Detecting exposed secrets in Stack Overflow Enterprise for Teams
Project description
Stack Overflow Watchman
Monitoring Stack Overflow Enterprise for exposed secrets
About Stack Overflow Watchman
Stack Overflow Watchman is an application that uses the Stack Overflow for Teams API to find potentially sensitive data exposed in a Stack Overflow Enterprise for Teams site.
More information about Stack Overflow Watchman can be found on my blog.
Features
Stack Overflow Watchman looks for:
- API Keys, Tokens & Service Accounts
- AWS, Azure, GCP, Google API, Slack (keys & webhooks), Twitter, Facebook, GitHub and more
- Generic Private keys
- Access Tokens, Bearer Tokens, Client Secrets, Private Tokens
- Leaked passwords
- Passport numbers, Dates of birth, Social security numbers, National insurance numbers and more
Time based searching
You can run Stack Overflow Watchman to look for results going back as far as:
- 24 hours
- 7 days
- 30 days
- All time
This means after one deep scan, you can schedule Stack Overflow Watchman to run regularly and only return results from your chosen timeframe.
Signatures
Stack Overflow Watchman uses custom YAML signatures to detect matches in Stack Overflow for Teams. These signatures are pulled from the central Watchman Signatures repository. Stack Overflow Watchman automatically updates its signature base at runtime to ensure its using the latest signatures to detect secrets.
Logging
Stack Overflow Watchman gives the following logging options:
- Terminal-friendly Stdout
- JSON to Stdout
Stack Overflow Watchman defaults to terminal-friendly stdout logging if no option is given. This is designed to be easier for humans to read.
JSON logging is also available, which is perfect for ingesting into a SIEM or other log analysis platforms.
JSON formatted logging can be easily redirected to a file as below:
stack-overflow-watchman --timeframe a --all --output json >> stack_overflow_watchman_log.json
Authentication Requirements
Stack Overflow API token
To run Stack Overflow Watchman, you will need an API token. You can create this in your Stack Overflow for Teams account under Account -> Settings -> API Applications. Create a new application and copy the token from the details pane.
You will also need the domain of the Stack Overflow for Teams site. If your site is papermtn.stackoverflow.co, then the domain is papermtn.
Providing Token & URL
Pass the URL and Token to Stack Overflow Watchman via the environment variables:
STACK_OVERFLOW_WATCHMAN_TOKENSTACK_OVERFLOW_WATCHMAN_DOMAIN
Installation
You can install the latest stable version via pip:
python3 -m pip install stack-overflow-watchman
Or build from source yourself:
Download the release source files, then from the top level repository run:
python3 -m pip build
python3 -m pip install --force-reinstall dist/*.whl
Docker Image
Stack Overflow Watchman is also available from the Docker hub as a Docker image:
docker pull papermountain/stack-overflow-watchman:latest
You can then run Stack Overflow Watchman in a container, making sure you pass the required environment variables:
// help
docker run --rm papermountain/stack-overflow-watchman -h
// scan all
docker run --rm -e STACK_OVERFLOW_WATCHMAN_TOKEN=abc... -e STACK_OVERFLOW_WATCHMAN_DOMAIN=papermtn papermountain/stack-overflow-watchman --timeframe a --all --output json
docker run --rm --env-file .env papermountain/stack-overflow-watchman --timeframe a --all --output stdout
Usage
Stack Overflow Watchman will be installed as a global command, use as follows:
usage: stack-overflow-watchman [-h] [--timeframe {d,w,m,a}] [--output {json,stdout}] [--version] [--debug]
options:
-h, --help show this help message and exit
--timeframe {d,w,m,a}
How far back to search: d = 24 hours w = 7 days, m = 30 days, a = all time. Defaults to all time
--output {json,stdout}, -o {json,stdout}
Where to send results
--version, -v show program's version number and exit
--debug, -d Turn on debug level logging
You can run Stack Overflow Watchman to look for everything, and output to default stdout:
stack-overflow-watchman --timeframe a --all
Other Watchman apps
You may be interested in the other apps in the Watchman family:
License
The source code for this project is released under the GNU General Public Licence. This project is not associated with Stack Overflow.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file stack_overflow_watchman-1.0.0.tar.gz.
File metadata
- Download URL: stack_overflow_watchman-1.0.0.tar.gz
- Upload date:
- Size: 26.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.12.3 Linux/6.5.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1ad298303e1ff0848eace131414be4c9254a21bbe268e62a25ae0b4185148a2f |
|
| MD5 | 2d3e8b3e99252f80a1375e746dd2cbc1 |
|
| BLAKE2b-256 | b31b139e2cb02256d5938b34066dd0b3f0b23e481e1a73a7341c122bae2ff3fa |
File details
Details for the file stack_overflow_watchman-1.0.0-py3-none-any.whl.
File metadata
- Download URL: stack_overflow_watchman-1.0.0-py3-none-any.whl
- Upload date:
- Size: 31.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.12.3 Linux/6.5.0-1018-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fd01efcaa1a9acfd447b543b9ad0aaefaee314f43fbb2d745904d18ea6c1ce39 |
|
| MD5 | f0e73ad6a077889052de322f29b51644 |
|
| BLAKE2b-256 | 8055e2273afc787fefaa365cb94ea47dd87fa75b3d3279d9dbbbd423c4ccbb9e |
