README
¶
gfxe
A wrapper around grep to avoid typing common patterns.
What? Why?
I use grep a lot. When auditing code bases, looking at the output of meg, or just generally dealing with large amounts of data. I often end up using fairly complex patterns like this one:
$ grep -HnrE '(\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)|php://(input|stdin))' *
It's really easy to mess up when typing all of that, and it can be hard to know if you haven't got any results because there are non to find, or because you screwed up writing the pattern or chose the wrong flags.
Usage
It's fairly easy!
$ gfxe --help
gfxe [OPTIONS...] pattern-name
Options:
-s, --save Save a pattern
-l, --list List available patterns
-d, --dump Print the grep command of patterns instead
--rm Remove patterns
-h, --help Print this helps
Examples:
gfxe aws*
gfxe -d aws*
gfxe --rm aws*
gfxe --save pattern-name '-Hnri' 'search-pattern'
Example
I want to run grep with the pattern below all at once:
$ gfxe -l 2>&1 | grep google
google-account-type_secrets
google-api-key_secrets
google-calendar-uri_secrets
google-captcha_secrets
google-client-email_secrets
google-client-id_secrets
google-client-secret_secrets
google-cloud-platform-api-key_secrets
google-cloud-platform-oauth_secrets
google-gcp-service-account_secrets
google-maps-api-key_secrets
google-oauth-access-token_secrets
google-oauth-id_secrets
google-oauth_secrets
google-patterns_secrets
google-private-key_secrets
google-url_secrets
You can supply a pattern name by entering a glob pattern:
$ gfxe google-*
[!IMPORTANT] Keep in mind that the pattern name serves as a globbing for both the dump and remove (--rm) flags.
$ gfxe -d google-*
[google-account-type_secrets] grep -aHnoPr "google[_-]?account[_-]?type(=| =|:| :)" .
[google-calendar-uri_secrets] grep -aHnoPr "https://www\\.google\\.com/calendar/embed\\?src=[A-Za-z0-9%@&;=\\-_\\./]+" .
[google-client-email_secrets] grep -aHnoPr "google[_-]?client[_-]?email(=| =|:| :)" .
[google-client-secret_secrets] grep -aHnoPr "google[_-]?client[_-]?secret(=| =|:| :)" .
[google-cloud-platform-oauth_secrets] grep -aHnoPr "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" .
[google-oauth-access-token_secrets] grep -aHnoPr "ya29\\.[0-9A-Za-z\\-_]+" .
[google-oauth_secrets] grep -aHnoPr "(ya29.[0-9A-Za-z-_]+)" .
Pattern Files
The pattern definitions are stored in ~/.gf as little JSON files that can be kept under version control:
$ cat ~/.gf/php-sources.json
{
"flags": "-HnrE",
"pattern": "(\\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)|php://(input|stdin))"
}
To help reduce pattern length and complexity a little, you can specify a list of multiple patterns too:
$ cat ~/.gf/php-sources-multiple.json
{
"flags": "-HnrE",
"patterns": [
"\\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)",
"php://(input|stdin)"
]
}
You can use the -save flag to create pattern files from the command line:
$ gfxe --save 'php-serialized' '-HnrE' '(a:[0-9]+:{|O:[0-9]+:"|s:[0-9]+:")'
Or if you want to remove 'em:
$ gfxe --rm 'php-serialized'
Using custom engines
There are some amazing code searching engines out there that can be a better replacement for grep. A good example is the silver searcher. It's faster (like way faster) and presents the results in a more visually digestible manner.
In order to utilize a different engine, add engine: <other tool> to the relevant pattern file:
# Using the silver searcher instead of grep for the aws-keys pattern:
# 1. Adding "ag" engine
# 2. Removing the E flag which is irrelevant for ag
{
"engine": "ag",
"flags": "-Hanr",
"pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}"
}
[!NOTE] Different engines use different flags, so in the example above, the flag
Ehas to be removed from theaws-keys.jsonfile in order foragto successfully run.
Install with Go
If you've got Go 1.19+ installed and configured you can install gfxe with:
go install github.com/plutonicpoltergeist/gfxe@latest
from Source
Clone this repository, and run:
go build ./...
install gfxe $GOBIN
To get started with patterns quickly, see also:
- https://github.com/dwisiswant0/secpat2gf
- https://github.com/dwisiswant0/gf-secrets
- https://github.com/1ndianl33t/Gf-Patterns
License
gfxe is distributed under MIT. Contributions are welcome! See LICENSE file.
Documentation
¶
There is no documentation for this package.
Source Files