salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
322 Commits 1 Branch 0 Tags
3192cea9e3bbdaa938ba52291737ef4c5af8ba3f
Commit Graph

12 Commits

Author SHA1 Message Date
salvacybersec
01062b88b1 feat(08-01): add custom_dorks table and CRUD for user-authored dorks 
- schema.sql: CREATE TABLE IF NOT EXISTS custom_dorks with unique dork_id,
  source/category indexes, and tags stored as JSON TEXT
- custom_dorks.go: Save/List/Get/GetByDorkID/Delete with JSON tag round-trip
- Tests: round-trip, newest-first ordering, not-found, unique constraint,
  delete no-op, schema migration idempotency
 2026-04-06 00:16:33 +03:00
salvacybersec
9dbb0b87d4 feat(07-04): wire keyhunter import command with dedup and DB persist 
- Replace import stub with cmd/import.go dispatching to pkg/importer
  (trufflehog, gitleaks, gitleaks-csv) via --format flag
- Reuse openDBWithKey helper so encryption + path resolution match scan/keys
- engineToStorage converts engine.Finding -> storage.Finding (Source -> SourcePath)
- Add pkg/storage.FindingExistsByKey for idempotent cross-import dedup
  keyed on (provider, masked key, source path, line number)
- cmd/import_test.go: selector table, field conversion, end-to-end trufflehog
  import with re-run duplicate assertion, unknown-format + missing-file errors
- pkg/storage queries_test: FindingExistsByKey hit and four miss cases

Delivers IMP-01/02/03 end-to-end.
 2026-04-05 23:59:39 +03:00
salvacybersec
b1e4dea51c feat(06-04): implement findings query layer for keys command 
- Filters struct: Provider, Verified (*bool), Limit, Offset
- ListFindingsFiltered: optional WHERE + ORDER BY created_at DESC, id DESC
- GetFinding: single-row lookup, propagates sql.ErrNoRows on miss
- DeleteFinding: returns RowsAffected so caller can distinguish hit/miss
- Shared scan/hydrate helpers decrypt key_value via existing Decrypt
 2026-04-05 23:31:15 +03:00
salvacybersec
67763ec498 test(06-04): add failing tests for findings query layer 
- Filters struct with provider, verified, limit/offset
- ListFindingsFiltered, GetFinding, DeleteFinding coverage
- Uses in-memory SQLite with seeded fixtures across 2 providers
 2026-04-05 23:30:33 +03:00
salvacybersec
aec559d2aa feat(05-01): migrate findings schema with verify_* columns 
- schema.sql: new findings columns verified, verify_status, verify_http_code, verify_metadata_json
- db.go: migrateFindingsVerifyColumns runs on Open() for legacy DBs using PRAGMA table_info + ALTER TABLE
- findings.go: Finding struct gains Verified/VerifyStatus/VerifyHTTPCode/VerifyMetadata
- SaveFinding serializes verify metadata as JSON (NULL when nil)
- ListFindings round-trips all verify fields
 2026-04-05 15:42:53 +03:00
salvacybersec
26544872f7 test(05-01): add failing tests for findings verify columns 
- Round-trip verify fields (Verified, VerifyStatus, VerifyHTTPCode, VerifyMetadata)
- Empty verify fields persist as defaults
- Legacy DB schema migrates verify columns idempotently
 2026-04-05 15:41:49 +03:00
salvacybersec
9da0b68129 feat(01-05): add CLI root command, config package, output table, and settings helpers 
- cmd/root.go: Cobra root with all 11 subcommands, viper config loading
- cmd/stubs.go: 8 stub commands for future phases (verify, import, recon, keys, serve, dorks, hook, schedule)
- cmd/scan.go: scan command wiring engine + storage + output with per-installation salt
- cmd/providers.go: providers list/info/stats subcommands
- cmd/config.go: config init/set/get subcommands
- pkg/config/config.go: Config struct with Load() and defaults
- pkg/output/table.go: lipgloss terminal table for PrintFindings
- pkg/storage/settings.go: GetSetting/SetSetting for settings table CRUD
 2026-04-05 12:26:36 +03:00
salvacybersec
de8bb5560f merge: plan 01-03 storage layer 2026-04-05 00:13:45 +03:00
salvacybersec
3334633867 feat(01-foundation-03): implement SQLite storage with Finding CRUD and encryption 
- schema.sql: CREATE TABLE for findings, scans, settings with indexes
- db.go: Open() with WAL mode, foreign keys, embedded schema migration
- findings.go: SaveFinding encrypts key_value before INSERT, ListFindings decrypts after SELECT
- MaskKey: first8...last4 masking helper
- Fix: NULL scan_id handling for findings without parent scan
 2026-04-05 00:05:54 +03:00
salvacybersec
58259cb9d3 feat(01-01): create main.go, test scaffolding, and testdata fixtures 
- main.go entry point (7 lines) delegates to cmd.Execute()
- cmd/root.go stub so go build ./... compiles (Plan 05 replaces)
- pkg/providers, pkg/storage, pkg/engine package stubs
- Test stubs with t.Skip() for providers, storage, engine packages
- testdata/samples: openai_key.txt, anthropic_key.txt, multiple_keys.txt, no_keys.txt
- go build ./... and go test ./... -short both exit 0
 2026-04-05 00:04:42 +03:00
salvacybersec
239e2c214c feat(01-foundation-03): implement AES-256-GCM encryption and Argon2id key derivation 
- Encrypt/Decrypt using AES-256-GCM with random nonce prepended to ciphertext
- ErrCiphertextTooShort sentinel error for malformed ciphertext
- DeriveKey using Argon2id RFC 9106 params (time=1, mem=64MB, threads=4, keyLen=32)
- NewSalt generates cryptographically random 16-byte salt
 2026-04-05 00:04:33 +03:00
salvacybersec
2ef54f7196 test(01-foundation-03): add failing tests for storage layer 
- Tests for AES-256-GCM encrypt/decrypt roundtrip
- Tests for Argon2id key derivation determinism
- Tests for SQLite open with schema tables
- Tests for SaveFinding/ListFindings with encryption contract
- Tests verify raw BLOB does not contain plaintext key
 2026-04-05 00:04:06 +03:00