gitgalaxy 2.0.8__tar.gz → 2.0.9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/PKG-INFO +1 -1
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/language_standards.py +4 -4
- gitgalaxy-2.0.9/gitgalaxy/tools/terabyte_log_scanning/README.md +109 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py +81 -28
- gitgalaxy-2.0.9/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py +209 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy.egg-info/PKG-INFO +1 -1
- gitgalaxy-2.0.8/gitgalaxy/tools/terabyte_log_scanning/README.md +0 -116
- gitgalaxy-2.0.8/gitgalaxy/tools/terabyte_log_scanning/terabyte_log_scanner.py +0 -139
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/ISSUE_TEMPLATE/parsing_discrepancy.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/dependabot.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/pull_request_template.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/workflows/codeql.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/workflows/deploy-docs.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/workflows/publish.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.github/workflows/smoke-test.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/.gitignore +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/CONTRIBUTING.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/LICENSE +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/MANIFEST.in +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/action.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/cobol_refractor_controller.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/cobol_to_java_controller.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/aperture.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/detector.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/guidestar_lens.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/network_risk_sensor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/prism.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/core/state_rehydrator.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/galaxyscope.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/physics/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/physics/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/physics/chronometer.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/physics/neural_auditor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/physics/signal_processor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/physics/spectral_auditor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/recorders/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/recorders/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/recorders/audit_recorder.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/recorders/gpu_recorder.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/recorders/llm_recorder.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/recorders/record_keeper.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/security/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/security/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/security/security_auditor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/security/security_lens.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/analysis_lens.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/gitgalaxy_config.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/how_to_add_a_language.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/standards/language_lens.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/__init__.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/ai_guardrails/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/ai_guardrails/ai_appsec_sensor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/ai_guardrails/dev_agent_firewall.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_agent_task_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_compiler_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_dag_architect.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_etl_unpacker.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_graveyard_finder.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_auditor.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_jcl_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_lexical_patcher.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_microservice_slicer.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_schema_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_cobol/cobol_system_limits_reporter.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/batch_test_harness.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/cobol_to_java_agent_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/cobol_to_java_api_contract_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/cobol_to_java_build_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/cobol_to_java_decoder_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/cobol_to_java_service_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/cobol_to_java/cobol_to_java_spring_forge.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/compliance/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/compliance/sbom_generator.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/network_auditing/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/network_auditing/full_api_network_map.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/supply_chain_security/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/supply_chain_security/binary_anomaly_detector.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/supply_chain_security/supply_chain_firewall.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/supply_chain_security/vault_sentinel.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy.egg-info/SOURCES.txt +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy.egg-info/dependency_links.txt +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy.egg-info/entry_points.txt +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy.egg-info/top_level.txt +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/mkdocs.yml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/pyproject.toml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/setup.cfg +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/.gitattributes +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/.gitignore +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/LICENSE +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/Makefile +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/README.md +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/bufio.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/bufio_test.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/example_test.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/export_test.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/net_test.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/scan.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/bufio/scan_test.go +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/config.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/convert_em.F +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/dnn_converters.cpp +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/dnn_converters.hpp +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/insert_pinyin_to_db.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/iwubi.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/iwubi.svg +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/iwubi.xml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/logconfig.py +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/logconfig.yaml +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/pinyin_simp.dict.csv +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/screenshot/add.png +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/screenshot/iwubi.gif +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/screenshot/set_ibus.png +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/fixtures/iwubi_frankenstein_test/wubi-jidian86.db +0 -0
- {gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/tests/test_galaxyscope.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.9
|
|
4
4
|
Summary: An AST-free, LLM-free zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
|
|
5
5
|
Author: Joe Esquibel
|
|
6
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
@@ -1242,7 +1242,7 @@ LANGUAGE_DEFINITIONS = {
|
|
|
1242
1242
|
# ONLY executable logic blocks. EXCLUDES types/classes.
|
|
1243
1243
|
#
|
|
1244
1244
|
# =====================================================================
|
|
1245
|
-
# [
|
|
1245
|
+
# [ CONTEXT: C# "IRON WALL" FUNCTION EXTRACTOR & REDOS SHIELD]
|
|
1246
1246
|
# PURPOSE: Anchors executable logic blocks (methods) in C# up to C# 14.
|
|
1247
1247
|
# VULNERABILITY: C# allows massive return types (e.g., nested tuples),
|
|
1248
1248
|
# generics, and explicit interface implementations. If spaces are allowed
|
|
@@ -2007,7 +2007,7 @@ LANGUAGE_DEFINITIONS = {
|
|
|
2007
2007
|
),
|
|
2008
2008
|
"func_start": re.compile(
|
|
2009
2009
|
# =====================================================================
|
|
2010
|
-
# [
|
|
2010
|
+
# [ CONTEXT: C++ FUNCTION AST EXTRACTOR & REDOS SHIELD]
|
|
2011
2011
|
# PURPOSE: Anchors executable logic blocks (methods/functions) in C++.
|
|
2012
2012
|
# VULNERABILITY: C++ allows multi-line function signatures and complex
|
|
2013
2013
|
# return types (e.g., `std::vector<int> \n myFunc()`). In files with
|
|
@@ -4857,7 +4857,7 @@ LANGUAGE_DEFINITIONS = {
|
|
|
4857
4857
|
),
|
|
4858
4858
|
# 4. func_start (The Satellite Spawner)
|
|
4859
4859
|
# =====================================================================
|
|
4860
|
-
# [
|
|
4860
|
+
# [ CONTEXT: FORTRAN FUNCTION AST EXTRACTOR & REDOS SHIELD]
|
|
4861
4861
|
# PURPOSE: Anchors executable logic blocks (Program, Subroutine, Function, Entry)
|
|
4862
4862
|
# across 60+ years of Fortran dialects (F77 through F2018).
|
|
4863
4863
|
# VULNERABILITY: Fortran allows extreme signature variability: prefix stacking
|
|
@@ -6535,7 +6535,7 @@ LANGUAGE_DEFINITIONS = {
|
|
|
6535
6535
|
),
|
|
6536
6536
|
# 4. func_start: Satellite Spawner. Anchors logic blocks (Paragraphs and Sections).
|
|
6537
6537
|
# =====================================================================
|
|
6538
|
-
# [
|
|
6538
|
+
# [ CONTEXT: COBOL FUNCTION/PARAGRAPH AST EXTRACTOR & REDOS SHIELD]
|
|
6539
6539
|
# PURPOSE: Anchors executable logic blocks (Paragraphs and Sections) in COBOL.
|
|
6540
6540
|
# VULNERABILITY: COBOL spans 60 years of formatting rules (Fixed vs Free format).
|
|
6541
6541
|
# Without strict column boundaries, standard verbs or data definitions
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
# GitGalaxy: High-Velocity Log Scanning & PII Detection
|
|
2
|
+
|
|
3
|
+
[](#)
|
|
4
|
+
[](#)
|
|
5
|
+
[](#)
|
|
6
|
+
|
|
7
|
+
During an active incident response or catastrophic data breach, standard tools fail. Basic `grep` lacks time-series context. Modern SIEMs (Splunk, ElasticSearch) require you to ingest and index data first—taking hours or days for massive database dumps.
|
|
8
|
+
|
|
9
|
+
This suite provides a tactical, pipeline-ready solution: **ultra-high-velocity, unindexed binary streaming.** Running at over 2 GB per minute, our custom stream-processing engine reads data continuously without loading massive files into RAM. Perfect for active breach triage or automated CI/CD pipeline sanitization.
|
|
10
|
+
|
|
11
|
+
---
|
|
12
|
+
|
|
13
|
+
## Part 1: The PII Data Leak Hunter (`pii-leak-hunter`)
|
|
14
|
+
[📖 Official Documentation](https://squid-protocol.github.io/gitgalaxy/04-06-pii-leak-hunter/)
|
|
15
|
+
|
|
16
|
+
A specialized incident response tool. Designed to find hemorrhaging Personally Identifiable Information inside massive, raw data dumps.
|
|
17
|
+
|
|
18
|
+
**How it works:**
|
|
19
|
+
* **Binary-Level Regex:** Compiles structural patterns to raw bytes. Extreme CPU efficiency.
|
|
20
|
+
* **Automated Masking:** Redacts toxic payloads before writing to safe evidence logs.
|
|
21
|
+
* **Exfiltration Histograms:** Generates ASCII charts. Pinpoints exact breach minutes.
|
|
22
|
+
|
|
23
|
+
**Performance Showcase:** Streamed a raw **1.00 GB compromised log file**. Completed in **25.72 seconds**. Detected and actively masked over **420,000 sensitive records**. Immediately exposed two distinct attack vectors (Customer data at 14:00, AWS Keys at 09:00).
|
|
24
|
+
|
|
25
|
+
### Targeted Patterns
|
|
26
|
+
The stream engine currently bypasses standard indexing to hunt and actively mask:
|
|
27
|
+
* **VISA** (Credit Cards)
|
|
28
|
+
* **MASTERCARD** (Credit Cards)
|
|
29
|
+
* **SSN** (US Social Security Numbers)
|
|
30
|
+
* **AWS_KEY** (AKIA, ASIA, AGPA, etc.)
|
|
31
|
+
|
|
32
|
+
### Quickstart & Integration
|
|
33
|
+
**Local CLI Execution:**
|
|
34
|
+
By default, the tool saves the masked evidence log in the same directory as the target.
|
|
35
|
+
```bash
|
|
36
|
+
pii-leak-hunter /path/to/massive_database_dump.sql
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
**Using the `--out` Flag:**
|
|
40
|
+
Route the safe, masked telemetry to a secure directory for analysis.
|
|
41
|
+
```bash
|
|
42
|
+
pii-leak-hunter /path/to/production.log --out /var/secure_logs/
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
**GitHub Actions CI/CD Integration:**
|
|
46
|
+
Automate sanitization before archiving logs.
|
|
47
|
+
```yaml
|
|
48
|
+
- name: Run PII Leak Hunter
|
|
49
|
+
uses: squid-protocol/gitgalaxy@main
|
|
50
|
+
with:
|
|
51
|
+
tool: 'pii-leak-hunter'
|
|
52
|
+
target: './logs/production_dump.sql'
|
|
53
|
+
args: '--out ./sanitized_logs/'
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## Part 2: The Terabyte Log Scanner (`terabyte-log-scanner`)
|
|
59
|
+
[📖 Official Documentation](https://squid-protocol.github.io/gitgalaxy/04-07-terabyte-log-scanner/)
|
|
60
|
+
|
|
61
|
+
A runtime execution tracer. Connects static codebase architecture to physical runtime reality. Parses massive mainframe SMF logs or distributed traces to prove what code actually executes.
|
|
62
|
+
|
|
63
|
+
**How it works:**
|
|
64
|
+
* **Single-Pass Streaming:** Never loads the full file into RAM.
|
|
65
|
+
* **Execution Verification:** Proves exact runtime execution frequencies.
|
|
66
|
+
* **Zero-Hit Detection:** Mathematically proves if compiled legacy code is abandoned.
|
|
67
|
+
* **Dynamic Sidecars:** Outputs telemetry JSON for 3D WebGPU traffic heatmaps.
|
|
68
|
+
|
|
69
|
+
**Performance Showcase:**
|
|
70
|
+
Ran against a raw **2.1GB production stream log**. Completed single-pass scan in **30.07 seconds**. Dynamically scaled ASCII histograms instantly exposed a massive brute-force anomaly isolated from background noise:
|
|
71
|
+
|
|
72
|
+
```text
|
|
73
|
+
=== TIME-SERIES: ERROR ===
|
|
74
|
+
(Filtering to Top 15 Highest Volume Spikes)
|
|
75
|
+
[2026-04-16 14:00] ███████████████████████████████████████ (5,759 hits) <-- ANOMALY SPIKE
|
|
76
|
+
[2026-04-27 14:00] ███████████████████████████████████████ (5,753 hits) <-- ANOMALY SPIKE
|
|
77
|
+
[2026-05-02 14:00] ███████████████████████████████████████ (5,718 hits) <-- ANOMALY SPIKE
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
### Input Methods: Manual vs. Automated
|
|
81
|
+
The tool requires one of two input methods to function. It will not run without a target list.
|
|
82
|
+
|
|
83
|
+
**1. Manual Mode (`-k` or `--keywords`)**
|
|
84
|
+
Best for quick, grep-style tactical hunts. Supply a space-separated list of targets.
|
|
85
|
+
```bash
|
|
86
|
+
terabyte-log-scanner /path/to/production.log -k ERROR TIMEOUT "DATA EXCEPTION"
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
**2. Automated Pipeline Mode (`--input_state`)**
|
|
90
|
+
Best for CI/CD modernization pipelines. Supply a GitGalaxy Intermediate Representation (IR) JSON file. The script will automatically extract the targets from the `known_programs` array to hunt for dead code.
|
|
91
|
+
```bash
|
|
92
|
+
terabyte-log-scanner /path/to/production.log --input_state ../core/ir_state.json
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
*Required JSON Schema for Automated Mode:*
|
|
96
|
+
```json
|
|
97
|
+
{
|
|
98
|
+
"analysis": {
|
|
99
|
+
"known_programs": ["PROGRAM1", "PROGRAM2"]
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
---
|
|
105
|
+
### 🌌 Powered by the blAST Engine (Bypassing LLMs and ASTs)
|
|
106
|
+
This suite is driven by our custom deterministic heuristics engine. It processes multi-dimensional data at extreme velocity without requiring rigid ASTs or hallucinating LLMs.
|
|
107
|
+
|
|
108
|
+
* 📖 **[The blAST Paradigm (ASTs vs LLMs)](https://squid-protocol.github.io/gitgalaxy/01-03-the-blast-paradigm/)**
|
|
109
|
+
* 🪐 **[Return to the Main GitGalaxy Hub](https://github.com/squid-protocol/gitgalaxy)**
|
{gitgalaxy-2.0.8 → gitgalaxy-2.0.9}/gitgalaxy/tools/terabyte_log_scanning/pii_leak_hunter.py
RENAMED
|
@@ -63,25 +63,60 @@ def draw_ascii_histogram(time_buckets: dict, keyword: str):
|
|
|
63
63
|
print(f" [{time_bucket}] {bar} ({hits:,} hits){alert}")
|
|
64
64
|
|
|
65
65
|
def main():
|
|
66
|
-
|
|
66
|
+
# -------------------------------------------------------------------------
|
|
67
|
+
# 1. CLI ARGUMENT PARSING & DOCUMENTATION
|
|
68
|
+
# -------------------------------------------------------------------------
|
|
69
|
+
parser = argparse.ArgumentParser(
|
|
70
|
+
description="GitGalaxy PII Data Leak Hunter: High-speed streaming parser to detect and mask exposed sensitive data.",
|
|
71
|
+
formatter_class=argparse.RawTextHelpFormatter,
|
|
72
|
+
epilog="""
|
|
73
|
+
==============================================================================
|
|
74
|
+
HUNTING CAPABILITIES:
|
|
75
|
+
This engine bypasses standard indexing to stream raw binary logs or database
|
|
76
|
+
dumps. It currently hunts and actively masks the following patterns:
|
|
77
|
+
- VISA Credit Cards
|
|
78
|
+
- MASTERCARD Credit Cards
|
|
79
|
+
- US Social Security Numbers (SSN)
|
|
80
|
+
- AWS API Keys (AKIA, ASIA, etc.)
|
|
81
|
+
|
|
82
|
+
Masked evidence logs are safely written to disk without exposing the full PII.
|
|
83
|
+
==============================================================================
|
|
84
|
+
"""
|
|
85
|
+
)
|
|
67
86
|
parser.add_argument("target", help="Path to the log file or database dump to scan")
|
|
68
87
|
parser.add_argument("--out", type=str, help="Optional: Custom directory to save the safe evidence log")
|
|
69
88
|
args = parser.parse_args()
|
|
70
89
|
|
|
90
|
+
# -------------------------------------------------------------------------
|
|
91
|
+
# 2. FILE VALIDATION & GUARDRAILS
|
|
92
|
+
# -------------------------------------------------------------------------
|
|
71
93
|
target_path = Path(args.target).resolve()
|
|
72
|
-
if not target_path.exists():
|
|
73
|
-
print(f"
|
|
94
|
+
if not target_path.exists() or not target_path.is_file():
|
|
95
|
+
print(f"\n[!] ERROR: Target file does not exist or is not a file: {target_path}")
|
|
74
96
|
sys.exit(1)
|
|
75
97
|
|
|
76
98
|
if args.out:
|
|
77
99
|
out_dir = Path(args.out).resolve()
|
|
78
|
-
out_dir.mkdir(parents=True, exist_ok=True)
|
|
79
|
-
results_path = out_dir / f"{target_path.stem}_pii_leak_evidence.log"
|
|
80
100
|
else:
|
|
81
|
-
|
|
101
|
+
out_dir = target_path.parent
|
|
102
|
+
|
|
103
|
+
try:
|
|
104
|
+
out_dir.mkdir(parents=True, exist_ok=True)
|
|
105
|
+
except PermissionError:
|
|
106
|
+
print(f"\n[!] ERROR: Permission denied to create output directory: {out_dir}")
|
|
107
|
+
sys.exit(1)
|
|
108
|
+
|
|
109
|
+
results_path = out_dir / f"{target_path.stem}_pii_leak_evidence.log"
|
|
82
110
|
|
|
83
|
-
|
|
84
|
-
|
|
111
|
+
try:
|
|
112
|
+
file_size_bytes = target_path.stat().st_size
|
|
113
|
+
file_size_gb = file_size_bytes / (1024**3)
|
|
114
|
+
file_size_mb = file_size_bytes / (1024**2)
|
|
115
|
+
except OSError as e:
|
|
116
|
+
print(f"\n[!] ERROR: Could not read target file size: {e}")
|
|
117
|
+
sys.exit(1)
|
|
118
|
+
|
|
119
|
+
print(f"🚨 Tapping into data stream: {target_path.name} ({file_size_gb:.2f} GB / {file_size_mb:.2f} MB)")
|
|
85
120
|
print(f"🛡️ Masking enabled. Streaming safe evidence to: {results_path.name}")
|
|
86
121
|
|
|
87
122
|
ts_pattern = re.compile(br'(\d{4}-\d{2}-\d{2}[T\s]\d{2}|\b[A-Z][a-z]{2}\s+\d{1,2}\s\d{2})')
|
|
@@ -89,30 +124,37 @@ def main():
|
|
|
89
124
|
|
|
90
125
|
start_time = time.time()
|
|
91
126
|
|
|
92
|
-
#
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
127
|
+
# -------------------------------------------------------------------------
|
|
128
|
+
# 3. HIGH-SPEED SCANNING (The Memory Shield)
|
|
129
|
+
# -------------------------------------------------------------------------
|
|
130
|
+
try:
|
|
131
|
+
with open(target_path, 'rb') as f_in, open(results_path, 'w', encoding='utf-8') as f_out:
|
|
132
|
+
for line in f_in:
|
|
133
|
+
hit_found = False
|
|
134
|
+
for pii_type, pattern in PII_PATTERNS.items():
|
|
135
|
+
if pattern.search(line):
|
|
136
|
+
# Only decode the line if a physical hit is detected to save CPU cycles
|
|
137
|
+
if not hit_found:
|
|
138
|
+
decoded_line = line.decode('utf-8', errors='ignore').strip()
|
|
139
|
+
safe_line = mask_pii(decoded_line)
|
|
140
|
+
f_out.write(f"[{pii_type}] {safe_line}\n")
|
|
141
|
+
hit_found = True # Prevent duplicate writes if a line has multiple PII types
|
|
142
|
+
|
|
143
|
+
ts_match = ts_pattern.search(line)
|
|
144
|
+
bucket = ts_match.group(1).decode('utf-8', errors='ignore') + ":00" if ts_match else "Unknown Time"
|
|
145
|
+
histograms[pii_type][bucket] += 1
|
|
146
|
+
except IOError as e:
|
|
147
|
+
print(f"\n[!] FATAL I/O ERROR during streaming: {e}")
|
|
148
|
+
sys.exit(1)
|
|
108
149
|
|
|
109
150
|
time_elapsed = time.time() - start_time
|
|
110
151
|
|
|
111
|
-
#
|
|
152
|
+
# -------------------------------------------------------------------------
|
|
153
|
+
# 4. REPORTING & DASHBOARDS
|
|
154
|
+
# -------------------------------------------------------------------------
|
|
112
155
|
for kw in PII_PATTERNS.keys():
|
|
113
156
|
draw_ascii_histogram(histograms[kw], kw)
|
|
114
157
|
|
|
115
|
-
# 4. Calculate totals for the Executive Summary
|
|
116
158
|
total_counts = {kw: sum(buckets.values()) for kw, buckets in histograms.items()}
|
|
117
159
|
max_total = max(total_counts.values()) if total_counts.values() else 0
|
|
118
160
|
|
|
@@ -129,9 +171,20 @@ def main():
|
|
|
129
171
|
print(" ✅ Clean scan. No Social Security, Credit Card, or AWS Keys detected.")
|
|
130
172
|
|
|
131
173
|
print("-" * 75)
|
|
132
|
-
|
|
174
|
+
|
|
175
|
+
# Safely calculate processing speed depending on file size to prevent math errors
|
|
176
|
+
if time_elapsed > 0:
|
|
177
|
+
if file_size_gb > 0.1:
|
|
178
|
+
speed = file_size_gb / time_elapsed
|
|
179
|
+
speed_str = f"{speed:.3f} GB/s"
|
|
180
|
+
else:
|
|
181
|
+
speed = file_size_mb / time_elapsed
|
|
182
|
+
speed_str = f"{speed:.2f} MB/s"
|
|
183
|
+
else:
|
|
184
|
+
speed_str = "Instant"
|
|
185
|
+
|
|
133
186
|
print(f" ✅ Scan complete. Sliced through {target_path.name} in {time_elapsed:.2f} seconds.")
|
|
134
|
-
print(f" ⚡ Processing Velocity: {
|
|
187
|
+
print(f" ⚡ Processing Velocity: {speed_str}")
|
|
135
188
|
print(f" 📁 Safe Evidence Log: {results_path.resolve()}")
|
|
136
189
|
print("="*75 + "\n")
|
|
137
190
|
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# ==============================================================================
|
|
3
|
+
# GitGalaxy Spoke: Mega Log Parser
|
|
4
|
+
# Purpose: High-speed, single-pass log analyzer with ASCII time-series histograms.
|
|
5
|
+
# ==============================================================================
|
|
6
|
+
import argparse
|
|
7
|
+
import sys
|
|
8
|
+
import re
|
|
9
|
+
import time
|
|
10
|
+
import json
|
|
11
|
+
from collections import defaultdict
|
|
12
|
+
from pathlib import Path
|
|
13
|
+
|
|
14
|
+
def draw_ascii_histogram(time_buckets: dict, keyword: str):
|
|
15
|
+
"""
|
|
16
|
+
Draws a dynamically scaled ASCII histogram.
|
|
17
|
+
If the dataset is massive, it filters to show only the highest volume spikes
|
|
18
|
+
to prevent terminal flooding.
|
|
19
|
+
"""
|
|
20
|
+
if not time_buckets:
|
|
21
|
+
return
|
|
22
|
+
|
|
23
|
+
print(f"\n === TIME-SERIES: {keyword.upper()} ===")
|
|
24
|
+
|
|
25
|
+
max_hits = max(time_buckets.values())
|
|
26
|
+
max_bar_width = 40
|
|
27
|
+
avg_hits = sum(time_buckets.values()) / len(time_buckets)
|
|
28
|
+
anomaly_threshold = avg_hits * 3
|
|
29
|
+
|
|
30
|
+
# UX Safeguard: If there are too many buckets, only show the Top 15 worst ones
|
|
31
|
+
if len(time_buckets) > 15:
|
|
32
|
+
print(" (Filtering to Top 15 Highest Volume Spikes)")
|
|
33
|
+
# Sort by highest hits, grab top 15, then resort chronologically for the graph
|
|
34
|
+
top_offenders = sorted(time_buckets.items(), key=lambda x: x[1], reverse=True)[:15]
|
|
35
|
+
display_buckets = dict(sorted(top_offenders))
|
|
36
|
+
else:
|
|
37
|
+
display_buckets = dict(sorted(time_buckets.items()))
|
|
38
|
+
|
|
39
|
+
for time_bucket, hits in display_buckets.items():
|
|
40
|
+
# Calculate bar length safely
|
|
41
|
+
bar_len = int((hits / max_hits) * max_bar_width) if max_hits > 0 else 0
|
|
42
|
+
bar = "█" * max(1, bar_len)
|
|
43
|
+
|
|
44
|
+
# Flag statistical anomalies visually
|
|
45
|
+
alert = " <-- ANOMALY SPIKE" if hits >= anomaly_threshold and hits > 10 else ""
|
|
46
|
+
print(f" [{time_bucket}] {bar} ({hits:,} hits){alert}")
|
|
47
|
+
|
|
48
|
+
def main():
|
|
49
|
+
# -------------------------------------------------------------------------
|
|
50
|
+
# 1. CLI ARGUMENT PARSING & DOCUMENTATION
|
|
51
|
+
# -------------------------------------------------------------------------
|
|
52
|
+
parser = argparse.ArgumentParser(
|
|
53
|
+
description="GitGalaxy Mega Log Parser: High-speed, single-pass log analyzer with ASCII time-series histograms.",
|
|
54
|
+
formatter_class=argparse.RawTextHelpFormatter,
|
|
55
|
+
epilog="""
|
|
56
|
+
==============================================================================
|
|
57
|
+
JSON IR State Structure:
|
|
58
|
+
If using --input_state, the script expects a GitGalaxy Intermediate
|
|
59
|
+
Representation (IR) JSON file. It specifically targets the 'known_programs'
|
|
60
|
+
array to hunt for dead code and execution volumes.
|
|
61
|
+
|
|
62
|
+
Expected JSON Schema:
|
|
63
|
+
{
|
|
64
|
+
"analysis": {
|
|
65
|
+
"known_programs": ["PROGRAM1", "PROGRAM2"]
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
==============================================================================
|
|
69
|
+
"""
|
|
70
|
+
)
|
|
71
|
+
parser.add_argument("target", help="Path to the log file (Translated ASCII SMF)")
|
|
72
|
+
parser.add_argument("-k", "--keywords", nargs="+", help="Keywords to search for manually (e.g., -k PGM1 PGM2)")
|
|
73
|
+
parser.add_argument("--input_state", type=str, help="Path to GitGalaxy ir_state.json to auto-extract targets")
|
|
74
|
+
parser.add_argument("--out", type=str, help="Optional: Custom directory to save the results log")
|
|
75
|
+
args = parser.parse_args()
|
|
76
|
+
|
|
77
|
+
# Validate target log file exists before doing any work
|
|
78
|
+
target_path = Path(args.target).resolve()
|
|
79
|
+
if not target_path.exists() or not target_path.is_file():
|
|
80
|
+
print(f"\n[!] ERROR: Target log file does not exist or is not a file: {target_path}")
|
|
81
|
+
sys.exit(1)
|
|
82
|
+
|
|
83
|
+
# -------------------------------------------------------------------------
|
|
84
|
+
# 2. INPUT HANDSHAKE & VALIDATION (No Silent Failures)
|
|
85
|
+
# -------------------------------------------------------------------------
|
|
86
|
+
search_targets = []
|
|
87
|
+
|
|
88
|
+
if args.input_state:
|
|
89
|
+
state_path = Path(args.input_state).resolve()
|
|
90
|
+
if not state_path.exists():
|
|
91
|
+
print(f"\n[!] ERROR: Input state JSON file not found: {state_path}")
|
|
92
|
+
sys.exit(1)
|
|
93
|
+
|
|
94
|
+
try:
|
|
95
|
+
with open(state_path, 'r', encoding='utf-8') as f:
|
|
96
|
+
ir_state = json.load(f)
|
|
97
|
+
|
|
98
|
+
# Strict Schema Validation
|
|
99
|
+
if not isinstance(ir_state, dict):
|
|
100
|
+
raise ValueError("The root of the JSON file must be an object {}.")
|
|
101
|
+
if 'analysis' not in ir_state or 'known_programs' not in ir_state['analysis']:
|
|
102
|
+
raise ValueError("JSON is missing the required ['analysis']['known_programs'] path.")
|
|
103
|
+
|
|
104
|
+
search_targets = ir_state['analysis']['known_programs']
|
|
105
|
+
|
|
106
|
+
if not isinstance(search_targets, list) or not search_targets:
|
|
107
|
+
print(f"\n[!] WARNING: 'known_programs' array is empty or invalid. Nothing to search.")
|
|
108
|
+
sys.exit(0)
|
|
109
|
+
|
|
110
|
+
print(f"📡 Loaded {len(search_targets)} targets from {state_path.name}")
|
|
111
|
+
|
|
112
|
+
except json.JSONDecodeError as e:
|
|
113
|
+
print(f"\n[!] ERROR: Invalid JSON format in {state_path.name}:\n {e}")
|
|
114
|
+
sys.exit(1)
|
|
115
|
+
except Exception as e:
|
|
116
|
+
print(f"\n[!] ERROR: Failed to parse input state:\n {e}")
|
|
117
|
+
sys.exit(1)
|
|
118
|
+
|
|
119
|
+
elif args.keywords:
|
|
120
|
+
search_targets = args.keywords
|
|
121
|
+
else:
|
|
122
|
+
print("\n[!] ERROR: You must provide targets using either -k/--keywords or --input_state.")
|
|
123
|
+
parser.print_help()
|
|
124
|
+
sys.exit(1)
|
|
125
|
+
|
|
126
|
+
# -------------------------------------------------------------------------
|
|
127
|
+
# 3. REGEX COMPILATION & FILE PREPARATION
|
|
128
|
+
# -------------------------------------------------------------------------
|
|
129
|
+
keyword_patterns = {}
|
|
130
|
+
for kw in search_targets:
|
|
131
|
+
# Pre-compile regex for speed. Encode to bytes for fast binary reading.
|
|
132
|
+
try:
|
|
133
|
+
pattern_str = fr"{kw}"
|
|
134
|
+
keyword_patterns[kw] = re.compile(pattern_str.encode('utf-8'), re.IGNORECASE)
|
|
135
|
+
except re.error as e:
|
|
136
|
+
print(f"\n[!] ERROR: Invalid regex generated for keyword '{kw}': {e}")
|
|
137
|
+
sys.exit(1)
|
|
138
|
+
|
|
139
|
+
ts_pattern = re.compile(br'(\d{4}-\d{2}-\d{2}[T\s]\d{2}|\b[A-Z][a-z]{2}\s+\d{1,2}\s\d{2})')
|
|
140
|
+
histograms = {kw: defaultdict(int) for kw in search_targets}
|
|
141
|
+
|
|
142
|
+
# Determine output paths
|
|
143
|
+
if args.out:
|
|
144
|
+
out_dir = Path(args.out).resolve()
|
|
145
|
+
else:
|
|
146
|
+
out_dir = target_path.parent
|
|
147
|
+
|
|
148
|
+
try:
|
|
149
|
+
out_dir.mkdir(parents=True, exist_ok=True)
|
|
150
|
+
except PermissionError:
|
|
151
|
+
print(f"\n[!] ERROR: Permission denied to create output directory: {out_dir}")
|
|
152
|
+
sys.exit(1)
|
|
153
|
+
|
|
154
|
+
results_path = out_dir / f"{target_path.stem}_results.txt"
|
|
155
|
+
sidecar_path = out_dir / "dynamic_telemetry.json"
|
|
156
|
+
|
|
157
|
+
start_time = time.time()
|
|
158
|
+
print(f"🚀 Scanning {target_path.name} for {len(search_targets)} keywords...")
|
|
159
|
+
|
|
160
|
+
# -------------------------------------------------------------------------
|
|
161
|
+
# 4. HIGH-SPEED SCANNING (The Memory Shield)
|
|
162
|
+
# -------------------------------------------------------------------------
|
|
163
|
+
try:
|
|
164
|
+
with open(target_path, 'rb') as f_in, open(results_path, 'w', encoding='utf-8') as f_out:
|
|
165
|
+
for line in f_in:
|
|
166
|
+
for kw, pattern in keyword_patterns.items():
|
|
167
|
+
if pattern.search(line):
|
|
168
|
+
decoded_line = line.decode('utf-8', errors='ignore').strip()
|
|
169
|
+
ts_match = ts_pattern.search(line)
|
|
170
|
+
|
|
171
|
+
# Bucket by hour
|
|
172
|
+
bucket = ts_match.group(1).decode('utf-8', errors='ignore') + ":00" if ts_match else "Unknown Time"
|
|
173
|
+
histograms[kw][bucket] += 1
|
|
174
|
+
|
|
175
|
+
f_out.write(f"{decoded_line}\n")
|
|
176
|
+
break # Stop checking keywords once a hit is found on this line
|
|
177
|
+
except IOError as e:
|
|
178
|
+
print(f"\n[!] FATAL I/O ERROR during scanning: {e}")
|
|
179
|
+
sys.exit(1)
|
|
180
|
+
|
|
181
|
+
time_elapsed = time.time() - start_time
|
|
182
|
+
|
|
183
|
+
# -------------------------------------------------------------------------
|
|
184
|
+
# 5. REPORTING & SIDECAR GENERATION
|
|
185
|
+
# -------------------------------------------------------------------------
|
|
186
|
+
for kw, buckets in histograms.items():
|
|
187
|
+
draw_ascii_histogram(buckets, kw)
|
|
188
|
+
|
|
189
|
+
print(f"\n✅ Scan completed in {time_elapsed:.2f} seconds.")
|
|
190
|
+
print(f"📄 Filtered results saved to: {results_path}")
|
|
191
|
+
|
|
192
|
+
# Calculate total hits for the JSON sidecar
|
|
193
|
+
total_counts = {kw: sum(buckets.values()) for kw, buckets in histograms.items()}
|
|
194
|
+
telemetry_payload = {
|
|
195
|
+
"execution_counts": total_counts,
|
|
196
|
+
"resolved_dynamic_calls": {}
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
try:
|
|
200
|
+
with open(sidecar_path, 'w', encoding='utf-8') as f_json:
|
|
201
|
+
json.dump(telemetry_payload, f_json, indent=4)
|
|
202
|
+
print(f"💾 JSON State Sidecar written to: {sidecar_path}")
|
|
203
|
+
except IOError as e:
|
|
204
|
+
print(f"\n[!] ERROR: Failed to write telemetry sidecar: {e}")
|
|
205
|
+
|
|
206
|
+
print("="*75 + "\n")
|
|
207
|
+
|
|
208
|
+
if __name__ == "__main__":
|
|
209
|
+
main()
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: gitgalaxy
|
|
3
|
-
Version: 2.0.
|
|
3
|
+
Version: 2.0.9
|
|
4
4
|
Summary: An AST-free, LLM-free zero-trust static analysis engine for mapping architectural risk, securing CI/CD pipelines, and modernizing legacy monoliths.
|
|
5
5
|
Author: Joe Esquibel
|
|
6
6
|
Project-URL: Homepage, https://gitgalaxy.io
|
|
@@ -1,116 +0,0 @@
|
|
|
1
|
-
# GitGalaxy: High-Velocity Log Scanning & PII Detection
|
|
2
|
-
|
|
3
|
-
[](#)
|
|
4
|
-
[](#)
|
|
5
|
-
[](#)
|
|
6
|
-
|
|
7
|
-
Welcome to the **GitGalaxy Terabyte Log Scanning Suite**.
|
|
8
|
-
|
|
9
|
-
During an active incident response or catastrophic data breach, standard tools fail. Basic `grep` is too rigid and lacks time-series context. Modern SIEMs (like Splunk or ElasticSearch) are incredibly powerful, but they require you to ingest and index the data first—a process that takes hours or days for a 10GB+ database dump. You need answers immediately.
|
|
10
|
-
|
|
11
|
-
This suite provides a tactical, pipeline-ready solution: **ultra-high-velocity, unindexed binary streaming.** Running at over 2 GB per minute on standard hardware, our custom stream-processing engine reads data continuously without ever loading the massive file into RAM. This makes it perfect for active breach triage, or as an automated CI/CD pipeline job to sanitize server logs before they are permanently archived.
|
|
12
|
-
|
|
13
|
-
### 1. [The PII Data Leak Hunter](https://squid-protocol.github.io/gitgalaxy/04-06-pii-leak-hunter/) (`pii-leak-hunter`)
|
|
14
|
-
|
|
15
|
-
A specialized incident response tool designed to find hemorrhaging Personally Identifiable Information (Credit Cards, SSNs, AWS API Keys) inside massive, raw data dumps.
|
|
16
|
-
|
|
17
|
-
* **Binary-Level Regex Evaluation:** Compiles structural patterns to raw bytes for extreme CPU efficiency.
|
|
18
|
-
* **Automated Data Masking:** Redacts toxic payloads before writing to safe evidence logs.
|
|
19
|
-
* **Exfiltration Histograms:** Generates terminal ASCII charts to pinpoint exact breach minutes.
|
|
20
|
-
* **Pipeline Sanitization:** Runs automatically in CI/CD to block PII log archiving via our [Hunting PII Leaks Recipe](https://squid-protocol.github.io/gitgalaxy/cookbook/hunt-pii-leaks/).
|
|
21
|
-
|
|
22
|
-
### 2. [The Terabyte Log Scanner](https://squid-protocol.github.io/gitgalaxy/04-07-terabyte-log-scanner/) (`terabyte-log-scanner`)
|
|
23
|
-
|
|
24
|
-
A runtime execution tracer that connects static codebase architecture to physical runtime reality. It parses massive mainframe SMF logs or distributed traces to prove what code is actually executing.
|
|
25
|
-
|
|
26
|
-
* **Intermediate Representation (IR) Ingestion:** Ingests static repository maps to hunt known compiled programs in the logs.
|
|
27
|
-
* **Execution Verification:** Proves exact runtime execution frequencies in production environments.
|
|
28
|
-
* **Zero-Hit Dead Code:** Mathematically [proves if compiled legacy code is truly abandoned](https://squid-protocol.github.io/gitgalaxy/cookbook/prove-dead-code-logs/).
|
|
29
|
-
* **Dynamic Telemetry:** Outputs sidecar JSON for 3D WebGPU traffic heatmaps.
|
|
30
|
-
|
|
31
|
-
---
|
|
32
|
-
|
|
33
|
-
### ⚡ Performance & Anomaly Detection Showcases
|
|
34
|
-
|
|
35
|
-
#### Showcase A: PII Exfiltration & Automated Masking
|
|
36
|
-
To demonstrate incident response capabilities, we streamed a raw **1.00 GB compromised log file**. The PII Leak Hunter chewed through the file in **25.72 seconds**, detecting and actively masking over **420,000 sensitive records**.
|
|
37
|
-
|
|
38
|
-
The resulting time-series histograms immediately exposed two distinct attack patterns: Customer data (VISA/SSNs) was actively exfiltrated at `14:00`, while infrastructure secrets (AWS Keys) were being scraped on an entirely separate cron schedule at `09:00`.
|
|
39
|
-
|
|
40
|
-

|
|
41
|
-
|
|
42
|
-
#### Showcase B: Runtime Anomaly Detection
|
|
43
|
-
We ran the Terabyte Log Scanner against a raw **2.1GB production stream log**, hunting for specific error and failure signatures. The engine completed the single-pass scan in **30.07 seconds**.
|
|
44
|
-
|
|
45
|
-
The dynamically scaled ASCII time-series histograms instantly exposed a massive, coordinated anomaly: a brute-force attack occurring exactly at `14:00` every day, perfectly isolated from millions of lines of background noise.
|
|
46
|
-
|
|
47
|
-

|
|
48
|
-
|
|
49
|
-
```text
|
|
50
|
-
=== TIME-SERIES: ERROR ===
|
|
51
|
-
(Filtering to Top 15 Highest Volume Spikes)
|
|
52
|
-
[2026-04-16 14:00] ███████████████████████████████████████ (5,759 hits) <-- ANOMALY SPIKE
|
|
53
|
-
[2026-04-27 14:00] ███████████████████████████████████████ (5,753 hits) <-- ANOMALY SPIKE
|
|
54
|
-
[2026-05-02 14:00] ███████████████████████████████████████ (5,718 hits) <-- ANOMALY SPIKE
|
|
55
|
-
[2026-05-06 14:00] ███████████████████████████████████████ (5,705 hits) <-- ANOMALY SPIKE
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
---
|
|
59
|
-
|
|
60
|
-
### 🚀 Quickstart: Local CLI & CI/CD Integration
|
|
61
|
-
|
|
62
|
-
Because these tools operate via single-pass streaming, they require zero environment setup, database indexing, or heavy JVMs. If you have installed GitGalaxy globally via PyPI (`pip install gitgalaxy`), they are ready to run instantly.
|
|
63
|
-
|
|
64
|
-
#### 1. Local CLI Execution
|
|
65
|
-
|
|
66
|
-
**Hunt for PII Leaks in a raw database dump:**
|
|
67
|
-
```bash
|
|
68
|
-
pii-leak-hunter /path/to/massive_database_dump.sql
|
|
69
|
-
```
|
|
70
|
-
|
|
71
|
-
**Stream logs to prove runtime execution of static code:**
|
|
72
|
-
```bash
|
|
73
|
-
terabyte-log-scanner /path/to/production.log --input_state ../core/ir_state.json
|
|
74
|
-
```
|
|
75
|
-
|
|
76
|
-
#### 2. GitHub Actions CI/CD Integration
|
|
77
|
-
|
|
78
|
-
You can automate the sanitization of logs or artifacts before they are uploaded or archived. Create a file in your repository at `.github/workflows/pii-audit.yml`:
|
|
79
|
-
|
|
80
|
-
```yaml
|
|
81
|
-
name: GitGalaxy Log Sanitization
|
|
82
|
-
|
|
83
|
-
on:
|
|
84
|
-
workflow_dispatch: # Can be run manually or on a cron schedule
|
|
85
|
-
|
|
86
|
-
jobs:
|
|
87
|
-
gitgalaxy-log-scan:
|
|
88
|
-
runs-on: ubuntu-latest
|
|
89
|
-
steps:
|
|
90
|
-
- name: Checkout Repository
|
|
91
|
-
uses: actions/checkout@v4
|
|
92
|
-
|
|
93
|
-
# (Assuming a previous step generated or downloaded the target log file)
|
|
94
|
-
|
|
95
|
-
- name: Run PII Leak Hunter
|
|
96
|
-
uses: squid-protocol/gitgalaxy@main
|
|
97
|
-
with:
|
|
98
|
-
tool: 'pii-leak-hunter'
|
|
99
|
-
target: './logs/production_dump.sql'
|
|
100
|
-
args: '--out ./sanitized_logs/'
|
|
101
|
-
|
|
102
|
-
- name: Archive Safe Evidence Logs
|
|
103
|
-
uses: actions/upload-artifact@v4
|
|
104
|
-
with:
|
|
105
|
-
name: sanitized-evidence-logs
|
|
106
|
-
path: ./sanitized_logs/*_pii_leak_evidence.log
|
|
107
|
-
```
|
|
108
|
-
|
|
109
|
-
---
|
|
110
|
-
### 🌌 Powered by the blAST Engine (Bypassing LLMs and ASTs)
|
|
111
|
-
This tool is a modular enterprise integration within the broader GitGalaxy architecture. It is driven by our custom mathematical heuristics engine, capable of processing multi-dimensional data at extreme velocity without requiring rigid ASTs or cloud APIs. Read the official documentation to see the structural methodologies powering this high-speed log analysis:
|
|
112
|
-
|
|
113
|
-
* 📖 **[The blAST Paradigm (ASTs vs LLMs)](https://squid-protocol.github.io/gitgalaxy/01-03-the-blast-paradigm/)**
|
|
114
|
-
* 📖 **[PII Leak Hunter Architecture](https://squid-protocol.github.io/gitgalaxy/04-06-pii-leak-hunter/)**
|
|
115
|
-
* 📖 **[Terabyte Log Scanner Mechanics](https://squid-protocol.github.io/gitgalaxy/04-07-terabyte-log-scanner/)**
|
|
116
|
-
* 🪐 **[Return to the Main GitGalaxy Hub](https://github.com/squid-protocol/gitgalaxy)**
|