From e67f594540dc2471421f388d9c5bd466a69a19a7 Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Thu, 14 Nov 2019 19:54:28 -0800 Subject: [PATCH 1/4] Provided some more info on results and the changelog. --- README.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 95822ef..ceb088c 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ * [FAQ](#FAQ) * [Secrets](#Secrets) * [Results](#Results) +* [Changelog](#Changelog) * [Contact](#Contact) # FAQ @@ -68,7 +69,12 @@ sftp-config.json | Created by SFTP for Sublime Text, conta high-entropy-misc.txt | Misc high entropy strings (HES1 is plain, HES2 is base64) # Results -You can see how tools stack up in [Benchmarking](https://github.com/Plazmaz/leaky-repo/tree/master/.leaky-meta/benchmarking) +We've tested a few tools and generated metrics for it. You can see how the tools tested so far stack up in [Benchmarking](https://github.com/Plazmaz/leaky-repo/tree/master/.leaky-meta/benchmarking) +If there's a tool you'd like tested, please file an issue with details on it or create a PR. We are focused primarily on command-line based tools, but are also happy to accept results from web or GUI-based tools, as long as you include the full results and details about the tool. + +# Changelog +You can see recent changes made in our [CHANGELOG.md file](https://github.com/Plazmaz/leaky-repo/blob/master/.leaky-meta/CHANGELOG.md) or under [Releases](https://github.com/Plazmaz/leaky-repo/releases). We use semantic versioning for releases. + # Contact Got a question? Found something worth adding? [File an issue](https://github.com/Plazmaz/leaky-repo/issues) @@ -76,4 +82,4 @@ Have another reason to contact me? You can find me on Twitter: [@Plazmaz](https://twitter.com/Plazmaz) -It's also worth noting that many of the original patterns used to find the filenames and examples of several secrets came from github-dorks, which is under tha [Apache 2.0 License](https://github.com/techgaun/github-dorks/blob/master/LICENSE) \ No newline at end of file +It's also worth noting that many of the original patterns used to find the filenames and examples of several secrets came from github-dorks, which is under tha [Apache 2.0 License](https://github.com/techgaun/github-dorks/blob/master/LICENSE). Also, for the sake of full disclosure, I am a maintainer on that project. \ No newline at end of file From 226fcb481daf5914c121d87372875955fe4fedfb Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Mon, 18 Nov 2019 15:31:48 -0800 Subject: [PATCH 2/4] Fixed docker secrets, updated gitleaks config --- .leaky-meta/benchmark.py | 2 +- .leaky-meta/benchmarking/DETECT-SECRETS.md | 6 +- .leaky-meta/benchmarking/GITLEAKS.md | 74 +++++++++++----------- .leaky-meta/benchmarking/GITROB.md | 6 +- .leaky-meta/benchmarking/TRUFFLEHOG.md | 6 +- .leaky-meta/install-test-tools.sh | 3 +- .leaky-meta/secrets.csv | 8 ++- 7 files changed, 54 insertions(+), 51 deletions(-) diff --git a/.leaky-meta/benchmark.py b/.leaky-meta/benchmark.py index e567978..3852690 100644 --- a/.leaky-meta/benchmark.py +++ b/.leaky-meta/benchmark.py @@ -40,7 +40,7 @@ def get_secret_count_detectsecrets(): def get_secret_count_gitleaks(): finds = {} - cmd = ['gitleaks', '--report=.leaky-meta/gitleaks.json', '--repo-path', '.'] + cmd = ['gitleaks', '--config=.leaky-meta/gitleaks-config.toml', '--report=.leaky-meta/gitleaks.json', '--repo-path', '.'] stdout, stderr = get_command_stdout(cmd) with open('gitleaks.json') as f: data = json.load(f) diff --git a/.leaky-meta/benchmarking/DETECT-SECRETS.md b/.leaky-meta/benchmarking/DETECT-SECRETS.md index 7eb9f07..b82a1e8 100644 --- a/.leaky-meta/benchmarking/DETECT-SECRETS.md +++ b/.leaky-meta/benchmarking/DETECT-SECRETS.md @@ -1,7 +1,7 @@ Tool: https://github.com/Yelp/detect-secrets Command Used: `detect-secrets scan` Files covered: 23/44 (52.27% coverage) -Total finds: 41/179 (22.91% coverage) +Total finds: 41/175 (23.43% coverage) False Positives: 0 File Name | Found/Total | False Positives | @@ -17,7 +17,7 @@ cloud/.credentials | 2/4 | 0 high-entropy-misc.txt | 2/2 | 0 .remote-sync.json | 1/3 | 0 sftp-config.json | 1/4 | 0 -.docker/.dockercfg | 1/6 | 0 +.docker/.dockercfg | 1/4 | 0 .ssh/id_rsa | 1/1 | 0 web/var/www/public_html/config.php | 1/4 | 0 misc-keys/putty-example.ppk | 1/2 | 0 @@ -26,7 +26,7 @@ cloud/.tugboat | 1/3 | 0 hub | 1/2 | 0 .vscode/sftp.json | 1/4 | 0 deployment-config.json | 1/4 | 0 -.docker/config.json | 1/6 | 0 +.docker/config.json | 1/4 | 0 misc-keys/cert-key.pem | 1/1 | 0 db/mongoid.yml | 1/1 | 0 filezilla/recentservers.xml | 0/6 | 0 diff --git a/.leaky-meta/benchmarking/GITLEAKS.md b/.leaky-meta/benchmarking/GITLEAKS.md index 6a2b1df..a0f1eb1 100644 --- a/.leaky-meta/benchmarking/GITLEAKS.md +++ b/.leaky-meta/benchmarking/GITLEAKS.md @@ -1,52 +1,52 @@ Tool: https://github.com/zricethezav/gitleaks -Command Used: `gitleaks --report=.leaky-meta/gitleaks.json --repo-path .` -Files covered: 6/44 (13.64% coverage) -Total finds: 8/179 (4.47% coverage) -False Positives: 0 +Command Used: `gitleaks --config=.leaky-meta/gitleaks-config.toml --report=.leaky-meta/gitleaks.json --repo-path .` +Files covered: 34/44 (77.27% coverage) +Total finds: 133/175 (76.0% coverage) +False Positives: 47 File Name | Found/Total | False Positives | ---------------------------------------|----------------|-----------------| -.bash_profile | 2/11 | 0 -.bashrc | 2/6 | 0 -cloud/heroku.json | 1/2 | 0 -.ssh/id_rsa | 1/1 | 0 +.bash_profile | 24/11 | 13 +.mozilla/firefox/logins.json | 20/28 | 0 +web/var/www/public_html/wp-config.php | 15/12 | 3 +.bashrc | 15/6 | 9 +web/var/www/.env | 14/10 | 4 +cloud/.credentials | 12/4 | 8 +db/dump.sql | 10/10 | 0 +.vscode/sftp.json | 7/4 | 3 +db/robomongo.json | 7/7 | 0 +.docker/.dockercfg | 6/4 | 2 +.docker/config.json | 6/4 | 2 +web/var/www/public_html/config.php | 4/4 | 0 +sftp-config.json | 3/4 | 0 +db/dbeaver-data-sources.xml | 3/1 | 2 +deployment-config.json | 3/4 | 0 +.esmtprc | 3/3 | 0 +filezilla/recentservers.xml | 2/6 | 0 +ventrilo_srv.ini | 2/2 | 0 +.remote-sync.json | 2/3 | 0 +cloud/.s3cfg | 2/3 | 0 +.ftpconfig | 2/5 | 0 +cloud/heroku.json | 2/2 | 0 +.idea/WebServers.xml | 2/2 | 0 +web/js/salesforce.js | 2/1 | 1 +hub | 2/2 | 0 +.netrc | 2/2 | 0 +web/django/settings.py | 1/1 | 0 +.npmrc | 1/3 | 0 +cloud/.tugboat | 1/3 | 0 +config | 1/4 | 0 +filezilla/filezilla.xml | 1/3 | 0 misc-keys/cert-key.pem | 1/1 | 0 +.git-credentials | 1/1 | 0 db/mongoid.yml | 1/1 | 0 -filezilla/recentservers.xml | 0/6 | 0 -ventrilo_srv.ini | 0/2 | 0 web/var/www/public_html/.htpasswd | 0/1 | 0 -.remote-sync.json | 0/3 | 0 -sftp-config.json | 0/4 | 0 -.docker/.dockercfg | 0/6 | 0 -cloud/.s3cfg | 0/3 | 0 -web/django/settings.py | 0/1 | 0 -.ftpconfig | 0/5 | 0 -.npmrc | 0/3 | 0 -web/var/www/public_html/config.php | 0/4 | 0 -.mozilla/firefox/logins.json | 0/28 | 0 +.ssh/id_rsa | 0/1 | 0 web/ruby/secrets.yml | 0/3 | 0 -cloud/.credentials | 0/4 | 0 misc-keys/putty-example.ppk | 0/2 | 0 -db/dump.sql | 0/10 | 0 etc/shadow | 0/1 | 0 -cloud/.tugboat | 0/3 | 0 -.idea/WebServers.xml | 0/2 | 0 -config | 0/4 | 0 -web/js/salesforce.js | 0/1 | 0 -hub | 0/2 | 0 -.vscode/sftp.json | 0/4 | 0 -web/var/www/public_html/wp-config.php | 0/12 | 0 proftpdpasswd | 0/1 | 0 -filezilla/filezilla.xml | 0/3 | 0 -web/var/www/.env | 0/10 | 0 -db/dbeaver-data-sources.xml | 0/1 | 0 -.netrc | 0/2 | 0 -deployment-config.json | 0/4 | 0 -.docker/config.json | 0/6 | 0 -.esmtprc | 0/3 | 0 db/.pgpass | 0/1 | 0 -db/robomongo.json | 0/7 | 0 web/ruby/config/master.key | 0/1 | 0 -.git-credentials | 0/1 | 0 .ssh/id_rsa.pub | 0/1 | 0 high-entropy-misc.txt | 0/2 | 0 diff --git a/.leaky-meta/benchmarking/GITROB.md b/.leaky-meta/benchmarking/GITROB.md index 3922c4f..23ce4a4 100644 --- a/.leaky-meta/benchmarking/GITROB.md +++ b/.leaky-meta/benchmarking/GITROB.md @@ -2,7 +2,7 @@ Tool: https://github.com/michenriksen/gitrob Command Used: `gitrob (web interface)` Files covered: 2/44 (4.54% coverage) -Total finds: 3/179 (1.67% coverage) +Total finds: 3/175 (1.71% coverage) False Positives: 0 File Name | Found/Total | False Positives | @@ -23,11 +23,11 @@ db/mongoid.yml | 0/1 | 0 cloud/.tugboat | 0/3 | 0 .vscode/sftp.json | 0/4 | 0 hub | 0/2 | 0 -.docker/config.json | 0/6 | 0 +.docker/config.json | 0/4 | 0 sftp-config.json | 0/4 | 0 .idea/WebServers.xml | 0/2 | 0 misc-keys/putty-example.ppk | 0/2 | 0 -.docker/.dockercfg | 0/6 | 0 +.docker/.dockercfg | 0/4 | 0 web/var/www/public_html/config.php | 0/4 | 0 .remote-sync.json | 0/3 | 0 deployment-config.json | 0/4 | 0 diff --git a/.leaky-meta/benchmarking/TRUFFLEHOG.md b/.leaky-meta/benchmarking/TRUFFLEHOG.md index e4c1975..818946b 100644 --- a/.leaky-meta/benchmarking/TRUFFLEHOG.md +++ b/.leaky-meta/benchmarking/TRUFFLEHOG.md @@ -1,7 +1,7 @@ Tool: https://github.com/dxa4481/truffleHog Command Used: `trufflehog --json --regex .` Files covered: 23/44 (52.27% coverage) -Total finds: 40/179 (22.35% coverage) +Total finds: 40/175 (22.86% coverage) False Positives: 43 File Name | Found/Total | False Positives | @@ -11,11 +11,11 @@ misc-keys/putty-example.ppk | 21/2 | 19 db/dump.sql | 8/10 | 0 web/ruby/secrets.yml | 3/3 | 0 filezilla/recentservers.xml | 2/6 | 0 -.docker/.dockercfg | 2/6 | 0 +.docker/.dockercfg | 2/4 | 0 .mozilla/firefox/logins.json | 2/28 | 0 cloud/.credentials | 2/4 | 0 cloud/.tugboat | 2/3 | 0 -.docker/config.json | 2/6 | 0 +.docker/config.json | 2/4 | 0 high-entropy-misc.txt | 2/2 | 0 cloud/.s3cfg | 1/3 | 0 cloud/heroku.json | 1/2 | 0 diff --git a/.leaky-meta/install-test-tools.sh b/.leaky-meta/install-test-tools.sh index 4728844..5b172bd 100644 --- a/.leaky-meta/install-test-tools.sh +++ b/.leaky-meta/install-test-tools.sh @@ -7,8 +7,9 @@ fi mkdir -p ~/.local/bin if [ ! -f ~/.local/bin/gitleaks ]; then - wget https://github.com/zricethezav/gitleaks/releases/download/v2.1.0/gitleaks-linux-amd64 -O ~/.local/bin/gitleaks + wget https://github.com/zricethezav/gitleaks/releases/download/v3.0.1/gitleaks-linux-amd64 -O ~/.local/bin/gitleaks chmod +x ~/.local/bin/gitleaks fi +wget https://raw.githubusercontent.com/zricethezav/gitleaks/master/examples/leaky-repo.toml -O gitleaks-config.toml pip install detect-secrets truffleHog \ No newline at end of file diff --git a/.leaky-meta/secrets.csv b/.leaky-meta/secrets.csv index 8886c8f..d72a5c6 100644 --- a/.leaky-meta/secrets.csv +++ b/.leaky-meta/secrets.csv @@ -9,10 +9,12 @@ .bash_profile,6,5 .bashrc,3,3 -# Here the users and urls are informative, the auth is risk. -.docker/.dockercfg,2,4 +# Here the users are informative, the auth is risk. +# The URLs may be informative in rare cases, but will likely +# just be docker hub in most cases. +.docker/.dockercfg,2,2 # Same as above -.docker/config.json,2,4 +.docker/config.json,2,2 # For all 4 firefox profiles: # Risk: encryptedUsername, encryptedPassword From 8c99112abc3f0aa2d8cc54bd8d459525f8c7cc9a Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sat, 29 Feb 2020 18:26:39 -0800 Subject: [PATCH 3/4] Updated gitleaks, fixed up some EOL stuff --- .gitattributes | 6 ++ .leaky-meta/,gitignore | 1 + .leaky-meta/benchmarking/DETECT-SECRETS.md | 54 ++++++++--------- .leaky-meta/benchmarking/GITLEAKS.md | 68 +++++++++++----------- .leaky-meta/benchmarking/GITROB.md | 6 +- .leaky-meta/benchmarking/TRUFFLEHOG.md | 52 ++++++++--------- .leaky-meta/install-test-tools.sh | 9 +-- cloud/.tugboat | 2 +- 8 files changed, 103 insertions(+), 95 deletions(-) create mode 100644 .gitattributes create mode 100644 .leaky-meta/,gitignore diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..d12c1c1 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,6 @@ +# This is not a secrets file but must be in the root directory. +# 2010 +*.txt -crlf + +# 2020 +*.txt text eol=lf \ No newline at end of file diff --git a/.leaky-meta/,gitignore b/.leaky-meta/,gitignore new file mode 100644 index 0000000..6d02c15 --- /dev/null +++ b/.leaky-meta/,gitignore @@ -0,0 +1 @@ +gitleaks-config.toml \ No newline at end of file diff --git a/.leaky-meta/benchmarking/DETECT-SECRETS.md b/.leaky-meta/benchmarking/DETECT-SECRETS.md index b82a1e8..9b5c13f 100644 --- a/.leaky-meta/benchmarking/DETECT-SECRETS.md +++ b/.leaky-meta/benchmarking/DETECT-SECRETS.md @@ -8,45 +8,45 @@ File Name | Found/Total | False Positives | ---------------------------------------|----------------|-----------------| .mozilla/firefox/logins.json | 6/28 | 0 .bash_profile | 4/11 | 0 +.bashrc | 3/6 | 0 web/ruby/secrets.yml | 3/3 | 0 web/var/www/.env | 3/10 | 0 -.bashrc | 3/6 | 0 -ventrilo_srv.ini | 2/2 | 0 -cloud/heroku.json | 2/2 | 0 cloud/.credentials | 2/4 | 0 +cloud/heroku.json | 2/2 | 0 high-entropy-misc.txt | 2/2 | 0 -.remote-sync.json | 1/3 | 0 -sftp-config.json | 1/4 | 0 +ventrilo_srv.ini | 2/2 | 0 .docker/.dockercfg | 1/4 | 0 +.docker/config.json | 1/4 | 0 .ssh/id_rsa | 1/1 | 0 -web/var/www/public_html/config.php | 1/4 | 0 -misc-keys/putty-example.ppk | 1/2 | 0 cloud/.tugboat | 1/3 | 0 -.idea/WebServers.xml | 1/2 | 0 +db/mongoid.yml | 1/1 | 0 +misc-keys/cert-key.pem | 1/1 | 0 +misc-keys/putty-example.ppk | 1/2 | 0 hub | 1/2 | 0 -.vscode/sftp.json | 1/4 | 0 +web/var/www/public_html/config.php | 1/4 | 0 deployment-config.json | 1/4 | 0 -.docker/config.json | 1/4 | 0 -misc-keys/cert-key.pem | 1/1 | 0 -db/mongoid.yml | 1/1 | 0 -filezilla/recentservers.xml | 0/6 | 0 -web/var/www/public_html/.htpasswd | 0/1 | 0 +.remote-sync.json | 1/3 | 0 +.vscode/sftp.json | 1/4 | 0 +sftp-config.json | 1/4 | 0 +.idea/WebServers.xml | 1/2 | 0 +.ssh/id_rsa.pub | 0/1 | 0 cloud/.s3cfg | 0/3 | 0 -web/django/settings.py | 0/1 | 0 -.ftpconfig | 0/5 | 0 -.npmrc | 0/3 | 0 db/dump.sql | 0/10 | 0 etc/shadow | 0/1 | 0 -config | 0/4 | 0 -web/js/salesforce.js | 0/1 | 0 -web/var/www/public_html/wp-config.php | 0/12 | 0 -proftpdpasswd | 0/1 | 0 +filezilla/recentservers.xml | 0/6 | 0 filezilla/filezilla.xml | 0/3 | 0 -db/dbeaver-data-sources.xml | 0/1 | 0 -.netrc | 0/2 | 0 -.esmtprc | 0/3 | 0 -db/.pgpass | 0/1 | 0 -db/robomongo.json | 0/7 | 0 +proftpdpasswd | 0/1 | 0 web/ruby/config/master.key | 0/1 | 0 +.npmrc | 0/3 | 0 +web/var/www/public_html/wp-config.php | 0/12 | 0 +web/var/www/public_html/.htpasswd | 0/1 | 0 .git-credentials | 0/1 | 0 -.ssh/id_rsa.pub | 0/1 | 0 +db/robomongo.json | 0/7 | 0 +web/js/salesforce.js | 0/1 | 0 +.netrc | 0/2 | 0 +config | 0/4 | 0 +db/.pgpass | 0/1 | 0 +db/dbeaver-data-sources.xml | 0/1 | 0 +.esmtprc | 0/3 | 0 +web/django/settings.py | 0/1 | 0 +.ftpconfig | 0/5 | 0 diff --git a/.leaky-meta/benchmarking/GITLEAKS.md b/.leaky-meta/benchmarking/GITLEAKS.md index a0f1eb1..0e34f19 100644 --- a/.leaky-meta/benchmarking/GITLEAKS.md +++ b/.leaky-meta/benchmarking/GITLEAKS.md @@ -1,52 +1,52 @@ Tool: https://github.com/zricethezav/gitleaks Command Used: `gitleaks --config=.leaky-meta/gitleaks-config.toml --report=.leaky-meta/gitleaks.json --repo-path .` -Files covered: 34/44 (77.27% coverage) -Total finds: 133/175 (76.0% coverage) -False Positives: 47 +Files covered: 40/44 (90.91% coverage) +Total finds: 127/175 (72.57% coverage) +False Positives: 17 File Name | Found/Total | False Positives | ---------------------------------------|----------------|-----------------| -.bash_profile | 24/11 | 13 -.mozilla/firefox/logins.json | 20/28 | 0 -web/var/www/public_html/wp-config.php | 15/12 | 3 -.bashrc | 15/6 | 9 web/var/www/.env | 14/10 | 4 -cloud/.credentials | 12/4 | 8 +web/var/www/public_html/wp-config.php | 14/12 | 2 +.mozilla/firefox/logins.json | 13/28 | 0 +.bash_profile | 12/11 | 1 db/dump.sql | 10/10 | 0 -.vscode/sftp.json | 7/4 | 3 db/robomongo.json | 7/7 | 0 -.docker/.dockercfg | 6/4 | 2 -.docker/config.json | 6/4 | 2 +.vscode/sftp.json | 7/4 | 3 +cloud/.credentials | 6/4 | 2 web/var/www/public_html/config.php | 4/4 | 0 -sftp-config.json | 3/4 | 0 +.bashrc | 3/6 | 0 +config | 3/4 | 0 db/dbeaver-data-sources.xml | 3/1 | 2 -deployment-config.json | 3/4 | 0 .esmtprc | 3/3 | 0 -filezilla/recentservers.xml | 2/6 | 0 -ventrilo_srv.ini | 2/2 | 0 -.remote-sync.json | 2/3 | 0 -cloud/.s3cfg | 2/3 | 0 -.ftpconfig | 2/5 | 0 +deployment-config.json | 3/4 | 0 +sftp-config.json | 3/4 | 0 +.idea/WebServers.xml | 3/2 | 1 +.docker/.dockercfg | 2/4 | 0 +.docker/config.json | 2/4 | 0 cloud/heroku.json | 2/2 | 0 -.idea/WebServers.xml | 2/2 | 0 +filezilla/recentservers.xml | 2/6 | 0 +high-entropy-misc.txt | 2/2 | 0 +.git-credentials | 2/1 | 1 web/js/salesforce.js | 2/1 | 1 -hub | 2/2 | 0 .netrc | 2/2 | 0 -web/django/settings.py | 1/1 | 0 -.npmrc | 1/3 | 0 +hub | 2/2 | 0 +ventrilo_srv.ini | 2/2 | 0 +.ftpconfig | 2/5 | 0 +.remote-sync.json | 2/3 | 0 +.ssh/id_rsa | 1/1 | 0 +.ssh/id_rsa.pub | 1/1 | 0 cloud/.tugboat | 1/3 | 0 -config | 1/4 | 0 +db/mongoid.yml | 1/1 | 0 +etc/shadow | 1/1 | 0 filezilla/filezilla.xml | 1/3 | 0 misc-keys/cert-key.pem | 1/1 | 0 -.git-credentials | 1/1 | 0 -db/mongoid.yml | 1/1 | 0 -web/var/www/public_html/.htpasswd | 0/1 | 0 -.ssh/id_rsa | 0/1 | 0 -web/ruby/secrets.yml | 0/3 | 0 +proftpdpasswd | 1/1 | 0 +web/ruby/config/master.key | 1/1 | 0 +.npmrc | 1/3 | 0 +web/var/www/public_html/.htpasswd | 1/1 | 0 +db/.pgpass | 1/1 | 0 +cloud/.s3cfg | 0/3 | 0 misc-keys/putty-example.ppk | 0/2 | 0 -etc/shadow | 0/1 | 0 -proftpdpasswd | 0/1 | 0 -db/.pgpass | 0/1 | 0 -web/ruby/config/master.key | 0/1 | 0 -.ssh/id_rsa.pub | 0/1 | 0 -high-entropy-misc.txt | 0/2 | 0 +web/ruby/secrets.yml | 0/3 | 0 +web/django/settings.py | 0/1 | 0 diff --git a/.leaky-meta/benchmarking/GITROB.md b/.leaky-meta/benchmarking/GITROB.md index 23ce4a4..3922c4f 100644 --- a/.leaky-meta/benchmarking/GITROB.md +++ b/.leaky-meta/benchmarking/GITROB.md @@ -2,7 +2,7 @@ Tool: https://github.com/michenriksen/gitrob Command Used: `gitrob (web interface)` Files covered: 2/44 (4.54% coverage) -Total finds: 3/175 (1.71% coverage) +Total finds: 3/179 (1.67% coverage) False Positives: 0 File Name | Found/Total | False Positives | @@ -23,11 +23,11 @@ db/mongoid.yml | 0/1 | 0 cloud/.tugboat | 0/3 | 0 .vscode/sftp.json | 0/4 | 0 hub | 0/2 | 0 -.docker/config.json | 0/4 | 0 +.docker/config.json | 0/6 | 0 sftp-config.json | 0/4 | 0 .idea/WebServers.xml | 0/2 | 0 misc-keys/putty-example.ppk | 0/2 | 0 -.docker/.dockercfg | 0/4 | 0 +.docker/.dockercfg | 0/6 | 0 web/var/www/public_html/config.php | 0/4 | 0 .remote-sync.json | 0/3 | 0 deployment-config.json | 0/4 | 0 diff --git a/.leaky-meta/benchmarking/TRUFFLEHOG.md b/.leaky-meta/benchmarking/TRUFFLEHOG.md index 818946b..c629425 100644 --- a/.leaky-meta/benchmarking/TRUFFLEHOG.md +++ b/.leaky-meta/benchmarking/TRUFFLEHOG.md @@ -10,43 +10,43 @@ misc-keys/cert-key.pem | 25/1 | 24 misc-keys/putty-example.ppk | 21/2 | 19 db/dump.sql | 8/10 | 0 web/ruby/secrets.yml | 3/3 | 0 -filezilla/recentservers.xml | 2/6 | 0 .docker/.dockercfg | 2/4 | 0 +.docker/config.json | 2/4 | 0 .mozilla/firefox/logins.json | 2/28 | 0 cloud/.credentials | 2/4 | 0 cloud/.tugboat | 2/3 | 0 -.docker/config.json | 2/4 | 0 +filezilla/recentservers.xml | 2/6 | 0 high-entropy-misc.txt | 2/2 | 0 +.bash_profile | 1/11 | 0 +.bashrc | 1/6 | 0 +.ssh/id_rsa | 1/1 | 0 +.ssh/id_rsa.pub | 1/1 | 0 cloud/.s3cfg | 1/3 | 0 cloud/heroku.json | 1/2 | 0 -.ssh/id_rsa | 1/1 | 0 +db/mongoid.yml | 1/1 | 0 etc/shadow | 1/1 | 0 -hub | 1/2 | 0 proftpdpasswd | 1/1 | 0 -.bash_profile | 1/11 | 0 -web/var/www/.env | 1/10 | 0 web/ruby/config/master.key | 1/1 | 0 -db/mongoid.yml | 1/1 | 0 -.bashrc | 1/6 | 0 -.ssh/id_rsa.pub | 1/1 | 0 -ventrilo_srv.ini | 0/2 | 0 -web/var/www/public_html/.htpasswd | 0/1 | 0 -.remote-sync.json | 0/3 | 0 -sftp-config.json | 0/4 | 0 -web/django/settings.py | 0/1 | 0 -.ftpconfig | 0/5 | 0 +web/var/www/.env | 1/10 | 0 +hub | 1/2 | 0 +filezilla/filezilla.xml | 0/3 | 0 .npmrc | 0/3 | 0 -web/var/www/public_html/config.php | 0/4 | 0 -.idea/WebServers.xml | 0/2 | 0 -config | 0/4 | 0 -web/js/salesforce.js | 0/1 | 0 -.vscode/sftp.json | 0/4 | 0 web/var/www/public_html/wp-config.php | 0/12 | 0 -filezilla/filezilla.xml | 0/3 | 0 -db/dbeaver-data-sources.xml | 0/1 | 0 +web/var/www/public_html/.htpasswd | 0/1 | 0 +.git-credentials | 0/1 | 0 +db/robomongo.json | 0/7 | 0 +web/js/salesforce.js | 0/1 | 0 .netrc | 0/2 | 0 -deployment-config.json | 0/4 | 0 -.esmtprc | 0/3 | 0 +config | 0/4 | 0 db/.pgpass | 0/1 | 0 -db/robomongo.json | 0/7 | 0 -.git-credentials | 0/1 | 0 +ventrilo_srv.ini | 0/2 | 0 +web/var/www/public_html/config.php | 0/4 | 0 +db/dbeaver-data-sources.xml | 0/1 | 0 +.esmtprc | 0/3 | 0 +web/django/settings.py | 0/1 | 0 +deployment-config.json | 0/4 | 0 +.ftpconfig | 0/5 | 0 +.remote-sync.json | 0/3 | 0 +.vscode/sftp.json | 0/4 | 0 +sftp-config.json | 0/4 | 0 +.idea/WebServers.xml | 0/2 | 0 diff --git a/.leaky-meta/install-test-tools.sh b/.leaky-meta/install-test-tools.sh index 5b172bd..1107aee 100644 --- a/.leaky-meta/install-test-tools.sh +++ b/.leaky-meta/install-test-tools.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash + if ! type "pip" > /dev/null then echo "Pip and Python are required for installing detect-secrets and truffleHog, but pip was not found!" @@ -6,10 +7,10 @@ then fi mkdir -p ~/.local/bin -if [ ! -f ~/.local/bin/gitleaks ]; then - wget https://github.com/zricethezav/gitleaks/releases/download/v3.0.1/gitleaks-linux-amd64 -O ~/.local/bin/gitleaks +if ! type "gitleaks" > /dev/null; then + wget https://github.com/zricethezav/gitleaks/releases/download/v4.0.1/gitleaks-linux-amd64 -O ~/.local/bin/gitleaks chmod +x ~/.local/bin/gitleaks fi wget https://raw.githubusercontent.com/zricethezav/gitleaks/master/examples/leaky-repo.toml -O gitleaks-config.toml -pip install detect-secrets truffleHog \ No newline at end of file +pip install detect-secrets truffleHog diff --git a/cloud/.tugboat b/cloud/.tugboat index cdd8531..6e1addb 100644 --- a/cloud/.tugboat +++ b/cloud/.tugboat @@ -1,7 +1,7 @@ --- authentication: client_key: 383c8164d4bdd95d8b1bfbf4f540d754 # Informative - api_key: 3b6311afca5bd8aac647b316704e9c6d # Sensitive. + api_key: 3b6311afca5bd8aac647b316704e9c6d # Risk. ssh: ssh_user: admin # Informative ssh_key_path: "~/.ssh/deploy.pem" From 5cc79318c6b1fac8dcd9b20cb3e2c62af31c53af Mon Sep 17 00:00:00 2001 From: Dylan Katz Date: Sat, 29 Feb 2020 18:33:43 -0800 Subject: [PATCH 4/4] Improved logic for pulling gitleaks --- .leaky-meta/,gitignore | 2 +- .leaky-meta/install-test-tools.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.leaky-meta/,gitignore b/.leaky-meta/,gitignore index 6d02c15..4027c18 100644 --- a/.leaky-meta/,gitignore +++ b/.leaky-meta/,gitignore @@ -1 +1 @@ -gitleaks-config.toml \ No newline at end of file +*.toml \ No newline at end of file diff --git a/.leaky-meta/install-test-tools.sh b/.leaky-meta/install-test-tools.sh index 1107aee..1b23328 100644 --- a/.leaky-meta/install-test-tools.sh +++ b/.leaky-meta/install-test-tools.sh @@ -8,7 +8,8 @@ fi mkdir -p ~/.local/bin if ! type "gitleaks" > /dev/null; then - wget https://github.com/zricethezav/gitleaks/releases/download/v4.0.1/gitleaks-linux-amd64 -O ~/.local/bin/gitleaks + latest=$(curl -s https://api.github.com/repos/zricethezav/gitleaks/releases/latest |grep "browser_download_url.*linux-amd64" |cut -d : -f 2,3 | tr -d '"') + wget $latest -O ~/.local/bin/gitleaks chmod +x ~/.local/bin/gitleaks fi wget https://raw.githubusercontent.com/zricethezav/gitleaks/master/examples/leaky-repo.toml -O gitleaks-config.toml