Skip to content
/ excavator Public

Excavator is a lightweight pure Golang git leak scanning tool based on SAP's credential digger (without machine learning models) which attempts to improve on performance by introducing parallel computation.

License

Apache-2.0 license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ichbinfrog/excavator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
bin
bin
 
 
cmd
cmd
 
 
pkg
pkg
 
 
resources
resources
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
release.sh
release.sh
 
 

Repository files navigation

Excavator

Go Report Card License

Excavator is a lightweight pure Golang leak scanning tool which attempts to improve on performance by parallelising commit iteration.

CLI usage

Download a binary here.

# For scanning git repository (local or remote)
# Rules can be downloaded at resources/rules.yaml
excavator git <source> [flags]

# Dor scanning local directory
excavator fs <path> [flags]

Flags

  • -h , --help : display help
  • -c , --concurrent <int> : number of concurrent executions (defaults to 1), any integer given below 0 is considered as a single routine execution
  • -p , --path <string> : temporary local path to store the git repository (only applies to remote repository) (default .)
  • -r , --rules <string> : location of the rule declaration (defaults to resources/rules.yaml embedded in the binary)
  • -f , --format <string> : format of output result (default html) (currently supports yaml, html)

Global Flags

  • -v , -vv, -vvv : set verbosity levels

Scanning a repository without backend

excavator scan {repository}

Include in code

import (
  "github.com/ichbinfrog/excavator/pkg/scan"
)

func main() {
  c := &scan.GitScanner{}

  // Directory in which to store the cloned repository
  directory := ...
  
  // URL / local path of git repository
  // for private repositories the url can be set as
  // https://user:pass@host/repo.git
  repo := ...
  
  // path to rule file
  rule := ...

  // Number of concurrent go routines 
  concurrent := ...

  // Whether or not to show progress bar
  progressBar := ...

  // Output interface
  // Can be either
  //  - &YamlReport{}
  //  - &HTMLReport{}
  report := ...
  c.New(repo, directory, rule, report, progressBar)
}

Declaring rules

# rules.yaml
#
apiVersion: v1
rules:
  - # regex of rule
    definition: EAACEdEose0cBA[0-9A-Za-z]+
    # category of rule
    category: token
    # description (optional)
    description: facebook access token rule

# list of regexes of file to ignore
black_list:
  - '.*sample.*'

# list of parsers
# parsers are rules that require additional context for analysing
# for potential leaks with more precision
#
# currently supports "env" and "dockerfile" 
parsers:
  - type: "env" 
    extensions:
      - ".env" 

    # the parser uses theses values to check if the key in the <key> = <value>
    # form contains potential leaks 
    keys:               
      - "pass"
      - "host"
      - "proxy"
      - "key"

  - type: "dockerfile"
    extensions:
      - "Dockerfile"
    # keys defaults to 
    # ["pass", "host", "proxy", "key"] if not defined

# Whether or not to explore files that are in archives
# e.g. tar, gzip, zip, rar...
compressed: True

About

Excavator is a lightweight pure Golang git leak scanning tool based on SAP's credential digger (without machine learning models) which attempts to improve on performance by introducing parallel computation.

Topics

hacktoberfest

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases 4

Excavator v1.0 Latest
Aug 9, 2020
+ 3 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages