Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 14:42:03 +00:00
Code Issues Projects Releases Packages Wiki Activity
3039 commits 123 branches 240 tags 83 MiB
Commit graph

200 commits

Author SHA1 Message Date
Cody Rose
af095c294c
Add false positive info to proto (#2729) 
This PR adds false positive information to the Result protobuf message in anticipation of us tracking it as first-class secret metadata. We're not doing that yet (it's blocked behind #2643) but setting up the messages now means we'll be able to do it later with less of a code delta.
 2024-04-23 16:18:45 -04:00
Ankush Goel
3fa86a1008
added onfleet api key detector (#2375) 
* added onfleet detector

* use organization get endpoint

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-21 10:06:51 -07:00
Luska
e5575cd6f2
Adding Pagarme API key detection (#2665) 
* Adding support to Pagarme API key detection

* adding scanner

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-10 17:57:25 -07:00
Shreyas Sriram
08b6f90c81
Add Wiz detector (#2691) 
* Implement wiz detector

* Fix tests

* Update false positive logic
 2024-04-10 08:19:36 -07:00
kenzht
0d3023fe74
add GCP application default credentials detector (#2530) 
* add GCP application default credentials detector

* add a comment

* update Keywords to better match the key

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-04-01 11:27:40 -07:00
Shreyas Sriram
31ad1eed30
Add JupiterOne detector (#2446) 
* Add JupiterOne bootstrap

* Implement verification logic

* Cleanup

* Fix verificationError

* Undo unnecessary changes

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2024-03-29 19:14:04 -07:00
Zachary Rice
b11ce72338
Postman Source (#2579) 
postman source

Co-authored-by: Miccah <m.castorina93@gmail.com>

---------

Co-authored-by: Joe Leon <joe.leon@trufflesec.com>
Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2024-03-20 11:36:20 -05:00
Cody Rose
28ed81f0a2
Add naive S3 ignorelist (#2536) 
This PR adds the ability to exclude buckets from S3 scans. The capability is pretty rudimentary right now, and does not support globbing. If both lists are specified the source to fail to initialize.
 2024-03-05 08:01:20 -05:00
Richard Gomez
cbc0f0f48e
Create basic escaped unicode decoder (#2456) 
* feat(decoders): basic escaped unicode

* wip: handle unicode notation
Experimenting with this.. might remove
 2024-03-02 11:27:44 -08:00
Dustin Decker
8a825fde52
Clean up some detectors (#2501) 2024-02-23 15:04:02 -08:00
ahrav
5568b2e0a6
update gitlab proto (#2469) 
* update gitlab proto

* update protos
 2024-02-15 10:23:41 -08:00
Dustin Decker
a9817a3292
Remove some noisy / less useful detectors (#2467) 2024-02-14 15:27:03 -08:00
Dustin Decker
a00ffe9522
Allow multiple domains for Forager (#2400) 2024-02-08 07:08:30 -08:00
Mike Vanbuskirk
f6546ffaf5
Add s3 credential validation (#2362) 
* add string non-empty validation to AWS creds

* clean up import spacing

* syntax fixup

* change to non-empty validation only

* convert to lower snake_case

- https://protobuf.dev/programming-guides/style/#message-field-names
 2024-02-02 12:49:46 -05:00
Richard Gomez
8e90c4e669
Scan GitHub wikis #2233 2024-01-31 10:52:24 -05:00
Marlon
91d6496a76
added flyio protos (#2357) 
* added flyio protos

* added builtwith proto

---------

Co-authored-by: root <root@ubuntutruffle.myguest.virtualbox.org>
 2024-01-31 07:02:06 -08:00
roxanne-tampus
d6419a8ab2
added azure protos (#2304) 2024-01-15 06:59:47 -08:00
ahrav
651beff492
[feat] - Allow for the use of include/exclude path files for filesystem scans (#2297) 
* Allow for the use of include/exclude path files for filesystem scans

* remove oopsie
 2024-01-11 15:41:50 -08:00
dylanTruffle
3b4518cbab
adding postgres detector (#2108) 
* adding postgres detector

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
 2024-01-10 16:19:45 -05:00
Dustin Decker
7d93adc1d0
Add skip archive support (#2257) 2023-12-22 11:55:23 -08:00
ahrav
f5d0f3f366
use snake_case for naming (#2238) 2023-12-20 06:57:00 -08:00
Miccah
88281bc354
[chore] Add skip_binaries field to AzureRepos proto message (#2232) 
* [chore] Add skip_binaries field to AzureRepos proto message

* Make protos
 2023-12-15 12:23:46 -08:00
ahrav
5c6ce693c1
[feat] - Make skipping binaries configurable (#2226) 
* Make skipping binaries configurable

* remove ioutil

* fix

* address comments

* address comments

* use multi-reader

* remove print

* use const

* fix test

* fix my stupidness
 2023-12-15 11:46:27 -08:00
Dustin Decker
3167dde8a1
Deprecate some detectors (#2186) 2023-12-06 16:57:55 -08:00
Dustin Decker
07dc123840
update forager types (#2159) 2023-12-03 13:16:16 -08:00
Dustin Decker
ede0c39589
Add new auth method to source (#2132) 2023-11-28 10:58:11 -08:00
ahrav
fd33198ad8
add proto fields for Git (#2104) 
* add proto fields for git

* add uri to proto

* add comment
 2023-11-16 13:52:38 -08:00
ahrav
76a0468580
update protos so we can use the git source for CI (#2102) 2023-11-08 09:07:29 -08:00
Damanpreet Singh
d066a3fa78
Detector-Competition-Feat: Added Replicate API token detector (#2021) 
* Detector-Competition-Feat: Added Replicate API token detector

* fix fullstory

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-07 12:16:39 -06:00
Damanpreet Singh
bcde7856c3
Detector-Competition-Feat: Added Ngrok API token detector (#2024) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-07 09:28:05 -06:00
Corben Leo
1094190ff5
Detector-Competition-Feat: Add Overloop detector (#2080) 
* Detector-Competition-Feat: Add Overloop detector

* add protos and to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 16:43:31 -06:00
Damanpreet Singh
da59b72735
Detector-Competition-Feat: Added Request.Finance API token detector (#2020) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 16:13:33 -06:00
Ankush Goel
703e158648
Detector-Competition-New : created grafana service account detector (#1960) 
* created grafana service account detector

* add import

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 15:41:37 -06:00
Ankush Goel
aabfec4cdf
Competition-Detector-New: added eventbrite detector (#2072) 
* added eventbrite detector

* added packagename to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 16:42:13 -05:00
Ankush Goel
1371512ff3
logz.io detector (#2076) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 16:32:35 -05:00
Ankush Goel
06b5fc25ef
Coda Detector (#2075) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 15:50:05 -05:00
dylanTruffle
0b90265802
pulling short lived AWS keys into their own thing, fixes #1224 (#2088) 
* pulling short lived AWS keys into their own thing, fixes #1224

* Update awssessionkey.go

* fmt

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 11:58:49 -05:00
Corben Leo
3b9ecaa704
Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074) 
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
 2023-11-03 11:15:53 -04:00
Corben Leo
41e9cc59e2
Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) 2023-11-03 08:59:32 -05:00
Corben Leo
9e52e3e86f
Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081) 
* Detector-Competition-Feat: Fix/Deprecate Prospect.io

* Detector-Competition-Fix: fix defaults.go
 2023-11-03 07:04:42 -05:00
Corben Leo
b5cc6c196c
Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) 2023-11-02 15:43:49 -05:00
dylanTruffle
4106ce7bf0
Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958) 
* implementing azure container registry password detector

* Fixing boundry feedback

* whoops

* update verification code

* fix regex

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-02 11:17:01 -05:00
Corben Leo
07f6c84aa4
Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) 2023-11-01 11:54:40 -05:00
dylanTruffle
8bac2b15ba
Detector-Competition-Feat: Adding Azure Batch keys (#1956) 
* adding azure batch

* fmt

* fix lint

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 10:49:04 -05:00
Dustin Decker
05fae156e1
Add TravisCI source (#1877) 
* Add TravisCI source

* update test to use sourcestest

* Remove jobPage loop

ListByBuild does not support pagination, so this was infinitely
repeating. https://developer.travis-ci.com/resource/jobs#find

* Continue chunking on error

* review updates

* update readme

---------

Co-authored-by: Miccah Castorina <m.castorina93@gmail.com>
 2023-10-30 07:28:25 -07:00
Damanpreet Singh
7a9332152a
Detector-Competition-Feat: Added Reply.io API token detector (#2019) 
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-29 17:57:36 -07:00
Damanpreet Singh
0068ec54f2
Detector-Competition-Feat: Added Stripo API token detector (#2018) 
* Detector-Competition-Feat: Added Stripo API token detector

* adjust regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-29 17:26:14 -07:00
Richard Gomez
0427985ebe
feat: deno deploy detector (#2040) 
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-29 16:58:00 -07:00
Damanpreet Singh
3ffc0dfd22
Detector-Competition-Feat: Added Budibase API token detector (#2016) 2023-10-29 10:12:45 -07:00
Damanpreet Singh
52b3c99868
Detector-Competition-Feat: Added LemonSqueezy API token detector (#2017) 
* Detector-Competition-Feat: Added LemonSqueezy API token detector

* fix regex

---------

Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
 2023-10-28 15:03:14 -07:00