Merge pull request #3124 from geeknik/patch-42

checks for github and gitlab recovery codes and discord backup codes

exposures/tokens/discord/discord-backup-code.yaml

@@ -0,0 +1,25 @@
+id: discord-backup-code
+
+info:
+  name: Discord Backup Code Detection
+  author: geeknik
+  severity: high
+  tags: exposure,token,discord
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/discord-backup-codes.txt'
+      - '{{BaseURL}}/discord_backup_codes.txt'
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - '[0-9A-Za-z]{4}\-[0-9A-Za-z]{4}'
+
+      - type: status
+        status:
+          - 200

exposures/tokens/github/github-recovery-code.yaml

@@ -0,0 +1,27 @@
+id: github-recovery-code
+
+info:
+  name: Github Recovery Code Detection
+  author: geeknik
+  severity: high
+  metadata:
+    verified: true
+  tags: exposure,token,github
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/github-recovery-codes.txt'
+      - '{{BaseURL}}/github_recovery_codes.txt'
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - '[0-9A-Za-z]{5}\-[0-9A-Za-z]{5}'
+
+      - type: status
+        status:
+          - 200

exposures/tokens/gitlab/gitlab-recovery-code.yaml

@@ -0,0 +1,25 @@
+id: gitlab-recovery-code
+
+info:
+  name: Gitlab Recovery Code Detection
+  author: geeknik
+  severity: high
+  tags: exposure,token,gitlab
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/gitlab-recovery-codes.txt'
+      - '{{BaseURL}}/gitlab_recovery_codes.txt'
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - '[0-9A-Za-z]{16}'
+
+      - type: status
+        status:
+          - 200