Coder Social home page Coder Social logo

goutham-madhawaraj / mahisha Goto Github PK

View Code? Open in Web Editor NEW

This project forked from strikergoutham/mahisha

0.0 0.0 0.0 168 KB

Mahisha is a real time monitoring tool for accidental commit of sensitive secrets. Its a wrapper webservice which uses gitleaks to audit for secrets in real time.

License: MIT License

Python 100.00%

mahisha's Introduction

Mahisha

Mahisha is a real time monitoring tool for accidental commit of sensitive secrets on github. Its a wrapper webservice which uses gitleaks to audit for secrets in real time.

Mahisha

Overview

Mahisha makes use of gitleaks to audit secrets in real time. it makes use of combination of webhook and slack integration to make blue teamer's / internal security engineer's job easy in detecting sensitive secrets at earlier stages of code commit.

Monitor secrets for a particular release/specific branch.

Triggers on Pull Request and Push Github Events.

Pull Request trigger with multiple modes. Either Audit only PR merge request or complete branch for secrets.

Slack integration for real time notification of results.

Steps to Setup up Mahisha :

Mahisha uses python's flask for hosting the web service. The webservice endpoint ( httpsx://server/ScanBranch ) is exposed and is used as webhook url for github events(push,pull request) for real time consumption of data.

Prerequisites :

Requires Python 3

Runs on both Windows / Linux .

install dependencies :

pip3 install -r requirements.txt

Steps:

Generate github API token for the account which has the code repositories accessibe.

Create a slack channel and generate slack user token with privileges of posting messages accross workspace.

Get the latest binary version of gitleaks from the https://github.com/zricethezav/gitleaks/releases

define the regex patterns which you want to use to detect secrets, Detailed usage of gitleaks can be found here : https://github.com/zricethezav/gitleaks/wiki

On the server, edit the config.conf with the required values such as gitleaks binary location, rules file location , Audit Mode for Pull request trigger,slack channel name that you would like to send notification.

Example config:

[Properties]
monitor_branch = master
binary_path = /root/Desktop/secrets/gitleaks
slack_channel = #gitleaks-alerts
Mode = 1
gitleaks_RulesPath = rules.toml

Here Mode can take two values 1 or 2.

                         #### Mode = 1 #Audit only PR for the raised PR request.
                         #### Mode = 2 #Audit Complete branch for which PR is raised for.

Monitor_branch takes up value of the branch that you would like to monitor. Default is master branch.

Set up Environment variables for SLACK_TOKEN and GIT_TOKEN.

Start the server

export GIT_TOKEN="<your git token here>"
export SLACK_TOKEN = "<your slack user token here>"

python3 mahisha.py

Select the Repositories you would like to monitor and set up web hooks in the repository settings for PUSH and Pull Request Events.

    Web service endpoint which receives activities data : **httpx://your-server/ScanBranch**

Make Sure to Choose >> Content type as application/json while setting up web hook options

You are all set up! Check Mahisha in action for all further activities on the monitored repository.

Mahisha Receives the webhook data, proccess and audit the code for secrets using gitleaks and finally forwards the formatted result to the specified slack channel. Mahisha

Developed with ♥️ by: Goutham Madhwaraj
Do not use this tool for any malicious purpose. I am not responsible for any damage you cause / any non desirable consequences with the help of this tool.

mahisha's People

Contributors

strikergoutham avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.