badsecrets
badsecrets copied to clipboard
blacklanternsecurity
A library for detecting known secrets across many web frameworks
We need to report as a list since there could be multiple matches ``` {"description": "Cryptographic Product identified. Product Type: [Java Server Faces Viewstate] Product: [Ly8gp+FZKt9XsaxT5gZu41DDxO74k029z88gNBOru2jXW0g1Og+RUPdf2d8hGNTiofkD1VvmQTZAfeV+5qijOoD+SPzw6K72Y1H0sxfx5mFcfFtmqX7iN6Gq0fwLM+9PKQz88f+e7KImJqG1cz5KYhcrgT87c5Ayl03wEHvWwktTq9TcBJc4f1VnNHXVZgALGqQuETU8hYwZ1VilDmQ7J4pZbv+pvPUvzk+/e2oNeybso6TXqUrbT2Mz3k7yfe92q3pRjdxRlGxmkO9bPqNOtETlLPE5dDiZYo1U9gr8BBD=] Detecting Module: [Jsf_viewstate]", ```...
This was intentional, due to there being too many false positives. However, we should implement a solutions where the carve_regex can still get a crack at it.
Add hashcat support + carve regex to ensure identify_only will works for rails cookies investigate whether this will cause a double report via header carve + cookie check_secret()
Currently, modules have to opt in to the identity check. This check should be present automatically and have to be explicitly opted-out-of.
I had trouble getting this to run on my system with the dependencies, so I Dockerized it, and now it's working. It's on Docker Hub: https://hub.docker.com/r/pensivesecurity/badsecrets It can be run...
Make assumptions about the page when we hit the root directory or an MVC type endpoint. Further testing.
@aconite33 Some versions of sitecore include a slightly different dll (like ones that exist at `sitecore/shell/Controls/RichTextEditor/Telerik.Web.UI.DialogHandler.aspx` which telerik_knownkey doesn't like. Need to track this dll down, likely there's just a...
Metadata
Owner
Metadata
A library for detecting known secrets across many web frameworks