Commit graph

226 commits

Author SHA1 Message Date
JonZeolla
4ea311dea9
feat: add github comments timeframe filtering (fixes #3388) (#3390)
* feat: add github comments timeframe filtering

* fixup and generate protos

* Cleanup

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2024-10-15 15:13:36 -04:00
Abdul Basit
aa17b8eba4
[detector] Implemented Box Detector (#3242)
* Implemented a box detector with test cases.

* corrected comments

* remove generic keyword for box detector
remove PII details of user.

* Added Box Oauth detector
Implemented description for Box detectors.
Separated out test for Box detectors.

* removed user information from ExtraData.

---------

Co-authored-by: 0x1 <13666360+0x1@users.noreply.github.com>
2024-10-15 08:42:37 -05:00
Kyle Dodson
58485f3395
Add detector for SaladCloud API Keys (#3273) 2024-10-10 21:23:25 -07:00
Kashif Khan
ce5da505a7
Added Cisco Meraki API Key detector (#3367)
* Added cisco meraki apikey detector

* addressed the comments

* handled api response and saving orgs data in extra data

* fixed linter

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2024-10-07 12:00:45 -05:00
Kashif Khan
eb40243984
RailwayApp Detector (#3331)
* Added RailwayApp detector

* Updated Keywords
2024-09-25 10:17:08 -05:00
dylanTruffle
0f427b3c6a
Adding Descriptions (#3258)
* adding AI generated descriptions of the key types and their capabilities

* removing empty file

* Update abbysale.go

* update to interface

* fixes

* fix

* small cleanup

---------

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-09-24 16:10:16 -07:00
dylanTruffle
d201e54305
adding pypi detector (#3287)
* adding pypi detector

* update test and use helper

---------

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-09-11 19:17:17 -07:00
Daniel Teixeira
f24f62832b
Add detector for Nvidia NGC Personal Keys (#3280)
* Add detector for Nvidia NGC Personal Keys

* Update nvapi.go to use `nvapi-` as the keyword
2024-09-10 08:36:33 -07:00
Charlie Gunyon
02c508da11
Add Sentry protobufs (#3263)
* Add Sentry protobufs

* Use more descriptive field name for an event's ID in protobufs
2024-09-04 11:36:49 -07:00
Shreyas Sriram
15faaba61c
Add Robinhood Crypto detector (#3254)
* Add Robinhood Crypto detector

* Address comment - use single keyword
2024-08-29 14:05:52 -07:00
joeleonjr
7d606e2480
CFOR Commit Scanner (#3145)
* alpha feature for scanning hidden commits on github

* improvements re: git operations

* lint updates

* updating with exec block due to no gh token

* reworked logic into new source

* fixed collisions threshold flag input

* fixed IOutil issues

* removed additions from GH config

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
2024-08-01 23:04:20 -04:00
0x1
b4b4ebaa03
nitro detector was removed and needed to be deprecated (#3102) 2024-07-31 07:07:35 -07:00
trufflesteeeve
c01428d107
Remove onwater detector (#3088) 2024-07-22 17:00:32 -04:00
Abdul Basit
5b64e1e5a1
implemented a netsuite detector (#3068)
* implemented a netsuite detector

* implemented the netsuite detector with modified test.

* clean up go.sum by running `go mod tidy`

* implemented a netsuite detector

* implemented the netsuite detector with modified test.

* clean up go.sum by running `go mod tidy`

* Incorporated suggestion by Ahrav
	- optimized nonce generation logic.
	- use string builder as compare to concatenation.

* fix go.sum

* fix import

* fix

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-07-22 12:37:18 -07:00
dylanTruffle
47535830c4
Elevenlabs detector (#3023)
* adding v1 eleven labs

* updating elevenlabs to support old and new version

* fixing status codes

* lint fixes

* adding test for v2

* adding test for v1

* return err

---------

Co-authored-by: Dylan Ayrey <dylan@Dylans-MacBook-Pro.local>
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
2024-07-03 10:53:20 -04:00
joeleonjr
01a1499600
New Source: HuggingFace (#3000)
* initial spike on hf

* added in user and org enum

* adding huggingface source

* updated with lint suggestions

* updated readme

* addressing resources that require org approval to access

* removing unneeded code

* updating with new error msg for 403

* deleted unused code + added resource check in main
2024-06-27 13:22:06 -04:00
Shreyas Sriram
e9206c66bb
Add endorlabs detector (#3015)
* Add endorlabs detector

* Remove unrelated changes

* Addrss comments

* remove prefix regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-06-26 21:28:19 -07:00
Abdul Basit
dddeca5224
Adding Larksuite Detectors + Tests (#3008)
* implemented larksuite detectores for tokens and api keys.
test implemented for larksuite token based detectors.

* implemented test for larksuiteapikey detector

* load credentials from GCP secret manager for larksuite api keys
2024-06-24 11:05:56 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
7bf3a9b5e2
adding eraser ai detector (#2961)
* adding eraser ai detector

* add eraser to defaults
2024-06-14 10:10:37 -04:00
Abdul Basit
cb4d332cbf
adding twitter + Consumer key detector (#2963)
* updated the twitter regex.

* updated regex for bearer token.

* clean up the code for existing twitter detector
added and Implemented new detector for twitter consumer key & secrets with test.
proto generated.

* string updated.

* written test for twitter consumer key detector

* reverted the file to avoid conflicts

* corrected the regex library in twitter detector
2024-06-13 09:32:24 -04:00
Dustin Decker
ef410873f2
Add Jenkins scanning (#2892)
* add jenkins

* whoops

* adding unauthenticated jenkins scanning

* update docs

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
2024-06-04 07:13:14 -04:00
Charlie Gunyon
311494e86e
Elastic adapter (#2727)
* Add stub source and elastic API funcs

* Spawn workers and ship chunks

* Now successfully detects a credential

- Added tests
- Added some documentation comments
- Threaded the passed context through to all the API requests

* Linting fixes

* Add integration tests and resolve some bugs they uncovered

* Logstash -> Elasticsearch

* Add support for --index-pattern

* Add support for --query-json

* Use structs instead of string building to construct a search body

* Support --since-timestamp

* Implement additional authentication methods

* Fix some small bugs

* Refactoring to support --best-effort-scan

* Finish implementation of --best-effort-scan

* Implement scan catch-up

* Finish connecting support for nodes CLI arg

* Add some integration tests around the catchup mechanism

* go mod tidy

* Fix some linting issues

* Remove some debugging Prints

* Move off of _doc

* Remove informational Printf and add informational logging

* Remove debugging logging

* Copy the index from the outer loop as well

* Don't burn up the ES API with rapid requests if there's no work to do in subsequent scans

* No need to export UnitOfWork.AddSearch

* Use a better name for the range query variable when building the timestamp range clause in searches

* Replace some unlocking defers with explicit unlocks to make the synchronized part of the code clearer

* found -> ok

* Remove superfluous buildElasticClient method

---------

Co-authored-by: Charlie Gunyon <charlie@spectral.energy>
2024-05-24 09:38:20 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
b9ea2f5d4e
adding Groq detector (#2873)
* adding Groq detector

* using prefix as keyword
2024-05-22 15:46:14 -04:00
Abdul Basit
15c6333987
deprecated Integromat detector becuase they are gone. (#2856)
remove the package as well.
2024-05-16 08:29:36 -07:00
Alexandre GUIOT--VALENTIN
0d8c3335ed
Add "Intra42" detector (#2835)
* Add basic intra42 detector (lacks verification)

* Improve keywords/prefixes for intra42 detector

* Un-lint pkg/pb/detectorspb/detectors.pb.go to avoid bloating PR

* Add client_id match and secret verification

* Improve PrefixRegex

* Add missing entry in DetectorType_name in detectors.pb.go

* Add Intra42 to proto/detectors.proto

* Remove PrefixRegex

* Keep only identifiers as keywords

* Factorize regex (a-f0-9)
2024-05-14 11:33:54 -07:00
Dustin Decker
288003519a
Add webhook source protos (#2789)
* add webhook source protos

* update protos

* update proto

* update protos
2024-05-06 19:43:10 -04:00
Cody Rose
af095c294c
Add false positive info to proto (#2729)
This PR adds false positive information to the Result protobuf message in anticipation of us tracking it as first-class secret metadata. We're not doing that yet (it's blocked behind #2643) but setting up the messages now means we'll be able to do it later with less of a code delta.
2024-04-23 16:18:45 -04:00
Ankush Goel
3fa86a1008
added onfleet api key detector (#2375)
* added onfleet detector

* use organization get endpoint

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-04-21 10:06:51 -07:00
Luska
e5575cd6f2
Adding Pagarme API key detection (#2665)
* Adding support to Pagarme API key detection

* adding scanner

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-04-10 17:57:25 -07:00
Shreyas Sriram
08b6f90c81
Add Wiz detector (#2691)
* Implement wiz detector

* Fix tests

* Update false positive logic
2024-04-10 08:19:36 -07:00
kenzht
0d3023fe74
add GCP application default credentials detector (#2530)
* add GCP application default credentials detector

* add a comment

* update Keywords to better match the key

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-04-01 11:27:40 -07:00
Shreyas Sriram
31ad1eed30
Add JupiterOne detector (#2446)
* Add JupiterOne bootstrap

* Implement verification logic

* Cleanup

* Fix verificationError

* Undo unnecessary changes

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-03-29 19:14:04 -07:00
Zachary Rice
b11ce72338
Postman Source (#2579)
postman source

Co-authored-by: Miccah <m.castorina93@gmail.com>

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
2024-03-20 11:36:20 -05:00
Cody Rose
28ed81f0a2
Add naive S3 ignorelist (#2536)
This PR adds the ability to exclude buckets from S3 scans. The capability is pretty rudimentary right now, and does not support globbing. If both lists are specified the source to fail to initialize.
2024-03-05 08:01:20 -05:00
Richard Gomez
cbc0f0f48e
Create basic escaped unicode decoder (#2456)
* feat(decoders): basic escaped unicode

* wip: handle unicode notation
Experimenting with this.. might remove
2024-03-02 11:27:44 -08:00
Dustin Decker
8a825fde52
Clean up some detectors (#2501) 2024-02-23 15:04:02 -08:00
ahrav
5568b2e0a6
update gitlab proto (#2469)
* update gitlab proto

* update protos
2024-02-15 10:23:41 -08:00
Dustin Decker
a9817a3292
Remove some noisy / less useful detectors (#2467) 2024-02-14 15:27:03 -08:00
Dustin Decker
a00ffe9522
Allow multiple domains for Forager (#2400) 2024-02-08 07:08:30 -08:00
Mike Vanbuskirk
f6546ffaf5
Add s3 credential validation (#2362)
* add string non-empty validation to AWS creds

* clean up import spacing

* syntax fixup

* change to non-empty validation only

* convert to lower snake_case

- https://protobuf.dev/programming-guides/style/#message-field-names
2024-02-02 12:49:46 -05:00
Richard Gomez
8e90c4e669
Scan GitHub wikis #2233 2024-01-31 10:52:24 -05:00
Marlon
91d6496a76
added flyio protos (#2357)
* added flyio protos

* added builtwith proto

---------

Co-authored-by: root <root@ubuntutruffle.myguest.virtualbox.org>
2024-01-31 07:02:06 -08:00
roxanne-tampus
d6419a8ab2
added azure protos (#2304) 2024-01-15 06:59:47 -08:00
ahrav
651beff492
[feat] - Allow for the use of include/exclude path files for filesystem scans (#2297)
* Allow for the use of include/exclude path files for filesystem scans

* remove oopsie
2024-01-11 15:41:50 -08:00
dylanTruffle
3b4518cbab
adding postgres detector (#2108)
* adding postgres detector

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2024-01-10 16:19:45 -05:00
Dustin Decker
7d93adc1d0
Add skip archive support (#2257) 2023-12-22 11:55:23 -08:00
ahrav
f5d0f3f366
use snake_case for naming (#2238) 2023-12-20 06:57:00 -08:00
Miccah
88281bc354
[chore] Add skip_binaries field to AzureRepos proto message (#2232)
* [chore] Add skip_binaries field to AzureRepos proto message

* Make protos
2023-12-15 12:23:46 -08:00
ahrav
5c6ce693c1
[feat] - Make skipping binaries configurable (#2226)
* Make skipping binaries configurable

* remove ioutil

* fix

* address comments

* address comments

* use multi-reader

* remove print

* use const

* fix test

* fix my stupidness
2023-12-15 11:46:27 -08:00
Dustin Decker
3167dde8a1
Deprecate some detectors (#2186) 2023-12-06 16:57:55 -08:00