From 8b6c7da916c2e7f990079b68aa71c5edc1fd4e4c Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Thu, 4 May 2023 13:36:23 -0400
Subject: [PATCH] Enhancement: file/keys/credential-exposure.yaml by md

---
 file/keys/credential-exposure.yaml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/file/keys/credential-exposure.yaml b/file/keys/credential-exposure.yaml
index 7ff73aca3a..1af52113c1 100644
--- a/file/keys/credential-exposure.yaml
+++ b/file/keys/credential-exposure.yaml
@@ -1,6 +1,13 @@
 id: credentials-disclosure-file
 
-# Extract secrets regex like api keys, password, token, etc ... for different services
+info:
+  name: Credentials Disclosure Check
+  author: Sy3Omda,geeknik,forgedhallpass,ayadi
+  severity: unknown
+  description: Check for multiple keys/tokens/passwords hidden inside of files.
+  tags: exposure,token,file,disclosure
+
+# Extract secrets regex like api keys, password, token, etc ... for different services.
 # Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
 # Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
 # Regex count:- 687
@@ -9,14 +16,6 @@ id: credentials-disclosure-file
 # This template requires manual inspection once found valid match.
 # Generic token could be anything matching below regex.
 # Impact of leaked token depends on validation of leaked token.
-
-info:
-  name: Credentials Disclosure Check
-  author: Sy3Omda,geeknik,forgedhallpass,ayadi
-  severity: unknown
-  description: Look for multiple keys/tokens/passwords hidden inside of files.
-  tags: exposure,token,file,disclosure
-
 # The regexes are copied from exposures/tokens/generic/credentials-disclosure.yaml
 # TODO After https://github.com/projectdiscovery/nuclei/issues/1510 is implemented, we should be able to re-use them, instead of duplicating
 # Example cases to match against: https://regex101.com/r/HPtaU2/1
@@ -719,3 +718,5 @@ file:
           - "(?i)[\"']?access[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?"
           - "(?i)[\"']?access[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?"
           - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+"
+
+# Enhanced by md on 2023/05/04