initial commit

.gitignore

@@ -0,0 +1,9 @@
+# Ignore certificate files
+*.crt
+*.key
+
+# Ignore binary files
+truffleproxy
+
+# Ignore excluded domains.txt
+excludedomains.txt

Makefile

@@ -0,0 +1,30 @@
+NAME=truffleproxy
+BUILD=go build -ldflags "-s -w" -trimpath
+
+default:
+	@ echo "Compiling"
+	$(BUILD) -o $(NAME)
+
+clean:
+	@ echo "Removing binaries"
+	rm -f $(NAME)*
+
+linux:
+	@echo "Compiling for Linux x64"
+	GOOS=linux GOARCH=amd64 $(BUILD) -o $(NAME)-Linux64
+
+windows:
+	@echo "Compiling for Windows x64"
+	GOOS=windows GOARCH=amd64 $(BUILD) -o $(NAME)-Windows64.exe
+
+mac:
+	@echo "Compiling for Mac x64"
+	GOOS=darwin GOARCH=amd64 $(BUILD) -o $(NAME)-Darwin64
+
+m1:
+	@echo "Compiling for Mac M1"
+	GOOS=darwin GOARCH=arm64 $(BUILD) -o $(NAME)-M1
+
+arm:
+	@echo "Compiling for Linux Arm64"
+	GOOS=linux GOARCH=arm64 $(BUILD) -o $(NAME)-LinuxArm64

README.md

@@ -1,2 +1,133 @@
 # truffleproxy
+HTTP proxy that uses [trufflehog's](https://github.com/trufflesecurity/trufflehog) engine to find credentials. 
+
+## Build
+
+Clone this repo and then run the following commands to build for your current OS:
+```bash
+# Move into the truffleproxy directory
+cd truffleproxy
+
+# Update all the modules
+go get -u ./...
+
+# Build the binary
+go build -ldflags "-s -w" -trimpath
+```
+
+## Certificate
+
+Once the binary is compiled, you can use truffleproxy to to generate certificates.
+```bash
+./truffleproxy cert   
+2023/07/28 12:54:04 Successfully wrote private key: ./truffleproxy.key
+2023/07/28 12:54:04 Successfully wrote certificate file: ./truffleproxy.crt
+```
+
+Or you could create the certs manually using `openssl`:
+
+```bash
+openssl genrsa -out truffleproxy.key 2048
+openssl ecparam -genkey -name secp384r1 -out truffleproxy.key
+openssl req -new -x509 -sha256 -key truffleproxy.key -out truffleproxy.crt -batch -days 365
+```
+
+Once the cert is created, you will need to import the `truffleproxy.crt` file into your browser in order to intercept HTTPS connections.
+
+## Usage
+
+There are a few options you can use when running truffleproxy.
+
+```
 HTTP proxy that uses trufflehog's engine to find secrets
+
+Usage:
+  truffleproxy [command]
+
+Available Commands:
+  cert        Create a new private key and certificate file
+  help        Help about any command
+  proxy       Start the HTTP proxy
+  scan        Scan a single URL
+  version     Print the version
+
+Flags:
+  -h, --help   help for truffleproxy
+
+Use "truffleproxy [command] --help" for more information about a command.
+```
+
+The proxy command has multiple options: 
+
+```bash
+Start the HTTP proxy in order to analyze the responses and check for secrets
+
+Usage:
+  truffleproxy proxy [flags]
+
+Flags:
+  -c, --cert string       Certificate file to use (default "truffleproxy.crt")
+  -e, --exclude string    File containing domains to exclude
+  -h, --help              help for proxy
+  -k, --key string        Key file to use (default "truffleproxy.key")
+  -l, --logfile string    Log file to write to (default: none)
+  -o, --only-verified     Only output secrets that were verified
+  -p, --port int          Proxy port to listen on (default 9090)
+  -s, --scanners string   Specify the scanners to use in a comma separated list (default all)
+  -b, --verbose           Output all URLs that are being scanned not just ones identified as having secrets
+  -v, --verify            Verified identified secrets
+```
+
+You can run the following command to start the proxy on the default port (9090), verify secrets it identifies, and skip checking certain domains.
+
+```bash
+./truffleproxy proxy --verify --exclude excludedomains.txt
+```
+
+The excludedomains.txt file contains a list of domains to skip
+```
+amazon.com
+apple.com
+doubleclick.net
+duckduckgo.com
+google.com
+googleapis.com
+gstatic.com
+microsoft.com
+netflix.com
+youtube.com
+```
+
+## Sample data
+
+Below are a few repos that contain sample keys/credentials you can test with.
+
+- https://raw.githubusercontent.com/trufflesecurity/test_keys/main/keys
+- https://raw.githubusercontent.com/sourcegraph-community/no-secrets/main/secret-examples.md
+
+You can see truffleproxy identifies the secrets when browsing the the pages through the proxy. It also returns "verified" as "false", stating that the key is not valid.
+
+```bash
+./truffleproxy proxy --verify --exclude excludedomains.txt 
+{"level":"info","timestamp":"2023-08-07 21:44:37.465","msg":"started truffleproxy"}
+{"level":"info","timestamp":"2023-08-07 21:44:37.465","msg":"loaded certificate and key file"}
+{"level":"info","timestamp":"2023-08-07 21:44:37.465","msg":"loaded domains to exclude","domains_loaded":10}
+{"level":"info","timestamp":"2023-08-07 21:44:37.466","msg":"loaded scanners","num_scanners":748}
+{"level":"info","timestamp":"2023-08-07 21:44:37.466","msg":"verify secrets","verify":true}
+{"level":"info","timestamp":"2023-08-07 21:44:37.466","msg":"verbose output","verbose":false}
+{"level":"info","timestamp":"2023-08-07 21:44:37.466","msg":"starting proxy server","address":":9090"}
+{"level":"warn","timestamp":"2023-08-07 21:44:55.463","msg":"secrets found","url":"https://raw.githubusercontent.com:443/sourcegraph-community/no-secrets/main/secret-examples.md","scanner":"aws","value":"AKIA01JDFHS8CDS82AAA","verified":false}
+{"level":"warn","timestamp":"2023-08-07 21:44:55.463","msg":"secrets found","url":"https://raw.githubusercontent.com:443/sourcegraph-community/no-secrets/main/secret-examples.md","scanner":"aws","value":"AKIA01JDFHS8CDS82AAAJzXPbtuH2I26L5ilEziVM18Ecd1EW0t2AIjaJIht","verified":false}
+{"level":"warn","timestamp":"2023-08-07 21:44:55.463","msg":"secrets found","url":"https://raw.githubusercontent.com:443/sourcegraph-community/no-secrets/main/secret-examples.md","scanner":"github","value":"ghp_q6yv2mqrgewsuuvzcvqldsi4detvof4r5bse","verified":false}
+{"level":"warn","timestamp":"2023-08-07 21:44:55.463","msg":"secrets found","url":"https://raw.githubusercontent.com:443/sourcegraph-community/no-secrets/main/secret-examples.md","scanner":"mailchimp","value":"e3a648d99c398572dec8a7650c92d1c0-us16","verified":false}
+{"level":"warn","timestamp":"2023-08-07 21:44:55.463","msg":"secrets found","url":"https://raw.githubusercontent.com:443/sourcegraph-community/no-secrets/main/secret-examples.md","scanner":"stripe","value":"rk_live_WXMzpZg9ueNeYNsKhDmQW6Yj","verified":false}
+{"level":"warn","timestamp":"2023-08-07 21:44:55.463","msg":"secrets found","url":"https://raw.githubusercontent.com:443/sourcegraph-community/no-secrets/main/secret-examples.md","scanner":"mailgun","value":"key-06b34653fd57060f62e4475450ccf053","verified":false}
+```
+
+## Disclaimer
+
+This tool should be considered research and should not be used maliciously. Any identified secrets should be properly disclosed to the owner. The author does not take responsibility for it's use.
+
+## Credits
+
+I wanted to give credit to [trufflehog](https://github.com/trufflesecurity/trufflehog) for initially creating their tool and all of the contributors who have added the different secret detectors.

cert/cert.go

@@ -0,0 +1,110 @@
+/*
+Copyright © 2023 @lum8rjack
+*/
+package cert
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"log"
+	"math/big"
+	"os"
+	"time"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	outdir string
+)
+
+const (
+	filename string = "truffleproxy"
+)
+
+// CertCmd represents the cert command
+var CertCmd = &cobra.Command{
+	Use:   "cert",
+	Short: "Create a new private key and certificate file",
+	Long:  ``,
+	Run: func(cmd *cobra.Command, args []string) {
+		start()
+	},
+}
+
+func init() {
+	CertCmd.Flags().StringVarP(&outdir, "out", "o", ".", "Output directory to save the private key and certificate file (default current directory)")
+}
+
+func start() {
+	if outdir != "" {
+		if _, err := os.Stat(outdir); os.IsNotExist(err) {
+			log.Fatal(err)
+		}
+	}
+
+	outdir = fmt.Sprintf("%s/%s", outdir, filename)
+
+	// Generate a private key
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		panic(err)
+	}
+
+	// Fill in certificate details
+	template := x509.Certificate{
+		SerialNumber:          big.NewInt(1),
+		Subject:               pkix.Name{CommonName: "truffleproxy"},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(1, 0, 0),
+		KeyUsage:              x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+	}
+
+	// Generate a certificate
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Write the private key to a file
+	keyname := fmt.Sprintf("%s.key", outdir)
+	keyFile, err := os.Create(keyname)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer keyFile.Close()
+
+	keyBytes := pem.EncodeToMemory(&pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
+	})
+
+	if _, err := keyFile.Write(keyBytes); err != nil {
+		log.Fatal(err)
+	}
+	log.Printf("Successfully wrote private key: %s\n", keyname)
+
+	// Write the certificate to a file
+	certname := fmt.Sprintf("%s.crt", outdir)
+	certFile, err := os.Create(certname)
+	if err != nil {
+		panic(err)
+	}
+	defer certFile.Close()
+
+	certBytes := pem.EncodeToMemory(&pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: derBytes,
+	})
+
+	if _, err := certFile.Write(certBytes); err != nil {
+		log.Fatal(err)
+	}
+	log.Printf("Successfully wrote certificate file: %s\n", certname)
+}

cmd/root.go

@@ -0,0 +1,39 @@
+/*
+Copyright © 2023 @lum8rjack
+*/
+package cmd
+
+import (
+	"os"
+
+	"github.com/lum8rjack/truffleproxy/cert"
+	"github.com/lum8rjack/truffleproxy/proxy"
+	"github.com/lum8rjack/truffleproxy/scan"
+	"github.com/lum8rjack/truffleproxy/version"
+	"github.com/spf13/cobra"
+)
+
+var rootCmd = &cobra.Command{
+	Use:   "truffleproxy",
+	Short: "HTTP proxy that uses trufflehog's engine to find secrets",
+	Long:  ``,
+}
+
+func Execute() {
+	err := rootCmd.Execute()
+	if err != nil {
+		os.Exit(1)
+	}
+}
+
+func addSubcommandPallets() {
+	rootCmd.AddCommand(cert.CertCmd)
+	rootCmd.AddCommand(proxy.ProxyCmd)
+	rootCmd.AddCommand(scan.ScanCmd)
+	rootCmd.AddCommand(version.VersionCmd)
+}
+
+func init() {
+	rootCmd.CompletionOptions.DisableDefaultCmd = true
+	addSubcommandPallets()
+}