<img src="https://i.imgur.com/eE3DF1o.png" width="550">
# Stack Overflow Watchman
Monitoring Stack Overflow Enterprise for exposed secrets
## About Stack Overflow Watchman
Stack Overflow Watchman is an application that uses the Stack Overflow for Teams API to find potentially sensitive data exposed in a Stack Overflow Enterprise for Teams site.
More information about Stack Overflow Watchman can be found [on my blog](https://papermtn.co.uk/category/tools/stack-overflow-watchman/).
### Features
Stack Overflow Watchman looks for:
- API Keys, Tokens & Service Accounts
- AWS, Azure, GCP, Google API, Slack (keys & webhooks), Twitter, Facebook, GitHub and more
- Generic Private keys
- Access Tokens, Bearer Tokens, Client Secrets, Private Tokens
- Leaked passwords
- Passport numbers, Dates of birth, Social security numbers, National insurance numbers and more
#### Time based searching
You can run Stack Overflow Watchman to look for results going back as far as:
- 24 hours
- 7 days
- 30 days
- All time
This means after one deep scan, you can schedule Stack Overflow Watchman to run regularly and only return results from your chosen timeframe.
### Signatures
Stack Overflow Watchman uses custom YAML signatures to detect matches in Stack Overflow for Teams. These signatures are pulled from the central [Watchman Signatures repository](https://github.com/PaperMtn/watchman-signatures). Stack Overflow Watchman automatically updates its signature base at runtime to ensure its using the latest signatures to detect secrets.
### Logging
Stack Overflow Watchman gives the following logging options:
- Terminal-friendly Stdout
- JSON to Stdout
Stack Overflow Watchman defaults to terminal-friendly stdout logging if no option is given. This is designed to be easier for humans to read.
JSON logging is also available, which is perfect for ingesting into a SIEM or other log analysis platforms.
JSON formatted logging can be easily redirected to a file as below:
```commandline
stack-overflow-watchman --timeframe a --all --output json >> stack_overflow_watchman_log.json
```
## Authentication Requirements
### Stack Overflow API token
To run Stack Overflow Watchman, you will need an API token. You can create this in your Stack Overflow for Teams account under `Account -> Settings -> API Applications`. Create a new application and copy the token from the details pane.
You will also need the domain of the Stack Overflow for Teams site. If your site is `papermtn.stackoverflow.co`, then the domain is `papermtn`.
#### Providing Token & URL
Pass the URL and Token to Stack Overflow Watchman via the environment variables:
- `STACK_OVERFLOW_WATCHMAN_TOKEN`
- `STACK_OVERFLOW_WATCHMAN_DOMAIN`
## Installation
You can install the latest stable version via pip:
```commandline
python3 -m pip install stack-overflow-watchman
```
Or build from source yourself:
Download the release source files, then from the top level repository run:
```commandline
python3 -m pip build
python3 -m pip install --force-reinstall dist/*.whl
```
## Docker Image
Stack Overflow Watchman is also available from the Docker hub as a Docker image:
`docker pull papermountain/stack-overflow-watchman:latest`
You can then run Stack Overflow Watchman in a container, making sure you pass the required environment variables:
```commandline
// help
docker run --rm papermountain/stack-overflow-watchman -h
// scan all
docker run --rm -e STACK_OVERFLOW_WATCHMAN_TOKEN=abc... -e STACK_OVERFLOW_WATCHMAN_DOMAIN=papermtn papermountain/stack-overflow-watchman --timeframe a --all --output json
docker run --rm --env-file .env papermountain/stack-overflow-watchman --timeframe a --all --output stdout
```
## Usage
Stack Overflow Watchman will be installed as a global command, use as follows:
```commandline
usage: stack-overflow-watchman [-h] [--timeframe {d,w,m,a}] [--output {json,stdout}] [--version] [--debug]
options:
-h, --help show this help message and exit
--timeframe {d,w,m,a}
How far back to search: d = 24 hours w = 7 days, m = 30 days, a = all time. Defaults to all time
--output {json,stdout}, -o {json,stdout}
Where to send results
--version, -v show program's version number and exit
--debug, -d Turn on debug level logging
```
You can run Stack Overflow Watchman to look for everything, and output to default stdout:
```commandline
stack-overflow-watchman --timeframe a --all
```
## Other Watchman apps
You may be interested in the other apps in the Watchman family:
- [Slack Watchman](https://github.com/PaperMtn/slack-watchman)
- [Slack Watchman for Enterprise Grid](https://github.com/PaperMtn/slack-watchman-enterprise-grid)
- [GitLab Watchman](https://github.com/PaperMtn/gitlab-watchman)
- [GitHub Watchman](https://github.com/PaperMtn/github-watchman)
## License
The source code for this project is released under the [GNU General Public Licence](https://www.gnu.org/licenses/licenses.html#GPL). This project is not associated with Stack Overflow.
Raw data
{
"_id": null,
"home_page": "https://papermtn.co.uk/category/tools/stack-overflow-watchman",
"name": "stack-overflow-watchman",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.12",
"maintainer_email": null,
"keywords": null,
"author": "PaperMtn",
"author_email": "papermtn@protonmail.com",
"download_url": "https://files.pythonhosted.org/packages/b3/1b/139e2cb02256d5938b34066dd0b3f0b23e481e1a73a7341c122bae2ff3fa/stack_overflow_watchman-1.0.0.tar.gz",
"platform": null,
"description": "<img src=\"https://i.imgur.com/eE3DF1o.png\" width=\"550\">\n\n# Stack Overflow Watchman\n\n\n\n\nMonitoring Stack Overflow Enterprise for exposed secrets\n\n## About Stack Overflow Watchman\nStack Overflow Watchman is an application that uses the Stack Overflow for Teams API to find potentially sensitive data exposed in a Stack Overflow Enterprise for Teams site.\n\nMore information about Stack Overflow Watchman can be found [on my blog](https://papermtn.co.uk/category/tools/stack-overflow-watchman/).\n\n### Features\nStack Overflow Watchman looks for:\n\n- API Keys, Tokens & Service Accounts\n - AWS, Azure, GCP, Google API, Slack (keys & webhooks), Twitter, Facebook, GitHub and more\n - Generic Private keys\n - Access Tokens, Bearer Tokens, Client Secrets, Private Tokens\n - Leaked passwords\n - Passport numbers, Dates of birth, Social security numbers, National insurance numbers and more\n\n#### Time based searching\nYou can run Stack Overflow Watchman to look for results going back as far as:\n- 24 hours\n- 7 days\n- 30 days\n- All time\n\nThis means after one deep scan, you can schedule Stack Overflow Watchman to run regularly and only return results from your chosen timeframe.\n\n### Signatures\nStack Overflow Watchman uses custom YAML signatures to detect matches in Stack Overflow for Teams. These signatures are pulled from the central [Watchman Signatures repository](https://github.com/PaperMtn/watchman-signatures). Stack Overflow Watchman automatically updates its signature base at runtime to ensure its using the latest signatures to detect secrets.\n\n### Logging\n\nStack Overflow Watchman gives the following logging options:\n- Terminal-friendly Stdout\n- JSON to Stdout\n\nStack Overflow Watchman defaults to terminal-friendly stdout logging if no option is given. This is designed to be easier for humans to read.\n\nJSON logging is also available, which is perfect for ingesting into a SIEM or other log analysis platforms.\n\nJSON formatted logging can be easily redirected to a file as below:\n```commandline\nstack-overflow-watchman --timeframe a --all --output json >> stack_overflow_watchman_log.json \n```\n\n## Authentication Requirements\n### Stack Overflow API token\nTo run Stack Overflow Watchman, you will need an API token. You can create this in your Stack Overflow for Teams account under `Account -> Settings -> API Applications`. Create a new application and copy the token from the details pane.\n\nYou will also need the domain of the Stack Overflow for Teams site. If your site is `papermtn.stackoverflow.co`, then the domain is `papermtn`.\n#### Providing Token & URL\nPass the URL and Token to Stack Overflow Watchman via the environment variables: \n- `STACK_OVERFLOW_WATCHMAN_TOKEN`\n- `STACK_OVERFLOW_WATCHMAN_DOMAIN`\n\n## Installation\nYou can install the latest stable version via pip:\n\n```commandline\npython3 -m pip install stack-overflow-watchman\n```\n\nOr build from source yourself:\n\nDownload the release source files, then from the top level repository run:\n```commandline\npython3 -m pip build\npython3 -m pip install --force-reinstall dist/*.whl\n```\n\n## Docker Image\n\nStack Overflow Watchman is also available from the Docker hub as a Docker image:\n\n`docker pull papermountain/stack-overflow-watchman:latest`\n\nYou can then run Stack Overflow Watchman in a container, making sure you pass the required environment variables:\n\n```commandline\n// help\ndocker run --rm papermountain/stack-overflow-watchman -h\n\n// scan all\ndocker run --rm -e STACK_OVERFLOW_WATCHMAN_TOKEN=abc... -e STACK_OVERFLOW_WATCHMAN_DOMAIN=papermtn papermountain/stack-overflow-watchman --timeframe a --all --output json\ndocker run --rm --env-file .env papermountain/stack-overflow-watchman --timeframe a --all --output stdout\n```\n\n## Usage\nStack Overflow Watchman will be installed as a global command, use as follows:\n```commandline\nusage: stack-overflow-watchman [-h] [--timeframe {d,w,m,a}] [--output {json,stdout}] [--version] [--debug]\n\noptions:\n -h, --help show this help message and exit\n --timeframe {d,w,m,a}\n How far back to search: d = 24 hours w = 7 days, m = 30 days, a = all time. Defaults to all time\n --output {json,stdout}, -o {json,stdout}\n Where to send results\n --version, -v show program's version number and exit\n --debug, -d Turn on debug level logging\n ```\n\nYou can run Stack Overflow Watchman to look for everything, and output to default stdout:\n\n```commandline\nstack-overflow-watchman --timeframe a --all\n```\n\n## Other Watchman apps\nYou may be interested in the other apps in the Watchman family:\n- [Slack Watchman](https://github.com/PaperMtn/slack-watchman)\n- [Slack Watchman for Enterprise Grid](https://github.com/PaperMtn/slack-watchman-enterprise-grid)\n- [GitLab Watchman](https://github.com/PaperMtn/gitlab-watchman)\n- [GitHub Watchman](https://github.com/PaperMtn/github-watchman)\n\n## License\nThe source code for this project is released under the [GNU General Public Licence](https://www.gnu.org/licenses/licenses.html#GPL). This project is not associated with Stack Overflow.",
"bugtrack_url": null,
"license": "GPL-3.0",
"summary": "Detecting exposed secrets in Stack Overflow Enterprise for Teams",
"version": "1.0.0",
"project_urls": {
"Homepage": "https://papermtn.co.uk/category/tools/stack-overflow-watchman",
"Repository": "https://github.com/PaperMtn/stack-overflow-watchman"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8055e2273afc787fefaa365cb94ea47dd87fa75b3d3279d9dbbbd423c4ccbb9e",
"md5": "f0e73ad6a077889052de322f29b51644",
"sha256": "fd01efcaa1a9acfd447b543b9ad0aaefaee314f43fbb2d745904d18ea6c1ce39"
},
"downloads": -1,
"filename": "stack_overflow_watchman-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f0e73ad6a077889052de322f29b51644",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.12",
"size": 30985,
"upload_time": "2024-04-28T18:36:44",
"upload_time_iso_8601": "2024-04-28T18:36:44.392806Z",
"url": "https://files.pythonhosted.org/packages/80/55/e2273afc787fefaa365cb94ea47dd87fa75b3d3279d9dbbbd423c4ccbb9e/stack_overflow_watchman-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b31b139e2cb02256d5938b34066dd0b3f0b23e481e1a73a7341c122bae2ff3fa",
"md5": "2d3e8b3e99252f80a1375e746dd2cbc1",
"sha256": "1ad298303e1ff0848eace131414be4c9254a21bbe268e62a25ae0b4185148a2f"
},
"downloads": -1,
"filename": "stack_overflow_watchman-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "2d3e8b3e99252f80a1375e746dd2cbc1",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.12",
"size": 26182,
"upload_time": "2024-04-28T18:36:46",
"upload_time_iso_8601": "2024-04-28T18:36:46.007732Z",
"url": "https://files.pythonhosted.org/packages/b3/1b/139e2cb02256d5938b34066dd0b3f0b23e481e1a73a7341c122bae2ff3fa/stack_overflow_watchman-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-28 18:36:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "PaperMtn",
"github_project": "stack-overflow-watchman",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "stack-overflow-watchman"
}
JSON
