HTTPS Support
Credential digger can be deployed as a web application that runs on Flask and Gunircorn. This feature enables the use of the SSL/TLS protocol to encrypt communications so that the transferred data cannot be stolen.
- A signed certificate and a private key are both needed
- Set up the path to the certificate and the private key in the
.envfile
SSL_certificate=$PATH_to_certificate
SSL_private_key=$PATH_to_key
These two paths have to be relative to the wsgi.py file, and not absolute.
- Start the docker container
Assuming that you do not have a certificate that has been signed by a CA (Certificate Authority), you will have to generate a self-signed one by yourself using openssl:
openssl req -newkey rsa:2048 -new -nodes -x509 -days 365 -keyout key.pem -out cert.pem
This command line will generate a certificate cert.pem that is valid for 1 year along with a private key key.pem.
When using a self-signed certificate, the browser will show a warning that you should ignore in order to continue using the tool. The reason behind this normal behavior is that the certificate in use has not been signed by a CA (Certificate Authority) that the browser recognizes.
In order to disable the HTTPS support, make sure to remove the paths to the certificate and private key in the .env file. If the paths are empty, the application will be deployed over HTTP only.
- Installation instructions: Readme
- Preparation for the scanner's rules
- Deploy over HTTPS (Optional)
- How to update the project
- How to install on MacOS ARM
- Python library
- CLI
- Web UI through the Docker installation
- Pre-commit hook