[−][src]Crate rusty_hogs
Rusty Hogs
Rusty Hogs is a Rust crate to perform secret scanning across various data sources. It is split into two parts:
- A library - Secret Scanner - that runs a set of regular expressions against a byte array and returns a set of matches
- A set of binaries - * Hog - that uses the secret scanner library against some data source and outputs a JSON array of findings.
Using the Secret Scanner Library
In order to get a Secret Scanner object you can use the SecretScannerBuilder
. It uses the
Rust builder pattern, and will use the default regex rules without any configuration.
use rusty_hogs::SecretScannerBuilder; let ss = SecretScannerBuilder::new().build(); let mut matches_map = ss.matches(b"my email is arst@example.com"); assert!(matches_map.contains_key(&String::from("Email address"))); let matches = matches_map.remove(&String::from("Email address")).unwrap(); let match_obj = matches.into_iter().nth(0).unwrap(); assert_eq!(match_obj.start(), 12); assert_eq!(match_obj.end(), 28);
You can also supply your own regular expressions, as a JSON string in the format { "Name of regular expression" : "Regular expression" , ... }
use rusty_hogs::SecretScannerBuilder; let regex_string = r##"{ "Phone number" : "\\d{3}-?\\d{3}-\\d{4}" }"##; let ss = SecretScannerBuilder::new().set_json_str(regex_string).build(); let mut matches_map = ss.matches(b"my phone is 555-555-5555"); assert!(matches_map.contains_key(&String::from("Phone number"))); let matches = matches_map.remove(&String::from("Phone number")).unwrap(); let match_obj = matches.into_iter().nth(0).unwrap(); assert_eq!(match_obj.start(), 12); assert_eq!(match_obj.end(), 24);
When using the library you should make sure to properly iterate through each result. A single string may contain more than one finding, and a large data source may have hundreds or thousands of results. Below is the typical iterator usage in each binary:
use rusty_hogs::SecretScannerBuilder; let regex_string = r##"{ "Short phone number" : "\\d{3}-?\\d{3}-\\d{4}", "Long phone number" : "\\d{3}-\\d{4}", "Email address" : "\\w+@\\w+\\.\\w+" }"##; let ss = SecretScannerBuilder::new().set_json_str(regex_string).build(); let input = b"my phone is 555-555-5555\nmy email is arst@example.com"; let input_split = input.split(|x| (*x as char) == '\n'); let mut secrets: Vec<String> = Vec::new(); for new_line in input_split { let matches_map = ss.matches(&new_line); for (reason, match_iterator) in matches_map { for matchobj in match_iterator { secrets.push(reason.clone()); } } } assert_eq!(secrets.len(), 3); assert_eq!(secrets.pop().unwrap(), "Email address");
Modules
aws_scanning | Collection of tools for scanning AWS for secrets. Currently only supports S3. |
git_scanning | Collection of tools for scanning Git repos for secrets. |
google_scanning | Collection of tools for scanning Google Suite for secrets. Currently only supports Google Drive. |
Structs
SecretScanner | Contains helper functions and the map of regular expressions that are used to find secrets |
SecretScannerBuilder | Used to instantiate the |