more updates
parent
e71f1be03e
commit
41240045d6
|
@ -10,13 +10,6 @@ requests:
|
|||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
|
|
|
@ -10,13 +10,6 @@ requests:
|
|||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
|
|
|
@ -2,6 +2,8 @@ id: credentials-disclosure
|
|||
|
||||
# Extract secrets regex like api keys, password, token, etc ... for different services
|
||||
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
|
||||
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
|
||||
# Regex count:- 687
|
||||
|
||||
info:
|
||||
name: Credentials Disclosure Check
|
||||
|
|
|
@ -10,13 +10,6 @@ requests:
|
|||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "AIza[0-9A-Za-z\\-_]{35}"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
|
|
|
@ -13,13 +13,6 @@ requests:
|
|||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "(ftp|ftps|http|https)://[0-9A-Za-z\\-_%]+(:|@)"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
|
|
|
@ -8,14 +8,7 @@ info:
|
|||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "[0-9a-f]{32}-us[0-9]{1,2}"
|
||||
- "{{BaseURL}}"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
|
|
|
@ -13,14 +13,6 @@ requests:
|
|||
path:
|
||||
- "{{BaseURL}}"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "xoxp-[0-9A-Za-z\\-]{72}" # Person
|
||||
- "xoxb-[0-9A-Za-z\\-]{51}" # Bot
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
|
|
Loading…
Reference in New Issue