id: server-private-keys info: name: SSL/SSH/TLS/JWT Keys - Detect author: geeknik,R12W4N,j4vaovo severity: high description: Private SSL, SSH, TLS, and JWT keys were detected. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 metadata: max-request: 45 tags: config,exposure http: - method: GET path: - "{{BaseURL}}{{paths}}" payloads: paths: - "/localhost.key" - "/host.key" - "/www.key" - "/private-key" - "/privatekey.key" - "/server.key" - "/my.key" - "/key.pem" - "/ssl/localhost.key" - "/ssl/{{Hostname}}.key" - "/id_rsa" - "/id_dsa" - "/id_rsa_1024" - "/id_rsa_2048" - "/id_rsa_3072" - "/id_rsa_4096" - "/.ssh/id_rsa" - "/.ssh/id_dsa" - "/.ssh/id_rsa_1024" - "/.ssh/id_rsa_2048" - "/.ssh/id_rsa_3072" - "/.ssh/id_rsa_4096" - "/{{Hostname}}.key" - "/{{Hostname}}.pem" - "/config/jwt/private.pem" - "/jwt/private.pem" - "/var/jwt/private.pem" - "/private.pem" - "/ssl.txt" - "/ssl_key.txt" - "/certificates/{{Host}}.pfx" - "/certificates/{{Host}}.p12" - "/ssl/{{Host}}.pem" - "/ssl/{{Host}}_key.txt" - "/cert/{{Host}}_key.txt" - "/cert/{{RDN}}_key.txt" - "/cert/{{Host}}.txt" - "/ssl/private/{{Host}}_key.pem" - "/certs/{{Host}}_private.key" - "/certs/{{Host}}.key" - "/certificates/{{Host}}_priv.pem" - "/certificates/{{Host}}_privkey.pem" - "/certs/{{Host}}.pem" - "/private/{{Host}}.key" - "/keys/{{Host}}.pem" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "BEGIN OPENSSH PRIVATE KEY" - "BEGIN PRIVATE KEY" - "BEGIN RSA PRIVATE KEY" - "BEGIN DSA PRIVATE KEY" - "BEGIN EC PRIVATE KEY" - "BEGIN PGP PRIVATE KEY BLOCK" - "BEGIN ENCRYPTED PRIVATE KEY" condition: or - type: status status: - 200 - type: dsl dsl: - '!contains(body_2, "