-
Notifications
You must be signed in to change notification settings - Fork 4
/
foreground.js
99 lines (88 loc) · 3.67 KB
/
foreground.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
document.addEventListener('DOMContentLoaded', searchSecrets, false);
searchSecrets();
var targets = {
"Generic Api Key": ["?key=", "?api_key=", "?apikey=", "apikey", "api-key", "api_key", "access_key", "access-key", "accesskey", "api-token", "api_token"],
"Weglot Api Key": ["api:wg_", "api:'wg_", 'api:"wg_', "key:'wg_", "key:wg_",
'key:"wg_', "api=wg_", "api='wg_", 'api="wg_', "key='wg_", "key=wg_", 'key="wg_'],
"Google Api Key": ["key=alza", "key:alza", "key:aiza", "key=aiza"],
"Gitlab Personal Access Token": ["projects?private_token"],
"GMail OAuth2.0": [".apps.googleusercontent.com"],
"Wakatime Api Key": ["wakatime.com/api/v1/users/current/projects/?api_key"],
"WPEngine Api Key": ["wpe_apikey"],
"ButterCMS Api Key": ["api.buttercms.com/v2/posts/?auth_token"],
"Bit.ly Access Token": ["api-ssl.bitly.com/v3/shorten?access_token"],
"Picatic Api Key": ["sk_live_"],
"Stripe Api Key": ["sk_live_"],
"Square Access Token": ["sqOatp-"],
"Square OAuth Secret": ["q0csp-"],
"Facebook AppSecret": ["facebook.com/oauth/access_token?"],
"HubSpot Api Key": ["?hapikey"],
"GitHub Client ID": ["?client_id", "&client_id"],
"GitHub Client Secret": ["?client_secret", "&client_secret"],
"Circle-CI Access Token": ["circle-token"],
"PayPal/Braintree Access Token": ["access_token,production"],
"Amazon AMS Auth Token": ["amzn.mws"],
"AWS Secret Key": ["AKIA"],
"OpenSSH Private Key": ["beginopensshprivatekey", "endopensshprivatekey"],
"RSA Private Key": ["beginrsaprivatekey", "endrsaprivatekey"],
"Private Key": ["beginprivatekey", "endprivatekey"],
"GitHub token": ["ghp_", "gho_", "ghs_", "ghu_", "ghr"]
};
function searchSecrets() {
var cleanContent = "";
content = document.documentElement.innerHTML.toLowerCase();
cleanContent = content.replaceAll(" ", '').replaceAll("&", "&").replaceAll(""", '"');
found = []
for (var key in targets) {
elem = targets[key];
for (var i = 0; i < elem.length; i++) {
element = elem[i]
if (cleanContent.indexOf(element) > -1) {
console.log("Hellsing: " + element + " in " + window.location.href);
found.push(key);
break;
}
}
}
var mySet = new Set(found);
if (mySet.size > 0) {
createBanner(Array.from(mySet));
} else {
removeOldBanner();
}
}
function createBanner(found) {
removeOldBanner();
var banner = document.createElement("div");
banner.className = "bannerHellsingClass";
banner.id = "bannerHellsing";
elems = "Possible ";
for (i = 0; i < found.length; i++) {
if (i == found.length - 1) {
elems = elems.concat(found[i].concat(" "));
} else {
elems = elems.concat(found[i].concat(", "));
}
}
banner.innerHTML = elems + "matched!";
banner.setAttribute("style", "background-color: red !important; color: black !important; \
text-align: center !important; position: fixed !important; top: 0 !important; \
z-index: 100000 !important; margin: auto !important; width: 100% !important;");
document.body.insertBefore(banner, document.body.childNodes[0]);
}
Element.prototype.remove = function () {
this.parentElement.removeChild(this);
}
NodeList.prototype.remove = HTMLCollection.prototype.remove = function () {
for (var i = this.length - 1; i >= 0; i--) {
if (this[i] && this[i].parentElement) {
this[i].parentElement.removeChild(this[i]);
}
}
}
function removeOldBanner() {
bannerOld = document.getElementById("bannerHellsing");
if (bannerOld != null) {
bannerOld.remove();
}
}