function scan_for_randomness() {
local file="$1" # Bash-Function-Args
echo "OK"
echo "$file"
echo "=========="
if [[ -z "$file" ]]; then
echo "Usage: scan_for_secrets "
return 1
fi
if [[ ! -f "$file" ]]; then
echo "Error: File '$file' not found."
return 1
fi
while IFS= read -r line; do
measure_randomness "$line"
done < "$file"
}
function scan_for_secrets() {
local file="$1" # Bash-Function-Args
if [[ -z "$file" ]]; then
printCritical "Usage: scan_for_secrets "
return 1
fi
if [[ ! -f "$file" ]]; then
printCritical "Error: File '$file' not found."
return 1
fi
# Define patterns to search for (add/modify as needed)
# "([a-zA-Z0-9]){3,12}:([a-zA-Z0-9]){3,12}" #look for username:password type strings.
local patterns=(
"AIza[0-9a-zA-Z_-]{35}" # Google API Key
"sk_live_[0-9a-zA-Z_]{24}" # Stripe API Key
"password=[\"']?[^\"']{8,}[\"']?" # Password
"password" # Password
"passwd=[\"']?[^\"']{8,}[\"']?" # another common password pattern
"passwd" # another common password pattern
"token:[\"']?[^\"']{20,}[\"']?" # Token
"token:" # Token
"token" # Token
"Authorization: Bearer [a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+" # JWT
"AKIA[0-9A-Z]{16}" # AWS Access Key ID
"AKIA" # AWS Access Key ID
"API_KEY=[a-zA-Z0-9_-]{20,}"
"SECRET_KEY=[a-zA-Z0-9_-]{20,}"
"PASSWORD=[a-zA-Z0-9_-]{8,}"
"AWS_ACCESS_KEY_ID=[A-Z0-9]{20}"
"AWS_ACCESS_KEY_ID"
"AWS_SECRET_ACCESS_KEY=[A-Za-z0-9+/]{40}"
"AWS_SECRET_ACCESS_KEY"
"ssh-rsa [A-Za-z0-9+/=]{20,}"
"ssh-ed25519 [A-Za-z0-9+/=]{20,}"
"BEGIN RSA PRIVATE KEY"
"BEGIN PGP PRIVATE KEY BLOCK"
"BEGIN OPENSSH PRIVATE KEY"
"Bearer [A-Za-z0-9._-]{20,}"
"Authorization: Basic [A-Za-z0-9+/=]{20,}"
"Authorization: Token [A-Za-z0-9]{20,}"
"PGPASSWORD=[a-zA-Z0-9_-]{8,}" # postgres password
"DATABASE_URL=postgres://[a-zA-Z0-9_-]+:[a-zA-Z0-9_-]+@" # postgres database url, catches username and password.
"MONGO_URI=mongodb://[a-zA-Z0-9_-]+:[a-zA-Z0-9_-]+@" #mongodb uri, catches username and password
"password[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Basic password pattern
"secret[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Secret pattern
"key[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Key pattern
"AWS_ACCESS_KEY_ID[[:space:]]*[:=][[:space:]]*[\"']?[A-Z0-9]*[\"']?" # AWS Access Key ID
"AWS_SECRET_ACCESS_KEY[[:space:]]*[:=][[:space:]]*[\"']?[a-zA-Z0-9/+=]*[\"']?" # AWS Secret Access Key
"api_key[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # API Key pattern
"database_url[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Database URL
"connection_string[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Connection String
"private_key[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Private Key
"client_secret[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Client Secret
"oauth_token[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # OAuth Token
"bearer_token[[:space:]]*[:=][[:space:]]*[\"']?[^\"']*[\"']?" # Bearer Token
)
# "export [A-Z_]+=[\"']?[A-Za-z0-9_\\-./+=@$%^&*()!~`?<>:;']+" # look for exported environment variables.
local found=0
local overide=0
for pattern in "${patterns[@]}"; do
if grep -E "$pattern" "$file" > /dev/null; then
found=1
printCritical "Potential secret found in '$file' matching pattern: '$pattern'"
printCritical ""
grep -E -n "$pattern" "$file"
#./finder "$pattern" "$file"
if grep -E "SCANPASS" "$file" > /dev/null; then
overide=1
found=0
else
break
fi
fi
done
if [[ "$overide" -eq 1 ]]; then
printCritical ""
printCritical "************************************************"
printCritical "** Potential secret found"
printCritical "** Scan Pass Overides Exercised"
printCritical "************************************************"
printCritical ""
fi
if [[ "$found" -eq 1 ]]; then
NOTHING=0
return 1
fi
if [[ "$found" -eq 0 ]]; then
NOTHING=0
printDebug "CLEAR: '$file'"
fi
return 0
}
function measure_randomness_uniqueness {
local str="$1"
local length="${#str}"
if [[ -z "$str" ]]; then
echo 1 # Empty string has least randomness
return
fi
local -A char_counts
local char
for ((i=0; i 100" | bc -l) )); then
randomness_score=100
fi
echo "$randomness_score: $R: $1"
}
calculate_case_ratio() {
local input_string="$1"
local upper_count=0
local lower_count=0
# Remove all non-alphanumeric characters
local alphanumeric_string=$(echo "$input_string" | sed 's/[^[:alnum:]]//g')
# Iterate through the alphanumeric string
for ((i=0; i<${#alphanumeric_string}; i++)); do
local char="${alphanumeric_string:i:1}"
if [[ "$char" =~ [[:upper:]] ]]; then
((upper_count++))
elif [[ "$char" =~ [[:lower:]] ]]; then
((lower_count++))
fi
done
# Calculate the ratio, avoiding division by zero
if [[ "$lower_count" -gt 0 ]]; then
local ratio=$(echo "scale=2; $upper_count / $lower_count" | bc)
echo "$ratio"
else
# If no lowercase characters, return a special value (e.g., -1 or "infinity")
# Here, we'll return -1 to indicate no lowercase characters
echo "-1"
fi
}