Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@Plazmaz
Plazmaz committed Mar 1, 2020
2 parents 67ff89b + 5cc7931 commit 2e95135
Show file tree
Hide file tree
Showing 9 changed files with 122 additions and 110 deletions.
6 changes: 6 additions & 0 deletions .gitattributes
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# This is not a secrets file but must be in the root directory.
# 2010
*.txt -crlf

# 2020
*.txt text eol=lf
1 change: 1 addition & 0 deletions .leaky-meta/,gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.toml
2 changes: 1 addition & 1 deletion .leaky-meta/benchmark.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def get_secret_count_detectsecrets():

def get_secret_count_gitleaks():
finds = {}
cmd = ['gitleaks', '--report=.leaky-meta/gitleaks.json', '--repo-path', '.']
cmd = ['gitleaks', '--config=.leaky-meta/gitleaks-config.toml', '--report=.leaky-meta/gitleaks.json', '--repo-path', '.']
stdout, stderr = get_command_stdout(cmd)
with open('gitleaks.json') as f:
data = json.load(f)
Expand Down
58 changes: 29 additions & 29 deletions .leaky-meta/benchmarking/DETECT-SECRETS.md
View file
Original file line number Diff line number Diff line change
@@ -1,52 +1,52 @@
Tool: https://github.com/Yelp/detect-secrets
Command Used: `detect-secrets scan`
Files covered: 23/44 (52.27% coverage)
Total finds: 41/179 (22.91% coverage)
Total finds: 41/175 (23.43% coverage)
False Positives: 0

File Name | Found/Total | False Positives |
---------------------------------------|----------------|-----------------|
.mozilla/firefox/logins.json | 6/28 | 0
.bash_profile | 4/11 | 0
.bashrc | 3/6 | 0
web/ruby/secrets.yml | 3/3 | 0
web/var/www/.env | 3/10 | 0
.bashrc | 3/6 | 0
ventrilo_srv.ini | 2/2 | 0
cloud/heroku.json | 2/2 | 0
cloud/.credentials | 2/4 | 0
cloud/heroku.json | 2/2 | 0
high-entropy-misc.txt | 2/2 | 0
.remote-sync.json | 1/3 | 0
sftp-config.json | 1/4 | 0
.docker/.dockercfg | 1/6 | 0
ventrilo_srv.ini | 2/2 | 0
.docker/.dockercfg | 1/4 | 0
.docker/config.json | 1/4 | 0
.ssh/id_rsa | 1/1 | 0
web/var/www/public_html/config.php | 1/4 | 0
misc-keys/putty-example.ppk | 1/2 | 0
cloud/.tugboat | 1/3 | 0
.idea/WebServers.xml | 1/2 | 0
db/mongoid.yml | 1/1 | 0
misc-keys/cert-key.pem | 1/1 | 0
misc-keys/putty-example.ppk | 1/2 | 0
hub | 1/2 | 0
.vscode/sftp.json | 1/4 | 0
web/var/www/public_html/config.php | 1/4 | 0
deployment-config.json | 1/4 | 0
.docker/config.json | 1/6 | 0
misc-keys/cert-key.pem | 1/1 | 0
db/mongoid.yml | 1/1 | 0
filezilla/recentservers.xml | 0/6 | 0
web/var/www/public_html/.htpasswd | 0/1 | 0
.remote-sync.json | 1/3 | 0
.vscode/sftp.json | 1/4 | 0
sftp-config.json | 1/4 | 0
.idea/WebServers.xml | 1/2 | 0
.ssh/id_rsa.pub | 0/1 | 0
cloud/.s3cfg | 0/3 | 0
web/django/settings.py | 0/1 | 0
.ftpconfig | 0/5 | 0
.npmrc | 0/3 | 0
db/dump.sql | 0/10 | 0
etc/shadow | 0/1 | 0
config | 0/4 | 0
web/js/salesforce.js | 0/1 | 0
web/var/www/public_html/wp-config.php | 0/12 | 0
proftpdpasswd | 0/1 | 0
filezilla/recentservers.xml | 0/6 | 0
filezilla/filezilla.xml | 0/3 | 0
db/dbeaver-data-sources.xml | 0/1 | 0
.netrc | 0/2 | 0
.esmtprc | 0/3 | 0
db/.pgpass | 0/1 | 0
db/robomongo.json | 0/7 | 0
proftpdpasswd | 0/1 | 0
web/ruby/config/master.key | 0/1 | 0
.npmrc | 0/3 | 0
web/var/www/public_html/wp-config.php | 0/12 | 0
web/var/www/public_html/.htpasswd | 0/1 | 0
.git-credentials | 0/1 | 0
.ssh/id_rsa.pub | 0/1 | 0
db/robomongo.json | 0/7 | 0
web/js/salesforce.js | 0/1 | 0
.netrc | 0/2 | 0
config | 0/4 | 0
db/.pgpass | 0/1 | 0
db/dbeaver-data-sources.xml | 0/1 | 0
.esmtprc | 0/3 | 0
web/django/settings.py | 0/1 | 0
.ftpconfig | 0/5 | 0
88 changes: 44 additions & 44 deletions .leaky-meta/benchmarking/GITLEAKS.md
View file
Original file line number Diff line number Diff line change
@@ -1,52 +1,52 @@
Tool: https://github.com/zricethezav/gitleaks
Command Used: `gitleaks --report=.leaky-meta/gitleaks.json --repo-path .`
Files covered: 6/44 (13.64% coverage)
Total finds: 8/179 (4.47% coverage)
False Positives: 0
Command Used: `gitleaks --config=.leaky-meta/gitleaks-config.toml --report=.leaky-meta/gitleaks.json --repo-path .`
Files covered: 40/44 (90.91% coverage)
Total finds: 127/175 (72.57% coverage)
False Positives: 17

File Name | Found/Total | False Positives |
---------------------------------------|----------------|-----------------|
.bash_profile | 2/11 | 0
.bashrc | 2/6 | 0
cloud/heroku.json | 1/2 | 0
web/var/www/.env | 14/10 | 4
web/var/www/public_html/wp-config.php | 14/12 | 2
.mozilla/firefox/logins.json | 13/28 | 0
.bash_profile | 12/11 | 1
db/dump.sql | 10/10 | 0
db/robomongo.json | 7/7 | 0
.vscode/sftp.json | 7/4 | 3
cloud/.credentials | 6/4 | 2
web/var/www/public_html/config.php | 4/4 | 0
.bashrc | 3/6 | 0
config | 3/4 | 0
db/dbeaver-data-sources.xml | 3/1 | 2
.esmtprc | 3/3 | 0
deployment-config.json | 3/4 | 0
sftp-config.json | 3/4 | 0
.idea/WebServers.xml | 3/2 | 1
.docker/.dockercfg | 2/4 | 0
.docker/config.json | 2/4 | 0
cloud/heroku.json | 2/2 | 0
filezilla/recentservers.xml | 2/6 | 0
high-entropy-misc.txt | 2/2 | 0
.git-credentials | 2/1 | 1
web/js/salesforce.js | 2/1 | 1
.netrc | 2/2 | 0
hub | 2/2 | 0
ventrilo_srv.ini | 2/2 | 0
.ftpconfig | 2/5 | 0
.remote-sync.json | 2/3 | 0
.ssh/id_rsa | 1/1 | 0
misc-keys/cert-key.pem | 1/1 | 0
.ssh/id_rsa.pub | 1/1 | 0
cloud/.tugboat | 1/3 | 0
db/mongoid.yml | 1/1 | 0
filezilla/recentservers.xml | 0/6 | 0
ventrilo_srv.ini | 0/2 | 0
web/var/www/public_html/.htpasswd | 0/1 | 0
.remote-sync.json | 0/3 | 0
sftp-config.json | 0/4 | 0
.docker/.dockercfg | 0/6 | 0
etc/shadow | 1/1 | 0
filezilla/filezilla.xml | 1/3 | 0
misc-keys/cert-key.pem | 1/1 | 0
proftpdpasswd | 1/1 | 0
web/ruby/config/master.key | 1/1 | 0
.npmrc | 1/3 | 0
web/var/www/public_html/.htpasswd | 1/1 | 0
db/.pgpass | 1/1 | 0
cloud/.s3cfg | 0/3 | 0
web/django/settings.py | 0/1 | 0
.ftpconfig | 0/5 | 0
.npmrc | 0/3 | 0
web/var/www/public_html/config.php | 0/4 | 0
.mozilla/firefox/logins.json | 0/28 | 0
web/ruby/secrets.yml | 0/3 | 0
cloud/.credentials | 0/4 | 0
misc-keys/putty-example.ppk | 0/2 | 0
db/dump.sql | 0/10 | 0
etc/shadow | 0/1 | 0
cloud/.tugboat | 0/3 | 0
.idea/WebServers.xml | 0/2 | 0
config | 0/4 | 0
web/js/salesforce.js | 0/1 | 0
hub | 0/2 | 0
.vscode/sftp.json | 0/4 | 0
web/var/www/public_html/wp-config.php | 0/12 | 0
proftpdpasswd | 0/1 | 0
filezilla/filezilla.xml | 0/3 | 0
web/var/www/.env | 0/10 | 0
db/dbeaver-data-sources.xml | 0/1 | 0
.netrc | 0/2 | 0
deployment-config.json | 0/4 | 0
.docker/config.json | 0/6 | 0
.esmtprc | 0/3 | 0
db/.pgpass | 0/1 | 0
db/robomongo.json | 0/7 | 0
web/ruby/config/master.key | 0/1 | 0
.git-credentials | 0/1 | 0
.ssh/id_rsa.pub | 0/1 | 0
high-entropy-misc.txt | 0/2 | 0
web/ruby/secrets.yml | 0/3 | 0
web/django/settings.py | 0/1 | 0
56 changes: 28 additions & 28 deletions .leaky-meta/benchmarking/TRUFFLEHOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Tool: https://github.com/dxa4481/truffleHog
Command Used: `trufflehog --json --regex .`
Files covered: 23/44 (52.27% coverage)
Total finds: 40/179 (22.35% coverage)
Total finds: 40/175 (22.86% coverage)
False Positives: 43

File Name | Found/Total | False Positives |
Expand All @@ -10,43 +10,43 @@ misc-keys/cert-key.pem | 25/1 | 24
misc-keys/putty-example.ppk | 21/2 | 19
db/dump.sql | 8/10 | 0
web/ruby/secrets.yml | 3/3 | 0
filezilla/recentservers.xml | 2/6 | 0
.docker/.dockercfg | 2/6 | 0
.docker/.dockercfg | 2/4 | 0
.docker/config.json | 2/4 | 0
.mozilla/firefox/logins.json | 2/28 | 0
cloud/.credentials | 2/4 | 0
cloud/.tugboat | 2/3 | 0
.docker/config.json | 2/6 | 0
filezilla/recentservers.xml | 2/6 | 0
high-entropy-misc.txt | 2/2 | 0
.bash_profile | 1/11 | 0
.bashrc | 1/6 | 0
.ssh/id_rsa | 1/1 | 0
.ssh/id_rsa.pub | 1/1 | 0
cloud/.s3cfg | 1/3 | 0
cloud/heroku.json | 1/2 | 0
.ssh/id_rsa | 1/1 | 0
db/mongoid.yml | 1/1 | 0
etc/shadow | 1/1 | 0
hub | 1/2 | 0
proftpdpasswd | 1/1 | 0
.bash_profile | 1/11 | 0
web/var/www/.env | 1/10 | 0
web/ruby/config/master.key | 1/1 | 0
db/mongoid.yml | 1/1 | 0
.bashrc | 1/6 | 0
.ssh/id_rsa.pub | 1/1 | 0
ventrilo_srv.ini | 0/2 | 0
web/var/www/public_html/.htpasswd | 0/1 | 0
.remote-sync.json | 0/3 | 0
sftp-config.json | 0/4 | 0
web/django/settings.py | 0/1 | 0
.ftpconfig | 0/5 | 0
web/var/www/.env | 1/10 | 0
hub | 1/2 | 0
filezilla/filezilla.xml | 0/3 | 0
.npmrc | 0/3 | 0
web/var/www/public_html/config.php | 0/4 | 0
.idea/WebServers.xml | 0/2 | 0
config | 0/4 | 0
web/js/salesforce.js | 0/1 | 0
.vscode/sftp.json | 0/4 | 0
web/var/www/public_html/wp-config.php | 0/12 | 0
filezilla/filezilla.xml | 0/3 | 0
db/dbeaver-data-sources.xml | 0/1 | 0
web/var/www/public_html/.htpasswd | 0/1 | 0
.git-credentials | 0/1 | 0
db/robomongo.json | 0/7 | 0
web/js/salesforce.js | 0/1 | 0
.netrc | 0/2 | 0
deployment-config.json | 0/4 | 0
.esmtprc | 0/3 | 0
config | 0/4 | 0
db/.pgpass | 0/1 | 0
db/robomongo.json | 0/7 | 0
.git-credentials | 0/1 | 0
ventrilo_srv.ini | 0/2 | 0
web/var/www/public_html/config.php | 0/4 | 0
db/dbeaver-data-sources.xml | 0/1 | 0
.esmtprc | 0/3 | 0
web/django/settings.py | 0/1 | 0
deployment-config.json | 0/4 | 0
.ftpconfig | 0/5 | 0
.remote-sync.json | 0/3 | 0
.vscode/sftp.json | 0/4 | 0
sftp-config.json | 0/4 | 0
.idea/WebServers.xml | 0/2 | 0
11 changes: 7 additions & 4 deletions .leaky-meta/install-test-tools.sh
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
#!/bin/bash
#!/usr/bin/env bash

if ! type "pip" > /dev/null
then
echo "Pip and Python are required for installing detect-secrets and truffleHog, but pip was not found!"
exit 1
fi

mkdir -p ~/.local/bin
if [ ! -f ~/.local/bin/gitleaks ]; then
wget https://github.com/zricethezav/gitleaks/releases/download/v2.1.0/gitleaks-linux-amd64 -O ~/.local/bin/gitleaks
if ! type "gitleaks" > /dev/null; then
latest=$(curl -s https://api.github.com/repos/zricethezav/gitleaks/releases/latest |grep "browser_download_url.*linux-amd64" |cut -d : -f 2,3 | tr -d '"')
wget $latest -O ~/.local/bin/gitleaks
chmod +x ~/.local/bin/gitleaks
fi
wget https://raw.githubusercontent.com/zricethezav/gitleaks/master/examples/leaky-repo.toml -O gitleaks-config.toml

pip install detect-secrets truffleHog
pip install detect-secrets truffleHog
8 changes: 5 additions & 3 deletions .leaky-meta/secrets.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,12 @@
.bash_profile,6,5
.bashrc,3,3

# Here the users and urls are informative, the auth is risk.
.docker/.dockercfg,2,4
# Here the users are informative, the auth is risk.
# The URLs may be informative in rare cases, but will likely
# just be docker hub in most cases.
.docker/.dockercfg,2,2
# Same as above
.docker/config.json,2,4
.docker/config.json,2,2

# For all 4 firefox profiles:
# Risk: encryptedUsername, encryptedPassword
Expand Down
2 changes: 1 addition & 1 deletion cloud/.tugboat
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
authentication:
client_key: 383c8164d4bdd95d8b1bfbf4f540d754 # Informative
api_key: 3b6311afca5bd8aac647b316704e9c6d # Sensitive.
api_key: 3b6311afca5bd8aac647b316704e9c6d # Risk.
ssh:
ssh_user: admin # Informative
ssh_key_path: "~/.ssh/deploy.pem"
Expand Down

0 comments on commit 2e95135

Please sign in to comment.