scan4secrets 2.1.0__tar.gz → 2.1.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. {scan4secrets-2.1.0/scan4secrets.egg-info → scan4secrets-2.1.2}/PKG-INFO +3 -4
  2. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/README.md +1 -1
  3. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/pyproject.toml +2 -3
  4. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/__init__.py +1 -1
  5. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/cli.py +6 -6
  6. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/crawler.py +31 -5
  7. {scan4secrets-2.1.0 → scan4secrets-2.1.2/scan4secrets.egg-info}/PKG-INFO +3 -4
  8. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/LICENSE +0 -0
  9. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/__main__.py +0 -0
  10. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/rules.yaml +0 -0
  11. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/CloudProvider-Service.txt +0 -0
  12. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Docker-Compose-Kubernetes.txt +0 -0
  13. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Keys-SSH-Certificate.txt +0 -0
  14. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Node.js-Express-JS.txt +0 -0
  15. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/OtherConfig-CI-DevOps.txt +0 -0
  16. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/Python-Django-Flask.txt +0 -0
  17. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/React-Next.js-Vite-Frontend.txt +0 -0
  18. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/admin-panels.txt +0 -0
  19. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/api-paths.txt +0 -0
  20. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/backup-files.txt +0 -0
  21. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/common.txt +0 -0
  22. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/database-dumps.txt +0 -0
  23. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/env.txt +0 -0
  24. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/php-laravel-symfony-drupal.txt +0 -0
  25. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/config/wordlist/wordpress.txt +0 -0
  26. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/__init__.py +0 -0
  27. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/entropy.py +0 -0
  28. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/findings.py +0 -0
  29. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/rules.py +0 -0
  30. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/scanner.py +0 -0
  31. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/sourcemap.py +0 -0
  32. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/verifier.py +0 -0
  33. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/engine/wordlists.py +0 -0
  34. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/__init__.py +0 -0
  35. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/csv_.py +0 -0
  36. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/excel.py +0 -0
  37. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/html.py +0 -0
  38. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/json_.py +0 -0
  39. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/jsonl.py +0 -0
  40. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/pdf.py +0 -0
  41. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets/reporters/sarif.py +0 -0
  42. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/SOURCES.txt +0 -0
  43. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/dependency_links.txt +0 -0
  44. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/entry_points.txt +0 -0
  45. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/requires.txt +0 -0
  46. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/scan4secrets.egg-info/top_level.txt +0 -0
  47. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/setup.cfg +0 -0
  48. {scan4secrets-2.1.0 → scan4secrets-2.1.2}/tests/test_rules.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: scan4secrets
3
- Version: 2.1.0
3
+ Version: 2.1.2
4
4
  Summary: DAST + SAST secret scanner with live verification, source-map parsing, and CI-native reporting
5
5
  Author: M14R41
6
6
  License: MIT
@@ -20,7 +20,6 @@ Classifier: License :: OSI Approved :: MIT License
20
20
  Classifier: Operating System :: OS Independent
21
21
  Classifier: Programming Language :: Python
22
22
  Classifier: Programming Language :: Python :: 3
23
- Classifier: Programming Language :: Python :: 3.9
24
23
  Classifier: Programming Language :: Python :: 3.10
25
24
  Classifier: Programming Language :: Python :: 3.11
26
25
  Classifier: Programming Language :: Python :: 3.12
@@ -28,7 +27,7 @@ Classifier: Programming Language :: Python :: 3.13
28
27
  Classifier: Topic :: Security
29
28
  Classifier: Topic :: Software Development :: Quality Assurance
30
29
  Classifier: Topic :: System :: Monitoring
31
- Requires-Python: >=3.9
30
+ Requires-Python: >=3.10
32
31
  Description-Content-Type: text/markdown
33
32
  License-File: LICENSE
34
33
  Requires-Dist: requests>=2.31
@@ -206,7 +205,7 @@ scan4secrets --path . --report sarif json jsonl csv html excel pdf --output repo
206
205
  | `excel` | Pivot tables and exec summaries |
207
206
  | `pdf` | Compliance evidence packets |
208
207
 
209
- Secrets are **redacted by default** (`abcd****wxyz`). Use `--unsafe-show` only when reports are stored securely.
208
+ Secrets are shown **in full by default** so reports are paste-ready for vendor PoC. Pass `--mask` to redact to `abcd****wxyz` for screenshots or shared transcripts.
210
209
 
211
210
  ---
212
211
 
@@ -157,7 +157,7 @@ scan4secrets --path . --report sarif json jsonl csv html excel pdf --output repo
157
157
  | `excel` | Pivot tables and exec summaries |
158
158
  | `pdf` | Compliance evidence packets |
159
159
 
160
- Secrets are **redacted by default** (`abcd****wxyz`). Use `--unsafe-show` only when reports are stored securely.
160
+ Secrets are shown **in full by default** so reports are paste-ready for vendor PoC. Pass `--mask` to redact to `abcd****wxyz` for screenshots or shared transcripts.
161
161
 
162
162
  ---
163
163
 
@@ -4,10 +4,10 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "scan4secrets"
7
- version = "2.1.0"
7
+ version = "2.1.2"
8
8
  description = "DAST + SAST secret scanner with live verification, source-map parsing, and CI-native reporting"
9
9
  readme = "README.md"
10
- requires-python = ">=3.9"
10
+ requires-python = ">=3.10"
11
11
  license = { text = "MIT" }
12
12
  authors = [{ name = "M14R41" }]
13
13
  keywords = ["security", "secrets", "scanner", "sast", "dast", "credentials", "bug-bounty"]
@@ -21,7 +21,6 @@ classifiers = [
21
21
  "Operating System :: OS Independent",
22
22
  "Programming Language :: Python",
23
23
  "Programming Language :: Python :: 3",
24
- "Programming Language :: Python :: 3.9",
25
24
  "Programming Language :: Python :: 3.10",
26
25
  "Programming Language :: Python :: 3.11",
27
26
  "Programming Language :: Python :: 3.12",
@@ -1,3 +1,3 @@
1
1
  """scan4secrets — DAST + SAST secret scanner."""
2
2
 
3
- __version__ = "2.1.0"
3
+ __version__ = "2.1.2"
@@ -80,7 +80,7 @@ def _parser() -> argparse.ArgumentParser:
80
80
  choices=["sarif", "json", "jsonl", "csv", "html", "excel", "pdf"])
81
81
  out.add_argument("--output", default="scan4secrets-report",
82
82
  help="output base path (extension added per format)")
83
- out.add_argument("--unsafe-show", action="store_true", help="include raw secrets in reports (DANGEROUS)")
83
+ out.add_argument("--mask", action="store_true", help="redact secret values in output (default: show raw values for vendor PoC)")
84
84
 
85
85
  log = p.add_argument_group("Logging / CI")
86
86
  log.add_argument("--quiet", action="store_true")
@@ -135,7 +135,7 @@ def _print_summary(findings, console: Console):
135
135
  console.print(tbl)
136
136
 
137
137
 
138
- def _print_findings(findings, console: Console):
138
+ def _print_findings(findings, console: Console, *, mask: bool = False):
139
139
  if not findings:
140
140
  return
141
141
  tbl = Table(box=box.SIMPLE, show_lines=False, header_style="bold")
@@ -143,7 +143,7 @@ def _print_findings(findings, console: Console):
143
143
  tbl.add_column("Rule", width=28)
144
144
  tbl.add_column("V", width=3, justify="center")
145
145
  tbl.add_column("Where", overflow="fold")
146
- tbl.add_column("Secret (redacted)", overflow="fold")
146
+ tbl.add_column("Secret (redacted)" if mask else "Secret", overflow="fold")
147
147
  style = {"critical": "bold red", "high": "red", "medium": "yellow", "low": "cyan", "info": "dim"}
148
148
  for f in findings:
149
149
  vmark = "[green]Y[/green]" if f.verified is True else "[dim]-[/dim]" if f.verified is None else "[dim]n[/dim]"
@@ -152,7 +152,7 @@ def _print_findings(findings, console: Console):
152
152
  f.rule_id,
153
153
  vmark,
154
154
  f"{f.file}:{f.line}",
155
- f.secret_redacted,
155
+ f.secret_redacted if mask else f.secret,
156
156
  )
157
157
  console.print(tbl)
158
158
 
@@ -255,13 +255,13 @@ def main(argv=None) -> int:
255
255
  verify_findings(findings, rules, timeout=args.verify_timeout)
256
256
 
257
257
  if not args.quiet:
258
- _print_findings(findings, console)
258
+ _print_findings(findings, console, mask=args.mask)
259
259
  _print_summary(findings, console)
260
260
 
261
261
  if findings:
262
262
  out_base = Path(args.output)
263
263
  out_base.parent.mkdir(parents=True, exist_ok=True)
264
- written = write_reports(findings, out_base, args.report, unsafe_show=args.unsafe_show)
264
+ written = write_reports(findings, out_base, args.report, unsafe_show=not args.mask)
265
265
  if not args.quiet:
266
266
  for fmt, p in written.items():
267
267
  console.print(f"[green]+[/] {fmt.upper():6s} -> {p}")
@@ -18,8 +18,11 @@ from concurrent.futures import ThreadPoolExecutor, as_completed
18
18
  from typing import Dict, Iterable, List, Optional, Set, Tuple
19
19
  from urllib.parse import urljoin, urlparse, urldefrag
20
20
 
21
+ import warnings
21
22
  import requests
22
- from bs4 import BeautifulSoup
23
+ from bs4 import BeautifulSoup, XMLParsedAsHTMLWarning
24
+
25
+ warnings.filterwarnings("ignore", category=XMLParsedAsHTMLWarning)
23
26
 
24
27
  try:
25
28
  import tldextract
@@ -58,11 +61,34 @@ SKIP_SUFFIXES = (
58
61
  )
59
62
 
60
63
 
64
+ _IPV4_RE = re.compile(r"^\d{1,3}(?:\.\d{1,3}){3}(?::\d+)?(?:/.*)?$")
65
+ _IPV6_RE = re.compile(r"^\[[0-9a-fA-F:]+\](?::\d+)?(?:/.*)?$")
66
+ _HOST_PORT_RE = re.compile(r"^[A-Za-z0-9.\-]+:\d+(?:/.*)?$")
67
+
68
+
61
69
  def normalize_url(url: str) -> str:
62
- url = url.strip()
63
- if not url.startswith(("http://", "https://")):
64
- url = "https://" + url
65
- return url
70
+ url = url.strip().rstrip("/")
71
+ if not url:
72
+ raise ValueError("empty target")
73
+
74
+ if url.startswith("://"):
75
+ url = url[3:]
76
+
77
+ lower = url.lower()
78
+ if lower.startswith(("http://", "https://")):
79
+ return url
80
+
81
+ if lower.startswith(("ftp://", "file://", "ws://", "wss://")):
82
+ raise ValueError(f"unsupported scheme in target: {url}")
83
+
84
+ if "://" in url:
85
+ raise ValueError(f"unknown scheme in target: {url}")
86
+
87
+ if _IPV4_RE.match(url) or _IPV6_RE.match(url) or _HOST_PORT_RE.match(url):
88
+ scheme = "https" if re.search(r":443(?:/|$)", url) else "http"
89
+ return f"{scheme}://{url}"
90
+
91
+ return "https://" + url
66
92
 
67
93
 
68
94
  def etld_plus_one(host: str) -> str:
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: scan4secrets
3
- Version: 2.1.0
3
+ Version: 2.1.2
4
4
  Summary: DAST + SAST secret scanner with live verification, source-map parsing, and CI-native reporting
5
5
  Author: M14R41
6
6
  License: MIT
@@ -20,7 +20,6 @@ Classifier: License :: OSI Approved :: MIT License
20
20
  Classifier: Operating System :: OS Independent
21
21
  Classifier: Programming Language :: Python
22
22
  Classifier: Programming Language :: Python :: 3
23
- Classifier: Programming Language :: Python :: 3.9
24
23
  Classifier: Programming Language :: Python :: 3.10
25
24
  Classifier: Programming Language :: Python :: 3.11
26
25
  Classifier: Programming Language :: Python :: 3.12
@@ -28,7 +27,7 @@ Classifier: Programming Language :: Python :: 3.13
28
27
  Classifier: Topic :: Security
29
28
  Classifier: Topic :: Software Development :: Quality Assurance
30
29
  Classifier: Topic :: System :: Monitoring
31
- Requires-Python: >=3.9
30
+ Requires-Python: >=3.10
32
31
  Description-Content-Type: text/markdown
33
32
  License-File: LICENSE
34
33
  Requires-Dist: requests>=2.31
@@ -206,7 +205,7 @@ scan4secrets --path . --report sarif json jsonl csv html excel pdf --output repo
206
205
  | `excel` | Pivot tables and exec summaries |
207
206
  | `pdf` | Compliance evidence packets |
208
207
 
209
- Secrets are **redacted by default** (`abcd****wxyz`). Use `--unsafe-show` only when reports are stored securely.
208
+ Secrets are shown **in full by default** so reports are paste-ready for vendor PoC. Pass `--mask` to redact to `abcd****wxyz` for screenshots or shared transcripts.
210
209
 
211
210
  ---
212
211
 
File without changes
File without changes