Add default path for rules

README.md

@@ -35,7 +35,7 @@ You can also [supply your 2FA seed](https://github.com/tillson/git-hound/pull/24
 Grab the 2FA seed by decoding the barcode that GitHub shows during the 2FA setup process.
 
 ## API Key Regexes
-GitHound utilizes a database of API key regexes maintained by the [Gitleaks](https://github.com/zricethezav/gitleaks) authors. Gitleaks is a production-grade tool for detecting secrets in known repositories and proactively protecting developers from committing secrets. 
+GitHound utilizes a database of API key regexes maintained by the [Gitleaks](https://github.com/zricethezav/gitleaks) authors.
 
 ## Use cases
 
@@ -65,16 +65,16 @@ Check out this [blog post](https://tillsongalloway.com/finding-sensitive-informa
 
 - `--subdomain-file` - The file with the subdomains
 - `--json` - Output results as JSON objects
+- `--regex-file` - Supply a custom regex file (default is `rules.toml`)
+- `--config-file` - Custom config file (default is `config.yml`)
 - `--dig-files` - Clone and search the repo's files for results
 - `--dig-commits` - Clone and search the repo's commit history for results
 - `--many-results` - Use result sorting and filtering hack to scrape more than 100 pages of results
 - `--results-only` - Print only regexed results to stdout. Useful for piping custom regex matches into another script
 - `--no-repos` - Don't search repos
 - `--no-gists` - Don't search Gists
 - `--threads` - Specify max number of threads for the commit digger to use.
-- `--regex-file` - Supply a custom regex file
 - `--language-file` - Supply a custom file with languages to search.
-- `--config-file` - Custom config file (default is `config.yml`)
 - `--pages` - Max pages to search (default is 100, the page maximum)
 - `--no-scoring` - Don't use scoring to filter out false positives
 - `--no-api-keys` - Don't perform generic API key searching. GitHound uses common API key patterns, context clues, and a Shannon entropy filter to find potential exposed API keys.

cmd/root.go

@@ -21,7 +21,7 @@ func InitializeFlags() {
 	rootCmd.PersistentFlags().StringVar(&app.GetFlags().SubdomainFile, "subdomain-file", "", "A file containing a list of subdomains (or other queries).")
 	rootCmd.PersistentFlags().BoolVar(&app.GetFlags().DigRepo, "dig-files", false, "Dig through the repo's files to find more secrets (CPU intensive).")
 	rootCmd.PersistentFlags().BoolVar(&app.GetFlags().DigCommits, "dig-commits", false, "Dig through commit history to find more secrets (CPU intensive).")
-	rootCmd.PersistentFlags().StringVar(&app.GetFlags().RegexFile, "regex-file", "", "Path to a list of regexes.")
+	rootCmd.PersistentFlags().StringVar(&app.GetFlags().RegexFile, "regex-file", "rules.toml", "Path to a list of regexes.")
 	rootCmd.PersistentFlags().StringVar(&app.GetFlags().LanguageFile, "language-file", "", "Supply your own list of languages to search (java, python).")
 	rootCmd.PersistentFlags().StringVar(&app.GetFlags().ConfigFile, "config-file", "", "Supply the path to a config file.")
 	rootCmd.PersistentFlags().IntVar(&app.GetFlags().Pages, "pages", 100, "Maximum pages to search per query")

rules/rules.toml → rules.toml

@@ -1,7 +1,7 @@
 [[rules]]
 description = "Generic API Key"
 id = "generic-api-key"
-smart_filtering = true # GitHound code that uses entropy/common words to reduce false positives
+smart_filtering = true # GitHound code that removes common words/low entropy strings/repeating sequences to reduce false positives
 regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
 # The following rules are from GitLeaks (https://github.com/zricethezav/gitleaks), which is released under an MIT license (https://github.com/zricethezav/gitleaks/blob/master/LICENSE)