crash.software
Projects
Pull Requests
Issues
Builds
extractify
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY extractify Commits 4c2b7030
🤬
  • ■ ■ ■ ■ ■ ■
    .idea/.gitignore
     1 +# Default ignored files
     2 +/shelf/
     3 +/workspace.xml
     4 +# Editor-based HTTP Client requests
     5 +/httpRequests/
     6 +# Datasource local storage ignored files
     7 +/dataSources/
     8 +/dataSources.local.xml
     9 + 
  • ■ ■ ■ ■ ■ ■
    .idea/extractify.iml
     1 +<?xml version="1.0" encoding="UTF-8"?>
     2 +<module type="WEB_MODULE" version="4">
     3 + <component name="Go" enabled="true" />
     4 + <component name="NewModuleRootManager">
     5 + <content url="file://$MODULE_DIR$" />
     6 + <orderEntry type="inheritedJdk" />
     7 + <orderEntry type="sourceFolder" forTests="false" />
     8 + </component>
     9 +</module>
  • ■ ■ ■ ■ ■ ■
    .idea/modules.xml
     1 +<?xml version="1.0" encoding="UTF-8"?>
     2 +<project version="4">
     3 + <component name="ProjectModuleManager">
     4 + <modules>
     5 + <module fileurl="file://$PROJECT_DIR$/.idea/extractify.iml" filepath="$PROJECT_DIR$/.idea/extractify.iml" />
     6 + </modules>
     7 + </component>
     8 +</project>
  • ■ ■ ■ ■ ■ ■
    .idea/vcs.xml
     1 +<?xml version="1.0" encoding="UTF-8"?>
     2 +<project version="4">
     3 + <component name="VcsDirectoryMappings">
     4 + <mapping directory="" vcs="Git" />
     5 + </component>
     6 +</project>
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 21 lines
    22 22   -f, -file string Local file data for scanning
    23 23   
    24 24  EXTRACTS:
    25  - -ee, -endpoints Extract endpoints (default)
     25 + -es, -secrets Extract secrets (default)
     26 + -ee, -endpoints Extract endpoints
    26 27   -eu, -urls Extract urls
    27 28   -ep, -parameters Extract parameters
    28  - -es, -secrets Extract secrets
    29 29   -ea, -all Extract all
    30 30   
    31 31  OTHERS:
    skipped 17 lines
  • ■ ■ ■ ■ ■
    go.mod
    skipped 2 lines
    3 3  go 1.21
    4 4   
    5 5  require (
     6 + github.com/go-resty/resty/v2 v2.11.0
     7 + github.com/logrusorgru/aurora/v4 v4.0.0
    6 8   github.com/projectdiscovery/goflags v0.1.33
    7 9   github.com/projectdiscovery/gologger v1.1.12
    8 10   github.com/projectdiscovery/utils v0.0.70
    skipped 5 lines
    14 16   github.com/aymerick/douceur v0.2.0 // indirect
    15 17   github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
    16 18   github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
    17  - github.com/go-resty/resty/v2 v2.11.0 // indirect
    18 19   github.com/golang/snappy v0.0.4 // indirect
    19 20   github.com/gorilla/css v1.0.0 // indirect
    20 21   github.com/json-iterator/go v1.1.12 // indirect
    skipped 24 lines
  • ■ ■ ■ ■ ■ ■
    go.sum
    skipped 21 lines
    22 22  github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
    23 23  github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
    24 24  github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
    25  -github.com/jpillora/go-tld v1.2.1 h1:kDKOkmXLlskqjcvNs7w5XHLep7c8WM7Xd4HQjxllVMk=
    26  -github.com/jpillora/go-tld v1.2.1/go.mod h1:plzIl7xr5UWKGy7R+giuv+L/nOjrPjsoWxy/ST9OBUk=
    27 25  github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
    28 26  github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
     27 +github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
     28 +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
    29 29  github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
    30 30  github.com/klauspost/compress v1.11.4 h1:kz40R/YWls3iqT9zX9AHN3WoVsrAWVyui5sxuLqiXqU=
    31 31  github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
    skipped 2 lines
    34 34  github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
    35 35  github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
    36 36  github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
     37 +github.com/logrusorgru/aurora/v4 v4.0.0 h1:sRjfPpun/63iADiSvGGjgA1cAYegEWMPCJdUpJYn9JA=
     38 +github.com/logrusorgru/aurora/v4 v4.0.0/go.mod h1:lP0iIa2nrnT/qoFXcOZSrZQpJ1o6n2CUf/hyHi2Q4ZQ=
    37 39  github.com/mholt/archiver/v3 v3.5.1 h1:rDjOBX9JSF5BvoJGvjqK479aL70qh9DIpZCl+k7Clwo=
    38 40  github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssnDhppzS1L4=
    39 41  github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
    skipped 45 lines
    85 87  golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
    86 88  golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
    87 89  golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
    88  -golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
    89 90  golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
    90 91  golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
    91 92  golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
    skipped 6 lines
    98 99  golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
    99 100  golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
    100 101  golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
    101  -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
    102 102  golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
    103 103  golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
    104 104  golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
    skipped 12 lines
    117 117  golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
    118 118  golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
    119 119  golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
     120 +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
    120 121  golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
    121 122  golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
    122 123  golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
    skipped 12 lines
  • ■ ■ ■ ■ ■ ■
    main.go
    skipped 12 lines
    13 13   urlutil "github.com/projectdiscovery/utils/url"
    14 14   "io"
    15 15   "log"
     16 + "net/http"
    16 17   "os"
    17 18   "strings"
    18 19   "time"
    skipped 9 lines
    28 29   all bool
    29 30   urls bool
    30 31   header string
     32 + filterExt goflags.StringSlice
    31 33   verbose bool
    32 34  }
    33 35   
    skipped 18 lines
    52 54   )
    53 55   
    54 56   flagSet.CreateGroup("Others", "Others",
     57 + flagSet.StringSliceVarP(&opt.filterExt, "filter-extension", "fe", []string{"svg", "png", "jpg", "jpeg"}, "list of extensions svg,png (comma-separated)", goflags.FileCommaSeparatedStringSliceOptions),
    55 58   flagSet.StringVarP(&opt.header, "header", "H", "", "Set custom header"),
    56 59   flagSet.BoolVarP(&opt.verbose, "verbose", "v", false, "Verbose mode"),
    57 60   )
    skipped 14 lines
    72 75   }
    73 76   
    74 77   gologger.Info().Msgf("Processing %s", opt.file)
    75  - secrets, urls, endpoints, parameters := Run(bin, opt.file)
     78 + secrets, urls, endpoints, parameters := Run(bin, opt.file, opt.filterExt)
    76 79   
    77 80   HandleResults(opt.endpoint, opt.parameter, opt.urls, opt.secret, opt.all, secrets, urls, endpoints, parameters, opt.file)
    78 81   return
    skipped 28 lines
    107 110   continue
    108 111   }
    109 112   
    110  - secrets, urls, endpoints, parameters := Run(Data, url)
     113 + secrets, urls, endpoints, parameters := Run(Data, url, opt.filterExt)
    111 114   
    112 115   HandleResults(opt.endpoint, opt.parameter, opt.urls, opt.secret, opt.all, secrets, urls, endpoints, parameters, url)
    113 116   }
    114 117  }
    115 118   
    116  -func Run(Data []byte, Source string) ([]scanner.SecretMatched, []string, []string, []string) {
     119 +func Run(Data []byte, Source string, FilterExtension []string) ([]scanner.SecretMatched, []string, []string, []string) {
    117 120   var sortedUrls []string
    118 121   var sortedEndpoints []string
    119 122   
    120 123   SecretMatchResult := scanner.SecretsMatch(Source, Data)
    121 124   
    122  - EndpointMatchResult := scanner.EndpointsMatch(Data)
     125 + EndpointMatchResult := scanner.EndpointsMatch(Data, FilterExtension)
    123 126   
    124 127   for _, v := range EndpointMatchResult {
    125 128   if len(v) >= 4 && v[:4] == "http" || len(v) >= 5 && v[:5] == "https" {
    skipped 112 lines
    238 241   SetHeader("Accept", "*/*").
    239 242   SetHeader("Origin", u.Scheme+"://"+u.Host).
    240 243   SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}).
    241  - SetRedirectPolicy(resty.FlexibleRedirectPolicy(3))
     244 + SetRedirectPolicy(resty.RedirectPolicyFunc(func(req *http.Request, via []*http.Request) error {
     245 + return http.ErrUseLastResponse
     246 + }))
    242 247   
    243 248   if Header != "" {
    244 249   headers := strings.Split(Header, ":")
    skipped 13 lines
    258 263   
    259 264   if err != nil {
    260 265   return nil, err
     266 + }
     267 + 
     268 + if resp.StatusCode() != 200 {
     269 + return nil, fmt.Errorf("status code is not 200: %d", resp.StatusCode())
    261 270   }
    262 271   
    263 272   return resp.Body(), nil
    skipped 10 lines
  • ■ ■ ■ ■ ■ ■
    scanner/paths.go
    skipped 5 lines
    6 6   "strings"
    7 7  )
    8 8   
    9  -func EndpointsMatch(Body []byte) []string {
     9 +func EndpointsMatch(Body []byte, FilterExtensions []string) []string {
    10 10   
    11 11   // Regex from https://github.com/GerbenJavado/LinkFinder/blob/master/linkfinder.py#L29
    12 12   regexPattern := `(?:"|'|\n|\r)(((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^"'\/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:\/|\.\.\/|\.\/)[^"'><,;| *()(%%$^\/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-\/]{1,}\/[a-zA-Z0-9_\-\/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|\/][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|cfm|pl|jsp|json|js|action|html|htm|bak|do|txt|xml|xls|xlsx|key|env|pem|git|ovpn|log|secret|secrets|access|dat|db|sql|pwd|passwd|gitignore|properties|dtd|conf|cfg|config|configs|apk|cgi|sh|py|java|rb|rs|go|yml|yaml|toml|php4|zip|tar|tar.bz2|tar.gz|rar|7z|gz|dochtml|doc|docx|csv|odt|ts|phtml|php5|pdf)(?:\?[^"|^']{0,}|)))(?:"|'|\n|\r)`
    13  - 
    14  - ExcludeExt := []string{"svg", "png", "jpg"}
    15 13   
    16 14   // Compile the regular expression
    17 15   re, err := regexp.Compile(regexPattern)
    skipped 12 lines
    30 28   // Trim the leading "./"
    31 29   cleanedMatch := strings.TrimPrefix(match[1:len(match)-1], "./")
    32 30   
     31 + if strings.HasPrefix(cleanedMatch, "//") {
     32 + continue
     33 + }
     34 + 
    33 35   // Check if the cleanedMatch has an excluded extension
    34 36   include := true
    35  - for _, ext := range ExcludeExt {
     37 + for _, ext := range FilterExtensions {
    36 38   if strings.HasSuffix(cleanedMatch, "."+ext) {
    37 39   include = false
    38 40   break
    skipped 14 lines
  • ■ ■ ■ ■
    scanner/secrets.go
    skipped 383 lines
    384 384   {
    385 385   "Generic Keys",
    386 386   "Generic Keys",
    387  - `(?i)(?:(?:access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_.\-,]{0,25})[:<>=|]{1,2}.{0,5}['"]([0-9a-zA-Z\-_=]{8,64})['"]`,
     387 + `(?i)(?:(?:access_key|access_token|admin_pass|admin_user|algolia_admin_key|x-algolia-api-key|algolia_api_key|alias_pass|alicloud_access_key|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_.\-,]{0,25})[:<>=|]{1,2}.{0,5}['"]([0-9a-zA-Z\-_=]{8,64})['"]`,
    388 388   []string{},
    389 389   "?",
    390 390   },
    skipped 52 lines
Please wait...
Page is in error, reload to recover