{"id":18863449,"url":"https://github.com/blackarrowsec/fozar","last_synced_at":"2025-04-14T13:06:30.258Z","repository":{"id":57538660,"uuid":"287515664","full_name":"blackarrowsec/fozar","owner":"blackarrowsec","description":"Fozar allows you to traverse commits across multiple repositories matching against user supplied regex","archived":false,"fork":false,"pushed_at":"2020-08-17T08:49:42.000Z","size":2265,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-28T02:11:11.302Z","etag":null,"topics":["git","github","gitlab","match","multiple","regex","regexp","repo","repositories","repository","search"],"latest_commit_sha":null,"homepage":"https://blackarrow.net","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackarrowsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-08-14T11:18:50.000Z","updated_at":"2024-08-12T20:04:42.000Z","dependencies_parsed_at":"2022-09-19T07:31:46.148Z","dependency_job_id":null,"html_url":"https://github.com/blackarrowsec/fozar","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Ffozar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Ffozar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Ffozar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackarrowsec%2Ffozar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackarrowsec","download_url":"https://codeload.github.com/blackarrowsec/fozar/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248886314,"owners_count":21177643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","github","gitlab","match","multiple","regex","regexp","repo","repositories","repository","search"],"created_at":"2024-11-08T04:37:33.534Z","updated_at":"2025-04-14T13:06:30.177Z","avatar_url":"https://github.com/blackarrowsec.png","language":"Go","readme":"# Fozar\r\n\r\n[![](https://img.shields.io/badge/Category-Data%20gathering-E5A505?style=flat-square)]() [![](https://img.shields.io/badge/Language-Golang-E5A505?style=flat-square)]()\r\n\r\n\r\n**Fozar** allows you to traverse commits across multiple repositories matching against user supplied regex. It also allows for the user to set exclusions on certain files for them not to be analyzed.\r\n\r\nAs the tool is written in **Golang**, it can be used in both Windows and Linux.\r\n\r\n## Installation\r\n\r\n\r\n```shell\r\ngit clone https://github.com/blackarrowsec/fozar.git\r\ncd fozar/\r\ngo build\r\n```\r\n\r\n## Usage\r\n\r\nLaunch the tool against a directory tree with one or more git repositories on it.\r\n\r\n```\r\nPS C:\\Pentest\\Tools\\fozar\u003e .\\fozar.exe -h\r\n _____\r\n|  ___|___  ____ __ _  _ __\r\n| |_  / _ \\|_  // _` || '__|\r\n|  _|| (_) |/ /| (_| || |\r\n|_|   \\___//___|\\__,_||_|\r\n                        By @30vh1 [https://blackarrow.net] [https://tarlogic.com]\r\n  -A int\r\n        Following lines to show on match\r\n  -B int\r\n        Previous lines to show on match\r\n  -config string\r\n        Yaml config location (default \"config/config.yml\")\r\n  -debug\r\n        Print debug information (slower!)\r\n  -of string\r\n        Filename for the html file output\r\n  -ot string\r\n        Filename for the Markdown file output\r\n  -path string\r\n        Folder from which to start searching\r\n```\r\n\r\nThere are a couple of scripts under the `script/` folder. You can pipe URLs to them in order to download batch repositories.\r\nThe scripts will create an `output/` folder with the raw repositories under `output/raw/` and the actual repositories under `output/repo/` (this is the folder which you wanna use Fozar on)\r\n\r\n### Configuration\r\n\r\nThe configuration file `config/config.yml` keeps two lists of regular expressions. The first one known as **rules** keeps all the matches you want check against whilst the rules under the **avoid** section are matched against file names to avoid analyzing them.\r\n\r\n```yaml\r\nrules:\r\n    - '[pP][aA][sS][sS][wW][oO][rR][dD]\\s*=\\s*\"' # This is an inline comment\r\n    - '\"access_token\":'\r\n    - '[pP][aA][sS][sS]\\s+=\\s+?\"'\r\n    - ...\r\navoid: \r\n    - '.exe'\r\n    - '.war'\r\n    - '.rar'\r\n    - ...\r\n```\r\n### Output Modes\r\n\r\n#### HTML report\r\n\r\nThe HTML report generates an **easy on the eye** output on HTML format. When selecting this output it is necessary to have the `templates/` folder on the same directory from which **Fozar** is being run.\r\n\r\n![image-20200813121135660](https://raw.githubusercontent.com/blackarrowsec/fozar/master/resources/fozar_example_fancy_report.gif)\r\n\r\n#### Text Report\r\n\r\nThe text report generates a Markdown file. This output doesn't have any special requirements. A tool such is [Typora](https://typora.io) is highly recommended for the Markdown output visualization.\r\n\r\n* Plain Markdown text file\r\n\r\n![image-20200813121044260](https://raw.githubusercontent.com/blackarrowsec/fozar/master/resources/fozar_example_text_report_plain.png)\r\n\r\n* Interpreted Markdown text file\r\n\r\n![image-20200813120937214](https://raw.githubusercontent.com/blackarrowsec/fozar/master/resources/fozar_example_text_report_interpreted.png)\r\n## Examples\r\n\r\nFor getting in touch with the tool you can try the following commands. The output result will be on `output/Fozar Report/`\r\n\r\n* **Windows**\r\n\r\n```powershell\r\ncat .\\scripts\\test.txt | .\\scripts\\bulk_clone.ps1\r\n.\\fozar.exe -A 3 -B 3 -config .\\config\\config.yml -of test.html -path .\\output\\repo\\\r\n```\r\n\r\n* **Linux** \r\n\r\n```bash\r\ncat ./scripts/test.txt | ./scripts/bulk_clone.sh\r\n./fozar -A 3 -B 3 -config ./config/config.yml -of test.html -path ./output/repo/\r\n```\r\n\r\n## Author\r\n\r\nMarcos Carro ([@30vh1](https://github.com/30vh1)) [ [www.blackarrow.net](http://blackarrow.net/) - [www.tarlogic.com](https://www.tarlogic.com/en/) ]\r\n\r\n\r\n## License\r\nAll the code included in this project is licensed under the terms of the GNU AGPLv3 license.\r\n\r\n#\r\n\r\n[![](https://img.shields.io/badge/www-blackarrow.net-E5A505?style=flat-square)](https://www.blackarrow.net) [![](https://img.shields.io/badge/twitter-@BlackArrowSec-00aced?style=flat-square\u0026logo=twitter\u0026logoColor=white)](https://twitter.com/BlackArrowSec) [![](https://img.shields.io/badge/linkedin-@BlackArrowSec-0084b4?style=flat-square\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/company/blackarrowsec/)\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackarrowsec%2Ffozar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackarrowsec%2Ffozar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackarrowsec%2Ffozar/lists"}