Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 14:42:03 +00:00
Code Issues Projects Releases Packages Wiki Activity
2399 commits 123 branches 240 tags 83 MiB
Commit graph

67 commits

Author SHA1 Message Date
Damanpreet Singh
b4753a60be
Detector-Competition-New: add IP2Location api key detector (#1915) 2023-10-23 13:51:14 -05:00
Corben Leo
6c75e45958
Detector-Competition-Feat: Add ipinfo.io API key detector (#1889) 
* Detector-Competition-Feat: Add ipinfo.io API key detector

* fix prefix
 2023-10-23 09:00:35 -05:00
Corben Leo
4cb67a571d
Detector-Competition-Feat: Add Privacy.com API key detector (#1888) 
* Detector-Competition-Feat: Add Privacy.com API key detector

* Detector-Competition-Feat: Add Privacy.com API key detector

* cleanup: fix prefix
 2023-10-20 08:45:16 -05:00
Richard Gomez
b57b1c1aa7
feat(voiceflow): basic detector (#1900) 2023-10-18 16:17:11 -05:00
s.shivasurya
040167178c
added cody gateway token detection code (#1883) 
* added cody gateway token detection code

* resolved conflict
 2023-10-13 09:09:04 -06:00
Corben Leo
ae3a5d1202
Detector-Competition-Feat: Add Klaviyo API Secret Detector (#1870) 
* Detector-Competition-Feat: Add Klaviyo API Secret Detector

* fix(error): add s1.VerificationError and remove specific code check.

* fix(error): add s1.VerificationError and remove specific code check.
 2023-10-11 08:35:04 -06:00
Corben Leo
179a7e4cbc
Detector-Competition-New: add anthropic api key detector (#1861) 
* feat(anthropic): add anthropic api key detector

* Detector-Competition-Fix: fix remove debug println
 2023-10-05 11:34:40 -05:00
Corben Leo
bf1cce43e5
Detector-Competition-New: add ramp.com client id & secret detector (#1862) 2023-10-05 09:40:30 -05:00
Dylan Ayrey
de535071e1
implemented planet scale creds (passwords and API keys) (#1841) 
* implemented planet scale creds (passwords and API keys)

* Add timeout, fix tests, fix indeterminate

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-10-02 14:00:36 -07:00
Dylan Ayrey
f13fe36ae2
adding azure storage detector (#1840) 
* adding azure storage detector

* Fix variable name

* Escape regex

* fix test fields and update expected status code

---------

Co-authored-by: counter <counter@counters-MacBook-Air.local>
Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-10-02 13:45:45 -07:00
Ankush Goel
faf46175e4
added Web3 Storage detector (#1789) 
* added Web3 Storage detector

* fixed the regex

* removed test and disabled token
 2023-09-27 12:09:39 -05:00
Marwan Sulaiman
3aa5369608
Add Tailscale detector (#1719) 
* Add tailscale detector

* PR feedback: match on first element
 2023-09-07 19:11:17 -07:00
s.shivasurya
6695cf1dce
added sourcegraph token verification detection (#1730) 2023-08-31 08:47:13 -07:00
Zubair Khan
519646342e
add snowflake detector (#1653) 
Detect Snowflake secrets (compound URI of account, username, password) and enrich Secret Result with account and databases that the secret has access to.
 2023-08-24 13:29:58 -04:00
Zubair Khan
62d359eba4
add salesforce detector (#1608) 
* setup

* update time out case to return detector result

* fix

* remove unneeded comment

* remove debug print

* cleanup

* more robust error handling

* reflect new detector template changes

* fixes

* mark response body check err as indeterminate
 2023-08-16 10:42:04 -04:00
Zubair Khan
ea6e8b6bb5
add huggingface detector (#1621) 
* init huggingface detector

* completed test
 2023-08-14 14:22:04 -04:00
Bill Rich
0c7ed19270
Github Oauth2 verification (#1584) 
* Github Oauth2 verification

* Use prefix and include RawV2

* Make gh_oauth2 a new detector

* Remove unused struct

* Remove versioner

* Remove unused code
 2023-08-02 11:16:40 -07:00
Brandon Yan
8fad5fff79
add dockerhub scanner (#1496) 
* add dockerhub scanner

* clean

* clean and fix regex logic and tests

* check length of userMatches before access

* Use camelcase.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-07-19 09:26:28 -07:00
Zubair Khan
be549a7287
add thog enterprise detector for web keys (#1448) 
* saving progress

* proto changes

* run make protos

* verify response, add test case

* resolve linter warning about unescaped . in regex pattern

* resolve overlapping proto number
 2023-07-18 09:53:12 -04:00
Brandon Yan
9af31f00a9
add envoy api key scanner (#1482) 
* add envoy api key scanner

* Use detectors4.

---------

Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-07-16 16:46:28 -07:00
Cody Rose
87058dd7fa
Add new verification error message field (#1463) 2023-07-10 11:15:40 -04:00
Zubair Khan
f52946b996
Add Couchbase Detector (#1385) 
* init

* add detector type

* rotate leaked credentials

* tighten up username pattern

* isolated prefixregex as overrriding new line stuff

* passwordPat working now

* add username test

* fix edge case

* cleanup

* make linter happy

* make linter happy rd 2

* skip error logging

* fix test

* add password regex helper func

* make test more robust

* cleanup PR

* remove comments

* clarify prepend rationale
 2023-06-26 14:37:10 -04:00
Zubair Khan
dfb1a0cd38
Add DocuSign detector (#1382) 
* init

* look for client id and client secret, encode them for basis auth

* add tests

* test without checking the contents of response

* confirm access_token exists

* cleanup test

* explain in code that an undocumented grant_type is used

* remove use of deprecated ioutil, remove dead code, return errors instead of just logging

* directly pull access token

* update error text, remove redundant body close()

* import new detector into defaults
 2023-06-08 13:34:50 -04:00
vickygoel
4c04bbbe85
added pulumi cloud Access token detector (#1295) 
* added pulumi cloud Access token detector

* removed accidentally committed tokens

* added the databricks token detection

* made recommended changes

* added supabase management api token

* nuget api key detector

* added aiven.io token detector

* added prefect.io api key detector

* update protos.

---------

Co-authored-by: Developer <garg47294+1@gmail.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2023-05-11 09:08:48 -07:00
Jason Solis
c13c56283d
add tineswebhook detector (#1304) 2023-05-01 07:48:58 -07:00
Shabbir B
6f801f64c7
Added a new detector for percy.io (#1284) 
* Feature: Added a new detector for percy.io

* Updated variable name

---------

Co-authored-by: ahrav <ahravdutta02@gmail.com>
 2023-04-25 13:18:34 -07:00
ahrav
cec1543894
Add utf16 decoder proto. (#1276) 2023-04-20 15:25:36 -07:00
garg472
3e4496156c
added new detectors and fixed mesibo detector (#1166) 
* added new detectors and fixed mesibo detector

* added bscscan.com API detector

* added coinmarketcap detector

* update alchemy

* update blocknative

* update bscscan test

* update cmc test

* update tests

---------

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2023-03-16 18:57:08 -07:00
Miccah
861ad057c7
Implement CustomRegex detector (#950) 
* Remove verifying successRanges because it is unused in webhook

* Move custom_detectors validation code into its own file

* Initial implementation of custom regex detector

Secret verification is done via webhook.

* Add CustomRegex detector type

* Add upper bound to permutation

* Return early if the context is canceled

* Add headers from configuration

* Add detector name as a key in the JSON body

* Implement faster algorithm for productIndices
 2022-12-14 10:26:53 -06:00
Jessica
6e25664a52
add rambbitmq detector (#936) 
* add rambbitmq detector

* use fixed length redaction

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-11-21 10:47:41 -08:00
Dustin Decker
ae4b387448
add LDAP detector (#896) 2022-11-18 19:45:11 -08:00
kstilwell
ecd25784f5
Adding Shopify detector (#875) 
* Fixes/work based on testing

* Remove some commented code

* Change how verification happens and grab additional information

* Address linter warnings.

* add shopify detector to default detectors.

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
Co-authored-by: Ahrav Dutta <ahravdutta02@gmail.com>
 2022-11-08 16:21:57 -08:00
Dustin Decker
a7fc12240f
Do local URI verification, while attempting to defuse SSRF (#879) 
* simplify monogo pattern

* do URI verification locally, while attempting to defuse SSRF

* test SSRF defuse

* simplify err check logic per linter recommendation

* split up detectors

* address comments

* remove unused var
 2022-11-01 17:27:24 -07:00
Alexandr Marchenko
60464da3ce
proposal: SqlServer connection string detector (#867) 
* sqlserver added to detectors.proto

* make protos

* boilerplate detector generated

* wireup

* initial
 2022-10-26 07:46:13 -07:00
ahrav
cea2a23c56
[THOG-768] - Add ignore repo list to Github proto (#843) 
* Add ignore repo list to Github proto.

* Add proto.

* Add missing proto.
 2022-10-11 15:41:33 -07:00
Mildred Bernardo
80dcfbe9db
Added DigitalOceanV2 detector (#828) 2022-09-27 17:51:10 -07:00
Joseph Lucas
b02cf7e032
Adding detector for Nvidia NGC (#797) 
* template

* minimum viable regex

* valid api 401

* passing tests

* snake to camelcase
 2022-09-20 08:20:18 -07:00
ahrav
c4492b1fdc
Add support for MongoDB detector. (#793) 
* Add support for MongoDB detector.

* Remove extra line.

* Remove unused arg.

* Add context around found secret test.

* Remove unused arg.
 2022-09-15 05:47:09 -07:00
roxanne-tampus
90da460fa1
added new detector (#765) 2022-08-31 17:54:23 -07:00
Mildred Bernardo
4c3c103b62
added new detectors (#761) 2022-08-31 11:50:33 -07:00
Marlon
a35786dccd
fix and make_protos (#757) 2022-08-30 17:13:04 -07:00
Marlon
79ebd68068
added new detector (#751) 
Co-authored-by: marlon pamisa <marlon.pamisa@banyanhills.com>
 2022-08-30 11:28:41 -07:00
roxanne-tampus
fa2d6b90cd
added new detectors (#743) 2022-08-29 16:44:11 -07:00
Marlon
098d4a9e7d
added appointed scanner (#425) 
* added appointed scanner

* fix comment

* fix comment

* fix comment

* fix issue

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-08-25 10:40:35 -07:00
Max Thomson
e9f4cf99e5
Add Honeycomb detector (#687) 
* Add Honeycomb detector

* Update pattern

Co-authored-by: Dustin Decker <dustin@trufflesec.com>
 2022-08-24 16:50:31 -07:00
ahrav
dfb7e9a405
Add hash v2 to results proto. (#693) 2022-08-04 16:37:15 -07:00
roxanne-tampus
e9f503a083
added new detectors (#639) 
* added new detectors

* added gemini
 2022-07-08 08:19:03 -07:00
Marlon
48a0c28d33
added new protos (#495) 
* added new protos

* fix comment
 2022-05-02 09:23:09 -07:00
Dustin Decker
28d5396e61
Pr/371 (#490) 
* added paydirtyapp scanner

* change paydirtyapp to paydirtapp

Co-authored-by: Marlon Pamisa <marlonpamisa@gmail.com>
 2022-04-28 23:39:35 -07:00
Mildred Bernardo
b6b54798a1
added new protos (#445) (#463) 2022-04-22 07:21:26 -07:00