The stack also includes Go, MySQL, PostgreSQL.

How hard is database_scan to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is database_scan for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.