diff --git a/file/android/adb-backup-enabled.yaml b/file/android/adb-backup-enabled.yaml new file mode 100644 index 0000000000..2f4a88df0a --- /dev/null +++ b/file/android/adb-backup-enabled.yaml @@ -0,0 +1,16 @@ +id: adb-backup-enabled + +info: + name: ADB Backup Enabled + author: gaurang + severity: low + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "android:allowBackup=\"true\"" \ No newline at end of file diff --git a/file/android/biometric-detect.yaml b/file/android/biometric-detect.yaml new file mode 100644 index 0000000000..002dcf825a --- /dev/null +++ b/file/android/biometric-detect.yaml @@ -0,0 +1,17 @@ +id: biometric-detect + +info: + name: Biometric or Fingerprint detect + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "android.permission.USE_FINGERPRINT" + - "android.permission.USE_BIOMETRIC" \ No newline at end of file diff --git a/file/android/certificate-validation.yaml b/file/android/certificate-validation.yaml new file mode 100644 index 0000000000..64a9fecc52 --- /dev/null +++ b/file/android/certificate-validation.yaml @@ -0,0 +1,16 @@ +id: improper-certificate-validation + +info: + name: Improper Certificate Validation + author: gaurang + severity: medium + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/SslErrorHandler;->proceed()V" \ No newline at end of file diff --git a/file/android/content-scheme.yaml b/file/android/content-scheme.yaml new file mode 100644 index 0000000000..f60d6a6607 --- /dev/null +++ b/file/android/content-scheme.yaml @@ -0,0 +1,16 @@ +id: content-scheme + +info: + name: Content Scheme Enabled + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - xml + + matchers: + - type: word + words: + - "android:scheme=\"content\"" \ No newline at end of file diff --git a/file/android/debug-enabled.yaml b/file/android/debug-enabled.yaml new file mode 100644 index 0000000000..1825b7d030 --- /dev/null +++ b/file/android/debug-enabled.yaml @@ -0,0 +1,16 @@ +id: android-debug-enabled + +info: + name: Android Debug Enabled + author: gaurang + severity: low + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: regex + regex: + - "android:debuggable=\"true\"" \ No newline at end of file diff --git a/file/android/dynamic-broadcast-receiver.yaml b/file/android/dynamic-broadcast-receiver.yaml new file mode 100644 index 0000000000..d2ea9a6123 --- /dev/null +++ b/file/android/dynamic-broadcast-receiver.yaml @@ -0,0 +1,16 @@ +id: dynamic-registered-broadcast-receiver + +info: + name: Dynamic Registered Broadcast Receiver + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - ";->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)" \ No newline at end of file diff --git a/file/android/file-scheme.yaml b/file/android/file-scheme.yaml new file mode 100644 index 0000000000..e7f14543f8 --- /dev/null +++ b/file/android/file-scheme.yaml @@ -0,0 +1,16 @@ +id: file-scheme + +info: + name: File Scheme Enabled + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - xml + + matchers: + - type: word + words: + - "android:scheme=\"file\"" \ No newline at end of file diff --git a/file/android/provider-path.yaml b/file/android/provider-path.yaml new file mode 100644 index 0000000000..ed4810852d --- /dev/null +++ b/file/android/provider-path.yaml @@ -0,0 +1,17 @@ +id: insecure-provider-path + +info: + name: Insecure Provider Path + author: gaurang + severity: medium + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: regex + regex: + - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\"" + - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\"" diff --git a/file/android/webview-addjavascript-interface.yaml b/file/android/webview-addjavascript-interface.yaml new file mode 100644 index 0000000000..06e26a26dd --- /dev/null +++ b/file/android/webview-addjavascript-interface.yaml @@ -0,0 +1,16 @@ +id: webview-addjavascript-interface + +info: + name: Webview addJavascript Interface Usage + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V" \ No newline at end of file diff --git a/file/android/webview-javascript.yaml b/file/android/webview-javascript.yaml new file mode 100644 index 0000000000..9637251e12 --- /dev/null +++ b/file/android/webview-javascript.yaml @@ -0,0 +1,16 @@ +id: webview-javascript-enabled + +info: + name: Webview JavaScript enabled + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V" \ No newline at end of file diff --git a/file/android/webview-load-url.yaml b/file/android/webview-load-url.yaml new file mode 100644 index 0000000000..d258156df2 --- /dev/null +++ b/file/android/webview-load-url.yaml @@ -0,0 +1,16 @@ +id: webview-load-url + +info: + name: Webview loadUrl usage + author: gaurang + severity: info + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V" \ No newline at end of file diff --git a/file/android/webview-universal-access.yaml b/file/android/webview-universal-access.yaml new file mode 100644 index 0000000000..56fe5fb8ac --- /dev/null +++ b/file/android/webview-universal-access.yaml @@ -0,0 +1,16 @@ +id: webview-universal-access + +info: + name: Webview Universal Access enabled + author: gaurang + severity: medium + tags: android,file + +file: + - extensions: + - all + + matchers: + - type: word + words: + - "Landroid/webkit/WebSettings;->setAllowUniversalAccessFromFileURLs(Z)V" \ No newline at end of file diff --git a/file/keys/amazon-mws-auth-token.yaml b/file/keys/amazon-mws-auth-token.yaml new file mode 100644 index 0000000000..69843674c0 --- /dev/null +++ b/file/keys/amazon-mws-auth-token.yaml @@ -0,0 +1,16 @@ +id: amazon-mws-auth-token-value + +info: + name: Amazon MWS Auth Token + author: gaurang + severity: medium + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" \ No newline at end of file diff --git a/file/keys/aws-access-id.yaml b/file/keys/aws-access-id.yaml new file mode 100644 index 0000000000..1bf83e581c --- /dev/null +++ b/file/keys/aws-access-id.yaml @@ -0,0 +1,16 @@ +id: aws-access-key + +info: + name: AWS Access Key ID + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" diff --git a/file/keys/aws-cognito.yaml b/file/keys/aws-cognito.yaml new file mode 100644 index 0000000000..f601eec9b7 --- /dev/null +++ b/file/keys/aws-cognito.yaml @@ -0,0 +1,32 @@ +id: aws-cognito-pool + +info: + name: AWS Cognito Pool ID + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "ap-northeast-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-northeast-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-southeast-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-southeast-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ap-south-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ca-central-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "ca-central-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-west-3:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "eu-north-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-east-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" \ No newline at end of file diff --git a/file/keys/cloudinary.yaml b/file/keys/cloudinary.yaml new file mode 100644 index 0000000000..960dabd6e3 --- /dev/null +++ b/file/keys/cloudinary.yaml @@ -0,0 +1,16 @@ +id: cloudinary-basic-auth + +info: + name: Cloudinary Basic Auth + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" \ No newline at end of file diff --git a/file/keys/credentials.yaml b/file/keys/credentials.yaml new file mode 100644 index 0000000000..484b2e6710 --- /dev/null +++ b/file/keys/credentials.yaml @@ -0,0 +1,16 @@ +id: basic-auth-creds + +info: + name: Basic Auth Credentials + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" \ No newline at end of file diff --git a/file/keys/dynatrace-token.yaml b/file/keys/dynatrace-token.yaml new file mode 100644 index 0000000000..3ad533dd3f --- /dev/null +++ b/file/keys/dynatrace-token.yaml @@ -0,0 +1,16 @@ +id: dynatrace-token + +info: + name: Dynatrace Token + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" \ No newline at end of file diff --git a/file/keys/facebook-client-id.yaml b/file/keys/facebook-client-id.yaml new file mode 100644 index 0000000000..038fdbd646 --- /dev/null +++ b/file/keys/facebook-client-id.yaml @@ -0,0 +1,16 @@ +id: facebook-client-id + +info: + name: Facebook Client ID + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" \ No newline at end of file diff --git a/file/keys/facebook-secret.yaml b/file/keys/facebook-secret.yaml new file mode 100644 index 0000000000..ebd1df4171 --- /dev/null +++ b/file/keys/facebook-secret.yaml @@ -0,0 +1,16 @@ +id: facebook-secret-key + +info: + name: Facebook Secret Key + author: gaurang + severity: low + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" \ No newline at end of file diff --git a/file/keys/firebase-database.yaml b/file/keys/firebase-database.yaml new file mode 100644 index 0000000000..62a323df09 --- /dev/null +++ b/file/keys/firebase-database.yaml @@ -0,0 +1,17 @@ +id: firebase-database + +info: + name: Firebase Database Detect + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[a-z0-9.-]+\\.firebaseio\\.com" + - "[a-z0-9.-]+\\.firebaseapp\\.com" \ No newline at end of file diff --git a/file/keys/gcp-service-account.yaml b/file/keys/gcp-service-account.yaml new file mode 100644 index 0000000000..8f4b0a4129 --- /dev/null +++ b/file/keys/gcp-service-account.yaml @@ -0,0 +1,16 @@ +id: gcp-service-account + +info: + name: Google (GCP) Service-account + author: gaurang + severity: low + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "\"type\": \"service_account\"" \ No newline at end of file diff --git a/file/keys/google-api.yaml b/file/keys/google-api.yaml new file mode 100644 index 0000000000..c227c5263b --- /dev/null +++ b/file/keys/google-api.yaml @@ -0,0 +1,16 @@ +id: google-api-key + +info: + name: Google API key + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "AIza[0-9A-Za-z\\-_]{35}" \ No newline at end of file diff --git a/file/keys/linkedin-id.yaml b/file/keys/linkedin-id.yaml new file mode 100644 index 0000000000..dedc141863 --- /dev/null +++ b/file/keys/linkedin-id.yaml @@ -0,0 +1,16 @@ +id: linkedin-client-id + +info: + name: Linkedin Client ID + author: gaurang + severity: low + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" \ No newline at end of file diff --git a/file/keys/mailchimp-api.yaml b/file/keys/mailchimp-api.yaml new file mode 100644 index 0000000000..226457a440 --- /dev/null +++ b/file/keys/mailchimp-api.yaml @@ -0,0 +1,16 @@ +id: mailchimp-api-key + +info: + name: Mailchimp API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[0-9a-f]{32}-us[0-9]{1,2}" \ No newline at end of file diff --git a/file/keys/mailgun-api.yaml b/file/keys/mailgun-api.yaml new file mode 100644 index 0000000000..917fb270c0 --- /dev/null +++ b/file/keys/mailgun-api.yaml @@ -0,0 +1,16 @@ +id: mailgun-api-key + +info: + name: Mailgun API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "key-[0-9a-zA-Z]{32}" \ No newline at end of file diff --git a/file/keys/paypal-braintree-token.yaml b/file/keys/paypal-braintree-token.yaml new file mode 100644 index 0000000000..53cbc3564c --- /dev/null +++ b/file/keys/paypal-braintree-token.yaml @@ -0,0 +1,16 @@ +id: paypal-braintree-token + +info: + name: Paypal Braintree Access Token + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" \ No newline at end of file diff --git a/file/keys/pictatic-api-key.yaml b/file/keys/pictatic-api-key.yaml new file mode 100644 index 0000000000..ec20f07569 --- /dev/null +++ b/file/keys/pictatic-api-key.yaml @@ -0,0 +1,16 @@ +id: pictatic-api-key + +info: + name: Pictatic API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "sk_live_[0-9a-z]{32}" \ No newline at end of file diff --git a/file/keys/private-key.yaml b/file/keys/private-key.yaml new file mode 100644 index 0000000000..7149e7400e --- /dev/null +++ b/file/keys/private-key.yaml @@ -0,0 +1,22 @@ +id: private-key + +info: + name: Private Key Detect + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "\"BEGIN OPENSSH PRIVATE KEY\"" + - "\"BEGIN PRIVATE KEY\"" + - "\"BEGIN RSA PRIVATE KEY\"" + - "\"BEGIN DSA PRIVATE KEY\"" + - "\"BEGIN EC PRIVATE KEY\"" + - "\"BEGIN PGP PRIVATE KEY BLOCK\"" + - "\"ssh-rsa\"" \ No newline at end of file diff --git a/file/keys/s3-bucket.yaml b/file/keys/s3-bucket.yaml new file mode 100644 index 0000000000..2451b6f9a6 --- /dev/null +++ b/file/keys/s3-bucket.yaml @@ -0,0 +1,20 @@ +id: s3-bucket + +info: + name: S3 Bucket Detect + author: gaurang + severity: info + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[a-z0-9.-]+\\.s3\\.amazonaws\\.com" + - "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com" + - "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)" + - "//s3\\.amazonaws\\.com/[a-z0-9._-]+" + - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" \ No newline at end of file diff --git a/file/keys/sendgrid-api.yaml b/file/keys/sendgrid-api.yaml new file mode 100644 index 0000000000..cf01b33d17 --- /dev/null +++ b/file/keys/sendgrid-api.yaml @@ -0,0 +1,16 @@ +id: sendgrid-api-key + +info: + name: Sendgrid API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" \ No newline at end of file diff --git a/file/keys/shopify-custom-token.yaml b/file/keys/shopify-custom-token.yaml new file mode 100644 index 0000000000..fbdd23d61d --- /dev/null +++ b/file/keys/shopify-custom-token.yaml @@ -0,0 +1,16 @@ +id: shopify-custom-token + +info: + name: Shopify Custom App Access Token + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shpca_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/shopify-private-token.yaml b/file/keys/shopify-private-token.yaml new file mode 100644 index 0000000000..7e308d71f9 --- /dev/null +++ b/file/keys/shopify-private-token.yaml @@ -0,0 +1,16 @@ +id: shopify-private-token + +info: + name: Shopify Private App Access Token + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shppa_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/shopify-shared-secret.yaml b/file/keys/shopify-shared-secret.yaml new file mode 100644 index 0000000000..8121c35d82 --- /dev/null +++ b/file/keys/shopify-shared-secret.yaml @@ -0,0 +1,16 @@ +id: shopify-shared-secret + +info: + name: Shopify Shared Secret + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shpss_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/shopify-token.yaml b/file/keys/shopify-token.yaml new file mode 100644 index 0000000000..a60878623e --- /dev/null +++ b/file/keys/shopify-token.yaml @@ -0,0 +1,16 @@ +id: shopify-access-token + +info: + name: Shopify Access Token + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shpat_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/file/keys/slack-api.yaml b/file/keys/slack-api.yaml new file mode 100644 index 0000000000..96801a34e1 --- /dev/null +++ b/file/keys/slack-api.yaml @@ -0,0 +1,16 @@ +id: slack-api + +info: + name: Slack API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "xox[baprs]-([0-9a-zA-Z]{10,48})?" \ No newline at end of file diff --git a/file/keys/slack-webhook.yaml b/file/keys/slack-webhook.yaml new file mode 100644 index 0000000000..1e5fb65a52 --- /dev/null +++ b/file/keys/slack-webhook.yaml @@ -0,0 +1,16 @@ +id: slack-webhook + +info: + name: Slack Webhook + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}" \ No newline at end of file diff --git a/file/keys/square-access-token.yaml b/file/keys/square-access-token.yaml new file mode 100644 index 0000000000..5c328ad039 --- /dev/null +++ b/file/keys/square-access-token.yaml @@ -0,0 +1,16 @@ +id: square-access-token + +info: + name: Square Accesss Token + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "sq0atp-[0-9A-Za-z\\-_]{22}" \ No newline at end of file diff --git a/file/keys/square-oauth-secret.yaml b/file/keys/square-oauth-secret.yaml new file mode 100644 index 0000000000..e32fa9237a --- /dev/null +++ b/file/keys/square-oauth-secret.yaml @@ -0,0 +1,16 @@ +id: square-oauth-secret + +info: + name: Square OAuth Secret + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "sq0csp-[0-9A-Za-z\\-_]{43}" \ No newline at end of file diff --git a/file/keys/stripe-api-key.yaml b/file/keys/stripe-api-key.yaml new file mode 100644 index 0000000000..64fe34bfcc --- /dev/null +++ b/file/keys/stripe-api-key.yaml @@ -0,0 +1,16 @@ +id: stripe-api-key + +info: + name: Stripe API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" \ No newline at end of file diff --git a/file/keys/twilio-api.yaml b/file/keys/twilio-api.yaml new file mode 100644 index 0000000000..9895746a8a --- /dev/null +++ b/file/keys/twilio-api.yaml @@ -0,0 +1,16 @@ +id: twilio-api + +info: + name: Twilio API Key + author: gaurang + severity: high + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" \ No newline at end of file diff --git a/file/keys/twitter-secret.yaml b/file/keys/twitter-secret.yaml new file mode 100644 index 0000000000..546834c131 --- /dev/null +++ b/file/keys/twitter-secret.yaml @@ -0,0 +1,16 @@ +id: twitter-secret + +info: + name: Twitter Secret + author: gaurang + severity: medium + tags: token,file + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" \ No newline at end of file