Capabilities • Screenshots • Quickstart • Documentation • Contributing • Credits • FAQ • Related
Wraith uncovers forgotten secrets and brings them back to life, haunting security and operations teams. It can be used to scan hosted and local git repos as well as local filesystems.
- Gitlab.com repositories and projects
- Github.com repositories and organizations
- Local git repositories
- Local filesystem
- Exclude files, paths, and extensions
- Web and terminal interfaces for real-time results (very much alpha)
- Configurable commit depth
- Built with Viper to manage environment variables, config files, or flags
- Uses Cobra sub-commands for easier, more modular, functionality
- Download the latest release and either build it yourself with
make build
or you can use a prebuilt binary, currently they only exist for OSX. This project uses a branching git flow. Details can be found in the developer doc, suffice it to say Master is stable develop shoud be considered beta. - Download or clone the latest set of signatures and either copy signatures/default.yml to ~/.wraith/signatures/ or adjust the location in the configuration file below.
- Copy config/sample.yml or the below configuration to ~/.wraith/config.yml. This will allow you to get up and running for basic scans without having to figure out the flags. Any of these values can be overwritten on the commnd line as well. You will need to generate your own api tokens for github and gitlab if you are scanning against them.
- Once you have this done, just run a scan command.
wraith scanGithub
wraith scanGitlab
wraith scanLocalGitRepo
wraith scanLocalPath
---
commit-depth: 0
debug: false
github-api-token: <token>
github-targets:
- mattyjones
- N0MoreSecr3ts
gitlab-api-token: <token>
gitlab-targets:
- 5034914
- mattyjones
ignore-extension:
- .html
- .css
- .log
ignore-path:
- static/
- docs/
in-mem-clone: false
local-repos:
- ../wraith-test
match-level: 3
num-threads: 0
local-paths:
- relative/path/to/repo
- absolute/path/to/repo
signature-file: ../wraith-signatures/signatures/default.yml
silent: false
At this stage the best option is to build from source from this repository.
To install from source, make sure you have a correctly configured Go >= 1.14 environment and that $GOPATH/bin
is in your $PATH
.
$ cd $GOPATH/src
$ git clone git@github.com:N0MoreSecr3ts/wraith.git
$ cd wraith
$ make build
$ ./bin/wraith-<ARCH> <sub-command>
Signatures are the current method used to detect secrets within the a target source. They are broken out into the wraith-signatures repo for extensability purposes. This allows them to be independently versioned and developed without having to recompile the code. To makes changes just edit an existing signature or create a new one. Check the README in that repo for additional details.
Wraith will need either a GitLab or Github access token in order to interact with their appropriate API's. You can create a GitLab personal access token, or a Github personal access token and save it in an environment variable in your bashrc, add it to a wraith config file, or pass it in on the command line. This should not be done though for security reasons. Of course if you want to eat your own dog food, go ahead and do it that way, then point wraith at your command history file. 😈
Additional documentation is forthcoming
There is a roadmap as well, but at this point it's little more than a glorified TODO list and personal braindump. I am using that instead of issues, due to my velocity and general general laziness towards process at this point. When the project becomes stable, most likely after Milestone 1, the roadmap will probably fall away and be captured in Issues.
- @michenriksen for writing gitrob which serves as the foundation for wraith
- @codeemitter for contributing several major features including in memory clones and gitlab support. His version is the immediate parent to wraith.
- @mattyjones (Maintainer)
There are several other projects that wraith owes some lineage to including:
- Trufflehog
- all the many recon and OSINT tools already existing