Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kitploitKitPloitKITPLOIT:2897173903146674294
HistoryJun 30, 2023 - 12:30 p.m.

Golddigger - Search Files For Gold

2023-06-3012:30:00
www.kitploit.com
15
golddigger
sensitive information
regular expressions
search
python3
log
recursion
productivity
exclusion file
penetration test
security
shout-outs
git-wild-hunt
download
JSON

Gold Digger is a simple tool used to help quickly discover sensitive information in files recursively. Originally written to assist in rapidly searching files obtained during a penetration test.

Installation

Gold Digger requires Python3.

virtualenv -p python3 .  
source bin/activate  
python dig.py --help

Usage

Directory to search for gold -r RECURSIVE, --recursive RECURSIVE Search directory recursively? -l LOG, --log LOG Log file to save output" dir=β€œauto”>

usage: dig.py [-h] [-e EXCLUDE] [-g GOLD] -d DIRECTORY [-r RECURSIVE] [-l LOG]  
  
optional arguments:  
  -h, --help            show this help message and exit  
  -e EXCLUDE, --exclude EXCLUDE  
                        JSON file containing extension exclusions  
  -g GOLD, --gold GOLD  JSON file containing the gold to search for  
  -d DIRECTORY, --directory DIRECTORY  
                        Directory to search for gold  
  -r RECURSIVE, --recursive RECURSIVE  
                        Search directory recursively?  
  -l LOG, --log LOG     Log file to save output

Example Usage

Gold Digger will recursively go through all folders and files in search of content matching items listed in the gold.json file. Additionally, you can leverage an exclusion file called exclusions.json for skipping files matching specific extensions. Provide the root folder as the --directory flag.

An example structure could be:

~/Engagements/CustomerName/data/randomfiles/  
~/Engagements/CustomerName/data/randomfiles2/  
~/Engagements/CustomerName/data/code/

You would provide the following command to parse all 3 account reports:

python dig.py --gold gold.json --exclude exclusions.json --directory ~/Engagements/CustomerName/data/ --log Customer_2022-123_gold.log

Results

The tool will create a log file containg the scanning results. Due to the nature of using regular expressions, there may be numerous false positives. Despite this, the tool has been proven to increase productivity when processing thousands of files.

Shout-outs

Shout out to @d1vious for releasing git-wild-hunt <https://github.com/d1vious/git-wild-hunt&gt;! Most of the regex in GoldDigger was used from this amazing project.

Download Golddigger

JSON