{"id":13542304,"url":"https://github.com/newrelic/rusty-hog","last_synced_at":"2025-04-02T09:33:34.449Z","repository":{"id":39858464,"uuid":"222316111","full_name":"newrelic/rusty-hog","owner":"newrelic","description":"A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in Python.","archived":false,"fork":false,"pushed_at":"2025-01-08T15:20:42.000Z","size":2381,"stargazers_count":505,"open_issues_count":17,"forks_count":64,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-03-25T03:33:57.680Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/newrelic.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-17T21:42:48.000Z","updated_at":"2025-03-23T11:47:12.000Z","dependencies_parsed_at":"2023-12-06T23:25:23.154Z","dependency_job_id":"82092cf3-706e-40b0-8d4d-0e71ce666606","html_url":"https://github.com/newrelic/rusty-hog","commit_stats":{"total_commits":158,"total_committers":23,"mean_commits":6.869565217391305,"dds":0.2974683544303798,"last_synced_commit":"6d4368b22f2498fe69094ea0ff6b1781dc44c5c8"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newrelic%2Frusty-hog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newrelic%2Frusty-hog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newrelic%2Frusty-hog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newrelic%2Frusty-hog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/newrelic","download_url":"https://codeload.github.com/newrelic/rusty-hog/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246789367,"owners_count":20834282,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T10:01:04.544Z","updated_at":"2025-04-02T09:33:33.316Z","avatar_url":"https://github.com/newrelic.png","language":"Rust","funding_links":[],"categories":["Miscellaneous","Инструменты","Projects"],"sub_categories":["Secrets","Поиск секретов"],"readme":"\u003cimg src=\"RustyHogLogo_700x700.png\" width=350 align=center\u003e\n\nRusty Hog is a secret scanner built in Rust for performance, and based on TruffleHog which is written\nin Python. Rusty Hog provides the following binaries:\n\n* Ankamali Hog: Scans for secrets in a Google doc.\n* Berkshire Hog: Scans for secrets in an S3 bucket.\n* Choctaw Hog: Scans for secrets in a Git repository.\n* Duroc Hog: Scans for secrets in a directory, file, and archive.\n* Essex Hog: Scans for secrets in a Confluence wiki page.\n* Gottingen Hog: Scans for secrets in a JIRA issue.\n* Slack Hog: Scans for secrets in a Slack Channel.\n\n## Table of contents\n\u003c!-- TOC depthFrom:1 depthTo:6 withLinks:1 updateOnSave:1 orderedList:0 --\u003e\n\n- [Usage](#usage)\n - [How to install using downloaded binaries](#how-to-install-using-downloaded-binaries)\n - [How to run using DockerHub](#how-to-run-using-dockerhub)\n - [How to build](#how-to-build)\n - [How to build on Windows](#how-to-build-on-windows)\n - [Anakamali Hog (GDoc Scanner) usage](#anakamali-hog-gdoc-scanner-usage)\n - [Berkshire Hog (S3 Scanner - CLI) usage](#berkshire-hog-s3-scanner---cli-usage)\n - [Berkshire Hog (S3 Scanner - Lambda) usage](#berkshire-hog-s3-scanner---lambda-usage)\n - [Choctaw Hog (Git Scanner) usage](#choctaw-hog-git-scanner-usage)\n - [Duroc Hog (file system scanner) usage](#duroc-hog-file-system-scanner-usage)\n - [Essex Hog (Confluence scanner) usage](#essex-hog-confluence-scanner-usage)\n - [Gottingen Hog (JIRA scanner) usage](#gottingen-hog-jira-scanner-usage)\n - [Hante Hog (SLACK scanner) usage](#slack-hog-slack-scanner-usage)\n - [Regex JSON file format](#regex-json-file-format)\n - [Allowlist JSON file format](#allowlist-json-file-format)\n- [Project information](#project-information)\n - [Open source license](#open-source-license)\n - [Support](#support)\n - [Community](#community)\n - [Issues / enhancement requests](#issues--enhancement-requests)\n - [Contributing](#contributing)\n - [Feature Roadmap](#feature-roadmap)\n - [What does the name mean?](#what-does-the-name-mean)\n\n\u003c!-- /TOC --\u003e\n\n# Usage\n\nThis project provides a set of scanners that use regular expressions to try and detect the presence of sensitive\ninformation, such as API keys, passwords, and personal information. It includes a set of regular expressions by\ndefault, but also accepts a JSON object containing your custom regular expressions.\n\n## How to install using downloaded binaries\nDownload and unzip the [latest ZIP](https://github.com/newrelic/rusty-hog/releases/)\non the releases tab. Then, run each binary with `-h` to see the usage.\n\n```shell script\nwget https://github.com/newrelic/rusty-hog/releases/download/v1.0.11/rustyhogs-darwin-choctaw_hog-1.0.11.zip\nunzip rustyhogs-darwin-choctaw_hog-1.0.11.zip\ndarwin_releases/choctaw_hog -h\n```\n\n## How to run using DockerHub\nRusty Hog Docker images can be found at the authors personal DockerHub page [here](https://hub.docker.com/u/wetfeet2000)\nA Docker Image is built for each Hog and for each release. So to use choctaw_hog you would run the following commands:\n\n```shell script\ndocker pull wetfeet2000/choctaw_hog:1.0.10\ndocker run -it --rm wetfeet2000/choctaw_hog:1.0.10 --help\n```\n\n## How to build\n- Ensure you have [Rust](https://www.rust-lang.org/learn/get-started) installed and on your path.\n- Clone this repo, and then run `cargo build --release`. The binaries are located in `target/release`.\n- To build and view HTML documents, run ```cargo doc --no-deps --open```.\n- To run unit tests, run ```cargo test```.\n- To cross-compile Berkshire Hog for the AWS Lambda environment, run the following commands and upload berkshire_lambda.zip to\nyour AWS Lambda dashboard:\n```shell script\ndocker run --rm -it -v \"$(pwd)\":/home/rust/src ekidd/rust-musl-builder cargo build --release\ncp target/x86_64-unknown-linux-musl/release/berkshire_hog bootstrap\nzip -j berkshire_lambda.zip bootstrap\n```\n\n## How to build on Windows\nYou will need to compile static OpenSSL binaries and tell Rust/Cargo where to find them:\n```\nmkdir \\Tools\ncd \\Tools\ngit clone https://github.com/Microsoft/vcpkg.git\ncd vcpkg\n.\\bootstrap-vcpkg.bat\n.\\vcpkg.exe install openssl:x64-windows-static\n\n$env:OPENSSL_DIR = 'C:\\Tools\\vcpkg\\installed\\x64-windows-static'\n$env:OPENSSL_STATIC = 'Yes'\n[System.Environment]::SetEnvironmentVariable('OPENSSL_DIR', $env:OPENSSL_DIR, [System.EnvironmentVariableTarget]::User)\n[System.Environment]::SetEnvironmentVariable('OPENSSL_STATIC', $env:OPENSSL_STATIC, [System.EnvironmentVariableTarget]::User)\n```\nYou can now follow the main build instructions listed above.\n\n## How to build Berkshire Hog for Lambda\n\n### macOS\n\nUse [Homebrew](https://brew.sh) to get the dependencies:\n\n```\nbrew install rpm2cpio FiloSottile/musl-cross/musl-cross\n```\n\nThen run `./build_lambda_macos.sh`.\n\nThe build script will build against OpenSSL 3.0.12. Use `export OPENSSL_BUILD_VER=3.0.12` to override.\n\nThe build script will build against Amazon Linux kernel headers\nprovided by their RPM; `export AMAZON_KERNEL_HEADERS_RPM_URL=...` to override where the RPM is downloaded from. (There's nothing preventing a different distribution's linux-headers RPM from being used, we just need the linux-headers to build openssl for Linux)\n\nThe build script will create a build-deps directory in your current source root. You can `rm -rf` this directory safely, but it will be recreated on the next build script run. It will also do various consistency checks to make sure the build should work and if those fail, might ask you to `rm -rf` that directory anyway to try again. \n\n### Linux\n\nMake sure `cross` is installed (`cargo install cross`), then just `./build_lambda.sh`. \n\n# Commands\n\n## Anakamali Hog (GDoc Scanner) usage\n```\nUSAGE:\n ankamali_hog [FLAGS] [OPTIONS] \u003cGDRIVEID\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --oauthsecret Path to an OAuth secret file (JSON) ./clientsecret.json by default\n --oauthtoken Path to an OAuth token storage file ./temp_token by default\n --prettyprint Outputs the JSON in human readable format\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom allowlist JSON file\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (0.6 by default)\n -o, --outputfile \u003cOUTPUT\u003e Sets the path to write the scanner results to (stdout by default)\n\n --regex \u003cREGEX\u003e Sets a custom regex JSON file\n\nARGS:\n \u003cGDRIVEID\u003e The ID of the Google drive file you want to scan\n```\n\n## Berkshire Hog (S3 Scanner - CLI) usage\n```\nUSAGE:\n berkshire_hog [FLAGS] [OPTIONS] \u003cS3URI\u003e \u003cS3REGION\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --prettyprint Outputs the JSON in human readable format\n -r, --recursive Recursively scans files under the prefix\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom allowlist JSON file\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (0.6 by default)\n -o, --outputfile \u003cOUTPUT\u003e Sets the path to write the scanner results to (stdout by default)\n\n --profile \u003cPROFILE\u003e When using a configuration file, enables a non-default profile\n\n --regex \u003cREGEX\u003e Sets a custom regex JSON file\n\nARGS:\n \u003cS3URI\u003e The location of a S3 bucket and optional prefix or filename to scan. This must be written in the\n form s3://mybucket[/prefix_or_file]\n \u003cS3REGION\u003e Sets the region of the S3 bucket to scan\n```\n\n\n## Berkshire Hog (S3 Scanner - Lambda) usage\nBerkshire Hog is currently designed to be used as a Lambda function. This is the basic data flow:\n\u003cpre\u003e\n ┌───────────┐ ┌───────┐ ┌────────────────┐ ┌────────────┐\n │ S3 bucket │ ┌────────┐ │ │ │ Berkshire Hog │ │ S3 bucket │\n │ (input) ─┼─┤S3 event├──▶│ SQS │────▶│ (Lambda) │────▶│ (output) │\n │ │ └────────┘ │ │ │ │ │ │\n └───────────┘ └───────┘ └────────────────┘ └────────────┘\n\u003c/pre\u003e\n\nIn order to run Berkshire Hog this way, set up the following:\n1) Configure the input bucket to send an \"event\" to SQS for each PUSH/PUT event.\n2) Set up the SQS topic to accept events from S3, including IAM permissions.\n3) Run Berkshire Hog with IAM access to SQS and S3.\n\n## Choctaw Hog (Git Scanner) usage\n```\nUSAGE:\n choctaw_hog [FLAGS] [OPTIONS] \u003cGITPATH\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --prettyprint Outputs the JSON in human readable format\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (4.5 by default)\n --httpspass \u003cHTTPSPASS\u003e Takes a password for HTTPS-based authentication\n --httpsuser \u003cHTTPSUSER\u003e Takes a username for HTTPS-based authentication\n -o, --outputfile \u003cOUTPUT\u003e Sets the path to write the scanner results to (stdout by default)\n --recent_days \u003cRECENTDAYS\u003e Filters commits to the last number of days (branch agnostic)\n -r, --regex \u003cREGEX\u003e Sets a custom regex JSON file\n --since_commit \u003cSINCECOMMIT\u003e Filters commits based on date committed (branch agnostic)\n --sshkeypath \u003cSSHKEYPATH\u003e Takes a path to a private SSH key for git authentication, defaults to ssh-agent\n --sshkeyphrase \u003cSSHKEYPHRASE\u003e Takes a passphrase to a private SSH key for git authentication, defaults to none\n --until_commit \u003cUNTILCOMMIT\u003e Filters commits based on date committed (branch agnostic)\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom ALLOWLIST JSON file\n\nARGS:\n \u003cGITPATH\u003e Sets the path (or URL) of the Git repo to scan. SSH links must include username (git@)\n```\n\n## Duroc Hog (file system scanner) usage\n```\nUSAGE:\n duroc_hog [FLAGS] [OPTIONS] \u003cFSPATH\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --norecursive Disable recursive scanning of all subdirectories underneath the supplied path\n --prettyprint Outputs the JSON in human readable format\n -z, --unzip Recursively scans archives (ZIP and TAR) in memory (dangerous)\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom allowlist JSON file\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (0.6 by default)\n -o, --outputfile \u003cOUTPUT\u003e Sets the path to write the scanner results to (stdout by default)\n -r, --regex \u003cREGEX\u003e Sets a custom regex JSON file\n\nARGS:\n \u003cFSPATH\u003e Sets the path of the directory or file to scan.\n```\n\n## Essex Hog (Confluence scanner) usage\n```\nUSAGE:\n essex_hog [FLAGS] [OPTIONS] \u003cPAGEID\u003e \u003cURL\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --prettyprint Outputs the JSON in human readable format\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom allowlist JSON file\n --authtoken \u003cBEARERTOKEN\u003e Confluence basic auth bearer token (instead of user \u0026 pass)\n\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (0.6 by default)\n -o, --outputfile \u003cOUTPUT\u003e Sets the path to write the scanner results to (stdout by default)\n --password \u003cPASSWORD\u003e Confluence password (crafts basic auth header)\n --regex \u003cREGEX\u003e Sets a custom regex JSON file\n --username \u003cUSERNAME\u003e Confluence username (crafts basic auth header)\n\nARGS:\n \u003cPAGEID\u003e The ID (e.g. 1234) of the confluence page you want to scan\n \u003cURL\u003e Base URL of Confluence instance (e.g. https://newrelic.atlassian.net/)\n```\n\n## Gottingen Hog (JIRA scanner) usage\n```\nJira secret scanner in Rust.\n\nUSAGE:\n gottingen_hog [FLAGS] [OPTIONS] \u003cJIRAID\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --prettyprint Outputs the JSON in human readable format\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom allowlist JSON file\n --authtoken \u003cBEARERTOKEN\u003e Jira basic auth bearer token (instead of user \u0026 pass)\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (0.6 by default)\n --url \u003cJIRAURL\u003e Base URL of JIRA instance (e.g. https://jira.atlassian.net/)\n -o, --outputfile \u003cOUTPUT\u003e Sets the path to write the scanner results to (stdout by default)\n --password \u003cPASSWORD\u003e Jira password (crafts basic auth header)\n --regex \u003cREGEX\u003e Sets a custom regex JSON file\n --username \u003cUSERNAME\u003e Jira username (crafts basic auth header)\n\nARGS:\n \u003cJIRAID\u003e The ID (e.g. PROJECT-123) of the Jira issue you want to scan\n```\n\n## Hante Hog (SLACK scanner) usage\n```\nSlack secret scanner in Rust.\n\nUSAGE:\n hante_hog [FLAGS] [OPTIONS] --authtoken \u003cBEARERTOKEN\u003e --channelid \u003cCHANNELID\u003e --url \u003cSLACKURL\u003e\n\nFLAGS:\n --caseinsensitive Sets the case insensitive flag for all regexes\n --entropy Enables entropy scanning\n --prettyprint Outputs the JSON in human readable format\n -v, --verbose Sets the level of debugging information\n -h, --help Prints help information\n -V, --version Prints version information\n\nOPTIONS:\n -a, --allowlist \u003cALLOWLIST\u003e Sets a custom allowlist JSON file\n --authtoken \u003cBEARERTOKEN\u003e Slack basic auth bearer token\n --channelid \u003cCHANNELID\u003e\n The ID (e.g. C12345) of the Slack channel you want to scan\n\n --default_entropy_threshold \u003cDEFAULT_ENTROPY_THRESHOLD\u003e Default entropy threshold (0.6 by default)\n --latest \u003cLATEST\u003e End of time range of messages to include in search\n --oldest \u003cOLDEST\u003e Start of time range of messages to include in search\n -o, --outputfile \u003cOUTPUT\u003e\n Sets the path to write the scanner results to (stdout by default)\n\n --regex \u003cREGEX\u003e Sets a custom regex JSON file\n --url \u003cSLACKURL\u003e\n Base URL of Slack Workspace (e.g. https://[WORKSPACE NAME].slack.com)\n```\n\n## Regex JSON file format\n\nThe regex option on scanners allows users to provide a path to their own JSON file of regular\nexpressions that match sensitive material. Any provided file currently will replace, not append to, the default \nregular expressions provided by SecretScanner. The expected format of the file is a single json object. \n\nThe keys should be names for the type of secret each regex entry will detect, as the keys will be used for the reason \nproperties output by the scanner.\n\nEach value should be a string containing a valid [https://docs.rs/regex/1.3.9/regex/#syntax](regular expression for Rust) \nthat should match the type of secret described by its corresponding key.\n\nAs of version 1.0.8, the Rusty Hog engine also supports objects as values for each secret. \nThe object can contain all of the following:\n\n- a pattern property with the matching regex expression (mandatory)\n- an entropy_filter property with a boolean value to enable entropy scanning for this information (mandatory)\n- a threshold property to customize the entropy tolerance on a scale of 0 - 1 (optional, will adjust for old 1-8 format, default 0.6)\n- a keyspace property to indicate how many possible values are in the key, e.g. 16 for hex, 64 for base64, 128 for ASCII (optional, default 128)\n- a make_ascii_lowercase property to indicate whether Rust should perform .make_ascii_lowercase() on the key before calculating entropy (optional, default false)\n\nThe higher the threshold, the more entropy is required in the secret to consider it a match.\n\nAn example of this format is here:\n\n```json\n{\n \"Generic Secret\": {\n \"pattern\": \"(?i)secret[\\\\s[[:punct:]]]{1,4}[0-9a-zA-Z-_]{16,64}[\\\\s[[:punct:]]]?\",\n \"entropy_filter\": true,\n \"threshold\": \"0.6\"\n },\n \"Slack Token\": { \n \"pattern\": \"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})\",\n \"entropy_filter\": true,\n \"threshold\": \"0.6\",\n \"keyspace\": \"36\",\n \"make_ascii_lowercase\": true\n },\n \"Google API Key\": {\n \"pattern\": \"AIza[0-9A-Za-z\\\\-_]{35}\",\n \"entropy_filter\": true\n },\n \"PGP private key block\": \"-----BEGIN PGP PRIVATE KEY BLOCK-----\"\n}\n```\n\n\nAs of version 1.0.11, the current default regex JSON used is as follows:\n\n```json\n{\n\t\"Slack Token\": \"(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})\",\n\t\"RSA private key\": \"-----BEGIN RSA PRIVATE KEY-----\",\n\t\"SSH (DSA) private key\": \"-----BEGIN DSA PRIVATE KEY-----\",\n\t\"SSH (EC) private key\": \"-----BEGIN EC PRIVATE KEY-----\",\n\t\"PGP private key block\": \"-----BEGIN PGP PRIVATE KEY BLOCK-----\",\n\t\"Amazon AWS Access Key ID\": \"AKIA[0-9A-Z]{16}\",\n\t\"Amazon MWS Auth Token\": \"amzn\\\\.mws\\\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\",\n\t\"Facebook Access Token\": \"EAACEdEose0cBA[0-9A-Za-z]+\",\n\t\"Facebook OAuth\": \"(?i)facebook[\\\\s[[:punct:]]]{1,4}[0-9a-f]{32}[\\\\s[[:punct:]]]?\",\n\t\"GitHub\": \"(?i)(github|access[[:punct:]]token)[\\\\s[[:punct:]]]{1,4}[0-9a-zA-Z]{35,40}\",\n\t\"Generic API Key\": {\n\t\t\"pattern\": \"(?i)(api|access)[\\\\s[[:punct:]]]?key[\\\\s[[:punct:]]]{1,4}[0-9a-zA-Z\\\\-_]{16,64}[\\\\s[[:punct:]]]?\",\n\t\t\"entropy_filter\": true,\n\t\t\"threshold\": \"0.6\",\n\t\t\"keyspace\": \"guess\"\n\t},\n\t\"Generic Account API Key\": {\n\t\t\"pattern\": \"(?i)account[\\\\s[[:punct:]]]?api[\\\\s[[:punct:]]]{1,4}[0-9a-zA-Z\\\\-_]{16,64}[\\\\s[[:punct:]]]?\",\n\t\t\"entropy_filter\": true,\n\t\t\"threshold\": \"0.6\",\n\t\t\"keyspace\": \"guess\"\n\t},\n\t\"Generic Secret\": {\n\t\t\"pattern\": \"(?i)secret[\\\\s[[:punct:]]]{1,4}[0-9a-zA-Z-_]{16,64}[\\\\s[[:punct:]]]?\",\n\t\t\"entropy_filter\": true,\n\t\t\"threshold\": \"0.6\",\n\t\t\"keyspace\": \"guess\"\n\t},\n\t\"Google API Key\": \"AIza[0-9A-Za-z\\\\-_]{35}\",\n\t\"Google Cloud Platform API Key\": \"AIza[0-9A-Za-z\\\\-_]{35}\",\n\t\"Google Cloud Platform OAuth\": \"(?i)[0-9]+-[0-9A-Za-z_]{32}\\\\.apps\\\\.googleusercontent\\\\.com\",\n\t\"Google Drive API Key\": \"AIza[0-9A-Za-z\\\\-_]{35}\",\n\t\"Google Drive OAuth\": \"(?i)[0-9]+-[0-9A-Za-z_]{32}\\\\.apps\\\\.googleusercontent\\\\.com\",\n\t\"Google (GCP) Service-account\": \"(?i)\\\"type\\\": \\\"service_account\\\"\",\n\t\"Google Gmail API Key\": \"AIza[0-9A-Za-z\\\\-_]{35}\",\n\t\"Google Gmail OAuth\": \"(?i)[0-9]+-[0-9A-Za-z_]{32}\\\\.apps\\\\.googleusercontent\\\\.com\",\n\t\"Google OAuth Access Token\": \"ya29\\\\.[0-9A-Za-z\\\\-_]+\",\n\t\"Google YouTube API Key\": \"AIza[0-9A-Za-z\\\\-_]{35}\",\n\t\"Google YouTube OAuth\": \"(?i)[0-9]+-[0-9A-Za-z_]{32}\\\\.apps\\\\.googleusercontent\\\\.com\",\n\t\"Heroku API Key\": \"[h|H][e|E][r|R][o|O][k|K][u|U][\\\\s[[:punct:]]]{1,4}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}\",\n\t\"MailChimp API Key\": \"[0-9a-f]{32}-us[0-9]{1,2}\",\n\t\"Mailgun API Key\": \"(?i)key-[0-9a-zA-Z]{32}\",\n\t\"Credentials in absolute URL\": \"(?i)((https?|ftp)://)(([a-z0-9$_\\\\.\\\\+!\\\\*'\\\\(\\\\),;\\\\?\u0026=-]|%[0-9a-f]{2})+(:([a-z0-9$_\\\\.\\\\+!\\\\*'\\\\(\\\\),;\\\\?\u0026=-]|%[0-9a-f]{2})+)@)((([a-z0-9]\\\\.|[a-z0-9][a-z0-9-]*[a-z0-9]\\\\.)*[a-z][a-z0-9-]*[a-z0-9]|((\\\\d|[1-9]\\\\d|1\\\\d{2}|2[0-4][0-9]|25[0-5])\\\\.){3}(\\\\d|[1-9]\\\\d|1\\\\d{2}|2[0-4][0-9]|25[0-5]))(:\\\\d+)?)(((/+([a-z0-9$_\\\\.\\\\+!\\\\*'\\\\(\\\\),;:@\u0026=-]|%[0-9a-f]{2})*)*(\\\\?([a-z0-9$_\\\\.\\\\+!\\\\*'\\\\(\\\\),;:@\u0026=-]|%[0-9a-f]{2})*)?)?)?\",\n\t\"PayPal Braintree Access Token\": \"(?i)access_token\\\\$production\\\\$[0-9a-z]{16}\\\\$[0-9a-f]{32}\",\n\t\"Picatic API Key\": \"(?i)sk_live_[0-9a-z]{32}\",\n\t\"Slack Webhook\": \"(?i)https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}\",\n\t\"Stripe API Key\": \"(?i)sk_live_[0-9a-zA-Z]{24}\",\n\t\"Stripe Restricted API Key\": \"(?i)rk_live_[0-9a-zA-Z]{24}\",\n\t\"Square Access Token\": \"(?i)sq0atp-[0-9A-Za-z\\\\-_]{22}\",\n\t\"Square OAuth Secret\": \"(?i)sq0csp-[0-9A-Za-z\\\\-_]{43}\",\n\t\"Twilio API Key\": \"SK[0-9a-fA-F]{32}\",\n\t\"Twitter Access Token\": \"(?i)twitter[\\\\s[[:punct:]]]{1,4}[1-9][0-9]+-[0-9a-zA-Z]{40}\",\n\t\"Twitter OAuth\": \"(?i)twitter[\\\\s[[:punct:]]]{1,4}['|\\\"]?[0-9a-zA-Z]{35,44}['|\\\"]?\",\n\t\"New Relic Partner \u0026 REST API Key\": \"[\\\\s[[:punct:]]][A-Fa-f0-9]{47}[\\\\s[[:punct:]][[:cntrl:]]]\",\n\t\"New Relic Mobile Application Token\": \"[\\\\s[[:punct:]]][A-Fa-f0-9]{42}[\\\\s[[:punct:]][[:cntrl:]]]\",\n\t\"New Relic Synthetics Private Location\": \"(?i)minion_private_location_key\",\n\t\"New Relic Insights Key (specific)\": \"(?i)insights[\\\\s[[:punct:]]]?(key|query|insert)[\\\\s[[:punct:]]]{1,4}\\\\b[\\\\w-]{32,40}\\\\b\",\n\t\"New Relic Insights Key (vague)\": \"(?i)(query|insert)[\\\\s[[:punct:]]]?key[\\\\s[[:punct:]]]{1,4}b[\\\\w-]{32,40}\\\\b\",\n\t\"New Relic License Key\": \"(?i)license[\\\\s[[:punct:]]]?key[\\\\s[[:punct:]]]{1,4}\\\\b[\\\\w-]{32,40}\\\\b\",\n\t\"New Relic Internal API Key\": \"(?i)nr-internal-api-key\",\n\t\"New Relic HTTP Auth Headers and API Key\": \"(?i)(x|newrelic|nr)-?(admin|partner|account|query|insert|api|license)-?(id|key)[\\\\s[[:punct:]]]{1,4}\\\\b[\\\\w-]{32,47}\\\\b\",\n\t\"New Relic API Key Service Key (new format)\": \"(?i)NRAK-[A-Z0-9]{27}\",\n\t\"New Relic APM License Key (new format)\": \"(?i)[a-f0-9]{36}NRAL\",\n\t\"New Relic APM License Key (new format, region-aware)\": \"(?i)[a-z]{2}[0-9]{2}xx[a-f0-9]{30}NRAL\",\n\t\"New Relic REST API Key (new format)\": \"(?i)NRRA-[a-f0-9]{42}\",\n\t\"New Relic Admin API Key (new format)\": \"(?i)NRAA-[a-f0-9]{27}\",\n\t\"New Relic Insights Insert Key (new format)\": \"(?i)NRII-[A-Za-z0-9-_]{32}\",\n\t\"New Relic Insights Query Key (new format)\": \"(?i)NRIQ-[A-Za-z0-9-_]{32}\",\n\t\"New Relic Synthetics Private Location Key (new format)\": \"(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}\",\n\t\"Email address\": \"(?i)\\\\b(?:[a-z0-9!#$%\u0026'*+/=?^_`{|}~-]+(?:\\\\.[a-z0-9!#$%\u0026'*+/=?^_`{|}~-]+)*)@[a-z0-9][a-z0-9-]+\\\\.(com|de|cn|net|uk|org|info|nl|eu|ru)([\\\\W\u0026\u0026[^:/]]|\\\\A|\\\\z)\",\n\t\"New Relic Account IDs in URL\": \"(newrelic\\\\.com/)?accounts/\\\\d{1,10}/\",\n\t\"Account ID\": \"(?i)account[\\\\s[[:punct:]]]?id[\\\\s[[:punct:]]]{1,4}\\\\b[\\\\d]{1,10}\\\\b\",\n\t\"Salary Information\": \"(?i)(salary|commission|compensation|pay)([\\\\s[[:punct:]]](amount|target))?[\\\\s[[:punct:]]]{1,4}\\\\d+\"\n}\n```\n\n## Allowlist JSON file format\n\nScanners provide an allowlist feature. This allows you to specify a list of regular expressions for each pattern that\nwill be ignored by the scanner. You can now optionally supply a list of regular expressions that are evaluated against \nthe file path as well. \n\nThe format for this allowlist file should be a single json object. Each key in the allowlist should match a key in the \nregex json, and the value can be one of two things:\n1) An array of strings that are exceptions for that regex pattern. For example:\n2) An object with at least one key (patterns) and optionally a second key (paths). \n\nIn addition, you can specify the key `\u003cGLOBAL\u003e` which is evaluated against all patterns. \n\nThe following is the default allowlist included in all scans:\n\n\n```json\n{\n\t\"Email address\": {\n\t\t\"patterns\": [\n\t\t\t\"(?i)@newrelic.com\",\n\t\t\t\"(?i)noreply@\",\n\t\t\t\"(?i)test@\"\n\t\t],\n\t\t\"paths\": [\n\t\t\t\"(?i)authors\",\n\t\t\t\"(?i)contributors\",\n\t\t\t\"(?i)license\",\n\t\t\t\"(?i)maintainers\",\n\t\t\t\"(?i)third_party_notices\"\n\t\t]\n\t},\n\t\"Credentials in absolute URL\": {\n\t\t\"patterns\": [\n\t\t\t\"(?i)(https?://)?user:pass(word)?@\"\n\t\t]\n\t},\n\t\"New Relic API Key Service Key (new format)\": {\n\t\t\"patterns\": [\n\t\t\t\"NRAK-123456789ABCDEFGHIJKLMNOPQR\"\n\t\t]\n\t},\n\t\"Generic API Key\": {\n\t\t\"patterns\": [\n\t\t\t\"(?i)sanitizeAPIKeyForLogging\"\n\t\t]\n\t},\n\t\"New Relic License Key\": {\n\t\t\"patterns\": [\n\t\t\t\"(?i)bootstrap_newrelic_admin_license_key\",\n\t\t\t\"(?i)xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\",\n\t\t\t\"(?i)__YOUR_NEW_RELIC_LICENSE_KEY__LICENSE__\",\n\t\t\t\"(?i)YOUR_NEW_RELIC_APPLICATION_TOKEN\"\n\t\t]\n\t},\n\t\"Generic Secret\": {\n\t\t\"patterns\": [\n\t\t\t\"(?i)secret:NewRelicLicenseKeySecret\"\n\t\t]\n\t},\n\t\"\u003cGLOBAL\u003e\": [\n\t\t\"(?i)example\",\n\t\t\"(?i)fake\",\n\t\t\"(?i)replace\",\n\t\t\"(?i)deadbeef\",\n\t\t\"(?i)ABCDEFGHIJKLMNOPQRSTUVWX\",\n\t\t\"1234567890\"\n\t]\n}\n```\n\nBe aware that in these are strings, not regex expressions, and the keys for this allowlist have to a key in the regex json.\nKeys are case-sensitive.\n\n# Project information\n## Open source license\n\nThis project is distributed under the [Apache 2 license](LICENSE).\n\n## Support\n\nNew Relic has open-sourced this project. This project is provided AS-IS WITHOUT WARRANTY OR SUPPORT, although you can report issues and contribute to the project here on GitHub.\n\n_Please do not report issues with this software to New Relic Global Technical Support._\n\n## Community\n\nNew Relic hosts and moderates an online forum where customers can interact with New Relic employees as well as other customers to get help and share best practices. Like all official New Relic open source projects, there's a related Community topic in the New Relic Explorer's Hub. You can find this project's topic/threads here:\n\nhttps://discuss.newrelic.com/t/rusty-hog-multi-platform-secret-key-scanner/90117\n\n## Issues / enhancement requests\n\nSubmit issues and enhancement requests in the [Issues tab of this repository](../../issues). Please search for and review the existing open issues before submitting a new issue.\n\n## Contributing\n\nContributions are welcome (and if you submit a enhancement request, expect to be invited to contribute it yourself). Please review our [Contributors Guide](CONTRIBUTING.md).\n\nKeep in mind that when you submit your pull request, you'll need to sign the CLA via the click-through using CLA-Assistant. If you'd like to execute our corporate CLA, or if you have any questions, please drop us an email at opensource@newrelic.com.\n\n\n## Feature Roadmap\n \n- 1.1: Enterprise features\n - [ ] Support config files (instead of command line args)\n - [ ] Support environment variables instead of CLI args\n - [ ] Multi-threading\n - [ ] Better context detection and false positive filtering (GitHound, machine learning)\n - [ ] Use Rusoto instead of s3-rust\n - [x] Add JIRA scanner\n - [x] Add file-system \u0026 archive scanner\n - [ ] Use Rust features to reduce compilation dependencies?\n\n- 1.2: Integration with larger scripts and UIs\n - [ ] Support Github API for larger org management\n - [ ] Scan all repos for a list of users\n - [x] Scan all repos in an org\n - [ ] Generate a web report or web interface. Support \"save state\" generation from UI.\n - [ ] Agent/manager model\n - [ ] Scheduler process (blocked by save state support)\n\n\n## What does the name mean?\nTruffleHog is considered the de facto standard / original secret scanner. I have been\nbuilding a suite of secret scanning tools for various platforms based on TruffleHog\nand needed a naming scheme, so I started at the top of Wikipedia's\n[list of pig breeds](https://en.wikipedia.org/wiki/List_of_pig_breeds).\nThus each tool name is a breed of pig starting at \"A\" and working up.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnewrelic%2Frusty-hog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnewrelic%2Frusty-hog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnewrelic%2Frusty-hog/lists"}