Enhance Trufflehog module to finds Deleted & Private Commits on GitHub #1642

domwhewell-sage · 2024-08-08T09:12:52Z

Description
Trufflehog recently released a blog demonstrating that you could access deleted fork data on github https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

They since released an update to the open-source trufflehog tool to discover hidden objects from these deleted forks. by scanning the original repo
https://trufflesecurity.com/blog/trufflehog-now-finds-all-deleted-and-private-commits-on-github

For this enhancement the trufflehog module would need to consume CODE_REPOSITORY events ensuring they are github code repositories and pass the repo url to trufflehog github-experimental --repo <url> --object-discovery

It would also need to be changed to access the github api token provided to the github template module

I will start working on this shortly

The text was updated successfully, but these errors were encountered:

TheTechromancer · 2024-08-11T22:34:13Z

Added in #1644.

domwhewell-sage added the enhancement New feature or request label Aug 8, 2024

domwhewell-sage added a commit to domwhewell-sage/bbot that referenced this issue Aug 9, 2024

Closes blacklanternsecurity#1642

52d53f5

TheTechromancer added this to the BBOT 2.01 - unholy_ned milestone Aug 11, 2024

TheTechromancer closed this as completed Aug 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance Trufflehog module to finds Deleted & Private Commits on GitHub #1642

Enhance Trufflehog module to finds Deleted & Private Commits on GitHub #1642

domwhewell-sage commented Aug 8, 2024

TheTechromancer commented Aug 11, 2024

Enhance Trufflehog module to finds Deleted & Private Commits on GitHub #1642

Enhance Trufflehog module to finds Deleted & Private Commits on GitHub #1642

Comments

domwhewell-sage commented Aug 8, 2024

TheTechromancer commented Aug 11, 2024