XPost: linux.debian.devel
From: potemkinmr@gmail.com
Package: wnpp
Severity: wishlist
Owner: Mikhail Potemkin
* Package name : trufflehog
Version : 3.60.4-1
Upstream Author : Truffle Security
* URL : https://github.com/trufflesecurity/trufflehog
* License : GNU Affero General Public License v3.0
Programming Lang: Go
Description : Find, verify, and analyze leaked credentials
What is TruffleHog π½
.
TruffleHog is the most powerful secrets **Discovery, Classification,
Validation,** and **Analysis** tool. In this context, secret refers to a
credential a machine uses to authenticate itself to another machine.
This includes API keys, database passwords, private encryption keys, and
more.
.
Discovery π
.
TruffleHog can look for secrets in many places including Git, chats,
wikis, logs, API testing platforms, object stores, filesystems and more.
.
Classification π
.
TruffleHog classifies over 800 secret types, mapping them back to the
specific identity they belong to. Is it an AWS secret? Stripe secret?
Cloudflare secret? Postgres password? SSL Private key? Sometimes it's
hard to tell looking at it, so TruffleHog classifies everything it
finds.
.
Validation β
.
For every secret TruffleHog can classify, it can also log in to confirm
if that secret is live or not. This step is critical to know if thereβs
an active present danger or not.
.
Analysis π¬
.
For the 20 some of the most commonly leaked out credential types,
instead of sending one request to check if the secret can log in,
TruffleHog can send many requests to learn everything there is to know
about the secret. Who created it? What resources can it access? What
permissions does it have on those resources?
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
