From 68ad375ffd4dc0d515a5398b98b9d146eb4123ed Mon Sep 17 00:00:00 2001 From: Valentijn Scholten Date: Thu, 12 Jan 2023 08:03:53 +0100 Subject: [PATCH] Cleanup EssexHog --- README.md | 12 ++++++------ src/bin/essex_hog.rs | 30 +++++++++++++++--------------- src/bin/gottingen_hog.rs | 20 ++++++++++---------- 3 files changed, 31 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 49dc80f..50319a5 100644 --- a/README.md +++ b/README.md @@ -236,13 +236,13 @@ FLAGS: OPTIONS: -a, --allowlist Sets a custom allowlist JSON file - --authtoken Confluence basic auth bearer token (instead of user & pass) + --authtoken Confluence basic auth bearer token containing a PAT (instead of user & pass) --default_entropy_threshold Default entropy threshold (0.6 by default) -o, --outputfile Sets the path to write the scanner results to (stdout by default) - --password Confluence password (crafts basic auth header) + --password Confluence password or PAT (crafts basic auth header) --regex Sets a custom regex JSON file - --username Confluence username (crafts basic auth header) + --username Confluence username or email address (crafts basic auth header) ARGS: The ID (e.g. 1234) of the confluence page you want to scan @@ -266,13 +266,13 @@ FLAGS: OPTIONS: -a, --allowlist Sets a custom allowlist JSON file - --authtoken Jira basic auth bearer token (instead of user & pass) + --authtoken Jira basic auth bearer token containing a PAT (instead of user & pass) --default_entropy_threshold Default entropy threshold (0.6 by default) --url Base URL of JIRA instance (e.g. https://jira.atlassian.net/) -o, --outputfile Sets the path to write the scanner results to (stdout by default) - --password Jira password (crafts basic auth header) + --password Jira password or PAT (crafts basic auth header) --regex Sets a custom regex JSON file - --username Jira username (crafts basic auth header) + --username Jira username or email address (crafts basic auth header) ARGS: The ID (e.g. PROJECT-123) of the Jira issue you want to scan diff --git a/src/bin/essex_hog.rs b/src/bin/essex_hog.rs index a59d196..ac2e7e9 100644 --- a/src/bin/essex_hog.rs +++ b/src/bin/essex_hog.rs @@ -13,11 +13,11 @@ //! //! OPTIONS: //! --default_entropy_threshold Default entropy threshold (0.6 by default) -//! --authtoken Confluence basic auth bearer token (instead of user & pass) +//! --authtoken Confluence PAT (instead of user & pass, crafts basic auth header) //! -o, --outputfile Sets the path to write the scanner results to (stdout by default) -//! --password Confluence password (crafts basic auth header) +//! --password Confluence password or PAT (crafts basic auth header) //! --regex Sets a custom regex JSON file -//! --username Confluence username (crafts basic auth header) +//! --username Confluence username or email address (crafts basic auth header) //! //! ARGS: //! The ID (e.g. 1234) of the confluence page you want to scan @@ -73,7 +73,7 @@ pub struct ConfluencePage { /// Main entry function that uses the [clap crate](https://docs.rs/clap/2.33.0/clap/) #[tokio::main] async fn main() { - let matches = clap_app!(gottingen_hog => + let matches = clap_app!(essex_hog => (version: "1.0.11") (author: "Emily Cain , Scott Cutler") (about: "Confluence secret scanner in Rust.") @@ -86,9 +86,9 @@ async fn main() { (@arg CASE: --caseinsensitive "Sets the case insensitive flag for all regexes") (@arg OUTPUT: -o --outputfile +takes_value "Sets the path to write the scanner results to (stdout by default)") (@arg PRETTYPRINT: --prettyprint "Outputs the JSON in human readable format") - (@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Confluence username (crafts basic auth header)") - (@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Confluence password (crafts basic auth header)") - (@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Confluence basic auth bearer token (instead of user & pass)") + (@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Confluence username or email for cloud (crafts basic auth header)") + (@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Confluence password or PAT for cloud (crafts basic auth header)") + (@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Confluence PAT (instead of user & pass, crafts basic auth header)") (@arg ALLOWLIST: -a --allowlist +takes_value "Sets a custom allowlist JSON file") ) .get_matches(); @@ -107,9 +107,9 @@ async fn run<'b>(arg_matches: ArgMatches<'b>) -> Result<(), SimpleError> { let ssb = SecretScannerBuilder::new().conf_argm(&arg_matches); let secret_scanner = ssb.build(); - let jirausername = arg_matches.value_of("USERNAME"); - let jirapassword = arg_matches.value_of("PASSWORD"); - let jiraauthtoken = arg_matches.value_of("BEARERTOKEN"); + let confluenceusername = arg_matches.value_of("USERNAME"); + let confluencepassword = arg_matches.value_of("PASSWORD"); + let confluenceauthtoken = arg_matches.value_of("BEARERTOKEN"); let base_url_input = arg_matches .value_of("URL") .unwrap_or("https://confluence.atlassian.com") @@ -125,18 +125,18 @@ async fn run<'b>(arg_matches: ArgMatches<'b>) -> Result<(), SimpleError> { let https = hyper_rustls::HttpsConnector::with_native_roots(); let hyper_client: client::Client<_, hyper::Body> = client::Client::builder().build(https); - // TODO: Support other modes of JIRA authentication - let auth_string = match jirausername { - // craft auth header using username and password if present + // TODO: Support other modes of Confluence authentication + let auth_string = match confluenceusername { + // craft auth header using username and password (or PAT) if present Some(u) => { format!( "Basic {}", - base64::encode(format!("{}:{}", u, jirapassword.unwrap())) + base64::encode(format!("{}:{}", u, confluencepassword.unwrap())) ) } // otherwise use AUTHTOKEN to craft the auth header None => { - format!("Bearer {}", jiraauthtoken.unwrap()) + format!("Bearer {}", confluenceauthtoken.unwrap()) } }; diff --git a/src/bin/gottingen_hog.rs b/src/bin/gottingen_hog.rs index 6de7d8b..9d623d7 100644 --- a/src/bin/gottingen_hog.rs +++ b/src/bin/gottingen_hog.rs @@ -1,4 +1,4 @@ -//! Jira secret scanner in Rust. +//! JIRA secret scanner in Rust. //! //! USAGE: //! gottingen_hog [FLAGS] [OPTIONS] --password --username @@ -13,11 +13,11 @@ //! //! OPTIONS: //! --default_entropy_threshold Default entropy threshold (0.6 by default) -//! --url -//! -o, --outputfile Sets the path to write the scanner results to (stdout by default) -//! --password Jira password (or API token) -//! --regex Sets a custom regex JSON file -//! --username Jira username +//! --authtoken JIRA PAT (instead of user & pass, crafts basic auth header) +//! -o, --outputfile Sets the path to write the scanner results to (stdout by default) +//! --password JIRA password or PAT (crafts basic auth header) +//! --regex Sets a custom regex JSON file +//! --username JIRA username or email (crafts basic auth header) //! //! ARGS: //! The ID (e.g. PROJECT-123) of the Jira issue you want to scan @@ -71,9 +71,9 @@ async fn main() { (@arg CASE: --caseinsensitive "Sets the case insensitive flag for all regexes") (@arg OUTPUT: -o --outputfile +takes_value "Sets the path to write the scanner results to (stdout by default)") (@arg PRETTYPRINT: --prettyprint "Outputs the JSON in human readable format") - (@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Jira username (crafts basic auth header)") - (@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Jira password (crafts basic auth header)") - (@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Jira basic auth bearer token (instead of user & pass)") + (@arg USERNAME: --username +takes_value conflicts_with[AUTHTOKEN] "Jira username or email address (crafts basic auth header)") + (@arg PASSWORD: --password +takes_value conflicts_with[AUTHTOKEN] "Jira password or PAT (crafts basic auth header)") + (@arg BEARERTOKEN: --authtoken +takes_value conflicts_with[USERNAME PASSWORD] "Jira basic auth bearer token containing a PAT (instead of user & pass)") (@arg JIRAURL: --url +takes_value "Base URL of JIRA instance (e.g. https://jira.atlassian.net/)") (@arg ALLOWLIST: -a --allowlist +takes_value "Sets a custom allowlist JSON file") ) @@ -112,7 +112,7 @@ async fn run<'b>(arg_matches: ArgMatches<'b>) -> Result<(), SimpleError> { // TODO: Support other modes of JIRA authentication let auth_string = match jirausername { - // craft auth header using username and password if present + // craft auth header using username and password (or PAT) if present Some(u) => { format!( "Basic {}",