Differences

This shows you the differences between two versions of the page.

--- muf:it:recipies [2025/02/17 10:44] – [xmlrpc dokuvimki edit] mfulz
+++ muf:it:recipies [2025/09/23 23:39] (current) – [DokuVimNG edit] mfulz
@@ Line 18: / Line 18: @@
 </code>
   - Import the OTP in KeePassXC {{muf:it:images:otp_keepassxc.png}}
+==== Hide & Seek ====
+All stuff about searching everywhre and everything ;)
+=== Git I'll find you :P ===
+Git I'll find you :P
+Full-history regex scan (mirror clone)
+Below is a ready-to-run shell helper that clones a repo as a mirror (so all refs/tags are included) and executes regex searches across all commits / blobs.
+Save as scan_public_repo_regex.sh, make executable and run.
+<code> #!/usr/bin/env bash # scan_public_repo_regex.sh # Usage: # ./scan_public_repo_regex.sh <repo-url> "<positive-regex>" ["<exclude-regex>"] # # Notes: # - The script does a git --mirror clone to include all refs (branches/tags). # - It uses `git grep -P` (Perl regex). If not available, it falls back to -G + external grep. # - Provide PCRE patterns (Perl compatible) for advanced constructs like (?!negative). # set -euo pipefail
+REPO_URL="${1:-}"
+PATTERN="${2:-}"
+EXCLUDE="${3:-}"
+if [[ -z "$REPO_URL" || -z "$PATTERN" ]]; then
+cat <<USAGE
+Usage: $0 <repo-url> "<positive-regex>" ["<exclude-regex>"]
+Example:
+$0 https://github.com/owner/repo.git
+ '(?i)\b(user|username)\b\s*[:=]\s*["''']?([^\s,"''']+)' '(?i)username'
+USAGE
+exit 2
+fi
+TMP="$(mktemp -d)"
+trap 'rm -rf "$TMP"' EXIT
+cd "$TMP"
+echo "[*] Cloning mirror of '$REPO_URL' into $TMP/repo.git (this may take a while)..."
+git clone --mirror "$REPO_URL" repo.git >/dev/null 2>&1
+cd repo.git
+REVLIST="$(git rev-list --all)"
+if [[ -z "$REVLIST" ]]; then
+echo "[!] no refs found"
+exit 1
+fi
+echo "[] Running git grep across all commits (pattern):"
+echo " $PATTERN"
+if [[ -n "$EXCLUDE" ]]; then
+echo "[] Exclude pattern:"
+echo " $EXCLUDE"
+fi
+echo
+Try PCRE first; fallback otherwise
+set +e
+if git grep -P -n --text --heading --break -e "$PATTERN" $REVLIST >/dev/null 2>&1; then
+if [[ -n "$EXCLUDE" ]]; then
+git grep -P -n --text --heading --break -e "$PATTERN" $REVLIST
+| grep -P -v --color=never "$EXCLUDE" || true
+else
+git grep -P -n --text --heading --break -e "$PATTERN" $REVLIST || true
+fi
+else
+echo "[*] git grep -P not available or failed, falling back to POSIX regex and grep filter."
+if [[ -n "$EXCLUDE" ]]; then
+git grep -n --text --heading --break -G -e "$PATTERN" $REVLIST
+| ( grep -P -v --color=never "$EXCLUDE" 2>/dev/null || grep -E -v "$EXCLUDE" || true )
+else
+git grep -n --text --heading --break -G -e "$PATTERN" $REVLIST || true
+fi
+fi
+set -e
+echo
+echo "[*] Also scanning commit messages (git log --grep)..."
+if [[ -n "$EXCLUDE" ]]; then
+git log --all --pretty=fuller --grep="$PATTERN" -i
+| awk '/^commit /{c=$2} /'"$PATTERN"'/i{print c; print; print "----"}'
+| xargs -I{} bash -c 'git show --pretty=fuller {} || true'
+| ( grep -P -v --color=never "$EXCLUDE" 2>/dev/null || grep -E -v "$EXCLUDE" || cat )
+else
+git log --all --pretty=fuller --grep="$PATTERN" -i || true
+fi
+echo
+echo "[*] Done. Temp dir: $TMP (auto-removed on exit)."
+</code>
+Quick usage examples
+Literal / case-insensitive search for EXACT_STRING (YOUR-EXACT-STRING):
+<code>
+./scan_public_repo_regex.sh https://github.com/owner/repo.git
+ '(?i)YOUR-EXACT-STRING'
+</code>
+Regex search: find keys like user: username or user = username (case-insensitive):
+<code>
+'(?i)\b(user|username)\b\s*[:=]\s*["']?([^\s,"']+)'
+</code>
+Search for password variants (password, passwd, pwd) next to a value:
+<code>
+'(?i)\b(pass(word)?|passwd|pwd)\b\s*[:=]\s*["']?([^\s,"']{4,})'
+</code>
+Combined: look for any auth/token/key-like identifiers:
+<code>
+'(?i)\b(api[-]?key|apikey|secret|token|auth|access[-]?token|bearer|private[-]?key|ssh[-]?key)\b\s*[:=]\s*["']?([A-Za-z0-9-._]+)'
+</code>
+Your “SEARCH FOR but EXCLUDE exact username/password” (negative lookahead, PCRE):
+<code>
+'(?i)\buser\b\s*[:=]\s*(?!username\b)([^\s,]+)'
+'(?i)\bpass(word)?\b\s*[:=]\s*(?!secret\b)([^\s,]+)'
+</code>
+This finds user: <value> where the value is not username, and pass: <value> where the value is not secret.
+Notes on the examples & intuition
+Why so many variants? Humans store credentials in many ways. Use these families:
+Key names: user, username, uid, owner · pass, passwd, password, pwd · secret, api_key, apikey, api-key · token, auth, access_token, bearer · key, private_key, ssh_key, rsa_key · client_id, client_secret
+Separators: key: value · key = value · key => value · "key": "value"
+Value patterns: Base64-like [A-Za-z0-9+/=]{20,} (noisy), long alphanumerics with -_.
+Practical approach:
+Start literal with YOUR-EXACT-STRING (fast, exact).
+Expand to key families: password|passwd|pwd|secret|token|api[_-]?key.
+Add context anchors: check left key names or separators.
+Need to ignore a known safe value → negative lookahead (?!value) or post-filter grep -v.
+Too much noise → restrict file types (*.env, *.yaml, *.json, *.tf, *.ini).
+Regex cheat-sheet (PCRE, case-insensitive)
+Simple literal (case-insensitive)
+<code>
+(?i)YOUR-EXACT-STRING
+</code>
+Keys + value (JSON/YAML/INI friendly)
+<code>
+(?i)\b(user|username|uid)\b\s*[:=]\s*["']?([^\s,"']+)
+(?i)\b(pass(word)?|passwd|pwd)\b\s*[:=]\s*["']?([^\s,"']{4,})
+</code>
+Auth/token/key family
+<code>
+(?i)\b(api[-]?key|apikey|secret|token|auth|access[-]?token|bearer|private[-]?key|ssh[-]?key)\b\s*[:=]\s*["']?([A-Za-z0-9-._]{8,})
+</code>
+Base64-ish blobs (suspicious but noisy)
+<code>
+[A-Za-z0-9+/]{40,}={0,2}
+</code>
+URL with embedded basic auth (user:pass@host)
+<code>
+(?i)https?://[^/\s:@]+:[^@\s]+@[^/\s]+
+</code>
+“SEARCH FOR but EXCLUDE” (negative lookahead)
+<code>
+(?i)\buser\b\s*[:=]\s*(?!username\b)([^\s,]+)
+(?i)\bpass\b\s*[:=]\s*(?!secret\b)([^\s,]+)
+</code>
+Practical tips
+Use literal -F for your exact known string first — zero false positives.
+To exclude a test token: post-filter with grep -v or use PCRE negative lookahead.
+If your git grep lacks -P, fallback with git grep -G then pipe into grep -P or perl.
+Limit file types to reduce noise:
+<code>
+git grep -P -n -I --heading --break -e '(?i)password' $(git rev-list --all) -- '.py' '.yaml' '.env' '.json' || true
+</code>
+Inspect matches precisely:
+<code>
+git show <commit-sha>:<path/to/file>
+</code>
+Example workflows
+Exact-string quick check (literal):
+<code>
+./scan_public_repo_regex.sh https://github.com/owner/repo.git
+ '(?i)YOUR-EXACT-STRING'
+</code>
+Password-like keys but ignore known placeholder secret:
+<code>
+./scan_public_repo_regex.sh https://github.com/owner/repo.git
+ '(?i)\b(pass(word)?|passwd|pwd)\b\s*[:=]\s*["']?([^\s,"']{4,})' 'secret'
+</code>
+Any API keys/tokens:
+<code>
+./scan_public_repo_regex.sh https://github.com/owner/repo.git
+ '(?i)\b(api[-]?key|apikey|secret|token|auth)\b\s*[:=]\s*["']?([A-Za-z0-9-.]{8,})'
+</code>
+Safety / assurance notes
+This script only reads repo objects; it does not modify the remote.
+If you find a secret in the public repo, rotate/revoke immediately; rewrite history afterwards.
+PCRE-first: the script attempts -P and falls back if unavailable.
+===== OS Tricks =====
+Operating system specific recipies
+==== Win11 offline installation ====
+  - During setup when asked for connecting to a network press SHIFT+F10 to open a cmd
+  - In the opened cmd type <code>oobe\BypassNRO</code>
+  - After reboot you can procceed the installation and skip the network configuration

OlzNet

User Tools

Site Tools

Differences

Page Tools