Merge pull request #123 from CompassSecurity/refactor-platform-pattern

Refactor Platform Pattern

Author: frjcomp

docs/demo.ipynb

@@ -73,7 +73,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak scan --gitlab https://gitlab.com -t $GITLAB_PAT --owned --search 'secret-pipeline' --job-limit 10 --confidence high-verified"
+    "!/tmp/pipeleak gl scan --gitlab https://gitlab.com -t $GITLAB_PAT --owned --search 'secret-pipeline' --job-limit 10 --confidence high-verified"
    ]
   },
   {
@@ -93,7 +93,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak scan --gitlab https://gitlab.com -t $GITLAB_PAT --owned --search 'secret-pipeline' --job-limit 10 --confidence high --artifacts"
+    "!/tmp/pipeleak gl scan --gitlab https://gitlab.com -t $GITLAB_PAT --owned --search 'secret-pipeline' --job-limit 10 --confidence high --artifacts"
    ]
   },
   {
@@ -118,7 +118,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak scan --gitlab https://gitlab.com -t $GITLAB_PAT --owned --search 'secret-pipeline' --job-limit 10 --confidence high --artifacts --cookie $GITLAB_COOKIE | grep -i dotenv"
+    "!/tmp/pipeleak gl scan --gitlab https://gitlab.com -t $GITLAB_PAT --owned --search 'secret-pipeline' --job-limit 10 --confidence high --artifacts --cookie $GITLAB_COOKIE | grep -i dotenv"
    ]
   },
   {
@@ -136,7 +136,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak variables --gitlab https://gitlab.com -t $GITLAB_PAT"
+    "!/tmp/pipeleak gl variables --gitlab https://gitlab.com -t $GITLAB_PAT"
    ]
   },
   {
@@ -152,7 +152,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak secureFiles --gitlab https://gitlab.com -t $GITLAB_PAT"
+    "!/tmp/pipeleak gl secureFiles --gitlab https://gitlab.com -t $GITLAB_PAT"
    ]
   },
   {
@@ -172,7 +172,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak vuln --gitlab https://gitlab.com -t $GITLAB_PAT"
+    "!/tmp/pipeleak gl vuln --gitlab https://gitlab.com -t $GITLAB_PAT"
    ]
   },
   {
@@ -192,7 +192,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak runners list --gitlab https://gitlab.com -t $GITLAB_PAT"
+    "!/tmp/pipeleak gl runners list --gitlab https://gitlab.com -t $GITLAB_PAT"
    ]
   },
   {
@@ -208,7 +208,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "!/tmp/pipeleak runners exploit --gitlab https://gitlab.com -t $GITLAB_PAT --tags 'gitlab-org-docker' --dry"
+    "!/tmp/pipeleak gl runners exploit --gitlab https://gitlab.com -t $GITLAB_PAT --tags 'gitlab-org-docker' --dry"
    ]
   }
  ],

readme.md

@@ -2,20 +2,28 @@
   <img height="200" src="https://github.com/CompassSecurity/pipeleak/blob/main/docs/logo.png?raw=true">
 </p>
 
+![GitHub Release Build Status](https://github.com/CompassSecurity/pipeleak/actions/workflows/release.yaml/badge.svg?event=release)
+![GitHub Release](https://img.shields.io/github/v/release/CompassSecurity/pipeleak)
+![GitHub commits since latest release](https://img.shields.io/github/commits-since/CompassSecurity/pipeleak/latest)
+
 # Pipeleak
 
-Pipeleak is a tool designed to scan GitLab job output logs and artifacts for potential secrets.
+Pipeleak is a tool designed to scan CI/CD logs and artifacts for secrets.
+
+It supports the following platforms:
+* GitLab
+* GitHub
 
 ## Getting Started
 
 To begin using Pipeleak, download the latest binary from the [Releases](https://github.com/CompassSecurity/pipeleak/releases) page.
 
-### Basic Usage
+### General Usage
 
-Run the following command to scan your GitLab instance:
+Run the following command to scan your e.g. GitLab instance:
 
 ```bash
-pipeleak scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com
+pipeleak gl scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com
 ```
 
 ### Scanning Artifacts
@@ -24,17 +32,8 @@ In addition to logs, Pipeleak can also scan artifacts generated by your pipeline
 
 Note: Scanning artifacts uses a lot of memory!
 ```bash
-pipeleak scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com -a 
-```
-
-**Pro tip:**
-
-> Note: [Dotenv artifacts](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) are not accessible through the GitLab API. To scan these, you need to manually provide your session cookie after logging in via a web browser. The session cookie name is `_gitlab_session`. The cookie should be valid for [two weeks](https://gitlab.com/gitlab-org/gitlab/-/issues/395038).
-
-```bash
-pipeleak scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com -v -a -c [value-of-valid-_gitlab_session]
+pipeleak gl scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com -a 
 ```
-
 ### Confidence
 
 The following confidence levels for scans are used by default:
@@ -46,7 +45,27 @@ The following confidence levels for scans are used by default:
 However if you want to add custom ones, you can define any value in the `rules.yml` file
 To scan only for a specific level, you can specify it via CLI flag e.g `--confidence=high,medium`. Define multiple by comma separating the values.
 
-Note: `high-verified` cannot be removed.
+Note: `high-verified` cannot be removed, but verification can be disabled using `--truffleHogVerification=false`.
+
+### Customizing Scan Rules
+
+When you run Pipeleak for the first time, it generates a `rules.yml` file based on [this repository](https://github.com/mazen160/secrets-patterns-db/blob/master/db/rules-stable.yml). You can customize your scan rules by modifying this file as needed.
+
+### Keybindings
+
+In the `scan` mode you can change interactively between log levels by pressing `t`: Trace, `d`: Debug, `i`: Info, `w`: Warn, `e`: Error. Pressing `s` will output the current queue status.
+
+# Platform Specific Hints
+
+## GitLab
+
+### Dotenv
+
+[Dotenv artifacts](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportsdotenv) are not accessible through the GitLab API. To scan these, you need to manually provide your session cookie after logging in via a web browser. The session cookie name is `_gitlab_session`. The cookie should be valid for [two weeks](https://gitlab.com/gitlab-org/gitlab/-/issues/395038).
+
+```bash
+pipeleak gl scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com -v -a -c [value-of-valid-_gitlab_session]
+```
 
 ### Memory Usage
 
@@ -71,30 +90,26 @@ You can tweak `--threads`, `--max-artifact-size` and `--job-limit` to obtain a c
 
 Setting an HTTP proxy is possible by setting the environment variable `HTTP_PROXY` e.g. to route through Burp:
 ```bash
-HTTP_PROXY=http://127.0.0.1:8080 pipeleak scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com
+HTTP_PROXY=http://127.0.0.1:8080 pipeleak gl scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com
 ```
 
-### Keybindings
+## GitHub
 
-In the `scan` mode you can change interactively between log levels by pressing `t`: Trace, `d`: Debug, `i`: Info, `w`: Warn, `e`: Error. Pressing `s` will output the current queue status.
+No remarks yet 🌟
 
-## ELK Integration
+# ELK Integration
 
 To easily analyze the results you can [redirect the pipeleak](https://github.com/deviantony/docker-elk?tab=readme-ov-file#injecting-data) output using `nc` into Logstash.
 
 Setup a local ELK stack using https://github.com/deviantony/docker-elk. 
 
 Then you can start a scan:
 ```bash
-pipeleak scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com  --json | nc -q0 localhost 50000
+pipeleak gl scan --token glpat-xxxxxxxxxxx --gitlab https://gitlab.com  --json | nc -q0 localhost 50000
 ```
 
 Using Kibana you can filter for interesting messages, based on the JSON attributes of the output.
 
 e.g. `message.level=warn and message.confidence=verified` to find verified results.
 
-![Kiabana Search](docs/kibana.png)
-
-## Customizing Scan Rules
-
-When you run Pipeleak for the first time, it generates a `rules.yml` file based on [this repository](https://github.com/mazen160/secrets-patterns-db/blob/master/db/rules-stable.yml). You can customize your scan rules by modifying this file as needed.
+![Kiabana Search](docs/kibana.png)

src/pipeleak/cmd/github/github.go

@@ -0,0 +1,16 @@
+package github
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func NewGitHubRootCmd() *cobra.Command {
+	ghCmd := &cobra.Command{
+		Use:   "gh [command]",
+		Short: "GitHub related commands",
+	}
+
+	ghCmd.AddCommand(NewScanCmd())
+
+	return ghCmd
+}