scan4secrets 2.1.0__tar.gz → 2.1.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {scan4secrets-2.1.0/scan4secrets.egg-info → scan4secrets-2.1.2}/PKG-INFO +3 -4
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/README.md +1 -1
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/pyproject.toml +2 -3
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/__init__.py +1 -1
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/cli.py +6 -6
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/crawler.py +31 -5
- {scan4secrets-2.1.0 → scan4secrets-2.1.2/scan4secrets.egg-info}/PKG-INFO +3 -4
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/LICENSE +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/__main__.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/rules.yaml +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/CloudProvider-Service.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Docker-Compose-Kubernetes.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Keys-SSH-Certificate.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Node.js-Express-JS.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/OtherConfig-CI-DevOps.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Python-Django-Flask.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/React-Next.js-Vite-Frontend.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/admin-panels.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/api-paths.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/backup-files.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/common.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/database-dumps.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/env.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/php-laravel-symfony-drupal.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/wordpress.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/__init__.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/entropy.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/findings.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/rules.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/scanner.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/sourcemap.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/verifier.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/wordlists.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/__init__.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/csv_.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/excel.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/html.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/json_.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/jsonl.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/pdf.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/sarif.py +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/SOURCES.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/dependency_links.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/entry_points.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/requires.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/top_level.txt +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/setup.cfg +0 -0
- {scan4secrets-2.1.0 → scan4secrets-2.1.2}/tests/test_rules.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: scan4secrets
|
|
3
|
-
Version: 2.1.
|
|
3
|
+
Version: 2.1.2
|
|
4
4
|
Summary: DAST + SAST secret scanner with live verification, source-map parsing, and CI-native reporting
|
|
5
5
|
Author: M14R41
|
|
6
6
|
License: MIT
|
|
@@ -20,7 +20,6 @@ Classifier: License :: OSI Approved :: MIT License
|
|
|
20
20
|
Classifier: Operating System :: OS Independent
|
|
21
21
|
Classifier: Programming Language :: Python
|
|
22
22
|
Classifier: Programming Language :: Python :: 3
|
|
23
|
-
Classifier: Programming Language :: Python :: 3.9
|
|
24
23
|
Classifier: Programming Language :: Python :: 3.10
|
|
25
24
|
Classifier: Programming Language :: Python :: 3.11
|
|
26
25
|
Classifier: Programming Language :: Python :: 3.12
|
|
@@ -28,7 +27,7 @@ Classifier: Programming Language :: Python :: 3.13
|
|
|
28
27
|
Classifier: Topic :: Security
|
|
29
28
|
Classifier: Topic :: Software Development :: Quality Assurance
|
|
30
29
|
Classifier: Topic :: System :: Monitoring
|
|
31
|
-
Requires-Python: >=3.
|
|
30
|
+
Requires-Python: >=3.10
|
|
32
31
|
Description-Content-Type: text/markdown
|
|
33
32
|
License-File: LICENSE
|
|
34
33
|
Requires-Dist: requests>=2.31
|
|
@@ -206,7 +205,7 @@ scan4secrets --path . --report sarif json jsonl csv html excel pdf --output repo
|
|
|
206
205
|
| `excel` | Pivot tables and exec summaries |
|
|
207
206
|
| `pdf` | Compliance evidence packets |
|
|
208
207
|
|
|
209
|
-
Secrets are **
|
|
208
|
+
Secrets are shown **in full by default** so reports are paste-ready for vendor PoC. Pass `--mask` to redact to `abcd****wxyz` for screenshots or shared transcripts.
|
|
210
209
|
|
|
211
210
|
---
|
|
212
211
|
|
|
@@ -157,7 +157,7 @@ scan4secrets --path . --report sarif json jsonl csv html excel pdf --output repo
|
|
|
157
157
|
| `excel` | Pivot tables and exec summaries |
|
|
158
158
|
| `pdf` | Compliance evidence packets |
|
|
159
159
|
|
|
160
|
-
Secrets are **
|
|
160
|
+
Secrets are shown **in full by default** so reports are paste-ready for vendor PoC. Pass `--mask` to redact to `abcd****wxyz` for screenshots or shared transcripts.
|
|
161
161
|
|
|
162
162
|
---
|
|
163
163
|
|
|
@@ -4,10 +4,10 @@ build-backend = "setuptools.build_meta"
|
|
|
4
4
|
|
|
5
5
|
[project]
|
|
6
6
|
name = "scan4secrets"
|
|
7
|
-
version = "2.1.
|
|
7
|
+
version = "2.1.2"
|
|
8
8
|
description = "DAST + SAST secret scanner with live verification, source-map parsing, and CI-native reporting"
|
|
9
9
|
readme = "README.md"
|
|
10
|
-
requires-python = ">=3.
|
|
10
|
+
requires-python = ">=3.10"
|
|
11
11
|
license = { text = "MIT" }
|
|
12
12
|
authors = [{ name = "M14R41" }]
|
|
13
13
|
keywords = ["security", "secrets", "scanner", "sast", "dast", "credentials", "bug-bounty"]
|
|
@@ -21,7 +21,6 @@ classifiers = [
|
|
|
21
21
|
"Operating System :: OS Independent",
|
|
22
22
|
"Programming Language :: Python",
|
|
23
23
|
"Programming Language :: Python :: 3",
|
|
24
|
-
"Programming Language :: Python :: 3.9",
|
|
25
24
|
"Programming Language :: Python :: 3.10",
|
|
26
25
|
"Programming Language :: Python :: 3.11",
|
|
27
26
|
"Programming Language :: Python :: 3.12",
|
|
@@ -80,7 +80,7 @@ def _parser() -> argparse.ArgumentParser:
|
|
|
80
80
|
choices=["sarif", "json", "jsonl", "csv", "html", "excel", "pdf"])
|
|
81
81
|
out.add_argument("--output", default="scan4secrets-report",
|
|
82
82
|
help="output base path (extension added per format)")
|
|
83
|
-
out.add_argument("--
|
|
83
|
+
out.add_argument("--mask", action="store_true", help="redact secret values in output (default: show raw values for vendor PoC)")
|
|
84
84
|
|
|
85
85
|
log = p.add_argument_group("Logging / CI")
|
|
86
86
|
log.add_argument("--quiet", action="store_true")
|
|
@@ -135,7 +135,7 @@ def _print_summary(findings, console: Console):
|
|
|
135
135
|
console.print(tbl)
|
|
136
136
|
|
|
137
137
|
|
|
138
|
-
def _print_findings(findings, console: Console):
|
|
138
|
+
def _print_findings(findings, console: Console, *, mask: bool = False):
|
|
139
139
|
if not findings:
|
|
140
140
|
return
|
|
141
141
|
tbl = Table(box=box.SIMPLE, show_lines=False, header_style="bold")
|
|
@@ -143,7 +143,7 @@ def _print_findings(findings, console: Console):
|
|
|
143
143
|
tbl.add_column("Rule", width=28)
|
|
144
144
|
tbl.add_column("V", width=3, justify="center")
|
|
145
145
|
tbl.add_column("Where", overflow="fold")
|
|
146
|
-
tbl.add_column("Secret (redacted)", overflow="fold")
|
|
146
|
+
tbl.add_column("Secret (redacted)" if mask else "Secret", overflow="fold")
|
|
147
147
|
style = {"critical": "bold red", "high": "red", "medium": "yellow", "low": "cyan", "info": "dim"}
|
|
148
148
|
for f in findings:
|
|
149
149
|
vmark = "[green]Y[/green]" if f.verified is True else "[dim]-[/dim]" if f.verified is None else "[dim]n[/dim]"
|
|
@@ -152,7 +152,7 @@ def _print_findings(findings, console: Console):
|
|
|
152
152
|
f.rule_id,
|
|
153
153
|
vmark,
|
|
154
154
|
f"{f.file}:{f.line}",
|
|
155
|
-
f.secret_redacted,
|
|
155
|
+
f.secret_redacted if mask else f.secret,
|
|
156
156
|
)
|
|
157
157
|
console.print(tbl)
|
|
158
158
|
|
|
@@ -255,13 +255,13 @@ def main(argv=None) -> int:
|
|
|
255
255
|
verify_findings(findings, rules, timeout=args.verify_timeout)
|
|
256
256
|
|
|
257
257
|
if not args.quiet:
|
|
258
|
-
_print_findings(findings, console)
|
|
258
|
+
_print_findings(findings, console, mask=args.mask)
|
|
259
259
|
_print_summary(findings, console)
|
|
260
260
|
|
|
261
261
|
if findings:
|
|
262
262
|
out_base = Path(args.output)
|
|
263
263
|
out_base.parent.mkdir(parents=True, exist_ok=True)
|
|
264
|
-
written = write_reports(findings, out_base, args.report, unsafe_show=args.
|
|
264
|
+
written = write_reports(findings, out_base, args.report, unsafe_show=not args.mask)
|
|
265
265
|
if not args.quiet:
|
|
266
266
|
for fmt, p in written.items():
|
|
267
267
|
console.print(f"[green]+[/] {fmt.upper():6s} -> {p}")
|
|
@@ -18,8 +18,11 @@ from concurrent.futures import ThreadPoolExecutor, as_completed
|
|
|
18
18
|
from typing import Dict, Iterable, List, Optional, Set, Tuple
|
|
19
19
|
from urllib.parse import urljoin, urlparse, urldefrag
|
|
20
20
|
|
|
21
|
+
import warnings
|
|
21
22
|
import requests
|
|
22
|
-
from bs4 import BeautifulSoup
|
|
23
|
+
from bs4 import BeautifulSoup, XMLParsedAsHTMLWarning
|
|
24
|
+
|
|
25
|
+
warnings.filterwarnings("ignore", category=XMLParsedAsHTMLWarning)
|
|
23
26
|
|
|
24
27
|
try:
|
|
25
28
|
import tldextract
|
|
@@ -58,11 +61,34 @@ SKIP_SUFFIXES = (
|
|
|
58
61
|
)
|
|
59
62
|
|
|
60
63
|
|
|
64
|
+
_IPV4_RE = re.compile(r"^\d{1,3}(?:\.\d{1,3}){3}(?::\d+)?(?:/.*)?$")
|
|
65
|
+
_IPV6_RE = re.compile(r"^\[[0-9a-fA-F:]+\](?::\d+)?(?:/.*)?$")
|
|
66
|
+
_HOST_PORT_RE = re.compile(r"^[A-Za-z0-9.\-]+:\d+(?:/.*)?$")
|
|
67
|
+
|
|
68
|
+
|
|
61
69
|
def normalize_url(url: str) -> str:
|
|
62
|
-
url = url.strip()
|
|
63
|
-
if not url
|
|
64
|
-
|
|
65
|
-
|
|
70
|
+
url = url.strip().rstrip("/")
|
|
71
|
+
if not url:
|
|
72
|
+
raise ValueError("empty target")
|
|
73
|
+
|
|
74
|
+
if url.startswith("://"):
|
|
75
|
+
url = url[3:]
|
|
76
|
+
|
|
77
|
+
lower = url.lower()
|
|
78
|
+
if lower.startswith(("http://", "https://")):
|
|
79
|
+
return url
|
|
80
|
+
|
|
81
|
+
if lower.startswith(("ftp://", "file://", "ws://", "wss://")):
|
|
82
|
+
raise ValueError(f"unsupported scheme in target: {url}")
|
|
83
|
+
|
|
84
|
+
if "://" in url:
|
|
85
|
+
raise ValueError(f"unknown scheme in target: {url}")
|
|
86
|
+
|
|
87
|
+
if _IPV4_RE.match(url) or _IPV6_RE.match(url) or _HOST_PORT_RE.match(url):
|
|
88
|
+
scheme = "https" if re.search(r":443(?:/|$)", url) else "http"
|
|
89
|
+
return f"{scheme}://{url}"
|
|
90
|
+
|
|
91
|
+
return "https://" + url
|
|
66
92
|
|
|
67
93
|
|
|
68
94
|
def etld_plus_one(host: str) -> str:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: scan4secrets
|
|
3
|
-
Version: 2.1.
|
|
3
|
+
Version: 2.1.2
|
|
4
4
|
Summary: DAST + SAST secret scanner with live verification, source-map parsing, and CI-native reporting
|
|
5
5
|
Author: M14R41
|
|
6
6
|
License: MIT
|
|
@@ -20,7 +20,6 @@ Classifier: License :: OSI Approved :: MIT License
|
|
|
20
20
|
Classifier: Operating System :: OS Independent
|
|
21
21
|
Classifier: Programming Language :: Python
|
|
22
22
|
Classifier: Programming Language :: Python :: 3
|
|
23
|
-
Classifier: Programming Language :: Python :: 3.9
|
|
24
23
|
Classifier: Programming Language :: Python :: 3.10
|
|
25
24
|
Classifier: Programming Language :: Python :: 3.11
|
|
26
25
|
Classifier: Programming Language :: Python :: 3.12
|
|
@@ -28,7 +27,7 @@ Classifier: Programming Language :: Python :: 3.13
|
|
|
28
27
|
Classifier: Topic :: Security
|
|
29
28
|
Classifier: Topic :: Software Development :: Quality Assurance
|
|
30
29
|
Classifier: Topic :: System :: Monitoring
|
|
31
|
-
Requires-Python: >=3.
|
|
30
|
+
Requires-Python: >=3.10
|
|
32
31
|
Description-Content-Type: text/markdown
|
|
33
32
|
License-File: LICENSE
|
|
34
33
|
Requires-Dist: requests>=2.31
|
|
@@ -206,7 +205,7 @@ scan4secrets --path . --report sarif json jsonl csv html excel pdf --output repo
|
|
|
206
205
|
| `excel` | Pivot tables and exec summaries |
|
|
207
206
|
| `pdf` | Compliance evidence packets |
|
|
208
207
|
|
|
209
|
-
Secrets are **
|
|
208
|
+
Secrets are shown **in full by default** so reports are paste-ready for vendor PoC. Pass `--mask` to redact to `abcd****wxyz` for screenshots or shared transcripts.
|
|
210
209
|
|
|
211
210
|
---
|
|
212
211
|
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/CloudProvider-Service.txt
RENAMED
|
File without changes
|
{scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Docker-Compose-Kubernetes.txt
RENAMED
|
File without changes
|
{scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Keys-SSH-Certificate.txt
RENAMED
|
File without changes
|
{scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Node.js-Express-JS.txt
RENAMED
|
File without changes
|
{scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/OtherConfig-CI-DevOps.txt
RENAMED
|
File without changes
|
{scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Python-Django-Flask.txt
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|