From 94ebcb0b67138e02a0bbfb81d146ba1ea2d97ae9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Tue, 7 Mar 2023 15:10:29 +0530 Subject: [PATCH] Added New Token Templates --- exposures/tokens/age/age-secret-key.yaml | 24 +++++++++++++++++ exposures/tokens/amazon/aws-account-id.yaml | 22 ++++++++++++++++ exposures/tokens/amazon/aws-api-key.yaml | 26 +++++++++++++++++++ .../tokens/amazon/aws-session-token.yaml | 22 ++++++++++++++++ .../tokens/codeclimate/codeclimate-token.yaml | 23 ++++++++++++++++ exposures/tokens/crates/crates-api-key.yaml | 24 +++++++++++++++++ .../tokens/dynatrace/dynatrace-token.yaml | 22 ++++++++++++++++ .../facebook/facebook-access-token.yaml | 23 ++++++++++++++++ exposures/tokens/github/github-app-token.yaml | 25 ++++++++++++++++++ .../tokens/github/github-oauth-token.yaml | 25 ++++++++++++++++++ .../tokens/github/github-personal-token.yaml | 25 ++++++++++++++++++ .../tokens/github/github-refresh-token.yaml | 25 ++++++++++++++++++ .../tokens/gitlab/gitlab-personal-token.yaml | 23 ++++++++++++++++ .../tokens/gitlab/gitlab-pipeline-token.yaml | 25 ++++++++++++++++++ .../tokens/gitlab/gitlab-runner-token.yaml | 25 ++++++++++++++++++ exposures/tokens/google/google-client-id.yaml | 22 ++++++++++++++++ .../tokens/google/google-oauth-prefixed.yaml | 22 ++++++++++++++++ exposures/tokens/heroku/heroku-api-key.yaml | 23 ++++++++++++++++ .../tokens/jenkins/jenkins-crumb-token.yaml | 24 +++++++++++++++++ exposures/tokens/mailgun/mailgun-api-key.yaml | 23 ++++++++++++++++ .../newrelic/newrelic-pixie-api-key.yaml | 23 ++++++++++++++++ .../newrelic/newrelic-pixie-deploy-key.yaml | 23 ++++++++++++++++ exposures/tokens/npm/npm-access-token.yaml | 25 ++++++++++++++++++ exposures/tokens/nuget/nuget-api-key.yaml | 23 ++++++++++++++++ exposures/tokens/openai/openai-api-key.yaml | 24 +++++++++++++++++ exposures/tokens/pypi/pypi-upload-token.yaml | 24 +++++++++++++++++ exposures/tokens/ruby/rubygems-api-key.yaml | 24 +++++++++++++++++ exposures/tokens/sauce/sauce-token.yaml | 22 ++++++++++++++++ .../tokens/segment/segment-public-token.yaml | 24 +++++++++++++++++ .../tokens/shopify/shopify-app-secret.yaml | 24 +++++++++++++++++ .../tokens/shopify/shopify-custom-token.yaml | 24 +++++++++++++++++ .../tokens/shopify/shopify-private-token.yaml | 24 +++++++++++++++++ .../tokens/shopify/shopify-public-token.yaml | 24 +++++++++++++++++ .../tokens/square/square-access-token.yaml | 22 ++++++++++++++++ .../tokens/square/square-oauth-secret.yaml | 22 ++++++++++++++++ .../tokens/stackhawk/stackhawk-api-key.yaml | 22 ++++++++++++++++ .../tokens/telegram/telegram-bot-token.yaml | 24 +++++++++++++++++ exposures/tokens/twilio/twilio-api-key.yaml | 22 ++++++++++++++++ 38 files changed, 893 insertions(+) create mode 100644 exposures/tokens/age/age-secret-key.yaml create mode 100644 exposures/tokens/amazon/aws-account-id.yaml create mode 100644 exposures/tokens/amazon/aws-api-key.yaml create mode 100644 exposures/tokens/amazon/aws-session-token.yaml create mode 100644 exposures/tokens/codeclimate/codeclimate-token.yaml create mode 100644 exposures/tokens/crates/crates-api-key.yaml create mode 100644 exposures/tokens/dynatrace/dynatrace-token.yaml create mode 100644 exposures/tokens/facebook/facebook-access-token.yaml create mode 100644 exposures/tokens/github/github-app-token.yaml create mode 100644 exposures/tokens/github/github-oauth-token.yaml create mode 100644 exposures/tokens/github/github-personal-token.yaml create mode 100644 exposures/tokens/github/github-refresh-token.yaml create mode 100644 exposures/tokens/gitlab/gitlab-personal-token.yaml create mode 100644 exposures/tokens/gitlab/gitlab-pipeline-token.yaml create mode 100644 exposures/tokens/gitlab/gitlab-runner-token.yaml create mode 100644 exposures/tokens/google/google-client-id.yaml create mode 100644 exposures/tokens/google/google-oauth-prefixed.yaml create mode 100644 exposures/tokens/heroku/heroku-api-key.yaml create mode 100644 exposures/tokens/jenkins/jenkins-crumb-token.yaml create mode 100644 exposures/tokens/mailgun/mailgun-api-key.yaml create mode 100644 exposures/tokens/newrelic/newrelic-pixie-api-key.yaml create mode 100644 exposures/tokens/newrelic/newrelic-pixie-deploy-key.yaml create mode 100644 exposures/tokens/npm/npm-access-token.yaml create mode 100644 exposures/tokens/nuget/nuget-api-key.yaml create mode 100644 exposures/tokens/openai/openai-api-key.yaml create mode 100644 exposures/tokens/pypi/pypi-upload-token.yaml create mode 100644 exposures/tokens/ruby/rubygems-api-key.yaml create mode 100644 exposures/tokens/sauce/sauce-token.yaml create mode 100644 exposures/tokens/segment/segment-public-token.yaml create mode 100644 exposures/tokens/shopify/shopify-app-secret.yaml create mode 100644 exposures/tokens/shopify/shopify-custom-token.yaml create mode 100644 exposures/tokens/shopify/shopify-private-token.yaml create mode 100644 exposures/tokens/shopify/shopify-public-token.yaml create mode 100644 exposures/tokens/square/square-access-token.yaml create mode 100644 exposures/tokens/square/square-oauth-secret.yaml create mode 100644 exposures/tokens/stackhawk/stackhawk-api-key.yaml create mode 100644 exposures/tokens/telegram/telegram-bot-token.yaml create mode 100644 exposures/tokens/twilio/twilio-api-key.yaml diff --git a/exposures/tokens/age/age-secret-key.yaml b/exposures/tokens/age/age-secret-key.yaml new file mode 100644 index 0000000000..5b8d050314 --- /dev/null +++ b/exposures/tokens/age/age-secret-key.yaml @@ -0,0 +1,24 @@ +id: age-secret-key + +info: + name: Age Identity (X22519 secret key) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/age.yml + - https://github.com/FiloSottile/age/blob/main/doc/age.1.html + - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type + metadata: + verified: "true" + tags: age-encryption,exposure,tokens + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b' \ No newline at end of file diff --git a/exposures/tokens/amazon/aws-account-id.yaml b/exposures/tokens/amazon/aws-account-id.yaml new file mode 100644 index 0000000000..6ad5b5abc0 --- /dev/null +++ b/exposures/tokens/amazon/aws-account-id.yaml @@ -0,0 +1,22 @@ +id: aws-account-id + +info: + name: AWS Account ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + metadata: + verified: "true" + tags: aws,amazon,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})' \ No newline at end of file diff --git a/exposures/tokens/amazon/aws-api-key.yaml b/exposures/tokens/amazon/aws-api-key.yaml new file mode 100644 index 0000000000..ecab74e335 --- /dev/null +++ b/exposures/tokens/amazon/aws-api-key.yaml @@ -0,0 +1,26 @@ +id: aws-api-key + +info: + name: AWS API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + - https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html + - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html + - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html + - https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html + metadata: + verified: "true" + tags: aws,amazon,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b((?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})\b' \ No newline at end of file diff --git a/exposures/tokens/amazon/aws-session-token.yaml b/exposures/tokens/amazon/aws-session-token.yaml new file mode 100644 index 0000000000..9acae43e57 --- /dev/null +++ b/exposures/tokens/amazon/aws-session-token.yaml @@ -0,0 +1,22 @@ +id: aws-session-token + +info: + name: AWS Session Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + metadata: + verified: "true" + tags: aws,amazon,token,exposure,session + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]' \ No newline at end of file diff --git a/exposures/tokens/codeclimate/codeclimate-token.yaml b/exposures/tokens/codeclimate/codeclimate-token.yaml new file mode 100644 index 0000000000..d3afd83f19 --- /dev/null +++ b/exposures/tokens/codeclimate/codeclimate-token.yaml @@ -0,0 +1,23 @@ +id: codeclimate-token + +info: + name: CodeClimate Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/codeclimate.yml + - https://github.com/codeclimate/ruby-test-reporter/issues/34 + metadata: + verified: "true" + tags: codeclimate,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)codeclima.{0,50}\b([a-f0-9]{64})\b' \ No newline at end of file diff --git a/exposures/tokens/crates/crates-api-key.yaml b/exposures/tokens/crates/crates-api-key.yaml new file mode 100644 index 0000000000..180f87cf2c --- /dev/null +++ b/exposures/tokens/crates/crates-api-key.yaml @@ -0,0 +1,24 @@ +id: crates-api-key + +info: + name: Crates.io API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/crates.io.yml + - https://crates.io/data-access + - https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs + metadata: + verified: "true" + tags: crates,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\bcio[a-zA-Z0-9]{32}\b' \ No newline at end of file diff --git a/exposures/tokens/dynatrace/dynatrace-token.yaml b/exposures/tokens/dynatrace/dynatrace-token.yaml new file mode 100644 index 0000000000..5cac54b5aa --- /dev/null +++ b/exposures/tokens/dynatrace/dynatrace-token.yaml @@ -0,0 +1,22 @@ +id: dynatrace-token + +info: + name: Dynatrace Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/dynatrace.yml + metadata: + verified: "true" + tags: dynatrace,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})\b' \ No newline at end of file diff --git a/exposures/tokens/facebook/facebook-access-token.yaml b/exposures/tokens/facebook/facebook-access-token.yaml new file mode 100644 index 0000000000..ee107e41f1 --- /dev/null +++ b/exposures/tokens/facebook/facebook-access-token.yaml @@ -0,0 +1,23 @@ +id: facebook-access-token + +info: + name: Facebook Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/facebook.yml + - https://developers.facebook.com/docs/facebook-login/access-tokens/ + metadata: + verified: "true" + tags: facebook,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b' \ No newline at end of file diff --git a/exposures/tokens/github/github-app-token.yaml b/exposures/tokens/github/github-app-token.yaml new file mode 100644 index 0000000000..fbd68d0440 --- /dev/null +++ b/exposures/tokens/github/github-app-token.yaml @@ -0,0 +1,25 @@ +id: github-app-token + +info: + name: GitHub App Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/github.yml + - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github + - https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps + - https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ + metadata: + verified: "true" + tags: github,app,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b' \ No newline at end of file diff --git a/exposures/tokens/github/github-oauth-token.yaml b/exposures/tokens/github/github-oauth-token.yaml new file mode 100644 index 0000000000..0a353d840e --- /dev/null +++ b/exposures/tokens/github/github-oauth-token.yaml @@ -0,0 +1,25 @@ +id: github-oauth-token + +info: + name: GitHub OAuth Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/github.yml + - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github + - https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps + - https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ + metadata: + verified: "true" + tags: github,oauth,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(gho_[a-zA-Z0-9]{36})\b' \ No newline at end of file diff --git a/exposures/tokens/github/github-personal-token.yaml b/exposures/tokens/github/github-personal-token.yaml new file mode 100644 index 0000000000..f8d579ead6 --- /dev/null +++ b/exposures/tokens/github/github-personal-token.yaml @@ -0,0 +1,25 @@ +id: github-personal-token + +info: + name: GitHub Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/github.yml + - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github + - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token + - https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ + metadata: + verified: "true" + tags: github,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(ghp_[a-zA-Z0-9]{36})\b' \ No newline at end of file diff --git a/exposures/tokens/github/github-refresh-token.yaml b/exposures/tokens/github/github-refresh-token.yaml new file mode 100644 index 0000000000..4e2aaeb861 --- /dev/null +++ b/exposures/tokens/github/github-refresh-token.yaml @@ -0,0 +1,25 @@ +id: github-refresh-token + +info: + name: GitHub Refresh Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/github.yml + - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github + - https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps + - https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ + metadata: + verified: "true" + tags: github,refresh,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(ghr_[a-zA-Z0-9]{76})\b' \ No newline at end of file diff --git a/exposures/tokens/gitlab/gitlab-personal-token.yaml b/exposures/tokens/gitlab/gitlab-personal-token.yaml new file mode 100644 index 0000000000..6775725742 --- /dev/null +++ b/exposures/tokens/gitlab/gitlab-personal-token.yaml @@ -0,0 +1,23 @@ +id: gitlab-personal-token + +info: + name: GitLab Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/gitlab.yml + - https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html + metadata: + verified: "true" + tags: gitlab,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)' \ No newline at end of file diff --git a/exposures/tokens/gitlab/gitlab-pipeline-token.yaml b/exposures/tokens/gitlab/gitlab-pipeline-token.yaml new file mode 100644 index 0000000000..aa7f4e533d --- /dev/null +++ b/exposures/tokens/gitlab/gitlab-pipeline-token.yaml @@ -0,0 +1,25 @@ +id: gitlab-pipeline-token + +info: + name: GitLab Pipeline Trigger Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/gitlab.yml + - https://docs.gitlab.com/ee/ci/triggers/ + - https://gitlab.com/gitlab-org/gitlab/-/issues/371396 + - https://gitlab.com/gitlab-org/gitlab/-/issues/388379 + metadata: + verified: "true" + tags: gitlab,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(glptt-[0-9a-f]{40})\b' \ No newline at end of file diff --git a/exposures/tokens/gitlab/gitlab-runner-token.yaml b/exposures/tokens/gitlab/gitlab-runner-token.yaml new file mode 100644 index 0000000000..da2574b8b7 --- /dev/null +++ b/exposures/tokens/gitlab/gitlab-runner-token.yaml @@ -0,0 +1,25 @@ +id: gitlab-runner-token + +info: + name: GitLab Runner Registration Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/gitlab.yml + - https://docs.gitlab.com/runner/security/ + - https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens-deprecated + - https://docs.gitlab.com/ee/security/token_overview.html#security-considerations + metadata: + verified: "true" + tags: gitlab,runner,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)' \ No newline at end of file diff --git a/exposures/tokens/google/google-client-id.yaml b/exposures/tokens/google/google-client-id.yaml new file mode 100644 index 0000000000..9d664d9d28 --- /dev/null +++ b/exposures/tokens/google/google-client-id.yaml @@ -0,0 +1,22 @@ +id: google-client-id + +info: + name: Google Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/google.yml + metadata: + verified: "true" + tags: google,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com' \ No newline at end of file diff --git a/exposures/tokens/google/google-oauth-prefixed.yaml b/exposures/tokens/google/google-oauth-prefixed.yaml new file mode 100644 index 0000000000..1b1f67deaf --- /dev/null +++ b/exposures/tokens/google/google-oauth-prefixed.yaml @@ -0,0 +1,22 @@ +id: google-oauth-prefixed + +info: + name: Google OAuth Client Secret (prefixed) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/google.yml + metadata: + verified: "true" + tags: google,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(GOCSPX-[a-zA-Z0-9_-]{28})' \ No newline at end of file diff --git a/exposures/tokens/heroku/heroku-api-key.yaml b/exposures/tokens/heroku/heroku-api-key.yaml new file mode 100644 index 0000000000..855e044bd4 --- /dev/null +++ b/exposures/tokens/heroku/heroku-api-key.yaml @@ -0,0 +1,23 @@ +id: heroku-api-key + +info: + name: Heroku API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/heroku.yml + - https://devcenter.heroku.com/articles/authentication + metadata: + verified: "true" + tags: heroku,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b' \ No newline at end of file diff --git a/exposures/tokens/jenkins/jenkins-crumb-token.yaml b/exposures/tokens/jenkins/jenkins-crumb-token.yaml new file mode 100644 index 0000000000..8d6ca8f90b --- /dev/null +++ b/exposures/tokens/jenkins/jenkins-crumb-token.yaml @@ -0,0 +1,24 @@ +id: jenkins-crumb-token + +info: + name: Jenkins Token or Crumb + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/jenkins.yml + - https://www.jenkins.io/blog/2018/07/02/new-api-token-system/ + - https://www.jenkins.io/doc/book/security/csrf-protection/ + metadata: + verified: "true" + tags: jenkins,crumb,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b' \ No newline at end of file diff --git a/exposures/tokens/mailgun/mailgun-api-key.yaml b/exposures/tokens/mailgun/mailgun-api-key.yaml new file mode 100644 index 0000000000..2af43558c1 --- /dev/null +++ b/exposures/tokens/mailgun/mailgun-api-key.yaml @@ -0,0 +1,23 @@ +id: mailgun-api-key + +info: + name: Mailgun API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/mailgun.yml + - https://documentation.mailgun.com/en/latest/api-intro.html#authentication-1 + metadata: + verified: "true" + tags: mailgun,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)(?:mailgun|mg).{0,20}key-([a-z0-9]{32})\b' \ No newline at end of file diff --git a/exposures/tokens/newrelic/newrelic-pixie-api-key.yaml b/exposures/tokens/newrelic/newrelic-pixie-api-key.yaml new file mode 100644 index 0000000000..239962489f --- /dev/null +++ b/exposures/tokens/newrelic/newrelic-pixie-api-key.yaml @@ -0,0 +1,23 @@ +id: newrelic-pixie-api-key + +info: + name: New Relic Pixie API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/newrelic.yml + - https://docs.px.dev/reference/admin/api-keys/ + metadata: + verified: "true" + tags: newrelic,pixie,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(px-api-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" \ No newline at end of file diff --git a/exposures/tokens/newrelic/newrelic-pixie-deploy-key.yaml b/exposures/tokens/newrelic/newrelic-pixie-deploy-key.yaml new file mode 100644 index 0000000000..9a63bd827b --- /dev/null +++ b/exposures/tokens/newrelic/newrelic-pixie-deploy-key.yaml @@ -0,0 +1,23 @@ +id: newrelic-pixie-deploy-key + +info: + name: New Relic Pixie Deploy Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/newrelic.yml + - https://docs.px.dev/reference/admin/api-keys/ + metadata: + verified: "true" + tags: newrelic,pixie,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(px-dep-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" \ No newline at end of file diff --git a/exposures/tokens/npm/npm-access-token.yaml b/exposures/tokens/npm/npm-access-token.yaml new file mode 100644 index 0000000000..a80c7851ac --- /dev/null +++ b/exposures/tokens/npm/npm-access-token.yaml @@ -0,0 +1,25 @@ +id: npm-access-token + +info: + name: NPM Access Token (fine-grained) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/npm.yml + - https://docs.npmjs.com/about-access-tokens + - https://github.com/github/roadmap/issues/557 + - https://github.blog/changelog/2022-12-06-limit-scope-of-npm-tokens-with-the-new-granular-access-tokens/ + metadata: + verified: "true" + tags: npm,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(npm_[A-Za-z0-9]{36})" \ No newline at end of file diff --git a/exposures/tokens/nuget/nuget-api-key.yaml b/exposures/tokens/nuget/nuget-api-key.yaml new file mode 100644 index 0000000000..3b11e7a758 --- /dev/null +++ b/exposures/tokens/nuget/nuget-api-key.yaml @@ -0,0 +1,23 @@ +id: nuget-api-key + +info: + name: NuGet API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/nuget.yml + - https://docs.microsoft.com/en-us/nuget/nuget-org/publish-a-package#create-api-keys + metadata: + verified: "true" + tags: nuget,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(oy2[a-z0-9]{43})" \ No newline at end of file diff --git a/exposures/tokens/openai/openai-api-key.yaml b/exposures/tokens/openai/openai-api-key.yaml new file mode 100644 index 0000000000..2c3cde5eb4 --- /dev/null +++ b/exposures/tokens/openai/openai-api-key.yaml @@ -0,0 +1,24 @@ +id: openai-api-key + +info: + name: OpenAI API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/openai.yml + - https://platform.openai.com/docs/api-reference + - https://platform.openai.com/docs/api-reference/authentication + metadata: + verified: "true" + tags: openai,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(sk-[a-zA-Z0-9]{48})" \ No newline at end of file diff --git a/exposures/tokens/pypi/pypi-upload-token.yaml b/exposures/tokens/pypi/pypi-upload-token.yaml new file mode 100644 index 0000000000..f034b72394 --- /dev/null +++ b/exposures/tokens/pypi/pypi-upload-token.yaml @@ -0,0 +1,24 @@ +id: pypi-upload-token + +info: + name: PyPI Upload Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/pypi.yml + - https://github.com/pypa/warehouse/issues/6051 + - https://pypi.org/project/pypitoken/ + metadata: + verified: "true" + tags: pypi,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(pypi-AgEIcHlwaS5vcmc[a-zA-Z0-9_-]{50,})" \ No newline at end of file diff --git a/exposures/tokens/ruby/rubygems-api-key.yaml b/exposures/tokens/ruby/rubygems-api-key.yaml new file mode 100644 index 0000000000..6c70609029 --- /dev/null +++ b/exposures/tokens/ruby/rubygems-api-key.yaml @@ -0,0 +1,24 @@ +id: rubygems-api-key + +info: + name: RubyGems API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/rubygems.yml + - https://guides.rubygems.org/rubygems-org-api/ + - https://guides.rubygems.org/api-key-scopes/ + metadata: + verified: "true" + tags: rubygems,token,exposure,ruby + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - "(rubygems_[a-f0-9]{48})" \ No newline at end of file diff --git a/exposures/tokens/sauce/sauce-token.yaml b/exposures/tokens/sauce/sauce-token.yaml new file mode 100644 index 0000000000..39cc72ddd8 --- /dev/null +++ b/exposures/tokens/sauce/sauce-token.yaml @@ -0,0 +1,22 @@ +id: sauce-token + +info: + name: Sauce Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/sauce.yml + metadata: + verified: "true" + tags: sauce,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)sauce.{0,50}\b([a-f0-9-]{36})\b' \ No newline at end of file diff --git a/exposures/tokens/segment/segment-public-token.yaml b/exposures/tokens/segment/segment-public-token.yaml new file mode 100644 index 0000000000..2c9a085759 --- /dev/null +++ b/exposures/tokens/segment/segment-public-token.yaml @@ -0,0 +1,24 @@ +id: segment-public-token + +info: + name: Segment Public API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/segment.yml + - https://segment.com/docs/api/public-api/ + - https://segment.com/blog/how-segment-proactively-protects-customer-api-tokens/ + metadata: + verified: "true" + tags: segment,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(sgp_[a-zA-Z0-9]{64})' \ No newline at end of file diff --git a/exposures/tokens/shopify/shopify-app-secret.yaml b/exposures/tokens/shopify/shopify-app-secret.yaml new file mode 100644 index 0000000000..f909676953 --- /dev/null +++ b/exposures/tokens/shopify/shopify-app-secret.yaml @@ -0,0 +1,24 @@ +id: shopify-app-secret + +info: + name: Shopify App Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/shopify.yml + - https://shopify.dev/apps/auth + - https://shopify.dev/changelog/app-secret-key-length-has-increased + metadata: + verified: "true" + tags: shopify,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(shpss_[a-fA-F0-9]{32})\b' \ No newline at end of file diff --git a/exposures/tokens/shopify/shopify-custom-token.yaml b/exposures/tokens/shopify/shopify-custom-token.yaml new file mode 100644 index 0000000000..9edf58af44 --- /dev/null +++ b/exposures/tokens/shopify/shopify-custom-token.yaml @@ -0,0 +1,24 @@ +id: shopify-custom-token + +info: + name: Shopify Access Token (Custom App) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/shopify.yml + - https://shopify.dev/apps/auth + - https://shopify.dev/changelog/app-secret-key-length-has-increased + metadata: + verified: "true" + tags: shopify,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(shpca_[a-fA-F0-9]{32})\b' \ No newline at end of file diff --git a/exposures/tokens/shopify/shopify-private-token.yaml b/exposures/tokens/shopify/shopify-private-token.yaml new file mode 100644 index 0000000000..b1e55d4c49 --- /dev/null +++ b/exposures/tokens/shopify/shopify-private-token.yaml @@ -0,0 +1,24 @@ +id: shopify-private-token + +info: + name: Shopify Access Token (Legacy Private App) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/shopify.yml + - https://shopify.dev/apps/auth + - https://shopify.dev/changelog/app-secret-key-length-has-increased + metadata: + verified: "true" + tags: shopify,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(shppa_[a-fA-F0-9]{32})\b' \ No newline at end of file diff --git a/exposures/tokens/shopify/shopify-public-token.yaml b/exposures/tokens/shopify/shopify-public-token.yaml new file mode 100644 index 0000000000..a29127d4fe --- /dev/null +++ b/exposures/tokens/shopify/shopify-public-token.yaml @@ -0,0 +1,24 @@ +id: shopify-public-token + +info: + name: Shopify Access Token (Public App) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/shopify.yml + - https://shopify.dev/apps/auth + - https://shopify.dev/changelog/app-secret-key-length-has-increased + metadata: + verified: "true" + tags: shopify,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(shpat_[a-fA-F0-9]{32})\b' \ No newline at end of file diff --git a/exposures/tokens/square/square-access-token.yaml b/exposures/tokens/square/square-access-token.yaml new file mode 100644 index 0000000000..b15c348139 --- /dev/null +++ b/exposures/tokens/square/square-access-token.yaml @@ -0,0 +1,22 @@ +id: square-access-token + +info: + name: Square Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/square.yml + metadata: + verified: "true" + tags: square,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)\b(sq0atp-[a-z0-9_-]{22})\b' \ No newline at end of file diff --git a/exposures/tokens/square/square-oauth-secret.yaml b/exposures/tokens/square/square-oauth-secret.yaml new file mode 100644 index 0000000000..8edbab7b61 --- /dev/null +++ b/exposures/tokens/square/square-oauth-secret.yaml @@ -0,0 +1,22 @@ +id: square-oauth-secret + +info: + name: Square OAuth Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/square.yml + metadata: + verified: "true" + tags: square,token,exposure,oauth + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)\b(sq0csp-[a-z0-9_-]{43})\b' \ No newline at end of file diff --git a/exposures/tokens/stackhawk/stackhawk-api-key.yaml b/exposures/tokens/stackhawk/stackhawk-api-key.yaml new file mode 100644 index 0000000000..3cfbaab76a --- /dev/null +++ b/exposures/tokens/stackhawk/stackhawk-api-key.yaml @@ -0,0 +1,22 @@ +id: stackhawk-api-key + +info: + name: StackHawk API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/stackhawk.yml + metadata: + verified: "true" + tags: stackhawk,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(hawk\.[0-9A-Za-z_-]{20}\.[0-9A-Za-z_-]{20})\b' \ No newline at end of file diff --git a/exposures/tokens/telegram/telegram-bot-token.yaml b/exposures/tokens/telegram/telegram-bot-token.yaml new file mode 100644 index 0000000000..d86474a09d --- /dev/null +++ b/exposures/tokens/telegram/telegram-bot-token.yaml @@ -0,0 +1,24 @@ +id: telegram-bot-token + +info: + name: Telegram Bot Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/telegram.yml + - https://core.telegram.org/bots/api + - https://core.telegram.org/bots/features#botfather + metadata: + verified: "true" + tags: telegram,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '\b(\d+:AA[a-zA-Z0-9_-]{32,33})' \ No newline at end of file diff --git a/exposures/tokens/twilio/twilio-api-key.yaml b/exposures/tokens/twilio/twilio-api-key.yaml new file mode 100644 index 0000000000..2620c817cf --- /dev/null +++ b/exposures/tokens/twilio/twilio-api-key.yaml @@ -0,0 +1,22 @@ +id: twilio-api-key + +info: + name: Twilio API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/twilio.yml + metadata: + verified: "true" + tags: twilio,token,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}" + + extractors: + - type: regex + part: body + regex: + - '(?i)twilio.{0,20}\b(sk[a-f0-9]{32})\b' \ No newline at end of file