id: linkedin-secret-key

info:
  name: LinkedIn Secret Key
  author: DhiyaneshDK
  severity: info
  reference:
    - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml
    - https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications
  metadata:
    verified: true
    max-request: 1
  tags: linkedin,exposure,tokens

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - (?i)linkedin.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{16})\b
# digest: 4a0a0047304502205d76aac05133f83ced06fa3d55b00231891192cff3bf179bc0c80b7710cb87ed022100fd51fa32f10d1dbf51997b506a58086fc5960cc37fd857b91d10b004df677549:922c64590222798bb761d5b6d8e72950