Commit graph

136 commits

Author SHA1 Message Date
Abdul Basit
aa17b8eba4
[detector] Implemented Box Detector (#3242)
* Implemented a box detector with test cases.

* corrected comments

* remove generic keyword for box detector
remove PII details of user.

* Added Box Oauth detector
Implemented description for Box detectors.
Separated out test for Box detectors.

* removed user information from ExtraData.

---------

Co-authored-by: 0x1 <13666360+0x1@users.noreply.github.com>
2024-10-15 08:42:37 -05:00
Kyle Dodson
58485f3395
Add detector for SaladCloud API Keys (#3273) 2024-10-10 21:23:25 -07:00
Kashif Khan
ce5da505a7
Added Cisco Meraki API Key detector (#3367)
* Added cisco meraki apikey detector

* addressed the comments

* handled api response and saving orgs data in extra data

* fixed linter

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2024-10-07 12:00:45 -05:00
Kashif Khan
eb40243984
RailwayApp Detector (#3331)
* Added RailwayApp detector

* Updated Keywords
2024-09-25 10:17:08 -05:00
dylanTruffle
d201e54305
adding pypi detector (#3287)
* adding pypi detector

* update test and use helper

---------

Co-authored-by: Dylan Ayrey <dxa4481@rit.edu>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2024-09-11 19:17:17 -07:00
Daniel Teixeira
f24f62832b
Add detector for Nvidia NGC Personal Keys (#3280)
* Add detector for Nvidia NGC Personal Keys

* Update nvapi.go to use `nvapi-` as the keyword
2024-09-10 08:36:33 -07:00
Shreyas Sriram
15faaba61c
Add Robinhood Crypto detector (#3254)
* Add Robinhood Crypto detector

* Address comment - use single keyword
2024-08-29 14:05:52 -07:00
0x1
b4b4ebaa03
nitro detector was removed and needed to be deprecated (#3102) 2024-07-31 07:07:35 -07:00
trufflesteeeve
c01428d107
Remove onwater detector (#3088) 2024-07-22 17:00:32 -04:00
Abdul Basit
5b64e1e5a1
implemented a netsuite detector (#3068)
* implemented a netsuite detector

* implemented the netsuite detector with modified test.

* clean up go.sum by running `go mod tidy`

* implemented a netsuite detector

* implemented the netsuite detector with modified test.

* clean up go.sum by running `go mod tidy`

* Incorporated suggestion by Ahrav
	- optimized nonce generation logic.
	- use string builder as compare to concatenation.

* fix go.sum

* fix import

* fix

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-07-22 12:37:18 -07:00
dylanTruffle
47535830c4
Elevenlabs detector (#3023)
* adding v1 eleven labs

* updating elevenlabs to support old and new version

* fixing status codes

* lint fixes

* adding test for v2

* adding test for v1

* return err

---------

Co-authored-by: Dylan Ayrey <dylan@Dylans-MacBook-Pro.local>
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
2024-07-03 10:53:20 -04:00
Shreyas Sriram
e9206c66bb
Add endorlabs detector (#3015)
* Add endorlabs detector

* Remove unrelated changes

* Addrss comments

* remove prefix regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-06-26 21:28:19 -07:00
Abdul Basit
dddeca5224
Adding Larksuite Detectors + Tests (#3008)
* implemented larksuite detectores for tokens and api keys.
test implemented for larksuite token based detectors.

* implemented test for larksuiteapikey detector

* load credentials from GCP secret manager for larksuite api keys
2024-06-24 11:05:56 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
7bf3a9b5e2
adding eraser ai detector (#2961)
* adding eraser ai detector

* add eraser to defaults
2024-06-14 10:10:37 -04:00
Abdul Basit
cb4d332cbf
adding twitter + Consumer key detector (#2963)
* updated the twitter regex.

* updated regex for bearer token.

* clean up the code for existing twitter detector
added and Implemented new detector for twitter consumer key & secrets with test.
proto generated.

* string updated.

* written test for twitter consumer key detector

* reverted the file to avoid conflicts

* corrected the regex library in twitter detector
2024-06-13 09:32:24 -04:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
b9ea2f5d4e
adding Groq detector (#2873)
* adding Groq detector

* using prefix as keyword
2024-05-22 15:46:14 -04:00
Abdul Basit
15c6333987
deprecated Integromat detector becuase they are gone. (#2856)
remove the package as well.
2024-05-16 08:29:36 -07:00
Alexandre GUIOT--VALENTIN
0d8c3335ed
Add "Intra42" detector (#2835)
* Add basic intra42 detector (lacks verification)

* Improve keywords/prefixes for intra42 detector

* Un-lint pkg/pb/detectorspb/detectors.pb.go to avoid bloating PR

* Add client_id match and secret verification

* Improve PrefixRegex

* Add missing entry in DetectorType_name in detectors.pb.go

* Add Intra42 to proto/detectors.proto

* Remove PrefixRegex

* Keep only identifiers as keywords

* Factorize regex (a-f0-9)
2024-05-14 11:33:54 -07:00
Cody Rose
af095c294c
Add false positive info to proto (#2729)
This PR adds false positive information to the Result protobuf message in anticipation of us tracking it as first-class secret metadata. We're not doing that yet (it's blocked behind #2643) but setting up the messages now means we'll be able to do it later with less of a code delta.
2024-04-23 16:18:45 -04:00
Ankush Goel
3fa86a1008
added onfleet api key detector (#2375)
* added onfleet detector

* use organization get endpoint

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-04-21 10:06:51 -07:00
Luska
e5575cd6f2
Adding Pagarme API key detection (#2665)
* Adding support to Pagarme API key detection

* adding scanner

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-04-10 17:57:25 -07:00
Shreyas Sriram
08b6f90c81
Add Wiz detector (#2691)
* Implement wiz detector

* Fix tests

* Update false positive logic
2024-04-10 08:19:36 -07:00
kenzht
0d3023fe74
add GCP application default credentials detector (#2530)
* add GCP application default credentials detector

* add a comment

* update Keywords to better match the key

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-04-01 11:27:40 -07:00
Shreyas Sriram
31ad1eed30
Add JupiterOne detector (#2446)
* Add JupiterOne bootstrap

* Implement verification logic

* Cleanup

* Fix verificationError

* Undo unnecessary changes

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2024-03-29 19:14:04 -07:00
Richard Gomez
cbc0f0f48e
Create basic escaped unicode decoder (#2456)
* feat(decoders): basic escaped unicode

* wip: handle unicode notation
Experimenting with this.. might remove
2024-03-02 11:27:44 -08:00
Dustin Decker
8a825fde52
Clean up some detectors (#2501) 2024-02-23 15:04:02 -08:00
Dustin Decker
a9817a3292
Remove some noisy / less useful detectors (#2467) 2024-02-14 15:27:03 -08:00
Marlon
91d6496a76
added flyio protos (#2357)
* added flyio protos

* added builtwith proto

---------

Co-authored-by: root <root@ubuntutruffle.myguest.virtualbox.org>
2024-01-31 07:02:06 -08:00
roxanne-tampus
d6419a8ab2
added azure protos (#2304) 2024-01-15 06:59:47 -08:00
dylanTruffle
3b4518cbab
adding postgres detector (#2108)
* adding postgres detector

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2024-01-10 16:19:45 -05:00
Dustin Decker
3167dde8a1
Deprecate some detectors (#2186) 2023-12-06 16:57:55 -08:00
Damanpreet Singh
d066a3fa78
Detector-Competition-Feat: Added Replicate API token detector (#2021)
* Detector-Competition-Feat: Added Replicate API token detector

* fix fullstory

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-07 12:16:39 -06:00
Damanpreet Singh
bcde7856c3
Detector-Competition-Feat: Added Ngrok API token detector (#2024)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-07 09:28:05 -06:00
Corben Leo
1094190ff5
Detector-Competition-Feat: Add Overloop detector (#2080)
* Detector-Competition-Feat: Add Overloop detector

* add protos and to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-06 16:43:31 -06:00
Damanpreet Singh
da59b72735
Detector-Competition-Feat: Added Request.Finance API token detector (#2020)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-06 16:13:33 -06:00
Ankush Goel
703e158648
Detector-Competition-New : created grafana service account detector (#1960)
* created grafana service account detector

* add import

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-06 15:41:37 -06:00
Ankush Goel
aabfec4cdf
Competition-Detector-New: added eventbrite detector (#2072)
* added eventbrite detector

* added packagename to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 16:42:13 -05:00
Ankush Goel
1371512ff3
logz.io detector (#2076)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 16:32:35 -05:00
Ankush Goel
06b5fc25ef
Coda Detector (#2075)
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 15:50:05 -05:00
dylanTruffle
0b90265802
pulling short lived AWS keys into their own thing, fixes #1224 (#2088)
* pulling short lived AWS keys into their own thing, fixes #1224

* Update awssessionkey.go

* fmt

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-03 11:58:49 -05:00
Corben Leo
3b9ecaa704
Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074)
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
2023-11-03 11:15:53 -04:00
Corben Leo
41e9cc59e2
Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) 2023-11-03 08:59:32 -05:00
Corben Leo
9e52e3e86f
Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081)
* Detector-Competition-Feat: Fix/Deprecate Prospect.io

* Detector-Competition-Fix: fix defaults.go
2023-11-03 07:04:42 -05:00
Corben Leo
b5cc6c196c
Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) 2023-11-02 15:43:49 -05:00
dylanTruffle
4106ce7bf0
Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958)
* implementing azure container registry password detector

* Fixing boundry feedback

* whoops

* update verification code

* fix regex

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-11-02 11:17:01 -05:00
Corben Leo
07f6c84aa4
Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) 2023-11-01 11:54:40 -05:00
dylanTruffle
8bac2b15ba
Detector-Competition-Feat: Adding Azure Batch keys (#1956)
* adding azure batch

* fmt

* fix lint

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
2023-10-31 10:49:04 -05:00
Damanpreet Singh
7a9332152a
Detector-Competition-Feat: Added Reply.io API token detector (#2019)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-29 17:57:36 -07:00
Damanpreet Singh
0068ec54f2
Detector-Competition-Feat: Added Stripo API token detector (#2018)
* Detector-Competition-Feat: Added Stripo API token detector

* adjust regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-29 17:26:14 -07:00
Richard Gomez
0427985ebe
feat: deno deploy detector (#2040)
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-29 16:58:00 -07:00