Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 15:14:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
2534 commits 139 branches 257 tags 147 MiB
Commit graph

2534 commits

This branch
This branch
All branches
Author SHA1 Message Date
joeleonjr
b2042e4e03
extract AWS account number from ID without verification (#2091) 
* added GetAccountNumFromAWSID function

* refacted aws func, moved to common
 2023-11-16 11:45:47 -05:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
737d6b764d
Adding Sumo Logic how to rotate (#2103) 2023-11-09 12:48:08 -05:00
ahrav
76a0468580
update protos so we can use the git source for CI (#2102) 2023-11-08 09:07:29 -08:00
Damanpreet Singh
d066a3fa78
Detector-Competition-Feat: Added Replicate API token detector (#2021) 
* Detector-Competition-Feat: Added Replicate API token detector

* fix fullstory

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-07 12:16:39 -06:00
Damanpreet Singh
bcde7856c3
Detector-Competition-Feat: Added Ngrok API token detector (#2024) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-07 09:28:05 -06:00
Ankush Goel
1b93c0545c
Competition-Detector-New:added v2 version for fullstory (#2067) 
* added v2 version for fullstory

* added versioner to the v1 fullstory detector
 2023-11-07 08:55:06 -06:00
Miccah
8e3f6e98dc
Add support for user:pass@host to postgres JDBC detector (#2089) 
* Add support for user:pass@host to postgres JDBC detector

* Remove ineffectual assignment
 2023-11-06 17:17:37 -08:00
Corben Leo
1094190ff5
Detector-Competition-Feat: Add Overloop detector (#2080) 
* Detector-Competition-Feat: Add Overloop detector

* add protos and to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 16:43:31 -06:00
Damanpreet Singh
da59b72735
Detector-Competition-Feat: Added Request.Finance API token detector (#2020) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 16:13:33 -06:00
Ankush Goel
703e158648
Detector-Competition-New : created grafana service account detector (#1960) 
* created grafana service account detector

* add import

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-06 15:41:37 -06:00
Ankush Goel
b2d541e0ea
Detector-Competition-Fix: fixed zulipchat detector (#1990) 
* fixed zulipchat detector

* fixed testing scenarios

* fixed test detector

* fixed test

* made chunking keyword from zulipchat to zulip

* fixed email regex

* fixed domain regex
 2023-11-06 12:22:47 -06:00
Ankush Goel
6259b179b9
Grafana (#2096) 
* Created Grafana Cloud API Key detector

* made the regex more bounded

* added boundary to regex
 2023-11-06 11:13:06 -06:00
Ankush Goel
aabfec4cdf
Competition-Detector-New: added eventbrite detector (#2072) 
* added eventbrite detector

* added packagename to defaults.go

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 16:42:13 -05:00
Ankush Goel
1371512ff3
logz.io detector (#2076) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 16:32:35 -05:00
Ankush Goel
06b5fc25ef
Coda Detector (#2075) 
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 15:50:05 -05:00
Zachary Rice
50a3a82cbb
fix (#2094) 2023-11-03 12:56:12 -05:00
Corben Leo
de8889b406
Detector-Competition-Fix: Fix LiveAgent Detector & Verifier (#2001) 
* Detector-Competition-Fix: Fix LiveAgent Detector & Verifier

* update regex
 2023-11-03 12:28:20 -05:00
dylanTruffle
0b90265802
pulling short lived AWS keys into their own thing, fixes #1224 (#2088) 
* pulling short lived AWS keys into their own thing, fixes #1224

* Update awssessionkey.go

* fmt

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-03 11:58:49 -05:00
Cody Rose
7a156330b5
Support multiple detectors per match (#2065) 
#1711 inadvertently removed the ability to match multiple custom detectors, or multiple detectors of the same type but different version, to a given keyword. (#2060 re-added support for multiple versions of detectors globally, and #2064 re-added support for multiple custom detectors globally, but neither fixed trufflehog's inability to support multiple such detectors for a given keyword match.) This PR re-adds the removed functionality (and narrows the AhoCorasickCore interface in the process.)
 2023-11-03 12:26:18 -04:00
Miccah
600903f391
[chore] Speedup IsKnownFalsePositive using sets (#2090) 
Also check that the match is a valid UTF-8 string.
 2023-11-03 08:45:00 -07:00
Corben Leo
3b9ecaa704
Detector-Competition-Fix: Fix ScraperSite (deprecated) (#2074) 
Co-authored-by: āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d <13666360+0x1@users.noreply.github.com>
 2023-11-03 11:15:53 -04:00
Corben Leo
41e9cc59e2
Detector-Competition-Fix: Fix PassBase (acquired, deprecated) (#2079) 2023-11-03 08:59:32 -05:00
Ankush Goel
b95ed3b41a
Detector-Competition-New - Created Grafana Cloud API Key detector (#1959) 
* Created Grafana Cloud API Key detector

* made the regex more bounded

* added boundary to regex
 2023-11-03 09:25:54 -04:00
Corben Leo
9e52e3e86f
Detector-Competition-Fix: Fix/Deprecate Prospect.io (#2081) 
* Detector-Competition-Feat: Fix/Deprecate Prospect.io

* Detector-Competition-Fix: fix defaults.go
 2023-11-03 07:04:42 -05:00
joeleonjr
a1d74cd887
added resource type mapping to extraData in AWS (#2087) 
* added resource type mapping to extraData in AWS

* updating aws regex + logic for resource type
 2023-11-02 17:03:03 -04:00
Corben Leo
b5cc6c196c
Detector-Competition-Fix: Fix FakeJSON (deprecated) (#2073) 2023-11-02 15:43:49 -05:00
Ankush Goel
ab896890b4
fixed helpscout detector regex and verifier (#2056) 2023-11-02 14:20:26 -05:00
Ankush Goel
965a274de9
Detector-Competition-Fix: fixed regex for databricks domain and fixed tests (#1965) 
* fixed regex for domain and fixed tests

* fixed regex

* fixed an issue with regex subgrouping

* made recommended changes

* made recommended changed

* fixed RawV2
 2023-11-02 11:26:31 -05:00
Ankush Goel
b6469f23ac
modified regex (#2033) 2023-11-02 11:24:37 -05:00
dylanTruffle
4106ce7bf0
Detector-Competition-Feat: Adding Azure Container Registry Password Detector (#1958) 
* implementing azure container registry password detector

* Fixing boundry feedback

* whoops

* update verification code

* fix regex

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-11-02 11:17:01 -05:00
Corben Leo
07f6c84aa4
Detector-Competition-Fix: Fix SentimentInvestor (deprecated) (#2078) 2023-11-01 11:54:40 -05:00
Miccah
9d6bc8c504
Refactor git source to support scanning units (#2083) 2023-11-01 09:52:58 -07:00
Miccah
52600a897a
[chore] Replace chunks channel with ChunkReporter in git based sources (#2082) 
ChunkReporter is more flexible and will allow code reuse for unit
chunking. ChanReporter was added as a way to maintain the original
channel functionality, so this PR should not alter existing behavior.
 2023-11-01 09:22:44 -07:00
ahrav
d55cb56db4
update comment (#2084) 
update Cache.Contents() comment
 2023-11-01 07:36:22 -07:00
Cody Rose
7197e4b3f1
use rawv2 for pubnubpublish (#2062) 
We're seeing secrets of this type flap between verified and unverified, which is expected behavior for multipart secrets without RawV2 defined. This PR adds RawV2 for secrets of this type.
 2023-11-01 10:14:28 -04:00
ahrav
95e0090bc2
[chore] - correctly handle input shorter than 512 bytes (#2077) 
* correctly handle input shorter than 512 bytes

* add tests

* reorder tests

* add another test case

* update test

* address comment
 2023-10-31 16:42:42 -07:00
ahrav
89b6315e19
[chore] - add binutils dep to dockerfile (#2061) 
* add binutils dep to dockerfile

* add cpio

* add dep
 2023-10-31 16:40:19 -07:00
āh̳̕mͭͭͨͩ̐e̘ͬ́͋ͬ̊̓͂d
74a56de831
update braintreepayments detector to tri-state verification (#1834) 
* update braintreepayments detector to tri-state verification

* Update pkg/detectors/braintreepayments/braintreepayments.go

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>

* small nits

* small nits

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 16:13:48 -04:00
dylanTruffle
8bac2b15ba
Detector-Competition-Feat: Adding Azure Batch keys (#1956) 
* adding azure batch

* fmt

* fix lint

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 10:49:04 -05:00
dylanTruffle
499cb64546
Detector-Competition-Fix: Fix redis to now support SSL, and look for azure redis connection strings (#1957) 
* adding azure redis, and fixing the old detector to support ssl too

* fix?

* other way

---------

Co-authored-by: Chair <chair@Chairs-MacBook-Pro.local>
Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
 2023-10-31 10:17:55 -05:00
Corben Leo
a4fd17c9d1
Detector-Competition-Fix: Fix AppFollow Detection & Verification (#1933) 
* Detector-Competition-Fix: Fix AppFollow Detection & Verification

* fix(regex): update jwt regex for appfollow
 2023-10-31 09:43:20 -05:00
ahrav
a9b056de0a
Centralize logic for checking archive extraction tools (#2063) 
* Centralize logic for checking archive extraction tools

* simplify
 2023-10-30 20:14:51 -07:00
Miccah
57203a56cd
[chore] Fix SourceManager flaky test (#2059) 
* [chore] Fix SourceManager flaky test

Sorting by EndTime is not deterministic, however sorting by StartTime
should be. StartTime is set in a goroutine that's limited by
WithConcurrentUnits, so it should happen in order that the units are
received.

* Sort by unit ID
 2023-10-30 19:16:55 -07:00
Cody Rose
e58a2913ea
Support multiple custom detectors (#2064) 
#1711 accidentally removed the ability to support multiple custom detectors. This PR partially adds back this capability: Multiple custom detectors are now supported overall, but only one custom detector can be returned for a given keyword match.
 2023-10-30 18:17:17 -04:00
Corben Leo
de4a14b3f9
Detector-Competition-Fix: Fix SalesBlink Detection & Verification (#1950) 2023-10-30 16:10:24 -05:00
Damanpreet Singh
244ba3a214
Detector-Competition-Fix: Update formio regex to match Jwt token (#1935) 2023-10-30 16:08:19 -05:00
Corben Leo
6a15cd8f30
Detector-Competition-Fix: Fix Bitcoin Average detector (#1929) 2023-10-30 16:02:30 -05:00
Corben Leo
509fc6c0eb
Detector-Competition-Fix: Fix currencycloud.com API key (#1917) 
* Detector-Competition-Fix: Fix currencycloud.com API environment

* Detector-Competition-Fix: Fix currencycloud.com API environment

* fix(env): update environment
 2023-10-30 15:56:30 -05:00
Cody Rose
45059864f8
Re-add detector version (#2060) 
#2010 mistakenly removed detector version tracking from the Aho Corasick wrapper. This PR re-adds it.
 2023-10-30 15:34:33 -04:00
Dustin Decker
3c2270ae65
update kingpin import (#2053) 2023-10-30 10:58:38 -07:00