id: django-secret-key info: name: Django Secret Key Exposure author: geeknik,DhiyaneshDk severity: high reference: https://docs.gitguardian.com/secrets-detection/detectors/specifics/django_secret_key metadata: verified: true shodan-query: html:settings.py tags: django,exposure,files requests: - method: GET path: - "{{BaseURL}}/settings.py" - "{{BaseURL}}/app/settings.py" - "{{BaseURL}}/django/settings.py" - "{{BaseURL}}/settings/settings.py" - "{{BaseURL}}/web/settings/settings.py" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "SECRET_KEY =" - type: word part: header words: - "text/html" negative: true - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '"DJANGO_SECRET_KEY", "(.*)"'