From 90e1b254266155abded62bc3155785961acc0ff0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 10 Feb 2016 17:31:52 +0100 Subject: [PATCH] Split filepath and count in credential module --- bin/Credential.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/bin/Credential.py b/bin/Credential.py index 96f48501..4588796d 100755 --- a/bin/Credential.py +++ b/bin/Credential.py @@ -13,18 +13,24 @@ if __name__ == "__main__": p = Process(config_section) publisher.info("Find credentials") - critical = 10 + critical = 8 regex_web = "/^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/" regex_cred = "[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6}:[a-zA-Z0-9\_\-]+" while True: - filepath = p.get_from_set() - if filepath is None: + message = p.get_from_set() + if message is None: publisher.debug("Script Credential is Idling 10s") print('Sleeping') time.sleep(10) continue + filepath, count = message.split() + + if count < 5: + # Less than 5 matches from the top password list, false positive. + continue + paste = Paste.Paste(filepath) content = paste.get_p_content() creds = set(re.findall(regex_cred, content)) @@ -42,7 +48,7 @@ if __name__ == "__main__": print('\n '.join(creds)) if len(creds) > critical: - print("========> Found more than 10 credentials on this file : {}".format(filepath)) + print("========> Found more than 10 credentials in this file : {}".format(filepath)) publisher.warning(to_print) if sites: print("=======> Probably on : {}".format(', '.join(sites)))