├── README.md
├── filetypes.txt
├── regex.txt
├── repossessed.sh
├── strings.txt
└── target
    └── droprepohere.txt


/README.md:
--------------------------------------------------------------------------------
 1 | # RepoSsessed
 2 | 
 3 | RepoSsessed is a project designed to parse public source code repositories and find various types of vulnerabilities. The current focus is on finding secrets, but see the Next Steps section to see what is being added.
 4 | 
 5 | The tool has two main audiences:
 6 | 
 7 | 1. Internal teams looking to make sure they don't have secrets in their code repositories.
 8 | 2. Consultants looking to check their customers' repositories for secrets, i.e., vulnerabilities.
 9 | 
10 | 
11 | ## Philosophy
12 | 
13 | Finding flaws in public source code repositories is not a new idea, and many have done great work in the area.
14 | 
15 | The reason this project was created was twofold:
16 | 
17 | 1. To add **source code flaws** to the public source code repository conversation. So, not just looking for information disclosure, but actual coding flaws as well, e.g., input validation mistakes that can lead to critical bugs in various languages. 
18 | 2. I am looking to **collapse all useful code repository signatures, including my own for coding flaws, into a single, flat, transparent format that can be used by ANY engine**. This way you can write whatever interface you'd like and use the evergreen signatures from this project.
19 | 3. Due to regular issues with leveraging search APIs, e.g., limiting sensitive (dangerous) searches and rate limiting, **this project works by searching the repo locally** post-clone.
20 | 
21 | ## Current implementation
22 | 
23 | Currently the tool works in two ways:
24 | 
25 | 1. Searches within a repo for a number of sensitive files.
26 | 2. Searches within a repo for a number of sensitive strings within files.
27 | 
28 | ## Installation
29 | 
30 | 1. Clone the directory.
31 | 2. Install <code>ripgrep</code>.
32 | 
33 | ## Usage
34 | 
35 | There are two primary ways to use this project.
36 | 
37 | 1. Create your own tool and use the <code>filetypes.txt</code> and <code>strings.txt</code> and <code>regex.txt</code> files as your search content.
38 | 2. Use the provided script to perform the actual searches.
39 | 
40 | If you're doing #2, simply clone this repo, <code>cd</code> into it, drop the repo you want to test into the <code>./target</code> directory, and then run the <code>./repossessed.sh</code> script, which will send your results to the console.
41 | 
42 | ## Next steps
43 | 
44 | With secrets being covered fairly well, the next thing I want to add to the project are some rudimentary source code checks.
45 | 
46 | - Use of deprecated APIs within code.
47 | - Use of dangerous functions.
48 | - Use of blacklisted patterns.
49 | - Etc.
50 | 
51 | Basically, if it's possible to <code>grep</code> for a string within a particular language's code, and find something that should not ever be done, I'm going to try to include it here.
52 | 
53 | High false negative, but also low false positive. I think that's the right tradeoff for something like this. And if you have any examples you'd like to see included, please let me know via Issues.
54 | 
55 | ## Credits
56 | 
57 | I'd like to give credit to the following people for either their prior work or their contributions:
58 | 
59 | - Samar Dhwoj Acharya for allowing me to use signatures from his Github Dorks project.
60 | - Michael Henriksen for allowing me to use signature files from his GitRob project.
61 | - Thanks to the creator of <code>ripgrep</code> for making such a nice implementation of grep.
62 | 
63 | ### Notes
64 | 
65 | 1. If you benefit from this project and think of any other signatures, please submit them to the project through pull requests or issues. The project will always remain open and transparent so that people can benefit from the shared signatures, and it's always nice to keep that going.
66 | 


--------------------------------------------------------------------------------
/filetypes.txt:
--------------------------------------------------------------------------------
 1 | .bash_history
 2 | .zsh_history
 3 | \.pem
 4 | "\.config"
 5 | *_rsa
 6 | *_dsa
 7 | \.bak
 8 | "\.db"
 9 | "\.mysql"
10 | "\.sql"
11 | "\.htaccess"
12 | "^config$"
13 | ".pcap"
14 | "\.pcapng"
15 | "\.p7b"
16 | "\.spc"
17 | "\.pfx"
18 | "\.p12"
19 | "\.der"
20 | "\.cer"
21 | "\.key"
22 | "\.sst"
23 | "\.stl"
24 | ^profile$
25 | "\.profile$"
26 | \.bashrc
27 | "zshenv"
28 | "\.zshenv"
29 | "\.zshrc"
30 | \.zshrc
31 | csh.cshrc
32 | \.logout
33 | \.zalias
34 | passwd
35 | shadow
36 | .aws/credentials
37 | aws/credentials
38 | homefolder/aws/credentials
39 | /ssh/id_rsa
40 | /.ssh/personal_rsa
41 | /config/server_rsa
42 | id_rsa
43 | .id_rsa
44 | /ssh/id_dsa
45 | /.ssh/personal_dsa
46 | /config/server_dsa
47 | id_dsa
48 | .id_dsa
49 | /ssh/id_ed25519
50 | /.ssh/personal_ed25519
51 | /config/server_ed25519
52 | id_ed25519
53 | .id_ed25519
54 | /ssh/id_ecdsa
55 | /.ssh/personal_ecdsa
56 | /config/server_ecdsa
57 | id_ecdsa
58 | .id_ecdsa
59 | .jar
60 | 


--------------------------------------------------------------------------------
/regex.txt:
--------------------------------------------------------------------------------
 1 | "\\A.*_rsa\\z"
 2 | "\\A.*_dsa\\z"
 3 | "\\A.*_ed25519\\z"
 4 | "\\A.*_ecdsa\\z"
 5 | "\\.?ssh/config\\z"
 6 | "pem"
 7 | "\\Akey(pair)?\\z"
 8 | "pkcs12"
 9 | "pfx"
10 | "p12"
11 | "asc"
12 | "otr.private_key"
13 | "\\A\\.?(bash_|zsh_|z)?history\\z"
14 | "\\A\\.?mysql_history\\z"
15 | "\\A\\.?psql_history\\z"
16 | "\\A\\.?pgpass\\z"
17 | "\\A\\.?irb_history\\z"
18 | "\\.?purple\\/accounts\\.xml\\z"
19 | "\\.?xchat2?\\/servlist_?\\.conf\\z"
20 | "\\.?irssi\\/config\\z"
21 | "\\.?recon-ng\\/keys\\.db\\z"
22 | "\\A\\.?dbeaver-data-sources.xml\\z"
23 | "\\A\\.?muttrc\\z"
24 | "\\A\\.?s3cfg\\z"
25 | "\\.?aws/credentials\\z"
26 | "\\A\\.?trc\\z"
27 | "ovpn"
28 | "\\A\\.?gitrobrc\\z"
29 | "\\A\\.?(bash|zsh)rc\\z"
30 | "\\A\\.?(bash_|zsh_)?profile\\z"
31 | "\\A\\.?(bash_|zsh_)?aliases\\z"
32 | "secret_token.rb"
33 | "omniauth.rb"
34 | "carrierwave.rb"
35 | "schema.rb"
36 | "database.yml"
37 | "settings.py"
38 | "\\A(.*)?config(\\.inc)?\\.php\\z"
39 | "kdb"
40 | "agilekeychain"
41 | "keychain"
42 | "\\Akey(store|ring)\\z"
43 | "log"
44 | "pcap"
45 | "\\Asql(dump)?\\z"
46 | "gnucash"
47 | "backup"
48 | "dump"
49 | "password"
50 | "credential"
51 | "secret"
52 | "private.*key"
53 | "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml"
54 | "credentials.xml"
55 | "\\A\\.?htpasswd\\z"
56 | "\\A(\\.|_)?netrc\\z"
57 | "kwallet"
58 | "LocalSettings.php"
59 | "tblk"
60 | "\\.?gem/credentials\\z"
61 | "\\A*\\.pubxml(\\.user)?\\z"
62 | "Favorites.plist"
63 | "configuration.user.xpl"
64 | "dayone"
65 | "journal.txt"
66 | "\\A\\.?tugboat\\z"
67 | "\\A\\.?git-credentials\\z"
68 | "\\A\\.?gitconfig\\z"
69 | "knife.rb"
70 | "\\.?chef/(.*)\\.pem\\z"
71 | "proftpdpasswd"
72 | "robomongo.json"
73 | "filezilla.xml"
74 | "recentservers.xml"
75 | "ventrilo_srv.ini"
76 | "\\A\\.?dockercfg\\z"
77 | "\\A\\.?npmrc\\z"
78 | 


--------------------------------------------------------------------------------
/repossessed.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # RepoSsessed -- By Daniel Miessler
 3 | # Find repos possessed by demonic secrets, or something.
 4 | 
 5 | export GREP_OPTIONS='--color=always'
 6 | 
 7 | # Find interesting files
 8 | 
 9 | echo ""
10 | echo "--------- FILES OUTPUT ----------"
11 | echo ""
12 | 
13 | while read filetype;
14 | do
15 |     #find ./target/ -type f | grep -iR $filetype
16 |     find ./target/ -type f | rg -ip $filetype
17 | done < filetypes.txt
18 | 
19 | # Find strings within files
20 | 
21 | echo ""
22 | echo "------------ STRINGS OUTPUT --------------"
23 | echo ""
24 | 
25 | while read string;
26 | do
27 |     grep -ri $string ./target/ 
28 |     rg -ip $string ./target/ 
29 | done < strings.txt
30 | 
31 | # Find regex within files
32 | 
33 | echo ""
34 | echo "------------ REGEX OUTPUT --------------"
35 | echo ""
36 | 
37 | while read regex;
38 | do
39 |     #grep -re $regex ./target/ 
40 |     rg -ipe $regex ./target/ 
41 | done < regex.txt
42 | 
43 | # Output
44 | 
45 | echo ""
46 | echo ""
47 | echo "RepoSsessed Execution complete…"
48 | echo ""
49 | #echo "Results found: `wc -l results.txt | awk '{ print $1 }'`"
50 | 
51 | # git grep my_secret $(git rev-list --all)
52 | 


--------------------------------------------------------------------------------
/strings.txt:
--------------------------------------------------------------------------------
1 | BEGIN[[:space:]]RSA[[:space:]]PRIVATE[[:space:]]KEY
2 | 


--------------------------------------------------------------------------------
/target/droprepohere.txt:
--------------------------------------------------------------------------------
1 | Drop your repo into this directory.
2 | 


--------------------------------------------------------------------------------