{"id":13903005,"url":"https://github.com/brittonhayes/pillager","last_synced_at":"2025-04-12T21:26:34.831Z","repository":{"id":38846878,"uuid":"318927531","full_name":"brittonhayes/pillager","owner":"brittonhayes","description":"Pillage filesystems for sensitive information with Go 🔍","archived":false,"fork":false,"pushed_at":"2025-03-01T04:24:37.000Z","size":28079,"stargazers_count":255,"open_issues_count":6,"forks_count":22,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-04-04T01:06:58.578Z","etag":null,"topics":["cli","gitleaks","go","golang","hacking","scanner","security","security-tools","tool","tui"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brittonhayes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-06T01:40:41.000Z","updated_at":"2025-03-23T09:04:10.000Z","dependencies_parsed_at":"2024-06-18T21:29:35.717Z","dependency_job_id":"2c114070-e207-4a0e-8c94-2fdce7c68c13","html_url":"https://github.com/brittonhayes/pillager","commit_stats":{"total_commits":125,"total_committers":4,"mean_commits":31.25,"dds":0.384,"last_synced_commit":"4f20cb92f1c9e47de2ba778d1e5665e5a850863d"},"previous_names":[],"tags_count":43,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brittonhayes%2Fpillager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brittonhayes%2Fpillager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brittonhayes%2Fpillager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brittonhayes%2Fpillager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brittonhayes","download_url":"https://codeload.github.com/brittonhayes/pillager/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248633525,"owners_count":21136883,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","gitleaks","go","golang","hacking","scanner","security","security-tools","tool","tui"],"created_at":"2024-08-06T22:01:33.374Z","updated_at":"2025-04-12T21:26:34.781Z","avatar_url":"https://github.com/brittonhayes.png","language":"Go","funding_links":[],"categories":["cli","security-tools"],"sub_categories":[],"readme":"# Pillager\n\n\u003cimg src=\"./.github/logo.png\" width=\"700\"\u003e\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/brittonhayes/pillager.svg)](https://pkg.go.dev/github.com/brittonhayes/pillager)\n![Latest Release](https://img.shields.io/github/v/release/brittonhayes/pillager?label=latest%20release)\n[![Go Report Card](https://goreportcard.com/badge/github.com/brittonhayes/pillager)](https://goreportcard.com/report/github.com/brittonhayes/pillager)\n![Tests](https://github.com/brittonhayes/pillager/workflows/test/badge.svg)\n\nPillage filesystems for sensitive information with Go.\n\n## Table of Contents\n\n1. [Summary](#summary)\n1. [Installation](#installation)\n1. [Usage](#usage)\n1. [Documentation](#documentation)\n\n## Summary\n\nPillager is designed to provide a simple means of leveraging Go's strong concurrency model to recursively search\ndirectories for sensitive information in files. Pillager does this by standing on the shoulders\nof [a few giants](#shoulders-of-giants). Once pillager finds files that match the specified pattern, the file is scanned\nusing a series of concurrent workers that each take a line of the file from the job queue and hunt for sensitive pattern\nmatches. The available pattern filters can be defined in a pillager.toml file or you can use the default ruleset.\n\n## Installation\n\n### Go\n\nIf you have Go setup on your system, you can install Pillager with `go install`\n\n```shell script\ngo install github.com/brittonhayes/pillager@latest\n```\n\n### Scoop (Windows)\n\n```shell\nscoop bucket add pillager https://github.com/brittonhayes/pillager-scoop.git\nscoop install pillager\n```\n\n### Homebrew (OSX/Linux)\n\n```shell script\nbrew tap brittonhayes/homebrew-pillager\nbrew install pillager\n```\n\n### Docker Image\n\n```\ndocker run --rm -it ghcr.io/brittonhayes/pillager:latest hunt .\n```\n\nIf you're looking for a binary, check the latest releases for the executable that matches your system\n\n## Usage\n\nTo see all the commands available with `pillager`\n\n```shell\n# To see instructions for the entire application\npillager\n\n# From any subcommand\npillager [cmd] --help\n```\n\n## User Interface\n\nPillager provides a terminal user interface built with [bubbletea](https://github.com/charmbracelet/bubbletea) if you'd like to scan for secrets interactively.\n\n[![asciicast](https://asciinema.org/a/WISZMVvKsfbFkLLQIWBRotknU.svg)](https://asciinema.org/a/WISZMVvKsfbFkLLQIWBRotknU)\n\n## Configuration\n\n### Gitleaks Rules\n\nPillager provides full support for Gitleaks[^2] rules. This can either be passed\nin with a rules[^1] section in your pillager.toml file, or you can use the default ruleset by leaving the config flag blank.\n\n[^1]: [Gitleaks Rules Reference](https://github.com/zricethezav/gitleaks/blob/57f9bc83d169bea363f2990a4de334b54efc3d7d/config/gitleaks.toml)\n\n```toml\n# pillager.toml\n# Basic configuration\nverbose = false \nredact = false \n\n# Rules for secret detection\n[[rules]]\ndescription = \"AWS Access Key\"\nid = \"aws-access-key\"\nregex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''\ntags = [\"aws\", \"credentials\"]\n\n[[rules]]\ndescription = \"AWS Secret Key\"\nid = \"aws-secret-key\"\nregex = '''(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]'''\ntags = [\"aws\", \"credentials\"]\n\n[[rules]]\ndescription = \"GitHub Token\"\nid = \"github-token\"\nregex = '''ghp_[0-9a-zA-Z]{36}'''\ntags = [\"github\", \"token\"]\n\n[[rules]]\ndescription = \"Private Key\"\nid = \"private-key\"\nregex = '''-----BEGIN (?:RSA|OPENSSH|DSA|EC|PGP) PRIVATE KEY( BLOCK)?-----'''\ntags = [\"key\", \"private\"]\n\n# Allowlist configuration\n[allowlist]\npaths = [\n    \".*/_test\\\\.go$\",\n    \".*/testdata/.*\",\n    \".*\\\\.md$\",\n    \".*/vendor/.*\"\n]\nregexes = [\n    \"EXAMPLE_KEY\",\n    \"DUMMY_SECRET\"\n] \n```\n\n### Built-in Output Formats\n\nPillager has a series of built-in output formats available. Pick your flavor!\n\n#### Basic\n\n```shell\npillager hunt .\n```\n\n#### JSON\n\n```shell\npillager hunt ./example -f json | jq\n```\n\n\u003e _JSON output is designed to work seamlessly with the amazing [jq](https://github.com/stedolan/jq) utility for easy parsing._\n\n#### Wordlist\n\n```shell\n# Use pillager to generate a new-line delimited wordlist from findings\npillager hunt . -f wordlist \n```\n\n```shell\n# Use pillager to append a wordlist and then use your favorite hashcat attack mode\npillager hunt ./ -f wordlist \u003e\u003e rockyou.txt \u0026\u0026 hashcat -a 0 hash.txt rockyou.txt\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eClick to view more output formats\u003c/summary\u003e\n\u003cbr\u003e\n\n#### JSON Pretty\n\n```shell\npillager hunt . -f json-pretty\n```\n\n#### HTML\n\n```shell\npillager hunt . -f html \u003e results.html\n```\n\n#### Markdown\n\n```shell\npillager hunt . -f markdown \u003e results.md\n```\n\n#### CSV \n\n```shell\npillager hunt . -f csv \u003e results.csv\n```\n\n#### Custom Go Template\n\n```shell\npillager hunt . --template \"{{ range .}}Secret: {{.Secret}}{{end}}\"\n```\n\n#### Custom Go Template from File\n\n```shell\npillager hunt . -t \"$(cat mytemplate.tmpl)\"\n```\n\n\u003c/details\u003e\n\n### Custom Templates\n\nPillager allows you to use powerful `go text/template` and [sprig](https://masterminds.github.io/sprig/) functions to customize the output format. Here are a few template examples.\n\n#### Basic\n\n```gotemplate\n{{ range . -}}\n    File: {{ .File }}\n    Secret: {{ .Secret}}\n    Description: {{ quote .Description }}\n{{ end -}}\n\n```\n\n#### Markdown Styling\n\n```gotemplate\n# Results\n\n{{ range . -}}\n    ## {{ .File }}\n    - Location: {{.StartLine}}\n{{end}}\n\n```\n\n\u003e More template examples can be found in the [templates](./internal/templates) directory.\n\n## Documentation\n\nGoDoc documentation is available on [pkg.go.dev for pillager](https://pkg.go.dev/github.com/brittonhayes/pillager). \n\n## Development\n\nTo get involved developing features and fixes for Pillager, get started with the following:\n\n- [Install Go](https://go.dev/doc/install)\n- Install [Taskfile.dev](https://taskfile.dev/#/installation)\n- Read the [CONTRIBUTING.MD](./CONTRIBUTING.md)\n\n---\n\n### Shoulders of Giants :star:\n\n#### [spf13's Cobra](https://github.com/spf13/cobra)\n\n**What is Cobra?**\n\n\u003e Cobra is a library providing a simple interface to create powerful modern CLI interfaces similar to git \u0026 go tools.\n\u003e Cobra is also an application that will generate your application scaffolding to rapidly develop a Cobra-based application.\n\nIf you've seen a CLI written in Go before, there's a pretty high chance it was built with Cobra. I can't recommend this\nlibrary enough. It empowers developers to make consistent, dynamic, and self-documenting command line tools with ease.\nSome examples include `kubectl`, `hugo`, and Github's `gh` CLI.\n\n#### [Gitleaks](https://github.com/gitleaks/gitleaks)\n\n**What is Gitleaks?**\n\n\u003e Gitleaks[^2] is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos.\n\nGitleaks is an amazing tool for secret leak prevention. If you haven't implemented Gitleaks as a pre-commit checker,\nit's worth your time to check it out.\n\n**Why is Gitleaks relevant to Pillager?**\n\n[^2]: [Gitleaks](https://github.com/gitleaks/gitleaks)\n\nPillager implements the powerful [rules](https://github.com/gitleaks/gitleaks#rules-summary) functionality of\nGitleaks while taking a different approach to presenting and handling the secrets found. While I have provided a\nbaseline set of default rules, Pillager becomes much more powerful if you allow users to create rules for their own\nuse-cases.\n\nCheck out the included rules[^1] for a baseline ruleset.\n\n---\n\n\u003e This goes without saying but I'm going to say it anyways: I am **not** responsible for any repercussions caused by your use of pillager.\n\u003e This tool is intended for defensive use, educational use, and security researcher use with the consent of all involved parties.\n\u003e Malicious behavior with pillager is in no way condoned, nor encouraged. Please use this tool responsibly and ensure you have permission\n\u003e to scan for secrets on any systems before doing so.\n\u003e\n\u003e At it's core, Pillager is designed to assist you in determining if a system is affected by common sources of credential leakage as documented\n\u003e by the MITRE ATT\u0026CK[^3] framework.\n\u003e\n\u003e [^3]: [MITRE ATT\u0026CK Website](https://attack.mitre.org)\n\u003e\n\u003e [MITRE ATT\u0026CK Technique - T1552,003 - Unsecured Credentials: Bash History ](https://attack.mitre.org/techniques/T1552/003/)\n\u003e\n\u003e [MITRE ATT\u0026CK Technique - T1552,001 - Unsecured Credentials: Credentials In Files](https://attack.mitre.org/techniques/T1552/001/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrittonhayes%2Fpillager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrittonhayes%2Fpillager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrittonhayes%2Fpillager/lists"}