id: server-private-keys info: name: Detect Private SSH, TLS, and JWT Keys author: geeknik severity: high tags: config,exposure requests: - method: GET path: - "{{BaseURL}}/localhost.key" - "{{BaseURL}}/host.key" - "{{BaseURL}}/www.key" - "{{BaseURL}}/private-key" - "{{BaseURL}}/privatekey.key" - "{{BaseURL}}/server.key" - "{{BaseURL}}/my.key" - "{{BaseURL}}/key.pem" - "{{BaseURL}}/ssl/localhost.key" - "{{BaseURL}}/ssl/{{Hostname}}.key" - "{{BaseURL}}/id_rsa" - "{{BaseURL}}/id_dsa" - "{{BaseURL}}/.ssh/id_rsa" - "{{BaseURL}}/.ssh/id_dsa" - "{{BaseURL}}/{{Hostname}}.key" - "{{BaseURL}}/{{Hostname}}.pem" - "{{BaseURL}}/config/jwt/private.pem" - "{{BaseURL}}/jwt/private.pem" - "{{BaseURL}}/var/jwt/private.pem" - "{{BaseURL}}/private.pem" matchers-condition: and matchers: - type: word words: - "BEGIN OPENSSH PRIVATE KEY" - "BEGIN PRIVATE KEY" - "BEGIN RSA PRIVATE KEY" - "BEGIN DSA PRIVATE KEY" - "BEGIN EC PRIVATE KEY" - "BEGIN PGP PRIVATE KEY BLOCK" condition: or - type: status status: - 200