[][src]Crate rusty_hogs

Rusty Hogs

Rusty Hogs is a Rust crate to perform secret scanning across various data sources. It is split into two parts:

  1. A library - Secret Scanner - that runs a set of regular expressions against a byte array and returns a set of matches
  2. A set of binaries - * Hog - that uses the secret scanner library against some data source and outputs a JSON array of findings.

Using the Secret Scanner Library

In order to get a Secret Scanner object you can use the SecretScannerBuilder. It uses the Rust builder pattern, and will use the default regex rules without any configuration.

use rusty_hogs::SecretScannerBuilder;
let ss = SecretScannerBuilder::new().build();
let mut matches_map = ss.matches(b"my email is arst@example.com");
assert!(matches_map.contains_key(&String::from("Email address")));

let matches = matches_map.remove(&String::from("Email address")).unwrap();
let match_obj = matches.into_iter().nth(0).unwrap();
assert_eq!(match_obj.start(), 12);
assert_eq!(match_obj.end(), 28);

You can also supply your own regular expressions, as a JSON string in the format { "Name of regular expression" : "Regular expression" , ... }

use rusty_hogs::SecretScannerBuilder;
let regex_string = r##"{ "Phone number" : "\\d{3}-?\\d{3}-\\d{4}" }"##;
let ss = SecretScannerBuilder::new().set_json_str(regex_string).build();
let mut matches_map = ss.matches(b"my phone is 555-555-5555");
assert!(matches_map.contains_key(&String::from("Phone number")));

let matches = matches_map.remove(&String::from("Phone number")).unwrap();
let match_obj = matches.into_iter().nth(0).unwrap();
assert_eq!(match_obj.start(), 12);
assert_eq!(match_obj.end(), 24);

When using the library you should make sure to properly iterate through each result. A single string may contain more than one finding, and a large data source may have hundreds or thousands of results. Below is the typical iterator usage in each binary:

use rusty_hogs::SecretScannerBuilder;
let regex_string = r##"{
"Short phone number" : "\\d{3}-?\\d{3}-\\d{4}",
"Long phone number" : "\\d{3}-\\d{4}",
"Email address" : "\\w+@\\w+\\.\\w+" }"##;
let ss = SecretScannerBuilder::new().set_json_str(regex_string).build();
let input = b"my phone is 555-555-5555\nmy email is arst@example.com";
let input_split = input.split(|x| (*x as char) == '\n');
let mut secrets: Vec<String> = Vec::new();
for new_line in input_split {
    let matches_map = ss.matches(&new_line);
    for (reason, match_iterator) in matches_map {
        for matchobj in match_iterator {
            secrets.push(reason.clone());
        }
    }
}
assert_eq!(secrets.len(), 3);
assert_eq!(secrets.pop().unwrap(), "Email address");

Modules

aws_scanning

Collection of tools for scanning AWS for secrets. Currently only supports S3.

git_scanning

Collection of tools for scanning Git repos for secrets.

google_scanning

Collection of tools for scanning Google Suite for secrets. Currently only supports Google Drive.

Structs

SecretScanner

Contains helper functions and the map of regular expressions that are used to find secrets

SecretScannerBuilder

Used to instantiate the SecretScanner object with user-supplied options