From 2fb9a3e57c5dc991cf5f46f66ffba029f76b376c Mon Sep 17 00:00:00 2001
From: Nadino92 <Nadino92@users.noreply.github.com>
Date: Thu, 7 May 2020 12:14:17 +0200
Subject: [PATCH] General tokens

General tokens
---
 tokens/general-tokens.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 tokens/general-tokens.yaml

diff --git a/tokens/general-tokens.yaml b/tokens/general-tokens.yaml
new file mode 100644
index 0000000000..614b06a881
--- /dev/null
+++ b/tokens/general-tokens.yaml
@@ -0,0 +1,29 @@
+id: general-tokens
+
+#this will create a huge load of false positive
+
+info:
+  name: General Tokens
+  author: nadino
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    matchers:
+      - type: dsl
+        dsl:
+        - 'regex("TOKEN(\")?(:|=)+(\")?",replace(toupper(body)," ",""))'                    #any TOKEN word
+        - 'regex("API(\\-|_| )+([A-Z]{3})+(\")?(:|=)+(\")?",replace(toupper(body)," ",""))' #API_XXX...
+        - 'regex("([A-Z]{3})+(\\-|_| )+API(\")?(:|=)+(\")?",replace(toupper(body)," ",""))' #XXX_API
+        - 'regex("([A-Z]{3})+(\\-|_| )+KEY(\")?(:|=)+(\")?",replace(toupper(body)," ",""))' #XXX_KEY    
+        - 'regex("KEY(\\-|_| )+([A-Z]{3})+(\")?(:|=)+(\")?",replace(toupper(body)," ",""))' #KEY_XXX
+        - 'regex("SECRET(\")?(:|=)+(\")?",replace(toupper(body)," ",""))'                   #any SECRET word
+        - 'regex("AUTHORIZATION(\")?(:|=)+(\")?",replace(toupper(body)," ",""))'            #any AUTHORIZATION word
+        - 'regex("PASSWORD(\")?(:|=)+(\")?",replace(toupper(body)," ",""))'                 #any PASSWORD word
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "TOKEN(\")?(:|=)+(\")?"