go-gitaudit

command module

v0.0.0-...-9d1fe49 Latest Latest Go to latest Published: Feb 3, 2020 License: MIT Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/r-pai/go-gitaudit

Links

Open Source Insights

README ¶

go-gitaudit or gitaudit

This project is inspired from trufflehog and the default basic search expressions are from trufflehog.

go-gitaudit is a tool written in golang. gitaudit searches in deep in the git repository commit history, in any branch or entire repository to find any thing you looking for like secrets or any passwords or aws key. The repository can be a git url or can be a local repostitory path.

Features

Uses golang go-git package
In Memory search for master branch
Configuration using json file.
Branch wise search support.
Faster, as search is done in parallel.
Searches local repository

Installation

go-gitaudit is built using Googles golang and require golang installed in the system to run.

Dependency package

gopkg.in/src-d/go-git.v4

$ go get -u github.com/r-pai/go-gitaudit/...
$ cd $GOPATH/src/github.com/r-pai/go-gitaudit
$ go install
$ go-gitaudit --giturl=<url> --rulesfile=<url/localRepoPath>

Help

Usage : 
go-gitaudit 
  -giturl string
    	git repository URL/local repository path
  -rulesfile string
    	rules file path. 
    	For json format refer file defaultrule.json.
  -json
    	Output format to be json (true or false). (default true)
  -worker int
    	number of workers for parallel processing (max 10) (default 1

Example

Basic command for go-gitaudit.

$./go-gitaudit --giturl=<url/localrepo> --rulesfile=<rulesfilepath>

go-gitaudit output format is by default json (only for a rule). To change

$./go-gitaudit --giturl=<url> --rulesfile=<rulesfilepath> --json=false

rulesfile format

{
  "searchoptions": [
    {
      "branch": "all",
      "ruleset": {
        "rulename": "DefaultRule",
        "rules": {
          "rule1":   "regular[a-z]expression1",
          "rule2":    "searchstring"
        }
      }
    },
    {
      "branch": "refs/remotes/origin/dev",
      "ruleset": {
        "rulename": "DevRule",
        "rules": {
          "devrule1":   "regular[a-z]expression2"
        }
      }
    }
  ]
}

Todos

Add more features in trufflehog to go-gitaudit (entropy,...)
write test cases

Issues

One of the issue encountered is, when a diff has more than 55K lines.This issue is not of 'gotrufflehog', its a package used go-git panics. More about the issue

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
src

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL