Files
sif/modules
Tigah 45f5302e1f feat(modules): add aws, npmrc and docker credential file exposure modules (#195)
modules/recon/aws-credentials-exposure.yaml flags exposed .aws/credentials,
.s3cfg and .boto files on the access and secret key markers, and extracts
the AKIA/ASIA access key id.

modules/recon/npmrc-exposure.yaml flags a .npmrc only when it carries an
auth token or password, not a bare registry config, and extracts the
registry the token belongs to.

modules/recon/docker-config-exposure.yaml flags .docker/config.json and the
legacy .dockercfg on the base64 auth field, and extracts the registry host.

each module ands a negative matcher on the usual html markers so a 200 page
that merely names a key is not a hit, the same guard the env exposure module
uses.

internal/modules/credential_exposure_test.go drives the three modules end to
end through ExecuteHTTPModule and asserts the leak alongside the near misses
a strict review wants pinned: an html doc that only names a key, a plain 200
body, a 404, and a jwt shaped docker auth value, none of which may match.

verify: go test ./internal/modules, each matcher, guard and extractor proven
to bite (break -> red, restore -> green).
2026-06-22 17:24:06 -07:00
..