daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

File Based Template & Moving Directory

patch-1
Dhiyaneshwaran 2024-03-18 15:49:06 +05:30
parent 455e50254a
commit 3a5f76fd09
26 changed files with 596 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
file/keys/dependency/dependency-track.yaml Normal file
View File

@ -0,0 +1,24 @@
id: dependency-track
info:
name: Dependency Track API Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dependency_track.yml
- https://docs.dependencytrack.org/integrations/rest-api/
- https://docs.dependencytrack.org/getting-started/configuration/
metadata:
verified: true
max-request: 1
tags: dependency,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(odt_[A-Za-z0-9]{32,255})\b

22
file/keys/docker/dockerhub-pat.yaml Normal file
View File

@ -0,0 +1,22 @@
id: dockerhub-pat
info:
name: Docker Hub Personal Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dockerhub.yml
- https://docs.docker.com/security/for-developers/access-tokens/
metadata:
verified: true
tags: docker,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(dckr_pat_[a-zA-Z0-9_-]{27})(?:$|[^a-zA-Z0-9_-])

23
file/keys/doppler/doppler-audit.yaml Normal file
View File

@ -0,0 +1,23 @@
id: doppler-audit
info:
name: Doppler Audit Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml
- https://docs.doppler.com/reference/api
- https://docs.doppler.com/reference/auth-token-formats
metadata:
verified: true
tags: doppler,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(dp\.audit\.[a-zA-Z0-9]{40,44})\b

23
file/keys/doppler/doppler-cli.yaml Normal file
View File

@ -0,0 +1,23 @@
id: doppler-cli
info:
name: Doppler CLI Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml
- https://docs.doppler.com/reference/api
- https://docs.doppler.com/reference/auth-token-formats
metadata:
verified: true
tags: doppler,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(dp\.ct\.[a-zA-Z0-9]{40,44})\b

23
file/keys/doppler/doppler-scim.yaml Normal file
View File

@ -0,0 +1,23 @@
id: doppler-scim
info:
name: Doppler SCIM Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml
- https://docs.doppler.com/reference/api
- https://docs.doppler.com/reference/auth-token-formats
metadata:
verified: true
tags: doppler,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(dp\.scim\.[a-zA-Z0-9]{40,44})\b

23
file/keys/doppler/doppler-service-account.yaml Normal file
View File

@ -0,0 +1,23 @@
id: doppler-service-account
info:
name: Doppler Service Account Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml
- https://docs.doppler.com/reference/api
- https://docs.doppler.com/reference/auth-token-formats
metadata:
verified: true
tags: doppler,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(dp\.sa\.[a-zA-Z0-9]{40,44})\b

23
file/keys/doppler/doppler-service.yaml Normal file
View File

@ -0,0 +1,23 @@
id: doppler-service
info:
name: Doppler Service
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml
- https://docs.doppler.com/reference/api
- https://docs.doppler.com/reference/auth-token-formats
metadata:
verified: true
tags: doppler,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(dp\.st\.(?:[a-z0-9\-_]{2,35}\.)?[a-zA-Z0-9]{40,44})\b

24
file/keys/dropbox/dropbox-access.yaml Normal file
View File

@ -0,0 +1,24 @@
id: dropbox-access
info:
name: Dropbox Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dropbox.yml
- https://developers.dropbox.com/oauth-guide
- https://www.dropbox.com/developers/
- https://www.dropbox.com/developers/documentation/http/documentation
metadata:
verified: true
tags: dropbox,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(sl\.[a-zA-Z0-9_-]{130,152})(?:$|[^a-zA-Z0-9_-])

22
file/keys/huggingface/huggingface-user-access.yaml Normal file
View File

@ -0,0 +1,22 @@
id: huggingface-user-access
info:
name: HuggingFace User Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/huggingface.yml
- https://huggingface.co/docs/hub/security-tokens
metadata:
verified: true
tags: huggingface,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- '\b(hf_[a-zA-Z]{34})\b'

22
file/keys/linkedin/linkedin-client.yaml Normal file
View File

@ -0,0 +1,22 @@
id: linkedin-client
info:
name: LinkedIn Client ID
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml
- https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications
metadata:
verified: true
tags: linkedin,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)linkedin.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{12,14})\b

22
file/keys/linkedin/linkedin-secret.yaml Normal file
View File

@ -0,0 +1,22 @@
id: linkedin-secret
info:
name: LinkedIn Secret Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml
- https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications
metadata:
verified: true
tags: linkedin,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)linkedin.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{16})\b

23
file/keys/newrelic/newrelic-api-service.yaml Normal file
View File

@ -0,0 +1,23 @@
id: newrelic-api-service
info:
name: New Relic API Service Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-key
metadata:
verified: true
tags: newrelic,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(nrak-[a-z0-9]{27})\b

23
file/keys/newrelic/newrelic-license-non.yaml Normal file
View File

@ -0,0 +1,23 @@
id: newrelic-license-non
info:
name: New Relic License Key (non-suffixed)
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key
metadata:
verified: true
tags: newrelic,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)associated\ with\ your\ New\ Relic\ account\.\s+license_key:\s*([a-f0-9]{40})\b

23
file/keys/newrelic/newrelic-license.yaml Normal file
View File

@ -0,0 +1,23 @@
id: newrelic-license
info:
name: New Relic License Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key
metadata:
verified: true
tags: newrelic,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b([a-z0-9]{6}[a-f0-9]{30}nral)\b

21
file/keys/odbc/odbc-connection.yaml Normal file
View File

@ -0,0 +1,21 @@
id: odbc-connection
info:
name: ODBC Connection String
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/odbc.yml
metadata:
verified: true
tags: odbc,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:User|User\sId|UserId|Uid)\s*=\s*([^\s;]{3,100})\s*;[\ \t]*.{0,10}[\ \t]*(?:Password|Pwd)\s*=\s*([^\t\ ;]{3,100})\s*(?:[;]|$)

23
file/keys/okta/okta-api.yaml Normal file
View File

@ -0,0 +1,23 @@
id: okta-api
info:
name: Okta API Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/okta.yml
- https://devforum.okta.com/t/api-token-length/5519
- https://developer.okta.com/docs/guides/create-an-api-token/main/
metadata:
verified: true
tags: okta,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?s)(?:okta|ssws).{0,40}\b(00[a-z0-9_-]{39}[a-z0-9_])\b

23
file/keys/particle/particle-access.yaml Normal file
View File

@ -0,0 +1,23 @@
id: particle-access
info:
name: particle.io Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/particle.io.yml
- https://docs.particle.io/reference/cloud-apis/api/
metadata:
verified: true
tags: particle,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- 'https://api\.particle\.io/v1/[a-zA-Z0-9_\-\s/"\\?]*(?:access_token=|Authorization:\s*Bearer\s*)\b([a-zA-Z0-9]{40})\b'
- '(?:access_token=|Authorization:\s*Bearer\s*)\b([a-zA-Z0-9]{40})\b[\s"\\]*https://api\.particle\.io/v1'

23
file/keys/react/reactapp-password.yaml Normal file
View File

@ -0,0 +1,23 @@
id: reactapp-password
info:
name: React App Password
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/react.yml
- https://create-react-app.dev/docs/adding-custom-environment-variables/
- https://stackoverflow.com/questions/48699820/how-do-i-hide-an-api-key-in-create-react-app
metadata:
verified: true
tags: react,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \bREACT_APP(?:_[A-Z0-9]+)*_PASS(?:\s+WORD)?\s*=\s*['"]?([^\s'"$]{6,})(?:[\s'"$]|$)

23
file/keys/react/reactapp-username.yaml Normal file
View File

@ -0,0 +1,23 @@
id: reactapp-username
info:
name: React App Username
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/react.yml
- https://create-react-app.dev/docs/adding-custom-environment-variables/
- https://stackoverflow.com/questions/48699820/how-do-i-hide-an-api-key-in-create-react-app
metadata:
verified: true
tags: react,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \bREACT_APP(?:_[A-Z0-9]+)*_USER(?:\s+NAME)?\s*=\s*['"]?([^\s'"$]{3,})(?:[\s'"$]|$)

21
file/keys/salesforce/salesforce-access.yaml Normal file
View File

@ -0,0 +1,21 @@
id: salesforce-access
info:
name: Salesforce Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/salesforce.yml
metadata:
verified: true
tags: salesforce,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- \b(00[a-zA-Z0-9]{13}![a-zA-Z0-9._]{96})(?:\b|$|[^a-zA-Z0-9._])

23
file/keys/thingsboard/thingsboard-access.yaml Normal file
View File

@ -0,0 +1,23 @@
id: thingsboard-access
info:
name: ThingsBoard Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/thingsboard.yml
- https://thingsboard.io/docs/paas/reference/http-api/
- https://thingsboard.io/docs/paas/reference/coap-api/
metadata:
verified: true
tags: thingsboard,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- thingsboard\.cloud/api/v1/([a-z0-9]{20})

27
file/keys/truenas/truenas-api.yaml Normal file
View File

@ -0,0 +1,27 @@
id: truenas-api
info:
name: TrueNAS API Key (WebSocket)
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/truenas.yml
- https://www.truenas.com/docs/api/core_websocket_api.html
- https://www.truenas.com/docs/api/scale_rest_api.html
- https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/
- https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/
- https://www.truenas.com/docs/scale/api/
- https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/
metadata:
verified: true
tags: truenas,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- '"params"\s*:\s*\[\s*"(\d+-[a-zA-Z0-9]{64})"\s*\]'

22
file/keys/twitter/twitter-client.yaml Normal file
View File

@ -0,0 +1,22 @@
id: twitter-client
info:
name: Twitter Client ID
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/twitter.yml
- https://developer.twitter.com/en/docs/authentication/overview
metadata:
verified: true
tags: twitter,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\btwitter.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{18,25})\b

22
file/keys/twitter/twitter-secret.yaml Normal file
View File

@ -0,0 +1,22 @@
id: twitter-secret
info:
name: Twitter Secret Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/twitter.yml
- https://developer.twitter.com/en/docs/authentication/overview
metadata:
verified: true
tags: twitter,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)twitter.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{35,44})\b

24
file/keys/wireguard/wireguard-preshared.yaml Normal file
View File

@ -0,0 +1,24 @@
id: wireguard-preshared
info:
name: WireGuard Preshared Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/wireguard.yml
- https://www.wireguard.com/quickstart/
- https://manpages.debian.org/testing/wireguard-tools/wg.8.en.html
- https://gist.github.com/lanceliao/5d2977f417f34dda0e3d63ac7e217fd
metadata:
verified: true
tags: wireguard,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- PresharedKey\s*=\s*([A-Za-z0-9+/]{43}=)

24
file/keys/wireguard/wireguard-private.yaml Normal file
View File

@ -0,0 +1,24 @@
id: wireguard-private
info:
name: WireGuard Private Key
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/wireguard.yml
- https://www.wireguard.com/quickstart/
- https://manpages.debian.org/testing/wireguard-tools/wg.8.en.html
- https://gist.github.com/lanceliao/5d2977f417f34dda0e3d63ac7e217fd
metadata:
verified: true
tags: wireguard,keys,file
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- PrivateKey\s*=\s*([A-Za-z0-9+/]{43}=