Evidence Sanitizer works directly from a cloned repository using uv — no published package install, no virtual environment setup, no global dependencies beyond Python and uv itself. This guide walks you from a fresh clone to a sanitized output file, explaining exactly what happened along the way.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/facunemi/evidence-sanitizer/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites
Before you begin, make sure you have the following installed:
- Python 3.12 or later. Evidence Sanitizer requires Python 3.12 as a minimum (
requires-python = ">=3.12"inpyproject.toml). Check your version: - uv. The project uses uv for dependency management and script execution. Install it from docs.astral.sh/uv if you haven’t already.
- git. Required to clone the repository.
Clone the repository and install dependencies
Clone the repository and run
uv sync to install all dependencies into a local virtual environment managed by uv:uv sync reads pyproject.toml, resolves the dependency set (including typer), and installs everything into a project-local .venv. No system-wide changes are made.Verify the installation
Confirm the CLI is available and working:You should see output describing the tool and its If this prints correctly, the installation is working.
sanitize subcommand:Create a sample evidence file
Create a realistic evidence file that contains the kinds of secrets commonly found in pentest captures — Bearer tokens, cookies, and API key headers:This file contains five distinct secrets across four rule families: a Bearer token, a session cookie, a telemetry cookie, an API key header, and a JSON
access_token field.Run the sanitizer
Run The tool writes the sanitized copy to The report shows only rule IDs and counts. No raw values, field names, cookie names, or source excerpts are included.
evidence-sanitizer sanitize with an explicit --output path:evidence.sanitized.txt and prints a safe report to stdout:Inspect the sanitized output
Open Every sensitive value has been replaced with its deterministic marker. The
evidence.sanitized.txt to see the redacted content:theme=dark cookie is left untouched because theme is classified as a harmless cookie name. The token_type and user_id JSON fields are left untouched because they are not in the sensitive JSON field set. The original evidence.txt file is completely unchanged.What Just Happened
Evidence Sanitizer applied four rule families to your evidence file:authorization.bearermatched theAuthorization: Bearerheader and replaced the token with<REDACTED:authorization.bearer>.cookie.valueparsed theCookieheader into individual name=value pairs.sessionis a known sensitive cookie name;_gais a known telemetry cookie name. Both were redacted.themeis classified as harmless and was left in place.header.secretmatchedX-API-Keyagainst the built-in sensitive header name list and redacted its value with<REDACTED:header.secret>.json.valuescanned the JSON body for known sensitive field names.access_tokenis in the sensitive JSON field set, so its string value was redacted with<REDACTED:json.value>.token_typeanduser_idare not in the set and were left unchanged.
Authorization: Bearer header also appears inside a JSON body, it is handled once by the authorization rule and not double-processed by the JSON rule.
Previewing Changes Without Writing Output
Before creating an output file, you can use--dry-run to see which rules would trigger without writing anything to disk: