# Remember, never run shell scripts from the internet: go ahead verify the SHA!
curl https://gist.githubusercontent.com/hermanbanken/96925cb9593137fd6816cefd8ac7e93a/raw/070f6bde93b362388b5612648ef17ae612e3cc5c/scan_filenames.sh | \
sed s/=grep/=ggrep/ | \
bash -x
Last active
May 14, 2020 15:28
-
-
Save hermanbanken/96925cb9593137fd6816cefd8ac7e93a to your computer and use it in GitHub Desktop.
Scan for credentials (GNU/BSD)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Educational purposes only! | |
# Source: https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/ | |
# Linux/MacOSX grep differ! This works on Linux. | |
# on OSX, run 'brew install grep' and replace GREP="grep" with GREP="ggrep" | |
TARGET_DIR="${PWD}" | |
GREP=grep | |
EXCLUDE_GLOB='--exclude-dir=*node_modules* --exclude=*google.golang.org/api/internal/service-account.json' | |
# -P is --perl-regexp, Perl regex | |
# -z is --null-data, 'lines' means everything until a ASCII NUL character: span regex over multiple lines! | |
# Service account keys | |
$GREP $EXCLUDE_GLOB -Pzr "(?s){[^{}]*?service_account[^{}]*?private_key.*?}" \ | |
"$TARGET_DIR" | |
# Legacy GCP creds | |
$GREP $EXCLUDE_GLOB -Pzr "(?s){[^{}]*?client_id[^{}]*?client_secret.*?}" \ | |
"$TARGET_DIR" | |
# Google API keys | |
$GREP $EXCLUDE_GLOB -Pr "AIza[a-zA-Z0-9\\-_]{35}" \ | |
"$TARGET_DIR" | |
# Google OAuth tokens | |
$GREP $EXCLUDE_GLOB -Pr "ya29\.[a-zA-Z0-9_-]{100,200}" \ | |
"$TARGET_DIR" | |
# Generic SSH keys | |
$GREP $EXCLUDE_GLOB -Pzr "(?s)-----BEGIN[ A-Z]*?PRIVATE KEY[a-zA-Z0-9/\+=\n-]*?END[ A-Z]*?PRIVATE KEY-----" \ | |
"$TARGET_DIR" | |
# Signed storage URLs | |
$GREP $EXCLUDE_GLOB -Pir "storage.googleapis.com.*?Goog-Signature=[a-f0-9]+" \ | |
"$TARGET_DIR" | |
# Signed policy documents in HTML | |
$GREP $EXCLUDE_GLOB -Pzr '(?s)<form action.*?googleapis.com.*?name="signature" value=".*?">' \ | |
"$TARGET_DIR" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Educational purposes only! | |
# Source: https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/ | |
# Linux/MacOSX grep differ! This works on Linux. | |
# on OSX, run 'brew install grep' and replace GREP="grep" with GREP="ggrep" | |
TARGET_DIR="${PWD}" | |
GREP=grep | |
EXCLUDE_GLOB='--exclude-dir=*node_modules* --exclude=*google.golang.org/api/internal/service-account.json' | |
# -P is --perl-regexp, Perl regex | |
# -z is --null-data, 'lines' means everything until a ASCII NUL character: span regex over multiple lines! | |
# Service account keys | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pzr "(?s){[^{}]*?service_account[^{}]*?private_key.*?}" \ | |
"$TARGET_DIR" | |
# Legacy GCP creds | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pzr "(?s){[^{}]*?client_id[^{}]*?client_secret.*?}" \ | |
"$TARGET_DIR" | |
# Google API keys | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pr "AIza[a-zA-Z0-9\\-_]{35}" \ | |
"$TARGET_DIR" | |
# Google OAuth tokens | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pr "ya29\.[a-zA-Z0-9_-]{100,200}" \ | |
"$TARGET_DIR" | |
# Generic SSH keys | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pzr "(?s)-----BEGIN[ A-Z]*?PRIVATE KEY[a-zA-Z0-9/\+=\n-]*?END[ A-Z]*?PRIVATE KEY-----" \ | |
"$TARGET_DIR" | |
# Signed storage URLs | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pir "storage.googleapis.com.*?Goog-Signature=[a-f0-9]+" \ | |
"$TARGET_DIR" | |
# Signed policy documents in HTML | |
$GREP $EXCLUDE_GLOB --files-with-matches -Pzr '(?s)<form action.*?googleapis.com.*?name="signature" value=".*?">' \ | |
"$TARGET_DIR" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment