From 7bfbb29e0575ac21bcd8789f211a1b72fe94a9ee Mon Sep 17 00:00:00 2001 From: Dom Whewell Date: Tue, 20 Aug 2024 18:58:47 +0100 Subject: [PATCH 1/3] Added RawV2 to trufflehog output --- bbot/modules/trufflehog.py | 25 ++++++++++++++----- .../module_tests/test_module_trufflehog.py | 4 +-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/bbot/modules/trufflehog.py b/bbot/modules/trufflehog.py index aacc23a77..002cdac9a 100644 --- a/bbot/modules/trufflehog.py +++ b/bbot/modules/trufflehog.py @@ -90,17 +90,25 @@ async def handle_event(self, event): host = event.host else: host = str(event.parent.host) - async for decoder_name, detector_name, raw_result, verified, source_metadata in self.execute_trufflehog( - module, path - ): + async for ( + decoder_name, + detector_name, + raw_result, + rawv2_result, + verified, + source_metadata, + ) in self.execute_trufflehog(module, path): if verified: data = { "severity": "High", - "description": f"Verified Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Secret: [{raw_result}] Details: [{source_metadata}]", + "description": f"Verified Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Details: [{source_metadata}]", "host": host, } if description: data["description"] += f" Description: [{description}]" + data["description"] += f" Raw result: [{raw_result}]" + if rawv2_result: + data["description"] += f" RawV2 result: [{rawv2_result}]" await self.emit_event( data, "VULNERABILITY", @@ -109,11 +117,14 @@ async def handle_event(self, event): ) else: data = { - "description": f"Potential Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Secret: [{raw_result}] Details: [{source_metadata}]", + "description": f"Potential Secret Found. Detector Type: [{detector_name}] Decoder Type: [{decoder_name}] Details: [{source_metadata}]", "host": host, } if description: data["description"] += f" Description: [{description}]" + data["description"] += f" Raw result: [{raw_result}]" + if rawv2_result: + data["description"] += f" RawV2 result: [{rawv2_result}]" await self.emit_event( data, "FINDING", @@ -162,11 +173,13 @@ async def execute_trufflehog(self, module, path): raw_result = j.get("Raw", "") + rawv2_result = j.get("RawV2", "") + verified = j.get("Verified", False) source_metadata = j.get("SourceMetadata", {}) - yield (decoder_name, detector_name, raw_result, verified, source_metadata) + yield (decoder_name, detector_name, raw_result, rawv2_result, verified, source_metadata) finally: stats_file.unlink() diff --git a/bbot/test/test_step_2/module_tests/test_module_trufflehog.py b/bbot/test/test_step_2/module_tests/test_module_trufflehog.py index 9cd5be601..8873d9255 100644 --- a/bbot/test/test_step_2/module_tests/test_module_trufflehog.py +++ b/bbot/test/test_step_2/module_tests/test_module_trufflehog.py @@ -851,7 +851,7 @@ def check(self, module_test, events): if e.type == "VULNERABILITY" and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com") and "Verified Secret Found." in e.data["description"] - and "Secret: [https://admin:admin@the-internet.herokuapp.com]" in e.data["description"] + and "Raw result: [https://admin:admin@the-internet.herokuapp.com]" in e.data["description"] ] assert 3 == len(vuln_events), "Failed to find secret in events" github_repo_event = [e for e in vuln_events if "test_keys" in e.data["description"]][0].parent @@ -898,7 +898,7 @@ def check(self, module_test, events): if e.type == e.type == "FINDING" and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com") and "Potential Secret Found." in e.data["description"] - and "Secret: [https://admin:admin@internal.host.com]" in e.data["description"] + and "Raw result: [https://admin:admin@internal.host.com]" in e.data["description"] ] assert 3 == len(finding_events), "Failed to find secret in events" github_repo_event = [e for e in finding_events if "test_keys" in e.data["description"]][0].parent From 06fe2a9fcb8baa341acca827bf9b56c4b58b41e1 Mon Sep 17 00:00:00 2001 From: Dom Whewell Date: Tue, 20 Aug 2024 21:19:22 +0100 Subject: [PATCH 2/3] Add a test for the RawV2 result --- bbot/test/test_step_2/module_tests/test_module_trufflehog.py | 1 + 1 file changed, 1 insertion(+) diff --git a/bbot/test/test_step_2/module_tests/test_module_trufflehog.py b/bbot/test/test_step_2/module_tests/test_module_trufflehog.py index 8873d9255..6f845c251 100644 --- a/bbot/test/test_step_2/module_tests/test_module_trufflehog.py +++ b/bbot/test/test_step_2/module_tests/test_module_trufflehog.py @@ -852,6 +852,7 @@ def check(self, module_test, events): and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com") and "Verified Secret Found." in e.data["description"] and "Raw result: [https://admin:admin@the-internet.herokuapp.com]" in e.data["description"] + and "RawV2 result: [https://admin:admin@the-internet.herokuapp.com/basic_auth]" ] assert 3 == len(vuln_events), "Failed to find secret in events" github_repo_event = [e for e in vuln_events if "test_keys" in e.data["description"]][0].parent From c1415cc72e615c17af89ee2d58e5a4d382548c35 Mon Sep 17 00:00:00 2001 From: TheTechromancer <20261699+TheTechromancer@users.noreply.github.com> Date: Tue, 20 Aug 2024 16:47:08 -0400 Subject: [PATCH 3/3] Update test_module_trufflehog.py --- bbot/test/test_step_2/module_tests/test_module_trufflehog.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbot/test/test_step_2/module_tests/test_module_trufflehog.py b/bbot/test/test_step_2/module_tests/test_module_trufflehog.py index 6f845c251..da72ff354 100644 --- a/bbot/test/test_step_2/module_tests/test_module_trufflehog.py +++ b/bbot/test/test_step_2/module_tests/test_module_trufflehog.py @@ -852,7 +852,7 @@ def check(self, module_test, events): and (e.data["host"] == "hub.docker.com" or e.data["host"] == "github.com") and "Verified Secret Found." in e.data["description"] and "Raw result: [https://admin:admin@the-internet.herokuapp.com]" in e.data["description"] - and "RawV2 result: [https://admin:admin@the-internet.herokuapp.com/basic_auth]" + and "RawV2 result: [https://admin:admin@the-internet.herokuapp.com/basic_auth]" in e.data["description"] ] assert 3 == len(vuln_events), "Failed to find secret in events" github_repo_event = [e for e in vuln_events if "test_keys" in e.data["description"]][0].parent