Git secret surfing

One-liner to checkout all git revisions

Why? This will get you the ability to look through git history in a set of folders. This is especially useful when you need to find credentials that were removed from the current revision, but not changed. *cough*

Let’s break it down:

git log --format=oneline | cut -d " " -f 1 > log.txt

I’m asking for the commit log in a oneline format, piping to cut and asking for the first field.

for rev in $(cat log.txt)

Each revision is stored in log.txt for reference. We use this to loop through so that we can pass it to git.

do mkdir $rev && git --work-tree=./$rev/ checkout $rev -- .

For each revision in git, we are creating a directory with the name of the revision and then setting the work tree to that revision so that we can check it out.

Though it can stand to be improved, I did it this way for a couple of reasons:

  • Auditing: We have the full revision, and each revision, there to navigate through.
  • Easy grepping later.

Now that we have the full checkout for each revision, we can start grepping for what we want. Usually this is credentials, but really anything we want.

Downsides

As nice and fast as this is, we are missing a few things:

  • Branches
  • History changes (e.g. rebase)

Alternatives

I’ve come to really, really, really like Trufflehog. It too has its downsides I’ve discovered. Namely, it produces a human-readable format, but friendly for the terminal (color codes and all) or it produces a machine-readable format in the form of a JSON file. You’ll then need to write code to parse it. But Trufflehog is in Python (yay!) and extensible. This takes the hard work out of ensuring you manage searching across everything.

But there’s plenty of juicy things to be had, stored in version control.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s