anotherhadi/spilltea
1
Fork 0
mirror of https://github.com/anotherhadi/spilltea.git synced 2026-05-21 18:12:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Edit descriptions & create_findings

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2026-05-21 10:28:52 +02:00
parent 021090f52c
commit 9cabe81771
6 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/inject_header.lua
+1 -1
View File
@@ -3,7 +3,7 @@ Plugin = {
description = [[
Inject custom headers into every intercepted request.
**Config** (YAML):
**Config**:
```yaml
headers:
- "X-My-Header: myvalue"
plugins/ip_filter.lua
+2 -1
View File
@@ -3,12 +3,13 @@ Plugin = {
description = [[
Checks that the proxy's outbound IP is in an allowed list on startup.
**Config** (YAML):
**Config**:
```yaml
ips:
- "1.2.3.4" # whitelist entry
- "!5.6.7.8" # blacklist entry (blocked)
```
- If no IPs are configured, the check is skipped.
]],
on_start = { sync = false },
plugins/match_replace.lua
+1 -1
View File
@@ -3,7 +3,7 @@ Plugin = {
description = [[
Automatically find and replace content in requests and responses.
**Config** (YAML):
**Config**:
```yaml
rules:
- on: "request" # "request", "response", or "both" (default: "both")
plugins/scopes.lua
+1 -1
View File
@@ -3,7 +3,7 @@ Plugin = {
description = [[
Auto-forward requests and exclude them from history based on patterns.
**Config** (YAML):
**Config**:
```yaml
patterns:
- "pattern" # whitelist: only intercept matching requests/responses and history
plugins/secretscan.lua
+4 -2
View File
@@ -185,9 +185,11 @@ local function scan(label, ct, body, host, path)
title = "Potential secret in " .. label .. " (" .. host .. ")",
description = "**Host:** `"
.. host
.. "` \n**Path:** `"
.. "`\n"
.. "\n**Path:** `"
.. path
.. "`\n\n**Match:** `"
.. "`\n"
.. "\n**Match:** `"
.. display
.. "`\n\n"
.. ctx,
plugins/trufflehog.lua
+1 -4
View File
@@ -4,9 +4,6 @@ Plugin = {
Scans request and response bodies for secrets using [TruffleHog](https://github.com/trufflesecurity/trufflehog).
Requires `trufflehog` v3+ to be installed and available in PATH.
Each finding is stored on the **Findings** page with the matched detector output.
Findings are deduplicated per host+path+body content so repeated requests do not create duplicates.
]],
on_start = { sync = false },
on_request = { sync = false },
@@ -56,7 +53,7 @@ local function scan(label, content, host, path)
for _, block in ipairs(blocks) do
create_finding({
title = "Secret detected in " .. label .. " (" .. host .. ")",
description = "**Host:** `" .. host .. "` \n**Path:** `" .. path .. "`\n\n```\n" .. block .. "\n```",
description = "**Host:** `" .. host .. "`\n\n**Path:** `" .. path .. "`\n\n```\n" .. block .. "\n```",
key = host .. "|" .. path .. "|" .. label .. "|" .. block,
severity = "high",
})