• Stars
    star
    110
  • Rank 316,770 (Top 7 %)
  • Language
    Shell
  • License
    Apache License 2.0
  • Created about 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)

truffleproc — hunt secrets in process memory

TruffleProc Logo

Usage

Run truffleproc.sh against your current Bash shell (e.g. $$):

$ ./truffleproc.sh $$
# coredumping pid 6174
Reading symbols from od...
Reading symbols from /usr/lib/systemd/systemd...
Reading symbols from /lib/systemd/libsystemd-shared-247.so...
Reading symbols from /lib/x86_64-linux-gnu/librt.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libseccomp.so.2...
Reading symbols from /lib/x86_64-linux-gnu/libselinux.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libmount.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libpam.so.0...
Reading symbols from /lib/x86_64-linux-gnu/libaudit.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libkmod.so.2...
Reading symbols from /lib/x86_64-linux-gnu/libapparmor.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...
Reading symbols from /lib/x86_64-linux-gnu/libacl.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libblkid.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libcap.so.2...
Reading symbols from /lib/x86_64-linux-gnu/libcrypt.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libgcrypt.so.20...
Reading symbols from /lib/x86_64-linux-gnu/libip4tc.so.2...
Reading symbols from /lib/x86_64-linux-gnu/liblz4.so.1...
Reading symbols from /lib/x86_64-linux-gnu/libzstd.so.1...
Reading symbols from /lib/x86_64-linux-gnu/liblzma.so.5...
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...
Reading symbols from /lib/x86_64-linux-gnu/libpthread.so.0...
Reading symbols from /lib64/ld-linux-x86-64.so.2...
Reading symbols from /lib/x86_64-linux-gnu/libpcre2-8.so.0...
Reading symbols from /lib/x86_64-linux-gnu/libcap-ng.so.0...
Reading symbols from /lib/x86_64-linux-gnu/libcrypto.so.1.1...
Reading symbols from /lib/x86_64-linux-gnu/libgpg-error.so.0...
# extracting strings to /tmp/tmp.o6HV0Pl3fe
# finding secrets
# results in /tmp/tmp.o6HV0Pl3fe/results.txt

Outputs the secrets and high entropy strings in the memory of the target PID:

# ./truffleproc.sh results for pid 6174 (2021-08-31T15:16:47.077Z) | @controlplaneio
Reason: High Entropy
Date: 2021-08-31 15:16:47
Hash: 53e5372a9b1a2f69374652266908fc447f4077f6
Filepath: strings.txt
Branch: origin/master
Commit: Coredump of strings for pid 6174

+disk/by-id/dm-uuid-LVM-oxjqdaDSHekHKvBllov2EQV9db2JiNUa37CT8R0nuBS6I2qYAaHnxyjoHoDW
+DM_UUID=LVM-oxjqdaDSHekHKvBllov2EQV9db2JiNUa37CT8R0nuBS6I2qYAaHnxyjoHoDW
+API_KEY=BvWmkjg3yhb5dsfF6pstHo466yhrede210c
+SECRET_API_KEY=Ks83htsgjDFGi9dfg1cbvsdgsht3

# ...

2021 @controlplaneio

More Repositories

1

kubesec

Security risk analysis for Kubernetes resources
Go
1,191
star
2

simulator

Kubernetes Security Training Platform - focusing on security mitigation
Go
659
star
3

kubectl-kubesec

Security risk analysis for Kubernetes resources
Go
493
star
4

netassert

Network security testing for Kubernetes DevSecOps workflows
Go
361
star
5

badrobot

BadRobot - Operator Security Audit Tool
Go
208
star
6

kubesec-webhook

Security risk analysis for Kubernetes resources
Go
74
star
7

theseus

Continuous Zero-Downtime Deployments for Kubernetes & Istio
Shell
28
star
8

threat-modelling-labs

Labs for Threat Modelling training delivered by ControlPlane
Makefile
27
star
9

kubesec-action

Runs Kubesec as GitHub action
Dockerfile
18
star
10

threat-modelling-zero-trust-talk

Go
10
star
11

operator-threat-matrix

Kubernetes Operator Threat Matrix
9
star
12

collie

OSCAL and Kyverno Policy Demo for AWS
Shell
8
star
13

cp-jenkins

ControlPlane's Opinionated Jenkins-as-Code
Python
7
star
14

spire-vault

Example configuration for integrating Spire with Vault.
Makefile
6
star
15

workshop-2018-kc-seattle-secure-kubernetes-deployment-pipelines

KubeCon Seattle - Building Security into Kubernetes Deployment Pipelines
SQLPL
5
star
16

vault-trust-operator

Dockerfile
4
star
17

grafeas-docker

Dockerfiles and compose file for containerised Grafeas
Shell
3
star
18

intro-k8s-workshop-ccau

null
2
star
19

netassertv2-packet-sniffer

This repo houses Netassertv2 TCP/UDP Packet sniffer
Go
2
star
20

threat-modelling-envoy-gateway-talk

Demos and investigation work supporting the Envoy Gateway threat model
Shell
2
star
21

docker-gcloud-sdk

null
Dockerfile
1
star
22

hostile-npm

An example of a hostile pre-install npm hook
Shell
1
star
23

tekton-training

Sample Tekton Pipeline specification for ControlPlane training labs.
Makefile
1
star