NullSec RepoRaider

Git Repository Secret Scanner written in Clojure

Part of the NullSec offensive security toolkit
Discord: discord.gg/killers
Portal: bad-antics.github.io

Overview

RepoRaider is a high-performance secret scanner that detects hardcoded credentials, API keys, and sensitive data in git repositories. Built with Clojure's functional paradigm, it leverages persistent data structures and lazy evaluation for efficient large-scale scanning.

Clojure Features Showcased

• Persistent Data Structures: Immutable, efficient collections
• Lazy Sequences: Memory-efficient file traversal
• Multimethods: Polymorphic dispatch on severity
• Records: Typed data structures
• Transducers: Composable, efficient transformations
• Destructuring: Elegant pattern binding
• Regular Expressions: First-class regex support

Detected Secrets

Pattern	Severity	CWE
AWS Access Key	CRITICAL	CWE-798
AWS Secret Key	CRITICAL	CWE-798
GitHub Token	CRITICAL	CWE-798
GitLab Token	CRITICAL	CWE-798
Private Keys	CRITICAL	CWE-321
Stripe Live Key	CRITICAL	CWE-798
Slack Token	HIGH	CWE-798
Google API Key	HIGH	CWE-798
Database URLs	HIGH	CWE-798
JWT Tokens	HIGH	CWE-798
Generic API Keys	MEDIUM	CWE-798
Generic Secrets	MEDIUM	CWE-798
Test Keys	LOW	CWE-798

Installation

# Clone
git clone https://github.com/bad-antics/nullsec-reporaider.git
cd nullsec-reporaider

# Run with Clojure CLI
clj -M reporaider.clj <path>

# Or with Leiningen
lein run <path>

Dependencies

;; deps.edn
{:deps {org.clojure/clojure {:mvn/version "1.11.1"}}}

Usage

# Scan a repository
clj -M reporaider.clj /path/to/repo

# Run demo mode
clj -M reporaider.clj --demo

# Specify output format
clj -M reporaider.clj -o json /path/to/repo

# Filter by severity
clj -M reporaider.clj -s high /path/to/repo

Options

USAGE:
    reporaider [OPTIONS] <PATH>

OPTIONS:
    -h, --help       Show help
    -o, --output     Output format (text/json/sarif)
    -s, --severity   Minimum severity to report
    -e, --exclude    Patterns to exclude

Sample Output

╔══════════════════════════════════════════════════════════════════╗
║            NullSec RepoRaider - Secret Scanner                   ║
╚══════════════════════════════════════════════════════════════════╝

[Demo Mode]

Scanning repository for secrets...

  [CRITICAL] AWS Access Key
    File:     config/aws.yml:12
    Secret:   AKIA************MPLE
    CWE:      CWE-798

  [CRITICAL] GitHub Token
    File:     scripts/deploy.sh:45
    Secret:   ghp_************xxxx
    CWE:      CWE-798

  [CRITICAL] Private Key
    File:     certs/server.key:1
    Secret:   ----************----
    CWE:      CWE-321

  [HIGH] Slack Token
    File:     .env:8
    Secret:   xoxb************xxxx
    CWE:      CWE-798

═══════════════════════════════════════════

  Summary:
    Secrets Found:  9
    Critical:       4
    High:           3
    Medium:         1
    Low:            1

Code Highlights

Pattern Definition with Metadata

(def secret-patterns
  [{:name "AWS Access Key"
    :pattern #"AKIA[0-9A-Z]{16}"
    :severity :critical
    :cwe "CWE-798"}
   {:name "GitHub Token"
    :pattern #"ghp_[0-9a-zA-Z]{36}"
    :severity :critical
    :cwe "CWE-798"}])

Multimethod Dispatch

(defmulti severity-color :severity)
(defmethod severity-color :critical [_] :red)
(defmethod severity-color :high [_] :red)
(defmethod severity-color :medium [_] :yellow)
(defmethod severity-color :low [_] :cyan)

Lazy File Scanning

(defn scan-repo [path]
  (->> (walk-files path)          ;; Lazy file traversal
       (mapcat #(scan-file %))    ;; Lazy mapping
       (sort-by severity-score))) ;; Sorted results

Finding Records

(defrecord Finding 
  [pattern-name file-path line-number match severity cwe])

Architecture

┌────────────────────────────────────────────────────────────┐
│                  RepoRaider Pipeline                       │
├────────────────────────────────────────────────────────────┤
│                                                            │
│    ┌─────────────┐    ┌─────────────┐    ┌────────────┐   │
│    │  File Tree  │───▶│   Filter    │───▶│  Lazy Seq  │   │
│    │  (Lazy)     │    │ (Predicate) │    │  of Files  │   │
│    └─────────────┘    └─────────────┘    └─────┬──────┘   │
│                                                 │          │
│                                                 ▼          │
│    ┌─────────────┐    ┌─────────────┐    ┌────────────┐   │
│    │   Output    │◀───│  Classify   │◀───│   Scan     │   │
│    │  Formatter  │    │ (Severity)  │    │ (Patterns) │   │
│    └─────────────┘    └─────────────┘    └────────────┘   │
│                                                            │
└────────────────────────────────────────────────────────────┘

Why Clojure?

Requirement	Clojure Advantage
Pattern Matching	First-class regex with metadata
Large Repos	Lazy sequences minimize memory
Data Processing	Immutable, thread-safe collections
Extensibility	Multimethods for custom dispatch
REPL Development	Interactive debugging
JVM Ecosystem	Access to Java libraries

License

MIT License - See LICENSE for details.

Related Tools

• nullsec-cryptoaudit - Crypto analyzer (Scala)
• nullsec-tainttrack - Taint analysis (OCaml)
• nullsec-beaconhunt - C2 detector (Elixir)