如何使用Whispers识别静态结构化文本中的硬编码敏感信息
<p><img title="如何使用Whispers识别静态结构化文本中的硬编码敏感信息" alt="如何使用Whispers识别静态结构化文本中的硬编码敏感信息" border="0" src="https://zhuji.jb51.net/uploads/img/202305/2daae870fae33037bb2f7a2207ba14c0.jpg"></p>
<h3>
关于Whispers</h3>
<p>
Whispers是一款功能强大的静态代码分析工具,该工具可以帮助广大研究人员解析各种常见的数据格式,并搜索硬编码凭证和危险函数。Whispers支持在命令行终端中运行,或者也可以将其集成到CI/CD管道中。</p>
<h3>
检测功能</h3>
<ul>
<li>
密码</li>
<li>
API令牌</li>
<li>
AWS密钥</li>
<li>
私钥</li>
<li>
凭证哈希</li>
<li>
身份认证令牌</li>
<li>
危险函数</li>
<li>
敏感文件</li>
</ul>
<h3>
支持的格式</h3>
<p>
Whispers本质上来说是一款结构化的问版本解析工具,而不是一个代码分析工具。</p>
<p>
下面列出的是当前版本Whispers支持的数据格式:</p>
<ul>
<li>
YAML</li>
<li>
JSON</li>
<li>
XML</li>
<li>
.npmrc</li>
<li>
.pypirc</li>
<li>
.htpasswd</li>
<li>
.properties</li>
<li>
pip.conf</li>
<li>
conf / ini</li>
<li>
Dockerfile</li>
<li>
Dockercfg</li>
<li>
Shell scripts</li>
<li>
Python3</li>
</ul>
<p>
Python3文件会以AST进行解析,因为这是原生语言支持。</p>
<h3>
声明和赋值格式</h3>
<p>
该工具可以将下列语言文件解析为文本,并检测常见的变量声明和赋值模式:</p>
<ul>
<li>
JavaScript</li>
<li>
Java</li>
<li>
Go</li>
<li>
PHP</li>
</ul>
<h3>
特殊格式支持</h3>
<ul>
<li>
AWS凭证文件</li>
<li>
JDBC连接字符串</li>
<li>
Jenkins配置文件</li>
<li>
SpringFramework配置文件</li>
<li>
Java属性文件</li>
<li>
Dockercfg注册认证文件</li>
<li>
GitHub令牌</li>
</ul>
<h3>
工具安装</h3>
<p>
通过PyPI安装:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>pip3 install whispers </span></span>
</li>
</ol>
<p>
GitHub安装:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>git clone https://github.com/Skyscanner/whispers </span></span>
</li>
<li class="alt">
<span>cd whispers </span>
</li>
<li class="alt">
<span>make install </span>
</li>
</ol>
<h3>
工具使用</h3>
<p>
命令行接口:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>whispers --help </span></span>
</li>
<li>
</li>
<li class="alt">
<span>whispers --info </span>
</li>
<li>
</li>
<li class="alt">
<span>whispers source/code/fileOrDir </span>
</li>
<li>
</li>
<li class="alt">
<span>whispers --config config.yml source/code/fileOrDir </span>
</li>
<li>
</li>
<li class="alt">
<span>whispers --output /tmp/secrets.yml source/code/fileOrDir </span>
</li>
<li>
</li>
<li class="alt">
<span>whispers --rules aws-id,aws-secret source/code/fileOrDir </span>
</li>
<li>
</li>
<li class="alt">
<span>whispers --severity BLOCKER,CRITICAL source/code/fileOrDir </span>
</li>
<li>
</li>
<li class="alt">
<span>whispers --exitcode 7 source/code/fileOrDir </span>
</li>
</ol>
<p>
Python:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>from whispers.cli import parse_args </span></span>
</li>
<li>
</li>
<li class="alt">
<span>from whispers.core import run </span>
</li>
<li>
</li>
<li class="alt">
</li>
<li>
</li>
<li class="alt">
<span><span class="attribute">src</span><span> = </span><span class="attribute-value">"tests/fixtures"</span><span> </span></span>
</li>
<li>
</li>
<li class="alt">
<span><span class="attribute">configfile</span><span> = </span><span class="attribute-value">"whispers/config.yml"</span><span> </span></span>
</li>
<li>
</li>
<li class="alt">
<span><span class="attribute">args</span><span> = </span><span class="attribute-value">parse_args</span><span>(["-c", configfile, src]) </span></span>
</li>
<li>
</li>
<li class="alt">
<span>for secret in run(args): </span>
</li>
<li>
</li>
<li class="alt">
<span>print(secret) </span>
</li>
</ol>
<h3>
工具配置</h3>
<p>
Whispers工具支持多种配置选项,我们可以根据需要来配置是否在结果中互殴文件路径、密钥或其他值等。config.yml的参考格式如下:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>include: </span></span>
</li>
<li>
</li>
<li class="alt">
<span>files: </span>
</li>
<li>
</li>
<li class="alt">
<span>- "**/*.yml" </span>
</li>
<li>
</li>
<li class="alt">
</li>
<li>
</li>
<li class="alt">
<span>exclude: </span>
</li>
<li>
</li>
<li class="alt">
<span>files: </span>
</li>
<li>
</li>
<li class="alt">
<span>- "**/test/**/*" </span>
</li>
<li>
</li>
<li class="alt">
<span>- "**/tests/**/*" </span>
</li>
<li>
</li>
<li class="alt">
<span>keys: </span>
</li>
<li>
</li>
<li class="alt">
<span>- ^foo </span>
</li>
<li>
</li>
<li class="alt">
<span>values: </span>
</li>
<li>
</li>
<li class="alt">
<span>- bar$ </span>
</li>
<li>
</li>
<li class="alt">
</li>
<li>
</li>
<li class="alt">
<span>rules: </span>
</li>
<li>
</li>
<li class="alt">
<span>starks: </span>
</li>
<li>
</li>
<li class="alt">
<span>message: Whispers from the North </span>
</li>
<li>
</li>
<li class="alt">
<span>severity: CRITICAL </span>
</li>
<li>
</li>
<li class="alt">
<span>value: </span>
</li>
<li>
</li>
<li class="alt">
<span>regex: (Aria|Ned) Stark </span>
</li>
<li>
</li>
<li class="alt">
<span>ignorecase: True </span>
</li>
</ol>
<p>
最快的配置方法就是将config.yml文件拷贝至一个新的文件中,然后直接将其以参数形式传递给Whispers:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>whispers --config config.yml --rules starks src/file/or/dir </span></span>
</li>
</ol>
<h3>
自定义规则</h3>
<p>
我们可以通过下列方式,在whispers/rules文件中添加和编辑自己的自定义规则:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>rule-id: # unique rule name </span></span>
</li>
<li>
</li>
<li class="alt">
<span>description: Values formatted like AWS Session Token </span>
</li>
<li>
</li>
<li class="alt">
<span>message: AWS Session Token # report will show this message </span>
</li>
<li>
</li>
<li class="alt">
<span>severity: BLOCKER # one of BLOCKER, CRITICAL, MAJOR, MINOR, INFO </span>
</li>
<li>
</li>
<li class="alt">
</li>
<li>
</li>
<li class="alt">
<span>key: # specify key format </span>
</li>
<li>
</li>
<li class="alt">
<span>regex: (aws.?session.?token)? </span>
</li>
<li>
</li>
<li class="alt">
<span>ignorecase: True # case-insensitive matching </span>
</li>
<li>
</li>
<li class="alt">
</li>
<li>
</li>
<li class="alt">
<span>value: # specify value format </span>
</li>
<li>
</li>
<li class="alt">
<span>regex: ^(?=.*)(?=.*){270,450}$ </span>
</li>
<li>
</li>
<li class="alt">
<span>ignorecase: False # case-sensitive matching </span>
</li>
<li>
</li>
<li class="alt">
<span>minlen: 270 # value is at least this long </span>
</li>
<li>
</li>
<li class="alt">
<span>isBase64: True # value is base64-encoded </span>
</li>
<li>
</li>
<li class="alt">
<span>isAscii: False # value is binary data when decoded </span>
</li>
<li>
</li>
<li class="alt">
<span>isUri: False # value is not formatted like a URI </span>
</li>
<li>
</li>
<li class="alt">
</li>
<li>
</li>
<li class="alt">
<span>similar: 0.35 # maximum allowed similarity between key and value </span>
</li>
<li>
</li>
<li class="alt">
<span># (1.0 being exactly the same) </span>
</li>
</ol>
<h3>
插件</h3>
<p>
Whispers中所有的解析功能都是通过插件实现的,每一个插件都会使用pairs()方法实现一个类,并返回匹配规则的键值对:</p>
<ol class="dp-xml">
<li class="alt">
<span><span>class PluginName: </span></span>
</li>
<li>
</li>
<li class="alt">
<span>def pairs(self, file): </span>
</li>
<li>
</li>
<li class="alt">
<span>yield "key", "value" </span>
</li>
</ol>
<h3>
项目地址</h3>
<p>
Whispers:【GitHub传送门】</p>
<p>
原文地址:https://www.freebuf.com/sectool/317584.html</p>
頁:
[1]