Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
2280 commits 139 branches 257 tags 147 MiB
Commit graph

60 commits

Author SHA1 Message Date
Marwan Sulaiman
3aa5369608
Add Tailscale detector (#1719) 
* Add tailscale detector

* PR feedback: match on first element
 2023-09-07 19:11:17 -07:00
s.shivasurya
6695cf1dce
added sourcegraph token verification detection (#1730) 2023-08-31 08:47:13 -07:00
Zubair Khan
519646342e
add snowflake detector (#1653) 
Detect Snowflake secrets (compound URI of account, username, password) and enrich Secret Result with account and databases that the secret has access to.
 2023-08-24 13:29:58 -04:00
Zubair Khan
62d359eba4
add salesforce detector (#1608) 
* setup

* update time out case to return detector result

* fix

* remove unneeded comment

* remove debug print

* cleanup

* more robust error handling

* reflect new detector template changes

* fixes

* mark response body check err as indeterminate
 2023-08-16 10:42:04 -04:00
Zubair Khan
ea6e8b6bb5
add huggingface detector (#1621) 
* init huggingface detector

* completed test
 2023-08-14 14:22:04 -04:00
Bill Rich
0c7ed19270
Github Oauth2 verification (#1584) 
* Github Oauth2 verification

* Use prefix and include RawV2

* Make gh_oauth2 a new detector

* Remove unused struct

* Remove versioner

* Remove unused code
 2023-08-02 11:16:40 -07:00
Brandon Yan
8fad5fff79
add dockerhub scanner (#1496) 
* add dockerhub scanner

* clean

* clean and fix regex logic and tests

* check length of userMatches before access

* Use camelcase.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-07-19 09:26:28 -07:00
Zubair Khan
be549a7287
add thog enterprise detector for web keys (#1448) 
* saving progress

* proto changes

* run make protos

* verify response, add test case

* resolve linter warning about unescaped . in regex pattern

* resolve overlapping proto number
 2023-07-18 09:53:12 -04:00
Brandon Yan
9af31f00a9
add envoy api key scanner (#1482) 
* add envoy api key scanner

* Use detectors4.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-07-16 16:46:28 -07:00
Cody Rose
b803a0f701
Report indeterminacy in AWS verifier (#1480) 2023-07-11 15:50:31 -04:00
Cody Rose
87058dd7fa
Add new verification error message field (#1463) 2023-07-10 11:15:40 -04:00
Zubair Khan
f52946b996
Add Couchbase Detector (#1385) 
* init

* add detector type

* rotate leaked credentials

* tighten up username pattern

* isolated prefixregex as overrriding new line stuff

* passwordPat working now

* add username test

* fix edge case

* cleanup

* make linter happy

* make linter happy rd 2

* skip error logging

* fix test

* add password regex helper func

* make test more robust

* cleanup PR

* remove comments

* clarify prepend rationale
 2023-06-26 14:37:10 -04:00
Zubair Khan
dfb1a0cd38
Add DocuSign detector (#1382) 
* init

* look for client id and client secret, encode them for basis auth

* add tests

* test without checking the contents of response

* confirm access_token exists

* cleanup test

* explain in code that an undocumented grant_type is used

* remove use of deprecated ioutil, remove dead code, return errors instead of just logging

* directly pull access token

* update error text, remove redundant body close()

* import new detector into defaults
 2023-06-08 13:34:50 -04:00
vickygoel
4c04bbbe85
added pulumi cloud Access token detector (#1295) 
* added pulumi cloud Access token detector

* removed accidentally committed tokens

* added the databricks token detection

* made recommended changes

* added supabase management api token

* nuget api key detector

* added aiven.io token detector

* added prefect.io api key detector

* update protos.

---------

Co-authored-by: Developer <garg47294+1@gmail.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-05-11 09:08:48 -07:00
Miccah
6699ccd2b5
Generate protos (#1329) 2023-05-04 12:26:41 -05:00
Jason Solis
c13c56283d
add tineswebhook detector (#1304) 2023-05-01 07:48:58 -07:00
Shabbir B
6f801f64c7
Added a new detector for percy.io (#1284) 
* Feature: Added a new detector for percy.io

* Updated variable name

---------

Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-04-25 13:18:34 -07:00
ahrav
cec1543894
Add utf16 decoder proto. (#1276) 2023-04-20 15:25:36 -07:00
garg472
3e4496156c
added new detectors and fixed mesibo detector (#1166) 
* added new detectors and fixed mesibo detector

* added bscscan.com API detector

* added coinmarketcap detector

* update alchemy

* update blocknative

* update bscscan test

* update cmc test

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-03-16 18:57:08 -07:00
Miccah
861ad057c7
Implement CustomRegex detector (#950) 
* Remove verifying successRanges because it is unused in webhook

* Move custom_detectors validation code into its own file

* Initial implementation of custom regex detector

Secret verification is done via webhook.

* Add CustomRegex detector type

* Add upper bound to permutation

* Return early if the context is canceled

* Add headers from configuration

* Add detector name as a key in the JSON body

* Implement faster algorithm for productIndices
 2022-12-14 10:26:53 -06:00
Jessica
6e25664a52
add rambbitmq detector (#936) 
* add rambbitmq detector

* use fixed length redaction

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-21 10:47:41 -08:00
Dustin Decker
ae4b387448
add LDAP detector (#896) 2022-11-18 19:45:11 -08:00
kstilwell
ecd25784f5
Adding Shopify detector (#875) 
* Fixes/work based on testing

* Remove some commented code

* Change how verification happens and grab additional information

* Address linter warnings.

* add shopify detector to default detectors.

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2022-11-08 16:21:57 -08:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF (#879) 
* simplify monogo pattern

* do URI verification locally, while attempting to defuse SSRF

* test SSRF defuse

* simplify err check logic per linter recommendation

* split up detectors

* address comments

* remove unused var
 2022-11-01 17:27:24 -07:00
Alexandr Marchenko
60464da3ce
proposal: SqlServer connection string detector (#867) 
* sqlserver added to detectors.proto

* make protos

* boilerplate detector generated

* wireup

* initial
 2022-10-26 07:46:13 -07:00
ahrav
cea2a23c56
[THOG-768] - Add ignore repo list to Github proto (#843) 
* Add ignore repo list to Github proto.

* Add proto.

* Add missing proto.
 2022-10-11 15:41:33 -07:00
ahrav
128002885a
Add decoder type to results. (#835) 2022-10-06 11:55:07 -07:00
Mildred Bernardo
80dcfbe9db
Added DigitalOceanV2 detector (#828) 2022-09-27 17:51:10 -07:00
Joseph Lucas
b02cf7e032
Adding detector for Nvidia NGC (#797) 
* template

* minimum viable regex

* valid api 401

* passing tests

* snake to camelcase
 2022-09-20 08:20:18 -07:00
ahrav
c4492b1fdc
Add support for MongoDB detector. (#793) 
* Add support for MongoDB detector.

* Remove extra line.

* Remove unused arg.

* Add context around found secret test.

* Remove unused arg.
 2022-09-15 05:47:09 -07:00
roxanne-tampus
90da460fa1
added new detector (#765) 2022-08-31 17:54:23 -07:00
Mildred Bernardo
4c3c103b62
added new detectors (#761) 2022-08-31 11:50:33 -07:00
Marlon
a35786dccd
fix and make_protos (#757) 2022-08-30 17:13:04 -07:00
roxanne-tampus
fa2d6b90cd
added new detectors (#743) 2022-08-29 16:44:11 -07:00
Marlon
098d4a9e7d
added appointed scanner (#425) 
* added appointed scanner

* fix comment

* fix comment

* fix comment

* fix issue

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-08-25 10:40:35 -07:00
Max Thomson
e9f4cf99e5
Add Honeycomb detector (#687) 
* Add Honeycomb detector

* Update pattern

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-08-24 16:50:31 -07:00
ahrav
dfb7e9a405
Add hash v2 to results proto. (#693) 2022-08-04 16:37:15 -07:00
roxanne-tampus
e9f503a083
added new detectors (#639) 
* added new detectors

* added gemini
 2022-07-08 08:19:03 -07:00
Marlon
48a0c28d33
added new protos (#495) 
* added new protos

* fix comment
 2022-05-02 09:23:09 -07:00
Dustin Decker
28d5396e61
Pr/371 (#490) 
* added paydirtyapp scanner

* change paydirtyapp to paydirtapp

Co-authored-by: Marlon Pamisa <marlonpamisa@gmail.com>
 2022-04-28 23:39:35 -07:00
Dustin Decker
40a2d8c9f4
Pr/478 (#489) 
* added nightfall detector

* fix protos and improve pattern

Co-authored-by: Mildred Tosoc <mildredtosoc@gmail.com>
 2022-04-28 23:11:48 -07:00
Marlon
5aaa60e418
added new protos (#445) 2022-04-21 21:46:56 -07:00
roxanne-tampus
0dedefdd1b
Added new detectors (#443) 2022-04-21 20:56:07 -07:00
roxanne-tampus
3e0e1da232
Renamed GTmetrix detector (#436) 
* added new protos

* added new detectors

* Renamed mispelled detector
 2022-04-21 18:02:05 -07:00
Dustin Decker
272dacaed3
Recharge payments detector Pr/381 (#430) 
* Add RechargePayments to detectors

* First pass at code and tests for RechargePayments detector

* Running make protos

* Fixes based on running tests

Co-authored-by: Kevin Stilwell <kevin.stilwell@gmail.com>
 2022-04-18 21:51:27 -07:00
Marlon
3e25996c08
fix formcraft proto (#427) 2022-04-18 10:56:01 -07:00
Marlon
6d3f27b89f
added new protos (#412) 2022-04-15 08:19:33 -07:00
roxanne-tampus
0971db82f3
Added new detectors (#400) 
* added new protos

* added new detectors
 2022-04-14 17:18:34 -07:00
Mildred Bernardo
313ab5df22
added new protos (#394) 
* Merge branch 'protos' of https://github.com/ladybug0125/trufflehog into protos

* make protos

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-04-13 23:01:11 -07:00
Marlon
b33376fc16
Feature/add protos1 (#364) 2022-04-10 07:49:46 -07:00