Wraith

Finding digital secrets that were never meant to be found in all corners of the net.

Capabilities • Screenshots • Quickstart • Documentation • Contributing • Credits • FAQ • Related

Wraith uncovers forgotten secrets and brings them back to life, haunting security and operations teams. It can be used to scan hosted and local git repos as well as local filesystems.

Capabilities

Targets

• Gitlab.com repositories and projects
• Github.com repositories and organizations
• Local git repositories
• Local filesystem

Major Features

• Exclude files, paths, and extensions
• Web and terminal interfaces for real-time results (very much alpha)
• Configurable commit depth
• Built with Viper to manage environment variables, config files, or flags
• Uses Cobra sub-commands for easier, more modular, functionality

Screenshots

Quickstart

1. Download the latest release and either build it yourself with make build or you can use a prebuilt binary, currently they only exist for OSX. This project uses a branching git flow. Details can be found in the developer doc, suffice it to say Master is stable develop shoud be considered beta.
2. Download or clone the latest set of signatures and either copy signatures/default.yaml to ~/.wraith/signatures/ or adjust the location in your configuration file. A sample is shown below
3. Copy the below configuration to ~/.wraith/config.yaml. This will allow you to get up and running for basic scans without having to figure out the flags. Any of these values can be overwritten on the commnd line as well. You will need to generate your own api tokens for github and gitlab if you are scanning against them.
4. Once you have this done, just run a scan command.

• wraith scanGithub
• wraith scanGitlab
• wraith scanLocalGitRepo
• wraith scanLocalPath

---
commit-depth: -1
debug: false
github-api-token: <token>
github-orgs:
    - <org 1>
    - <org 2>
github-repos:
    - <repo 1>
github-users:
    - <user 1>
gitlab-api-token: <token>
gitlab-targets:
    - <repo 1>
    - <project 1>
    - <user 1>
scan-forks: false
scan-tests: false
ignore-extension:
    - .html
    - .css
    - .log
ignore-path:
    - static/
    - docs/
    - .idea/
in-mem-clone: false
local-paths:
    - ../relative/path/to/file.md
    - $HOME/path/to/file.pl
    - /absolute/path/to/file.rb
confidence-level: 3
num-threads: 1
local-repos:
    - ../wraith
    - /home/bob/Go/src/foo
silent: false
web-server: false
json: false
csv: false
test-signatures: false
signatures-path: "~/.wraith/signatures"
signature-file:
    - ../wraith-signatures/signatures/default.yaml
signatures-url: "https://github.com/N0MoreSecr3ts/wraith-signatures"
signatures-version: "0.2.0"

Documentation

Build from source

At this stage the best option is to build from source from this repository.

To install from source, make sure you have a correctly configured Go >= 1.14 environment and that $GOPATH/bin is in your $PATH.

    $ cd $GOPATH/src
    $ git clone [email protected]:N0MoreSecr3ts/wraith.git
    $ cd wraith
    $ make build
    $ ./bin/wraith-<ARCH> <sub-command>

Signatures

Signatures are the current method used to detect secrets within the a target source. They are broken out into the wraith-signatures repo for extensability purposes. This allows them to be independently versioned and developed without having to recompile the code. To makes changes just edit an existing signature or create a new one. Check the README in that repo for additional details.

Authencation

Wraith will need either a GitLab or Github access token in order to interact with their appropriate API's. You can create a GitLab personal access token, or a Github personal access token and save it in an environment variable in your bashrc, add it to a wraith config file, or pass it in on the command line. Passing it in on the commandline should be avoided if possible for security reasons. Of course if you want to eat your own dog food, go ahead and do it that way, then point wraith at your command history file. 😈

Additional Documentation

Additional documentation is forthcoming

Contributing

Contributing.md

There is a roadmap as well, but at this point it's little more than a glorified TODO list and personal braindump. I am using that instead of issues, due to my velocity and general laziness towards process at this point. When the project becomes stable, most likely after Milestone 1, the roadmap will probably fall away and be captured in Issues.

Credits

• @michenriksen for writing gitrob which serves as the foundation for wraith
• @codeemitter for contributing several major features including in memory clones and gitlab support. His version is the immediate parent to wraith.
• @mattyjones (Maintainer)

Related

There are several other projects that wraith owes some lineage to including:

• Trufflehog
• all the many recon and OSINT tools already existing