id: stripe-secret-key
info:
name: Stripe Secret Key Disclosure
author: Ice3man
severity: info
metadata:
max-request: 1
tags: exposure,token,stripe
http:
- method: GET
path:
- "{{BaseURL}}"
extractors:
- type: regex
part: body
regex:
- 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
# digest: 490a0046304402207c3700e1645b9ce254efdd0d6fb7f8256d7003af7cc0a0a1e6f12d9f320651d4022075f953fb5c9aa61e2e0e1ffe449c774e54435102b7ee5ecbc173e7f5ce943120:922c64590222798bb761d5b6d8e72950