Light

lazykeru / smellsfishy Goto Github PK

View Code? Open in Web Editor NEW

0.0 1.0 0.0 2.15 MB

A scanning tool, to detect hard coded secrets. Will be written in C, and use Entropy, Regex and machine learning algorithm for detection.

License: MIT License

C++ 97.16% Makefile 2.52% JavaScript 0.32%

smellsfishy's Introduction

SmellsFishy

A SAST tool, to detect hard coded secrets

A Source Code Analysis Tool to detect hard coded secrets. Written in C++, it uses Entropy, Regex and in the future machine learning algorithm for detection.

This is a project started in P6 as part of our studies at IMT Nord Europe

How to use ?

To use our tool make sure your computer has Make or Makefile. You will then simply place yourself at the root of the project and enter :

makefile main

Then access the executable in the bin folder, and enjoy. The tool is still in beta

Arguments

title	arguments	example	description
Help	`--help`/`-h`	`main -h`	Shows how to use the program
Directory	`--dir`/`-d`	`main -d "path" -r "path.json"`	Path for the directory you want to analyze
Rules	`--rules`/`-r`	`main -d "path" -r "path.json"`	Path to the rules json file we need to follow
entropy	`--entropy`/`-e`	`main -d "path" -r "path.json" -e`	Activates the entropy rules, secrets out of bound from there rules entropy will be removed
Log output	`--log`/`-l`	`main -d "path" -r "path.json" -l "path.txt"`	Path for the log output

Commit convention

BREAKING CHANGE:
build: Changes that affect the build system or external dependencies (example scopes: gulp, broccoli, npm)
ci: Changes to our CI configuration files and scripts (examples: CircleCi, SauceLabs)
docs: Documentation only changes
feat: A new feature
fix: A bug fix
perf: A code change that improves performance
refactor: A code change that neither fixes a bug nor adds a feature
test: Adding missing tests or correcting existing tests

smellsfishy's People

Contributors

Watchers

smellsfishy's Issues

Makefile : make main problem

command "make main" doesn't work if "make test" hasn't been executed before

"make main" not working

command "make main" builds a main.o and main.exe, but main.exe is actually the same program as test.exe

Feat: Docker Container

name	about
SmellsFishy Docker Container	Deploy the solution in a simple Docker Container

Is your feature request related to a problem? Please describe.
You can only run the repo once you build the solution with the Make file

Describe the solution you'd like
You would be able to run the solution in a docker container, which outputs the secrets that where detected in a git repo you can access threw a url. Might later on extend the options on how to scan. Will need to finish the git scan feature first, and adding a feature to scan repo from a uri.

feat: Git-Scan

name	about
Git scan	The possibility to scan a git repo, and it's commit history

Is your feature request related to a problem? Please describe.
As of now you can only scan a simple repository

Describe the solution you'd like
Using the git cmd line, or using a pre-existing C++ solution.

Ci: Release

name	about
SmellsFishy release workflow	Build the version

Is your ci request related to a problem? Please describe.
We don't have a release workflow yet

Describe the solution you'd like
A simple github workflow releasing the smellsfishy solution

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.