gitrob 0.0.6 → 1.0.0

data/signatures.json

@@ -0,0 +1,541 @@
+[
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A.*_rsa\\z",
+    "caption": "Private SSH key",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A.*_dsa\\z",
+    "caption": "Private SSH key",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A.*_ed25519\\z",
+    "caption": "Private SSH key",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A.*_ecdsa\\z",
+    "caption": "Private SSH key",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?ssh/config\\z",
+    "caption": "SSH configuration file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "pem",
+    "caption": "Potential cryptographic private key",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "regex",
+    "pattern": "\\Akey(pair)?\\z",
+    "caption": "Potential cryptographic private key",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "pkcs12",
+    "caption": "Potential cryptographic key bundle",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "pfx",
+    "caption": "Potential cryptographic key bundle",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "p12",
+    "caption": "Potential cryptographic key bundle",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "asc",
+    "caption": "Potential cryptographic key bundle",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "otr.private_key",
+    "caption": "Pidgin OTR private key",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?(bash_|zsh_|z)?history\\z",
+    "caption": "Shell command history file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?mysql_history\\z",
+    "caption": "MySQL client command history file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?psql_history\\z",
+    "caption": "PostgreSQL client command history file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?pgpass\\z",
+    "caption": "PostgreSQL password file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?irb_history\\z",
+    "caption": "Ruby IRB console history file",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?purple\\/accounts\\.xml\\z",
+    "caption": "Pidgin chat client account configuration file",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?xchat2?\\/servlist_?\\.conf\\z",
+    "caption": "Hexchat/XChat IRC client server list configuration file",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?irssi\\/config\\z",
+    "caption": "Irssi IRC client configuration file",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?recon-ng\\/keys\\.db\\z",
+    "caption": "Recon-ng web reconnaissance framework API key database",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?dbeaver-data-sources.xml\\z",
+    "caption": "DBeaver SQL database manager configuration file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?muttrc\\z",
+    "caption": "Mutt e-mail client configuration file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?s3cfg\\z",
+    "caption": "S3cmd configuration file",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?aws/credentials\\z",
+    "caption": "AWS CLI credentials file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?trc\\z",
+    "caption": "T command-line Twitter client configuration file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "ovpn",
+    "caption": "OpenVPN client configuration file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?gitrobrc\\z",
+    "caption": "Well, this is awkward... Gitrob configuration file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?(bash|zsh)rc\\z",
+    "caption": "Shell configuration file",
+    "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys."
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?(bash_|zsh_)?profile\\z",
+    "caption": "Shell profile configuration file",
+    "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys."
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?(bash_|zsh_)?aliases\\z",
+    "caption": "Shell command alias configuration file",
+    "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys."
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "secret_token.rb",
+    "caption": "Ruby On Rails secret token configuration file",
+    "description": "If the Rails secret token is known, it can allow for remote code execution. (http://www.exploit-db.com/exploits/27527/)"
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "omniauth.rb",
+    "caption": "OmniAuth configuration file",
+    "description": "The OmniAuth configuration file might contain client application secrets."
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "carrierwave.rb",
+    "caption": "Carrierwave configuration file",
+    "description": "Can contain credentials for online storage systems such as Amazon S3 and Google Storage."
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "schema.rb",
+    "caption": "Ruby On Rails database schema file",
+    "description": "Contains information on the database schema of a Ruby On Rails application."
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "database.yml",
+    "caption": "Potential Ruby On Rails database configuration file",
+    "description": "Might contain database credentials."
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "settings.py",
+    "caption": "Django configuration file",
+    "description": "Might contain database credentials, online storage system credentials, secret keys, etc."
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A(.*)?config(\\.inc)?\\.php\\z",
+    "caption": "PHP configuration file",
+    "description": "Might contain credentials and keys."
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "kdb",
+    "caption": "KeePass password manager database file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "agilekeychain",
+    "caption": "1Password password manager database file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "keychain",
+    "caption": "Apple Keychain database file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "regex",
+    "pattern": "\\Akey(store|ring)\\z",
+    "caption": "GNOME Keyring database file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "log",
+    "caption": "Log file",
+    "description": "Log files might contain information such as references to secret HTTP endpoints, session IDs, user information, passwords and API keys."
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "pcap",
+    "caption": "Network traffic capture file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "regex",
+    "pattern": "\\Asql(dump)?\\z",
+    "caption": "SQL dump file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "gnucash",
+    "caption": "GnuCash database file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "backup",
+    "caption": "Contains word: backup",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "dump",
+    "caption": "Contains word: dump",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "password",
+    "caption": "Contains word: password",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "credential",
+    "caption": "Contains word: credential",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "secret",
+    "caption": "Contains word: secret",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "private.*key",
+    "caption": "Contains words: private, key",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml",
+    "caption": "Jenkins publish over SSH plugin file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "credentials.xml",
+    "caption": "Potential Jenkins credentials file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?htpasswd\\z",
+    "caption": "Apache htpasswd file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A(\\.|_)?netrc\\z",
+    "caption": "Configuration file for auto-login process",
+    "description": "Might contain username and password."
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "kwallet",
+    "caption": "KDE Wallet Manager database file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "LocalSettings.php",
+    "caption": "Potential MediaWiki configuration file",
+    "description": null
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "tblk",
+    "caption": "Tunnelblick VPN configuration file",
+    "description": null
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?gem/credentials\\z",
+    "caption": "Rubygems credentials file",
+    "description": "Might contain API key for a rubygems.org account."
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A*\\.pubxml(\\.user)?\\z",
+    "caption": "Potential MSBuild publish profile",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "Favorites.plist",
+    "caption": "Sequel Pro MySQL database manager bookmark file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "configuration.user.xpl",
+    "caption": "Little Snitch firewall configuration file",
+    "description": "Contains traffic rules for applications"
+  },
+  {
+    "part": "extension",
+    "type": "match",
+    "pattern": "dayone",
+    "caption": "Day One journal file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "journal.txt",
+    "caption": "Potential jrnl journal file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?tugboat\\z",
+    "caption": "Tugboat DigitalOcean management tool configuration",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?git-credentials\\z",
+    "caption": "git-credential-store helper credentials file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?gitconfig\\z",
+    "caption": "Git configuration file",
+    "description": null
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "knife.rb",
+    "caption": "Chef Knife configuration file",
+    "description": "Might contain references to Chef servers"
+  },
+  {
+    "part": "path",
+    "type": "regex",
+    "pattern": "\\.?chef/(.*)\\.pem\\z",
+    "caption": "Chef private key",
+    "description": "Can be used to authenticate against Chef servers"
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "proftpdpasswd",
+    "caption": "cPanel backup ProFTPd credentials file",
+    "description": "Contains usernames and password hashes for FTP accounts"
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "robomongo.json",
+    "caption": "Robomongo MongoDB manager configuration file",
+    "description": "Might contain credentials for MongoDB databases"
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "filezilla.xml",
+    "caption": "FileZilla FTP configuration file",
+    "description": "Might contain credentials for FTP servers"
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "recentservers.xml",
+    "caption": "FileZilla FTP recent servers file",
+    "description": "Might contain credentials for FTP servers"
+  },
+  {
+    "part": "filename",
+    "type": "match",
+    "pattern": "ventrilo_srv.ini",
+    "caption": "Ventrilo server configuration file",
+    "description": "Might contain passwords"
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?dockercfg\\z",
+    "caption": "Docker configuration file",
+    "description": "Might contain credentials for public or private Docker registries"
+  },
+  {
+    "part": "filename",
+    "type": "regex",
+    "pattern": "\\A\\.?npmrc\\z",
+    "caption": "NPM configuration file",
+    "description": "Might contain credentials for NPM registries"
+  }
+]

data/views/assessments/_assessments.erb

@@ -0,0 +1,57 @@
+<table class="table assessments" id="assessments_table" data-refresh-endpoint="/assessments/_table">
+  <thead>
+    <tr>
+      <th></th>
+      <th>Date</th>
+      <th>Repositories</th>
+      <th>Files</th>
+      <th>Findings</th>
+      <th></th>
+    </tr>
+  </thead>
+  <% @assessments.each do |assessment| %>
+    <% if !assessment.finished %>
+      <tr class="assessment-row unfinished">
+    <% else %>
+      <tr class="assessment-row">
+    <% end %>
+      <td class="owners" data-href="/assessments/<%=h assessment.id %>/findings">
+        <% if assessment.owners.count.zero? %>
+          ...
+        <% else %>
+          <% assessment.owners_dataset.limit(10).order(:type).each do |owner| %>
+            <img src="<%=h owner.avatar_url %>" width="30" height="30" alt="<%=h owner.login %>" title="<%=h owner.login %>" class="img-rounded" data-toggle="tooltip" data-placement="bottom" />
+          <% end %>
+          <% if assessment.owners_count > 10 %>
+            <small>and <%= assessment.owners_count - 10 %> more</small>
+          <% end %>
+        <% end %>
+      </td>
+      <td><%=h assessment.created_at.strftime("%Y-%m-%d %H:%M") %></td>
+      <td>
+        <% if !assessment.finished %>
+          <img src="/images/gear_spinner.gif" alt="In progress..." title="In progress..." data-toggle="tooltip" data-placement="bottom" />
+        <% else %>
+          <%=h assessment.repositories_count %>
+        <% end %>
+      </td>
+      <td>
+        <% if !assessment.finished %>
+          <img src="/images/gear_spinner.gif" alt="In progress..." title="In progress..." data-toggle="tooltip" data-placement="bottom" />
+        <% else %>
+          <%=h assessment.blobs_count %>
+        <% end %>
+      </td>
+      <td>
+        <% if !assessment.finished %>
+          <img src="/images/gear_spinner.gif" alt="In progress..." title="In progress..." data-toggle="tooltip" data-placement="bottom" />
+        <% else %>
+          <%=h assessment.findings_count %>
+        <% end %>
+      </td>
+      <td>
+        <a class="btn btn-default btn-xs glyphicon glyphicon-trash delete-assessment" title="Delete assessment" data-toggle="tooltip" data-placement="bottom" href="#" data-assessment-id="<%=h assessment.id %>"></a>
+      </td>
+    </tr>
+  <% end %>
+</table>

data/views/assessments/_comparable_assessments.erb

@@ -0,0 +1,38 @@
+<% if @assessments.count.zero? %>
+  <div class="alert alert-danger" role="alert">
+    <strong>There are currently no comparable assessments.</strong>
+    <p>Assessments need to have at least one user in common to be comparable.</p>
+  </div>
+<% else %>
+<table class="table assessments comparable-assessments" id="assessments_table">
+    <thead>
+      <tr>
+        <th></th>
+        <th>Date</th>
+        <th>Repositories</th>
+        <th>Files</th>
+        <th>Findings</th>
+        <th></th>
+      </tr>
+    </thead>
+    <tbody>
+      <% @assessments.each do |assessment| %>
+        <tr class="assessment-row">
+          <td class="owners" data-href="/assessments/<%=h assessment.id %>">
+            <% assessment.owners_dataset.limit(10).order(:type).each do |owner| %>
+              <img src="<%=h owner.avatar_url %>" width="30" height="30" alt="<%=h owner.login %>" title="<%=h owner.login %>" class="img-rounded" data-toggle="tooltip" data-placement="bottom" />
+            <% end %>
+            <% if assessment.owners_count > 10 %>
+              <small>and <%= assessment.owners_count - 10 %> more</small>
+            <% end %>
+          </td>
+          <td><%=h assessment.created_at.strftime("%Y-%m-%d %H:%M") %></td>
+          <td><%=h assessment.repositories_count %></td>
+          <td><%=h assessment.blobs_count %></td>
+          <td><%=h assessment.findings_count %></td>
+          <td><button data-assessment-id="<%=h @assessment.id %>" data-other-assessment-id="<%=h assessment.id %>" class="btn btn-primary btn-success compare-assessments"><span class="glyphicon glyphicon-eye-open"></span> Compare</button></td>
+        </tr>
+      <% end %>
+    </tbody>
+  </table>
+<% end %>