From 15cc9d41e804bc5a63fbab65b514338d4a8f92a5 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Sun, 5 Apr 2020 22:01:24 +0200
Subject: [PATCH] AWS and Google API keys leak

---
 tokens/aws-access-key-value.yaml | 21 +++++++++++++++++++++
 tokens/google-cloud-api-key.yaml | 21 +++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100755 tokens/aws-access-key-value.yaml
 create mode 100755 tokens/google-cloud-api-key.yaml

diff --git a/tokens/aws-access-key-value.yaml b/tokens/aws-access-key-value.yaml
new file mode 100755
index 0000000000..0e4df1af8a
--- /dev/null
+++ b/tokens/aws-access-key-value.yaml
@@ -0,0 +1,21 @@
+id: aws-access-key-value
+
+info:
+  name: AWS Access Key ID Value
+  author: Swissky
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
\ No newline at end of file
diff --git a/tokens/google-cloud-api-key.yaml b/tokens/google-cloud-api-key.yaml
new file mode 100755
index 0000000000..7bc0ba1c63
--- /dev/null
+++ b/tokens/google-cloud-api-key.yaml
@@ -0,0 +1,21 @@
+id: google-cloud-api-key
+
+info:
+  name: Google Cloud API Key
+  author: Swissky
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "AIza[0-9A-Za-z\\-_]{35}"
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "AIza[0-9A-Za-z\\-_]{35}"
\ No newline at end of file