Damanpreet Singh
4d0a40d2f3
Detector-Competition-Feat: Added ZeroTier API token detector ( #1988 )
...
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 19:55:58 -07:00
Damanpreet Singh
f1a75395e8
Detector-Competition-Feat: Added BetterStack API token detector ( #1987 )
...
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-26 19:46:56 -07:00
Corben Leo
8505d24d7d
Detector-Competition-Fix: Fix/Remove Flowdock detector ( #2004 )
...
* Detector-Competition-Fix: Fix/Remove Flowdock detector
---------
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-26 09:35:13 -04:00
Corben Leo
b776f9c122
Detector-Competition-Fix: Fix/Remove Happi Detection & Verification ( #2003 )
...
* Detector-Competition-Fix: Fix/Remove Happi Detection & Verification
---------
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-26 09:20:53 -04:00
Corben Leo
6914dacde3
Detector-Competition-Fix: Fix/Remove DataFire, API retired ( #1995 )
...
* Detector-Competition-Fix: Fix/Remove DataFire, API retired
* Detector-Competition-Fix: Depreciate Datafire Proto
* make protos for deprecating datafire
---------
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-25 21:51:54 -04:00
Corben Leo
f7960265ea
Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown) ( #1997 )
...
* Detector-Competition-Fix: Fix/Remove QuickMetrics (shutdown)
* Detector-Competition-Fix: Fix/Remove QuickMetrics protos
* make protos for deprecating Blablabus (#2002 )
* make protos for deprecating quickmetrics
---------
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
Co-authored-by: ahmed <ahmed.zahran@trufflesec.com>
2023-10-25 20:05:26 -04:00
Corben Leo
51b7fcc5d6
Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired ( #1996 )
...
* Detector-Competition-Fix: Fix/Remove BlaBlaBus, API retired
* Detector-Competition-Fix: Depreciate Blabus proto
2023-10-25 18:45:40 -04:00
Corben Leo
cebd92d79e
Detector-Competition-Fix: Depreciate Glitterly ( #2000 )
2023-10-25 18:08:50 -04:00
Damanpreet Singh
b2811bcf78
Detector-Competition-Feat: Added Vagrant Cloud Access Token Detector ( #1941 )
...
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-25 11:03:45 -05:00
Damanpreet Singh
2189dc9b0f
Detector-Competition-Feat: Added Portainer Detector ( #1936 )
...
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-25 06:32:57 -07:00
Damanpreet Singh
b2702b7839
Detector-Competition-Feat: Added OpenVPN API Detector ( #1940 )
2023-10-25 04:57:07 -07:00
Ankush Goel
84cb33ce3d
loggly detector ( #1782 )
...
* loggly detector
* fixed the loggly_test.go
* fixed the test file to pass the test
---------
Co-authored-by: dsingdev-rocketx <bughunter00@protonmail.com>
2023-10-24 20:06:47 -07:00
Damanpreet Singh
f467cf923c
Detector-Competition-Feat: Added PortainerToken Detector ( #1938 )
...
Co-authored-by: Ahrav Dutta <ahrav.dutta@trufflesec.com>
2023-10-24 13:48:40 -07:00
Damanpreet Singh
855aba2407
Detector-Competition-Feat: Add InstaMojo Payment Detector ( #1905 )
2023-10-23 16:58:25 -05:00
Damanpreet Singh
b4753a60be
Detector-Competition-New: add IP2Location api key detector ( #1915 )
2023-10-23 13:51:14 -05:00
Corben Leo
6c75e45958
Detector-Competition-Feat: Add ipinfo.io API key detector ( #1889 )
...
* Detector-Competition-Feat: Add ipinfo.io API key detector
* fix prefix
2023-10-23 09:00:35 -05:00
Corben Leo
4cb67a571d
Detector-Competition-Feat: Add Privacy.com API key detector ( #1888 )
...
* Detector-Competition-Feat: Add Privacy.com API key detector
* Detector-Competition-Feat: Add Privacy.com API key detector
* cleanup: fix prefix
2023-10-20 08:45:16 -05:00
Richard Gomez
b57b1c1aa7
feat(voiceflow): basic detector ( #1900 )
2023-10-18 16:17:11 -05:00
s.shivasurya
040167178c
added cody gateway token detection code ( #1883 )
...
* added cody gateway token detection code
* resolved conflict
2023-10-13 09:09:04 -06:00
Corben Leo
ae3a5d1202
Detector-Competition-Feat: Add Klaviyo API Secret Detector ( #1870 )
...
* Detector-Competition-Feat: Add Klaviyo API Secret Detector
* fix(error): add s1.VerificationError and remove specific code check.
* fix(error): add s1.VerificationError and remove specific code check.
2023-10-11 08:35:04 -06:00
Corben Leo
179a7e4cbc
Detector-Competition-New: add anthropic api key detector ( #1861 )
...
* feat(anthropic): add anthropic api key detector
* Detector-Competition-Fix: fix remove debug println
2023-10-05 11:34:40 -05:00
Corben Leo
bf1cce43e5
Detector-Competition-New: add ramp.com client id & secret detector ( #1862 )
2023-10-05 09:40:30 -05:00
Dylan Ayrey
de535071e1
implemented planet scale creds (passwords and API keys) ( #1841 )
...
* implemented planet scale creds (passwords and API keys)
* Add timeout, fix tests, fix indeterminate
---------
Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-10-02 14:00:36 -07:00
Dylan Ayrey
f13fe36ae2
adding azure storage detector ( #1840 )
...
* adding azure storage detector
* Fix variable name
* Escape regex
* fix test fields and update expected status code
---------
Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-10-02 13:45:45 -07:00
Ankush Goel
faf46175e4
added Web3 Storage detector ( #1789 )
...
* added Web3 Storage detector
* fixed the regex
* removed test and disabled token
2023-09-27 12:09:39 -05:00
Marwan Sulaiman
3aa5369608
Add Tailscale detector ( #1719 )
...
* Add tailscale detector
* PR feedback: match on first element
2023-09-07 19:11:17 -07:00
s.shivasurya
6695cf1dce
added sourcegraph token verification detection ( #1730 )
2023-08-31 08:47:13 -07:00
Zubair Khan
519646342e
add snowflake detector ( #1653 )
...
Detect Snowflake secrets (compound URI of account, username, password) and enrich Secret Result with account and databases that the secret has access to.
2023-08-24 13:29:58 -04:00
Zubair Khan
62d359eba4
add salesforce detector ( #1608 )
...
* setup
* update time out case to return detector result
* fix
* remove unneeded comment
* remove debug print
* cleanup
* more robust error handling
* reflect new detector template changes
* fixes
* mark response body check err as indeterminate
2023-08-16 10:42:04 -04:00
Zubair Khan
ea6e8b6bb5
add huggingface detector ( #1621 )
...
* init huggingface detector
* completed test
2023-08-14 14:22:04 -04:00
Bill Rich
0c7ed19270
Github Oauth2 verification ( #1584 )
...
* Github Oauth2 verification
* Use prefix and include RawV2
* Make gh_oauth2 a new detector
* Remove unused struct
* Remove versioner
* Remove unused code
2023-08-02 11:16:40 -07:00
Brandon Yan
8fad5fff79
add dockerhub scanner ( #1496 )
...
* add dockerhub scanner
* clean
* clean and fix regex logic and tests
* check length of userMatches before access
* Use camelcase.
---------
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2023-07-19 09:26:28 -07:00
Zubair Khan
be549a7287
add thog enterprise detector for web keys ( #1448 )
...
* saving progress
* proto changes
* run make protos
* verify response, add test case
* resolve linter warning about unescaped . in regex pattern
* resolve overlapping proto number
2023-07-18 09:53:12 -04:00
Brandon Yan
9af31f00a9
add envoy api key scanner ( #1482 )
...
* add envoy api key scanner
* Use detectors4.
---------
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2023-07-16 16:46:28 -07:00
Cody Rose
87058dd7fa
Add new verification error message field ( #1463 )
2023-07-10 11:15:40 -04:00
Zubair Khan
f52946b996
Add Couchbase Detector ( #1385 )
...
* init
* add detector type
* rotate leaked credentials
* tighten up username pattern
* isolated prefixregex as overrriding new line stuff
* passwordPat working now
* add username test
* fix edge case
* cleanup
* make linter happy
* make linter happy rd 2
* skip error logging
* fix test
* add password regex helper func
* make test more robust
* cleanup PR
* remove comments
* clarify prepend rationale
2023-06-26 14:37:10 -04:00
Zubair Khan
dfb1a0cd38
Add DocuSign detector ( #1382 )
...
* init
* look for client id and client secret, encode them for basis auth
* add tests
* test without checking the contents of response
* confirm access_token exists
* cleanup test
* explain in code that an undocumented grant_type is used
* remove use of deprecated ioutil, remove dead code, return errors instead of just logging
* directly pull access token
* update error text, remove redundant body close()
* import new detector into defaults
2023-06-08 13:34:50 -04:00
vickygoel
4c04bbbe85
added pulumi cloud Access token detector ( #1295 )
...
* added pulumi cloud Access token detector
* removed accidentally committed tokens
* added the databricks token detection
* made recommended changes
* added supabase management api token
* nuget api key detector
* added aiven.io token detector
* added prefect.io api key detector
* update protos.
---------
Co-authored-by: Developer <garg47294+1@gmail.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2023-05-11 09:08:48 -07:00
Jason Solis
c13c56283d
add tineswebhook detector ( #1304 )
2023-05-01 07:48:58 -07:00
Shabbir B
6f801f64c7
Added a new detector for percy.io ( #1284 )
...
* Feature: Added a new detector for percy.io
* Updated variable name
---------
Co-authored-by: ahrav <ahravdutta02@gmail.com>
2023-04-25 13:18:34 -07:00
ahrav
cec1543894
Add utf16 decoder proto. ( #1276 )
2023-04-20 15:25:36 -07:00
garg472
3e4496156c
added new detectors and fixed mesibo detector ( #1166 )
...
* added new detectors and fixed mesibo detector
* added bscscan.com API detector
* added coinmarketcap detector
* update alchemy
* update blocknative
* update bscscan test
* update cmc test
* update tests
---------
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2023-03-16 18:57:08 -07:00
Miccah
861ad057c7
Implement CustomRegex detector ( #950 )
...
* Remove verifying successRanges because it is unused in webhook
* Move custom_detectors validation code into its own file
* Initial implementation of custom regex detector
Secret verification is done via webhook.
* Add CustomRegex detector type
* Add upper bound to permutation
* Return early if the context is canceled
* Add headers from configuration
* Add detector name as a key in the JSON body
* Implement faster algorithm for productIndices
2022-12-14 10:26:53 -06:00
Jessica
6e25664a52
add rambbitmq detector ( #936 )
...
* add rambbitmq detector
* use fixed length redaction
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
2022-11-21 10:47:41 -08:00
Dustin Decker
ae4b387448
add LDAP detector ( #896 )
2022-11-18 19:45:11 -08:00
kstilwell
ecd25784f5
Adding Shopify detector ( #875 )
...
* Fixes/work based on testing
* Remove some commented code
* Change how verification happens and grab additional information
* Address linter warnings.
* add shopify detector to default detectors.
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
2022-11-08 16:21:57 -08:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF ( #879 )
...
* simplify monogo pattern
* do URI verification locally, while attempting to defuse SSRF
* test SSRF defuse
* simplify err check logic per linter recommendation
* split up detectors
* address comments
* remove unused var
2022-11-01 17:27:24 -07:00
Alexandr Marchenko
60464da3ce
proposal: SqlServer connection string detector ( #867 )
...
* sqlserver added to detectors.proto
* make protos
* boilerplate detector generated
* wireup
* initial
2022-10-26 07:46:13 -07:00
ahrav
cea2a23c56
[THOG-768] - Add ignore repo list to Github proto ( #843 )
...
* Add ignore repo list to Github proto.
* Add proto.
* Add missing proto.
2022-10-11 15:41:33 -07:00
Mildred Bernardo
80dcfbe9db
Added DigitalOceanV2 detector ( #828 )
2022-09-27 17:51:10 -07:00