From 7e193f72472c37e9c2543cc01117d4ae4c1d1871 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 4 Jul 2023 14:39:14 +0530 Subject: [PATCH] 20 New Templates --- file/keys/adafruit-key.yaml | 22 +++++++++++++++++ file/keys/adobe/adobe-client.yaml | 22 +++++++++++++++++ file/keys/{ => adobe}/adobe-secret.yaml | 0 file/keys/airtable-key.yaml | 22 +++++++++++++++++ file/keys/algolia-key.yaml | 22 +++++++++++++++++ file/keys/alibaba/alibaba-key-id.yaml | 22 +++++++++++++++++ file/keys/alibaba/alibaba-secret-id.yaml | 22 +++++++++++++++++ file/keys/asana/asana-clientid.yaml | 22 +++++++++++++++++ file/keys/asana/asana-clientsecret.yaml | 22 +++++++++++++++++ file/keys/atlassian/atlassian-api-token.yaml | 22 +++++++++++++++++ .../tokens/adafruit/adafruit-api-key.yaml | 24 +++++++++++++++++++ .../tokens/adobe/adobe-client-id.yaml | 24 +++++++++++++++++++ .../tokens/airtable/airtable-api-key.yaml | 24 +++++++++++++++++++ .../tokens/algolia/algolia-api-key.yaml | 24 +++++++++++++++++++ .../tokens/alibaba/alibaba-accesskey-id.yaml | 24 +++++++++++++++++++ .../tokens/alibaba/alibaba-secretkey-id.yaml | 24 +++++++++++++++++++ .../tokens/asana/asana-client-id.yaml | 24 +++++++++++++++++++ .../tokens/asana/asana-client-secret.yaml | 24 +++++++++++++++++++ http/exposures/tokens/atlassian-token.yaml | 24 +++++++++++++++++++ 19 files changed, 414 insertions(+) create mode 100644 file/keys/adafruit-key.yaml create mode 100644 file/keys/adobe/adobe-client.yaml rename file/keys/{ => adobe}/adobe-secret.yaml (100%) create mode 100644 file/keys/airtable-key.yaml create mode 100644 file/keys/algolia-key.yaml create mode 100644 file/keys/alibaba/alibaba-key-id.yaml create mode 100644 file/keys/alibaba/alibaba-secret-id.yaml create mode 100644 file/keys/asana/asana-clientid.yaml create mode 100644 file/keys/asana/asana-clientsecret.yaml create mode 100644 file/keys/atlassian/atlassian-api-token.yaml create mode 100644 http/exposures/tokens/adafruit/adafruit-api-key.yaml create mode 100644 http/exposures/tokens/adobe/adobe-client-id.yaml create mode 100644 http/exposures/tokens/airtable/airtable-api-key.yaml create mode 100644 http/exposures/tokens/algolia/algolia-api-key.yaml create mode 100644 http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml create mode 100644 http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml create mode 100644 http/exposures/tokens/asana/asana-client-id.yaml create mode 100644 http/exposures/tokens/asana/asana-client-secret.yaml create mode 100644 http/exposures/tokens/atlassian-token.yaml diff --git a/file/keys/adafruit-key.yaml b/file/keys/adafruit-key.yaml new file mode 100644 index 0000000000..efd9a38d4d --- /dev/null +++ b/file/keys/adafruit-key.yaml @@ -0,0 +1,22 @@ +id: adafruit-key + +info: + name: Adafruit API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.go + metadata: + verified: true + tags: adafruit,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/adobe/adobe-client.yaml b/file/keys/adobe/adobe-client.yaml new file mode 100644 index 0000000000..c8647bfc99 --- /dev/null +++ b/file/keys/adobe/adobe-client.yaml @@ -0,0 +1,22 @@ +id: adobe-client + +info: + name: Adobe Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.go + metadata: + verified: true + tags: adobe,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/adobe-secret.yaml b/file/keys/adobe/adobe-secret.yaml similarity index 100% rename from file/keys/adobe-secret.yaml rename to file/keys/adobe/adobe-secret.yaml diff --git a/file/keys/airtable-key.yaml b/file/keys/airtable-key.yaml new file mode 100644 index 0000000000..20c3eb5596 --- /dev/null +++ b/file/keys/airtable-key.yaml @@ -0,0 +1,22 @@ +id: airtable-key + +info: + name: Airtable API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.go + metadata: + verified: true + tags: airtable,file,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/algolia-key.yaml b/file/keys/algolia-key.yaml new file mode 100644 index 0000000000..7724867bb5 --- /dev/null +++ b/file/keys/algolia-key.yaml @@ -0,0 +1,22 @@ +id: algolia-key + +info: + name: Algolia API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.go + metadata: + verified: true + tags: algolia,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/alibaba/alibaba-key-id.yaml b/file/keys/alibaba/alibaba-key-id.yaml new file mode 100644 index 0000000000..faeed4e86a --- /dev/null +++ b/file/keys/alibaba/alibaba-key-id.yaml @@ -0,0 +1,22 @@ +id: alibaba-key-id + +info: + name: Alibaba Access Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.go + metadata: + verified: true + tags: alibaba,access,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/alibaba/alibaba-secret-id.yaml b/file/keys/alibaba/alibaba-secret-id.yaml new file mode 100644 index 0000000000..9324354baf --- /dev/null +++ b/file/keys/alibaba/alibaba-secret-id.yaml @@ -0,0 +1,22 @@ +id: alibaba-secret-id + +info: + name: Alibaba Secret Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.go + metadata: + verified: true + tags: alibaba,secret,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/asana/asana-clientid.yaml b/file/keys/asana/asana-clientid.yaml new file mode 100644 index 0000000000..62c4909718 --- /dev/null +++ b/file/keys/asana/asana-clientid.yaml @@ -0,0 +1,22 @@ +id: asana-clientid + +info: + name: Asana Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.yaml + metadata: + verified: true + tags: asana,client,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/asana/asana-clientsecret.yaml b/file/keys/asana/asana-clientsecret.yaml new file mode 100644 index 0000000000..fa63975189 --- /dev/null +++ b/file/keys/asana/asana-clientsecret.yaml @@ -0,0 +1,22 @@ +id: asana-clientsecret + +info: + name: Asana Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.yaml + metadata: + verified: true + tags: asana,client,file,keys,secret + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/file/keys/atlassian/atlassian-api-token.yaml b/file/keys/atlassian/atlassian-api-token.yaml new file mode 100644 index 0000000000..7b9af43161 --- /dev/null +++ b/file/keys/atlassian/atlassian-api-token.yaml @@ -0,0 +1,22 @@ +id: atlassian-api-token + +info: + name: Atlassian API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.yaml + metadata: + verified: true + tags: atlassian,file,token,api + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/adafruit/adafruit-api-key.yaml b/http/exposures/tokens/adafruit/adafruit-api-key.yaml new file mode 100644 index 0000000000..23d0721e95 --- /dev/null +++ b/http/exposures/tokens/adafruit/adafruit-api-key.yaml @@ -0,0 +1,24 @@ +id: adafruit-api-key + +info: + name: Adafruit API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.go + metadata: + max-request: 1 + verified: true + tags: adafruit,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/adobe/adobe-client-id.yaml b/http/exposures/tokens/adobe/adobe-client-id.yaml new file mode 100644 index 0000000000..94b313aea4 --- /dev/null +++ b/http/exposures/tokens/adobe/adobe-client-id.yaml @@ -0,0 +1,24 @@ +id: adobe-client-id + +info: + name: Adobe Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.go + metadata: + verified: true + max-request: 1 + tags: adobe,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/airtable/airtable-api-key.yaml b/http/exposures/tokens/airtable/airtable-api-key.yaml new file mode 100644 index 0000000000..a24d23940b --- /dev/null +++ b/http/exposures/tokens/airtable/airtable-api-key.yaml @@ -0,0 +1,24 @@ +id: airtable-api-key + +info: + name: Airtable API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.go + metadata: + verified: true + max-request: 1 + tags: airtable,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/algolia/algolia-api-key.yaml b/http/exposures/tokens/algolia/algolia-api-key.yaml new file mode 100644 index 0000000000..5730442639 --- /dev/null +++ b/http/exposures/tokens/algolia/algolia-api-key.yaml @@ -0,0 +1,24 @@ +id: algolia-api-key + +info: + name: Algolia API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.go + metadata: + max-request: 1 + verified: true + tags: algolia,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml b/http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml new file mode 100644 index 0000000000..2f24f2c263 --- /dev/null +++ b/http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml @@ -0,0 +1,24 @@ +id: alibaba-accesskey-id + +info: + name: Alibaba Access Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.go + metadata: + max-request: 1 + verified: true + tags: alibaba,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml b/http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml new file mode 100644 index 0000000000..a60e6e5a68 --- /dev/null +++ b/http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml @@ -0,0 +1,24 @@ +id: alibaba-secretkey-id + +info: + name: Alibaba Secret Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.yaml + metadata: + max-request: 1 + verified: true + tags: alibaba,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/asana/asana-client-id.yaml b/http/exposures/tokens/asana/asana-client-id.yaml new file mode 100644 index 0000000000..de4dd4f421 --- /dev/null +++ b/http/exposures/tokens/asana/asana-client-id.yaml @@ -0,0 +1,24 @@ +id: asana-client-id + +info: + name: Asana Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.yaml + metadata: + max-request: 1 + verified: true + tags: asana,exposure,tokens,secret + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/asana/asana-client-secret.yaml b/http/exposures/tokens/asana/asana-client-secret.yaml new file mode 100644 index 0000000000..05257645b7 --- /dev/null +++ b/http/exposures/tokens/asana/asana-client-secret.yaml @@ -0,0 +1,24 @@ +id: asana-client-secret + +info: + name: Asana Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.yaml + metadata: + max-request: 1 + verified: true + tags: asana,exposure,tokens,secret + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file diff --git a/http/exposures/tokens/atlassian-token.yaml b/http/exposures/tokens/atlassian-token.yaml new file mode 100644 index 0000000000..e6255bf3e6 --- /dev/null +++ b/http/exposures/tokens/atlassian-token.yaml @@ -0,0 +1,24 @@ +id: atlassian-token + +info: + name: Atlassian API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.go + metadata: + max-request: 1 + verified: true + tags: atlassian,exposure,tokens + +http: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) \ No newline at end of file