rusty hog v1.0.11 releases: A suite of secret scanners built in Rust for performance

Rusty Hogs

Rusty Hog is a secret scanner built in Rust for performance and based on TruffleHog which is written in Python. Rusty Hog provides the following binaries:

• Ankamali Hog: Scans for secrets in a Google doc.
• Berkshire Hog: Scans for secrets in an S3 bucket.
• Choctaw Hog: Scans for secrets in a Git repository.

This project provides a set of scanners that use regular expressions to try and detect the presence of sensitive information, such as API keys, passwords, and personal information. It includes a set of regular expressions by default but also accepts a JSON object containing your custom regular expressions.

Changelog v1.0.11

• New release that includes the Slack hog and fixes a major issue with choctaw_hog.

Download

Use

Ankamali Hog: Scans for secrets in a Google doc.

Berkshire Hog (S3 Scanner – CLI) usage

Berkshire Hog (S3 Scanner – Lambda) usage

Berkshire Hog is currently designed to be used as a Lambda function. This is the basic data flow:

    ┌───────────┐              ┌───────┐     ┌────────────────┐     ┌────────────┐
    │ S3 bucket │ ┌────────┐   │       │     │ Berkshire Hog  │     │ S3 bucket  │
    │  (input) ─┼─┤S3 event├──▶│  SQS  │────▶│    (Lambda)    │────▶│  (output)  │
    │           │ └────────┘   │       │     │                │     │            │
    └───────────┘              └───────┘     └────────────────┘     └────────────┘

In order to run Berkshire Hog this way, set up the following:

1. Configure the input bucket to send an “event” to SQS for each PUSH/PUT event.
2. Set up the SQS topic to accept events from S3, including IAM permissions.
3. Run Berkshire Hog with IAM access to SQS and S3.

Choctaw Hog (Git Scanner) usage

Copyright (C) 2020 newrelic

Source: https://github.com/newrelic/