Introducing pdscan: Scan Your Data Stores for Unencrypted Personal Data

It's important to understand where personal data is stored in your applications. Personal data that’s not encrypted at the application level is especially vulnerable in the event of a breach.

pdscan is a command line tool to help you identify this data.

It uses data sampling and column naming to find data and produces minimal database load. It scans for:

Last names

Email addresses

IP addresses

Street addresses (US)

Phone numbers (US)

Credit card numbers

Social security numbers

Dates of birth

Location data

It also scans for other unencrypted sensitive data, like OAuth tokens, which could be used to access personal data. It currently supports Postgres, MySQL, MariaDB, and SQLite, but it shouldn’t be too difficult to add other data stores like MongoDB and Elasticsearch. It’s written in Go, so it’s fast and has no runtime dependencies.

Give pdscan a try today.