From 0ffddcbf43dcf79370a4d4a7caa9ffdc6b95a59e Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Sat, 29 May 2021 14:46:00 +0530 Subject: [PATCH] Added file based templates :tada: --- file/android/adb-backup-enabled.yaml | 16 +++++++++ file/android/biometric-detect.yaml | 17 ++++++++++ file/android/certificate-validation.yaml | 16 +++++++++ file/android/content-scheme.yaml | 16 +++++++++ file/android/debug-enabled.yaml | 16 +++++++++ file/android/dynamic-broadcast-receiver.yaml | 16 +++++++++ file/android/file-scheme.yaml | 16 +++++++++ file/android/provider-path.yaml | 17 ++++++++++ .../webview-addjavascript-interface.yaml | 16 +++++++++ file/android/webview-javascript.yaml | 16 +++++++++ file/android/webview-load-url.yaml | 16 +++++++++ file/android/webview-universal-access.yaml | 16 +++++++++ file/keys/amazon-mws-auth-token.yaml | 17 ++++++++++ file/keys/aws-access-id.yaml | 17 ++++++++++ file/keys/aws-cognito.yaml | 33 +++++++++++++++++++ file/keys/cloudinary.yaml | 17 ++++++++++ file/keys/credentials.yaml | 17 ++++++++++ file/keys/dynatrace-token.yaml | 17 ++++++++++ file/keys/facebook-client-id.yaml | 17 ++++++++++ file/keys/facebook-secret.yaml | 17 ++++++++++ file/keys/firebase-database.yaml | 18 ++++++++++ file/keys/gcp-service-account.yaml | 17 ++++++++++ file/keys/google-api.yaml | 17 ++++++++++ file/keys/linkedin-id.yaml | 17 ++++++++++ file/keys/mailchimp-api.yaml | 17 ++++++++++ file/keys/mailgun-api.yaml | 17 ++++++++++ file/keys/paypal-braintree-token.yaml | 17 ++++++++++ file/keys/pictatic-api-key.yaml | 17 ++++++++++ file/keys/private-key.yaml | 23 +++++++++++++ file/keys/s3-bucket.yaml | 21 ++++++++++++ file/keys/sendgrid-api.yaml | 17 ++++++++++ file/keys/shopify-custom-token.yaml | 17 ++++++++++ file/keys/shopify-private-token.yaml | 17 ++++++++++ file/keys/shopify-shared-secret.yaml | 17 ++++++++++ file/keys/shopify-token.yaml | 17 ++++++++++ file/keys/slack-api.yaml | 17 ++++++++++ file/keys/slack-webhook.yaml | 17 ++++++++++ file/keys/square-access-token.yaml | 17 ++++++++++ file/keys/square-oauth-secret.yaml | 17 ++++++++++ file/keys/stripe-api-key.yaml | 17 ++++++++++ file/keys/twilio-api.yaml | 17 ++++++++++ file/keys/twitter-secret.yaml | 17 ++++++++++ 42 files changed, 731 insertions(+) create mode 100644 file/android/adb-backup-enabled.yaml create mode 100644 file/android/biometric-detect.yaml create mode 100644 file/android/certificate-validation.yaml create mode 100644 file/android/content-scheme.yaml create mode 100644 file/android/debug-enabled.yaml create mode 100644 file/android/dynamic-broadcast-receiver.yaml create mode 100644 file/android/file-scheme.yaml create mode 100644 file/android/provider-path.yaml create mode 100644 file/android/webview-addjavascript-interface.yaml create mode 100644 file/android/webview-javascript.yaml create mode 100644 file/android/webview-load-url.yaml create mode 100644 file/android/webview-universal-access.yaml create mode 100644 file/keys/amazon-mws-auth-token.yaml create mode 100644 file/keys/aws-access-id.yaml create mode 100644 file/keys/aws-cognito.yaml create mode 100644 file/keys/cloudinary.yaml create mode 100644 file/keys/credentials.yaml create mode 100644 file/keys/dynatrace-token.yaml create mode 100644 file/keys/facebook-client-id.yaml create mode 100644 file/keys/facebook-secret.yaml create mode 100644 file/keys/firebase-database.yaml create mode 100644 file/keys/gcp-service-account.yaml create mode 100644 file/keys/google-api.yaml create mode 100644 file/keys/linkedin-id.yaml create mode 100644 file/keys/mailchimp-api.yaml create mode 100644 file/keys/mailgun-api.yaml create mode 100644 file/keys/paypal-braintree-token.yaml create mode 100644 file/keys/pictatic-api-key.yaml create mode 100644 file/keys/private-key.yaml create mode 100644 file/keys/s3-bucket.yaml create mode 100644 file/keys/sendgrid-api.yaml create mode 100644 file/keys/shopify-custom-token.yaml create mode 100644 file/keys/shopify-private-token.yaml create mode 100644 file/keys/shopify-shared-secret.yaml create mode 100644 file/keys/shopify-token.yaml create mode 100644 file/keys/slack-api.yaml create mode 100644 file/keys/slack-webhook.yaml create mode 100644 file/keys/square-access-token.yaml create mode 100644 file/keys/square-oauth-secret.yaml create mode 100644 file/keys/stripe-api-key.yaml create mode 100644 file/keys/twilio-api.yaml create mode 100644 file/keys/twitter-secret.yaml diff --git a/file/android/adb-backup-enabled.yaml b/file/android/adb-backup-enabled.yaml new file mode 100644 index 0000000000..2f4a88df0a --- /dev/null +++ b/file/android/adb-backup-enabled.yaml @@ -0,0 +1,16 @@ +id: adb-backup-enabled + +info: + name: ADB Backup Enabled + author: gaurang + severity: low + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "android:allowBackup=\"true\"" \ No newline at end of file diff --git a/file/android/biometric-detect.yaml b/file/android/biometric-detect.yaml new file mode 100644 index 0000000000..002dcf825a --- /dev/null +++ b/file/android/biometric-detect.yaml @@ -0,0 +1,17 @@ +id: biometric-detect + +info: + name: Biometric or Fingerprint detect + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "android.permission.USE_FINGERPRINT" + - "android.permission.USE_BIOMETRIC" \ No newline at end of file diff --git a/file/android/certificate-validation.yaml b/file/android/certificate-validation.yaml new file mode 100644 index 0000000000..64a9fecc52 --- /dev/null +++ b/file/android/certificate-validation.yaml @@ -0,0 +1,16 @@ +id: improper-certificate-validation + +info: + name: Improper Certificate Validation + author: gaurang + severity: medium + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/SslErrorHandler;->proceed()V" \ No newline at end of file diff --git a/file/android/content-scheme.yaml b/file/android/content-scheme.yaml new file mode 100644 index 0000000000..f60d6a6607 --- /dev/null +++ b/file/android/content-scheme.yaml @@ -0,0 +1,16 @@ +id: content-scheme + +info: + name: Content Scheme Enabled + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - xml + + matchers: + - type: word + words: + - "android:scheme=\"content\"" \ No newline at end of file diff --git a/file/android/debug-enabled.yaml b/file/android/debug-enabled.yaml new file mode 100644 index 0000000000..1825b7d030 --- /dev/null +++ b/file/android/debug-enabled.yaml @@ -0,0 +1,16 @@ +id: android-debug-enabled + +info: + name: Android Debug Enabled + author: gaurang + severity: low + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: regex + regex: + - "android:debuggable=\"true\"" \ No newline at end of file diff --git a/file/android/dynamic-broadcast-receiver.yaml b/file/android/dynamic-broadcast-receiver.yaml new file mode 100644 index 0000000000..d2ea9a6123 --- /dev/null +++ b/file/android/dynamic-broadcast-receiver.yaml @@ -0,0 +1,16 @@ +id: dynamic-registered-broadcast-receiver + +info: + name: Dynamic Registered Broadcast Receiver + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - ";->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)" \ No newline at end of file diff --git a/file/android/file-scheme.yaml b/file/android/file-scheme.yaml new file mode 100644 index 0000000000..e7f14543f8 --- /dev/null +++ b/file/android/file-scheme.yaml @@ -0,0 +1,16 @@ +id: file-scheme + +info: + name: File Scheme Enabled + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - xml + + matchers: + - type: word + words: + - "android:scheme=\"file\"" \ No newline at end of file diff --git a/file/android/provider-path.yaml b/file/android/provider-path.yaml new file mode 100644 index 0000000000..ed4810852d --- /dev/null +++ b/file/android/provider-path.yaml @@ -0,0 +1,17 @@ +id: insecure-provider-path + +info: + name: Insecure Provider Path + author: gaurang + severity: medium + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: regex + regex: + - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\"" + - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\"" diff --git a/file/android/webview-addjavascript-interface.yaml b/file/android/webview-addjavascript-interface.yaml new file mode 100644 index 0000000000..06e26a26dd --- /dev/null +++ b/file/android/webview-addjavascript-interface.yaml @@ -0,0 +1,16 @@ +id: webview-addjavascript-interface + +info: + name: Webview addJavascript Interface Usage + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V" \ No newline at end of file diff --git a/file/android/webview-javascript.yaml b/file/android/webview-javascript.yaml new file mode 100644 index 0000000000..9637251e12 --- /dev/null +++ b/file/android/webview-javascript.yaml @@ -0,0 +1,16 @@ +id: webview-javascript-enabled + +info: + name: Webview JavaScript enabled + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V" \ No newline at end of file diff --git a/file/android/webview-load-url.yaml b/file/android/webview-load-url.yaml new file mode 100644 index 0000000000..d258156df2 --- /dev/null +++ b/file/android/webview-load-url.yaml @@ -0,0 +1,16 @@ +id: webview-load-url + +info: + name: Webview loadUrl usage + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V" \ No newline at end of file diff --git a/file/android/webview-universal-access.yaml b/file/android/webview-universal-access.yaml new file mode 100644 index 0000000000..56fe5fb8ac --- /dev/null +++ b/file/android/webview-universal-access.yaml @@ -0,0 +1,16 @@ +id: webview-universal-access + +info: + name: Webview Universal Access enabled + author: gaurang + severity: medium + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/WebSettings;->setAllowUniversalAccessFromFileURLs(Z)V" \ No newline at end of file diff --git a/file/keys/amazon-mws-auth-token.yaml b/file/keys/amazon-mws-auth-token.yaml new file mode 100644 index 0000000000..b124dc86f5 --- /dev/null +++ b/file/keys/amazon-mws-auth-token.yaml @@ -0,0 +1,17 @@ +id: amazon-mws-auth-token-value + +info: + name: Amazon MWS Auth Token + author: gaurang + severity: medium + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" \ No newline at end of file diff --git a/file/keys/aws-access-id.yaml b/file/keys/aws-access-id.yaml new file mode 100644 index 0000000000..8a72c0dfee --- /dev/null +++ b/file/keys/aws-access-id.yaml @@ -0,0 +1,17 @@ +id: aws-access-key + +info: + name: AWS Access Key ID + author: gaurang + severity: info + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" diff --git a/file/keys/aws-cognito.yaml b/file/keys/aws-cognito.yaml new file mode 100644 index 0000000000..6284a300cd --- /dev/null +++ b/file/keys/aws-cognito.yaml @@ -0,0 +1,33 @@ +id: aws-cognito-pool + +info: + name: AWS Cognito Pool ID + author: gaurang + severity: info + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "ap-northeast-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-northeast-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-southeast-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-southeast-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-south-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ca-central-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ca-central-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-north-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-east-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" \ No newline at end of file diff --git a/file/keys/cloudinary.yaml b/file/keys/cloudinary.yaml new file mode 100644 index 0000000000..74535d775c --- /dev/null +++ b/file/keys/cloudinary.yaml @@ -0,0 +1,17 @@ +id: cloudinary-basic-auth + +info: + name: Cloudinary Basic Auth + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" \ No newline at end of file diff --git a/file/keys/credentials.yaml b/file/keys/credentials.yaml new file mode 100644 index 0000000000..28488d29f2 --- /dev/null +++ b/file/keys/credentials.yaml @@ -0,0 +1,17 @@ +id: basic-auth-creds + +info: + name: Basic Auth Credentials + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" \ No newline at end of file diff --git a/file/keys/dynatrace-token.yaml b/file/keys/dynatrace-token.yaml new file mode 100644 index 0000000000..8fd4a80f23 --- /dev/null +++ b/file/keys/dynatrace-token.yaml @@ -0,0 +1,17 @@ +id: dynatrace-token + +info: + name: Dynatrace Token + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" \ No newline at end of file diff --git a/file/keys/facebook-client-id.yaml b/file/keys/facebook-client-id.yaml new file mode 100644 index 0000000000..c5174d1289 --- /dev/null +++ b/file/keys/facebook-client-id.yaml @@ -0,0 +1,17 @@ +id: facebook-client-id + +info: + name: Facebook Client ID + author: gaurang + severity: info + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" \ No newline at end of file diff --git a/file/keys/facebook-secret.yaml b/file/keys/facebook-secret.yaml new file mode 100644 index 0000000000..9ae8bd5236 --- /dev/null +++ b/file/keys/facebook-secret.yaml @@ -0,0 +1,17 @@ +id: facebook-secret-key + +info: + name: Facebook Secret Key + author: gaurang + severity: low + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" \ No newline at end of file diff --git a/file/keys/firebase-database.yaml b/file/keys/firebase-database.yaml new file mode 100644 index 0000000000..57b48b37fe --- /dev/null +++ b/file/keys/firebase-database.yaml @@ -0,0 +1,18 @@ +id: firebase-database + +info: + name: Firebase Database Detect + author: gaurang + severity: info + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "[a-z0-9.-]+\\.firebaseio\\.com" + - "[a-z0-9.-]+\\.firebaseapp\\.com" \ No newline at end of file diff --git a/file/keys/gcp-service-account.yaml b/file/keys/gcp-service-account.yaml new file mode 100644 index 0000000000..5e2401a542 --- /dev/null +++ b/file/keys/gcp-service-account.yaml @@ -0,0 +1,17 @@ +id: gcp-service-account + +info: + name: Google (GCP) Service-account + author: gaurang + severity: low + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "\"type\": \"service_account\"" \ No newline at end of file diff --git a/file/keys/google-api.yaml b/file/keys/google-api.yaml new file mode 100644 index 0000000000..19db88ae5f --- /dev/null +++ b/file/keys/google-api.yaml @@ -0,0 +1,17 @@ +id: google-api-key + +info: + name: Google API key + author: gaurang + severity: info + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "AIza[0-9A-Za-z\\-_]{35}" \ No newline at end of file diff --git a/file/keys/linkedin-id.yaml b/file/keys/linkedin-id.yaml new file mode 100644 index 0000000000..01b7207320 --- /dev/null +++ b/file/keys/linkedin-id.yaml @@ -0,0 +1,17 @@ +id: linkedin-client-id + +info: + name: Linkedin Client ID + author: gaurang + severity: low + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" \ No newline at end of file diff --git a/file/keys/mailchimp-api.yaml b/file/keys/mailchimp-api.yaml new file mode 100644 index 0000000000..0abc4fc4f2 --- /dev/null +++ b/file/keys/mailchimp-api.yaml @@ -0,0 +1,17 @@ +id: mailchimp-api-key + +info: + name: Mailchimp API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "[0-9a-f]{32}-us[0-9]{1,2}" \ No newline at end of file diff --git a/file/keys/mailgun-api.yaml b/file/keys/mailgun-api.yaml new file mode 100644 index 0000000000..8a7c39f194 --- /dev/null +++ b/file/keys/mailgun-api.yaml @@ -0,0 +1,17 @@ +id: mailgun-api-key + +info: + name: Mailgun API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "key-[0-9a-zA-Z]{32}" \ No newline at end of file diff --git a/file/keys/paypal-braintree-token.yaml b/file/keys/paypal-braintree-token.yaml new file mode 100644 index 0000000000..ae753208e8 --- /dev/null +++ b/file/keys/paypal-braintree-token.yaml @@ -0,0 +1,17 @@ +id: paypal-braintree-token + +info: + name: Paypal Braintree Access Token + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" \ No newline at end of file diff --git a/file/keys/pictatic-api-key.yaml b/file/keys/pictatic-api-key.yaml new file mode 100644 index 0000000000..3e99142d74 --- /dev/null +++ b/file/keys/pictatic-api-key.yaml @@ -0,0 +1,17 @@ +id: pictatic-api-key + +info: + name: Pictatic API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "sk_live_[0-9a-z]{32}" \ No newline at end of file diff --git a/file/keys/private-key.yaml b/file/keys/private-key.yaml new file mode 100644 index 0000000000..4fe94daf19 --- /dev/null +++ b/file/keys/private-key.yaml @@ -0,0 +1,23 @@ +id: private-key + +info: + name: Private Key Detect + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "\"BEGIN OPENSSH PRIVATE KEY\"" + - "\"BEGIN PRIVATE KEY\"" + - "\"BEGIN RSA PRIVATE KEY\"" + - "\"BEGIN DSA PRIVATE KEY\"" + - "\"BEGIN EC PRIVATE KEY\"" + - "\"BEGIN PGP PRIVATE KEY BLOCK\"" + - "\"ssh-rsa\"" \ No newline at end of file diff --git a/file/keys/s3-bucket.yaml b/file/keys/s3-bucket.yaml new file mode 100644 index 0000000000..817a703b43 --- /dev/null +++ b/file/keys/s3-bucket.yaml @@ -0,0 +1,21 @@ +id: s3-bucket + +info: + name: S3 Bucket Detect + author: gaurang + severity: info + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "[a-z0-9.-]+\\.s3\\.amazonaws\\.com" + - "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com" + - "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)" + - "//s3\\.amazonaws\\.com/[a-z0-9._-]+" + - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" \ No newline at end of file diff --git a/file/keys/sendgrid-api.yaml b/file/keys/sendgrid-api.yaml new file mode 100644 index 0000000000..c788964baa --- /dev/null +++ b/file/keys/sendgrid-api.yaml @@ -0,0 +1,17 @@ +id: sendgrid-api-key + +info: + name: Sendgrid API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" \ No newline at end of file diff --git a/file/keys/shopify-custom-token.yaml b/file/keys/shopify-custom-token.yaml new file mode 100644 index 0000000000..18a675c121 --- /dev/null +++ b/file/keys/shopify-custom-token.yaml @@ -0,0 +1,17 @@ +id: shopify-custom-token + +info: + name: Shopify Custom App Access Token + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "shpca_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/shopify-private-token.yaml b/file/keys/shopify-private-token.yaml new file mode 100644 index 0000000000..cb51e773ac --- /dev/null +++ b/file/keys/shopify-private-token.yaml @@ -0,0 +1,17 @@ +id: shopify-private-token + +info: + name: Shopify Private App Access Token + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "shppa_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/shopify-shared-secret.yaml b/file/keys/shopify-shared-secret.yaml new file mode 100644 index 0000000000..4ccb773f5a --- /dev/null +++ b/file/keys/shopify-shared-secret.yaml @@ -0,0 +1,17 @@ +id: shopify-shared-secret + +info: + name: Shopify Shared Secret + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "shpss_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/shopify-token.yaml b/file/keys/shopify-token.yaml new file mode 100644 index 0000000000..30b7317149 --- /dev/null +++ b/file/keys/shopify-token.yaml @@ -0,0 +1,17 @@ +id: shopify-access-token + +info: + name: Shopify Access Token + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "shpat_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/slack-api.yaml b/file/keys/slack-api.yaml new file mode 100644 index 0000000000..254a431bdf --- /dev/null +++ b/file/keys/slack-api.yaml @@ -0,0 +1,17 @@ +id: slack-api + +info: + name: Slack API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "xox[baprs]-([0-9a-zA-Z]{10,48})?" \ No newline at end of file diff --git a/file/keys/slack-webhook.yaml b/file/keys/slack-webhook.yaml new file mode 100644 index 0000000000..0fcb2992c8 --- /dev/null +++ b/file/keys/slack-webhook.yaml @@ -0,0 +1,17 @@ +id: slack-webhook + +info: + name: Slack Webhook + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}" \ No newline at end of file diff --git a/file/keys/square-access-token.yaml b/file/keys/square-access-token.yaml new file mode 100644 index 0000000000..47d2d0d83c --- /dev/null +++ b/file/keys/square-access-token.yaml @@ -0,0 +1,17 @@ +id: square-access-token + +info: + name: Square Accesss Token + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "sq0atp-[0-9A-Za-z\\-_]{22}" \ No newline at end of file diff --git a/file/keys/square-oauth-secret.yaml b/file/keys/square-oauth-secret.yaml new file mode 100644 index 0000000000..097dd64cf8 --- /dev/null +++ b/file/keys/square-oauth-secret.yaml @@ -0,0 +1,17 @@ +id: square-oauth-secret + +info: + name: Square OAuth Secret + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "sq0csp-[0-9A-Za-z\\-_]{43}" \ No newline at end of file diff --git a/file/keys/stripe-api-key.yaml b/file/keys/stripe-api-key.yaml new file mode 100644 index 0000000000..4a9db2bf6f --- /dev/null +++ b/file/keys/stripe-api-key.yaml @@ -0,0 +1,17 @@ +id: stripe-api-key + +info: + name: Stripe API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" \ No newline at end of file diff --git a/file/keys/twilio-api.yaml b/file/keys/twilio-api.yaml new file mode 100644 index 0000000000..9b1d7ef94c --- /dev/null +++ b/file/keys/twilio-api.yaml @@ -0,0 +1,17 @@ +id: twilio-api + +info: + name: Twilio API Key + author: gaurang + severity: high + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" \ No newline at end of file diff --git a/file/keys/twitter-secret.yaml b/file/keys/twitter-secret.yaml new file mode 100644 index 0000000000..3dba0fb102 --- /dev/null +++ b/file/keys/twitter-secret.yaml @@ -0,0 +1,17 @@ +id: twitter-secret + +info: + name: Twitter Secret + author: gaurang + severity: medium + tags: keys,file + +file: + - extensions: + - all + - txt + + extractors: + - type: regex + regex: + - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" \ No newline at end of file