Only High Confidences REGEX

rules/generic.yml

@@ -0,0 +1,105 @@
+patterns:
+  - pattern:
+      name: Slack Token
+      regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
+      confidence: high
+  - pattern:
+      name: test
+      regex: "test"
+      confidence: low
+  - pattern:
+      name: generic password
+      regex: "password.+"
+      confidence: low
+  - pattern:
+      name: Generic secret
+      regex: "secret.+"
+      confidence: low
+  - pattern:
+      name: Generic token
+      regex: "token.+"
+      confidence: low
+  - pattern:
+      name: Generic key
+      regex: "(private|public|api|secret|password|pass|passphrase|access).+(key|token|secret).+"
+      confidence: low
+  - pattern:
+      name: Generic webhook secret
+      regex: "(webhook).+(secret|token|key).+"
+      confidence: low
+  - pattern:
+      name: ADMIN_PASSWORD
+      regex: "(admin).+(secret|token|key).+"
+      confidence: low
+  - pattern:
+      name: Bearer token
+      regex: "(bearer).+"
+      confidence: low
+  - pattern:
+      name: Basic token
+      regex: "basic [a-zA-Z0-9_\\-:\\.=]+"
+      confidence: low
+  - pattern:
+      name: REDIS_URL
+      regex: "(REDIS_URL).+"
+      confidence: low
+  - pattern:
+      name: master_password
+      regex: "(master_password).+"
+      confidence: low
+  - pattern:
+      name: generic credit card
+      regex: "^(?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})"
+      confidence: low
+  - pattern:
+      name: AWS client ID
+      regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+      confidence: low
+  - pattern:
+      name: AWS MWS ID
+      regex: "mzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: low
+  - pattern:
+      name: aws_secret_key
+      regex: "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]"
+      confidence: low
+  - pattern:
+      name: basic_auth_credentials
+      regex: "([a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+)"
+      confidence: low
+  - pattern:
+      name: facebook_client_id
+      regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}"
+      confidence: low
+  - pattern:
+      name: facebook_oauth
+      regex: "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]"
+      confidence: low
+  - pattern:
+      name: facebook_secret_key
+      regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}"
+      confidence: low
+  - pattern:
+      name: google_cloud_platform_api_key
+      regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]"
+      confidence: low
+  - pattern:
+      name: google_cloud_platform_api_key
+      regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]"
+      confidence: low
+  - pattern:
+      name: Vault Token
+      regex: "([sb]\\.[a-zA-Z0-9]{24})"
+      confidence: low
+  - pattern:
+      name: Instagram oauth
+      regex: "[0-9a-fA-F]{7}.[0-9a-fA-F]{32}"
+      confidence: low
+  - pattern:
+      name: mfa_token
+      regex: "(?:token=[A-Za-z0-9\\s_]*[A-Za-z0-9][A-Za-z0-9\\s_])"
+      confidence: low
+  - pattern:
+      name: google_cloud_platform_api_key
+      regex: "^(v[0-9]\\.)?[0-9a-f]{40}$"
+      confidence: low

rules/git-leaks.yaml

@@ -0,0 +1,245 @@
+patterns:
+  - pattern:
+      name: AWS Access Key
+      regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+      confidence: high
+  - pattern:
+      name: AWS Secret Key
+      regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]"
+      confidence: high
+  - pattern:
+      name: AWS MWS key
+      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: high
+  - pattern:
+      name: Facebook Secret Key
+      regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Facebook Client ID
+      regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Twitter Secret Key
+      regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
+      confidence: high
+  - pattern:
+      name: Twitter Client ID
+      regex: "(?i)twitter(.{0,20})?[0-9a-z]{18,25}"
+      confidence: high
+  - pattern:
+      name: Github Personal Access Token
+      regex: "ghp_[0-9a-zA-Z]{36}"
+      confidence: high
+  - pattern:
+      name: Github OAuth Access Token
+      regex: "gho_[0-9a-zA-Z]{36}"
+      confidence: high
+  - pattern:
+      name: Github App Token
+      regex: "(ghu|ghs)_[0-9a-zA-Z]{36}"
+      confidence: high
+  - pattern:
+      name: Github Refresh Token
+      regex: "ghr_[0-9a-zA-Z]{76}"
+      confidence: high
+  - pattern:
+      name: LinkedIn Client ID
+      regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
+      confidence: high
+  - pattern:
+      name: LinkedIn Secret Key
+      regex: "(?i)linkedin(.{0,20})?[0-9a-z]{16}"
+      confidence: high
+  - pattern:
+      name: Slack
+      regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
+      confidence: high
+  - pattern:
+      name: Asymmetric Private Key
+      regex: "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----"
+      confidence: high
+  - pattern:
+      name: Google API key
+      regex: "AIza[0-9A-Za-z\\\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Google (GCP) Service Account
+      regex: "\"type\": \"service_account\""
+      confidence: high
+  - pattern:
+      name: Heroku API key
+      regex: "(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: high
+  - pattern:
+      name: MailChimp API key
+      regex: "(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}"
+      confidence: high
+  - pattern:
+      name: Mailgun API key
+      regex: "((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}"
+      confidence: high
+  - pattern:
+      name: PayPal Braintree access token
+      regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
+      confidence: high
+  - pattern:
+      name: Picatic API key
+      regex: "sk_live_[0-9a-z]{32}"
+      confidence: high
+  - pattern:
+      name: SendGrid API Key
+      regex: "SG\\.[\\w_]{16,32}\\.[\\w_]{16,64}"
+      confidence: high
+  - pattern:
+      name: Slack Webhook
+      regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}"
+      confidence: high
+  - pattern:
+      name: Stripe API key
+      regex: "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}"
+      confidence: high
+  - pattern:
+      name: Square access token
+      regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
+      confidence: high
+  - pattern:
+      name: Square OAuth secret
+      regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}"
+      confidence: high
+  - pattern:
+      name: Twilio API key
+      regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
+      confidence: high
+  - pattern:
+      name: Dynatrace ttoken
+      regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
+      confidence: high
+  - pattern:
+      name: Shopify shared secret
+      regex: "shpss_[a-fA-F0-9]{32}"
+      confidence: high
+  - pattern:
+      name: Shopify access token
+      regex: "shpat_[a-fA-F0-9]{32}"
+      confidence: high
+  - pattern:
+      name: Shopify custom app access token
+      regex: "shpca_[a-fA-F0-9]{32}"
+      confidence: high
+  - pattern:
+      name: Shopify private app access token
+      regex: "shppa_[a-fA-F0-9]{32}"
+      confidence: high
+  - pattern:
+      name: PyPI upload token
+      regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}"
+      confidence: high
+  - pattern:
+      name: AWS Access Key
+      regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+      confidence: high
+  - pattern:
+      name: AWS cred file info
+      regex: "(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\\/+]{20,40}"
+      confidence: high
+  - pattern:
+      name: AWS Secret Key
+      regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]"
+      confidence: high
+  - pattern:
+      name: AWS MWS key
+      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: high
+  - pattern:
+      name: Facebook Secret Key
+      regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Facebook Client ID
+      regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Twitter Secret Key
+      regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{35,44}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Twitter Client ID
+      regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{18,25}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Github
+      regex: "(?i)github(.{0,20})?(?-i)['\\\"][0-9a-zA-Z]{35,40}['\\\"]"
+      confidence: high
+  - pattern:
+      name: LinkedIn Client ID
+      regex: "(?i)linkedin(.{0,20})?(?-i)['\\\"][0-9a-z]{12}['\\\"]"
+      confidence: high
+  - pattern:
+      name: LinkedIn Secret Key
+      regex: "(?i)linkedin(.{0,20})?['\\\"][0-9a-z]{16}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Slack
+      regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
+      confidence: high
+  - pattern:
+      name: EC
+      regex: "-----BEGIN EC PRIVATE KEY-----"
+      confidence: high
+  - pattern:
+      name: Google API key
+      regex: "AIza[0-9A-Za-z\\\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Heroku API key
+      regex: "(?i)heroku(.{0,20})?['\"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['\"]"
+      confidence: high
+  - pattern:
+      name: MailChimp API key
+      regex: "(?i)(mailchimp|mc)(.{0,20})?['\"][0-9a-f]{32}-us[0-9]{1,2}['\"]"
+      confidence: high
+  - pattern:
+      name: Mailgun API key
+      regex: "(?i)(mailgun|mg)(.{0,20})?['\"][0-9a-z]{32}['\"]"
+      confidence: high
+  - pattern:
+      name: PayPal Braintree access token
+      regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
+      confidence: high
+  - pattern:
+      name: Picatic API key
+      regex: "sk_live_[0-9a-z]{32}"
+      confidence: high
+  - pattern:
+      name: Slack Webhook
+      regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
+      confidence: high
+  - pattern:
+      name: Stripe API key
+      regex: "(?i)stripe(.{0,20})?['\\\"][sk|rk]_live_[0-9a-zA-Z]{24}"
+      confidence: high
+  - pattern:
+      name: Square access token
+      regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
+      confidence: high
+  - pattern:
+      name: Square OAuth secret
+      regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}"
+      confidence: high
+  - pattern:
+      name: Twilio API key
+      regex: "(?i)twilio(.{0,20})?['\\\"][0-9a-f]{32}['\\\"]"
+      confidence: high
+  - pattern:
+      name: Env Var
+      regex: "(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}"
+      confidence: high
+  - pattern:
+      name: Generic Credential
+      regex: "(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|\"]([0-9a-zA-Z-_\\/+!{}/=]{4,120})['|\"]"
+      confidence: high
+  - pattern:
+      name: WP-Config
+      regex: "define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|\"].{10,120}['|\"]"
+      confidence: high

rules/high-confidence.yml

@@ -0,0 +1,157 @@
+patterns:
+  - pattern:
+      name: Slack Token
+      regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
+      confidence: high
+  - pattern:
+      name: RSA private key
+      regex: "-----BEGIN RSA PRIVATE KEY-----"
+      confidence: high
+  - pattern:
+      name: SSH (DSA) private key
+      regex: "-----BEGIN DSA PRIVATE KEY-----"
+      confidence: high
+  - pattern:
+      name: SSH (EC) private key
+      regex: "-----BEGIN EC PRIVATE KEY-----"
+      confidence: high
+  - pattern:
+      name: PGP private key block
+      regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----"
+      confidence: high
+  - pattern:
+      name: AWS API Key
+      regex: "AKIA[0-9A-Z]{16}"
+      confidence: high
+  - pattern:
+      name: Amazon MWS Auth Token
+      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: high
+  - pattern:
+      name: AWS AppSync GraphQL Key
+      regex: "da2-[a-z0-9]{26}"
+      confidence: high
+  - pattern:
+      name: Facebook Access Token
+      regex: "EAACEdEose0cBA[0-9A-Za-z]+"
+      confidence: high
+  - pattern:
+      name: Facebook OAuth
+      regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[''|"][0-9a-f]{32}[''|"]'
+      confidence: high
+  - pattern:
+      name: GitHub
+      regex: '[gG][iI][tT][hH][uU][bB].*[''|"][0-9a-zA-Z]{35,40}[''|"]'
+      confidence: high
+  - pattern:
+      name: Generic API Key
+      regex: '[aA][pP][iI]_?[kK][eE][yY].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
+      confidence: high
+  - pattern:
+      name: Generic Secret
+      regex: '[sS][eE][cC][rR][eE][tT].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
+      confidence: high
+  - pattern:
+      name: Google API Key
+      regex: "AIza[0-9A-Za-z\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Google Cloud Platform API Key
+      regex: "AIza[0-9A-Za-z\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Google Cloud Platform OAuth
+      regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+      confidence: high
+  - pattern:
+      name: Google Drive API Key
+      regex: "AIza[0-9A-Za-z\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Google Drive OAuth
+      regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+      confidence: high
+  - pattern:
+      name: Google (GCP) Service-account
+      regex: '"type": "service_account"'
+      confidence: high
+  - pattern:
+      name: Google Gmail API Key
+      regex: "AIza[0-9A-Za-z\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Google Gmail OAuth
+      regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+      confidence: high
+  - pattern:
+      name: Google OAuth Access Token
+      regex: "ya29\\.[0-9A-Za-z\\-_]+"
+      confidence: high
+  - pattern:
+      name: Google YouTube API Key
+      regex: "AIza[0-9A-Za-z\\-_]{35}"
+      confidence: high
+  - pattern:
+      name: Google YouTube OAuth
+      regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+      confidence: high
+  - pattern:
+      name: Heroku API Key
+      regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}"
+      confidence: high
+  - pattern:
+      name: MailChimp API Key
+      regex: "[0-9a-f]{32}-us[0-9]{1,2}"
+      confidence: high
+  - pattern:
+      name: Mailgun API Key
+      regex: "key-[0-9a-zA-Z]{32}"
+      confidence: high
+  - pattern:
+      name: Password in URL
+      regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
+      confidence: high
+  - pattern:
+      name: PayPal Braintree Access Token
+      regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
+      confidence: high
+  - pattern:
+      name: Picatic API Key
+      regex: "sk_live_[0-9a-z]{32}"
+      confidence: high
+  - pattern:
+      name: Slack Webhook
+      regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
+      confidence: high
+  - pattern:
+      name: Stripe API Key
+      regex: "sk_live_[0-9a-zA-Z]{24}"
+      confidence: high
+  - pattern:
+      name: Stripe Restricted API Key
+      regex: "rk_live_[0-9a-zA-Z]{24}"
+      confidence: high
+  - pattern:
+      name: Square Access Token
+      regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
+      confidence: high
+  - pattern:
+      name: Square OAuth Secret
+      regex: "sq0csp-[0-9A-Za-z\\-_]{43}"
+      confidence: high
+  - pattern:
+      name: Telegram Bot API Key
+      regex: "[0-9]+:AA[0-9A-Za-z\\-_]{33}"
+      confidence: high
+  - pattern:
+      name: Twilio API Key
+      regex: "SK[0-9a-fA-F]{32}"
+      confidence: high
+  - pattern:
+      name: Twitter Access Token
+      regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}"
+      confidence: high
+  - pattern:
+      name: Twitter OAuth
+      regex: '[tT][wW][iI][tT][tT][eE][rR].*[''|"][0-9a-zA-Z]{35,44}[''|"]'
+      confidence: high

rules/nuclei-regexes.yml

@@ -0,0 +1,253 @@
+patterns:
+  - pattern:
+      name: Amazon MWS Auth Token
+      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: low
+  - pattern:
+      name: Amazon MWS Auth Token
+      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: low
+  - pattern:
+      name:  Amazon SNS Topic Disclosure
+      regex: "arn:aws:sns:[a-z0-9\\-]+:[0-9]+:[A-Za-z0-9\\-_]+"
+      confidence: low
+  - pattern:
+      name:  AWS Access Key ID Value
+      regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+      confidence: low
+  - pattern:
+      name:  Artifactory Password Disclosure
+      regex: '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'
+      confidence: low
+  - pattern:
+      name:   Artifactory API Token Disclosure
+      regex: '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'
+      confidence: low
+  - pattern:
+      name:  Bitly Secret Key Disclosure
+      regex: 'R_[0-9a-f]{32}'
+      confidence: low
+  - pattern:
+      name:  Cloudinary Credentials Disclosure
+      regex: 'cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+'
+      confidence: low
+  - pattern:
+      name:  Cloudinary Credentials Disclosure
+      regex: "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+"
+      confidence: low
+  - pattern:
+      name:  Discord Webhook Disclosure
+      regex: 'https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+'
+      confidence: low
+  - pattern:
+      name:  JDBC Connection String Disclosure
+      regex: 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+'
+      confidence: low
+  - pattern:
+      name:  JWT Token
+      regex: 'eyJ[a-zA-Z0-9]{10,}\.eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_\-]{10,}'
+      confidence: low
+  - pattern:
+      name:  Shoppable Service Auth
+      regex: 'data-shoppable-auth-token.+'
+      confidence: low
+  - pattern:
+      name:  FCM Server Key
+      regex: "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}"
+      confidence: low
+  - pattern:
+      name:  Google Calendar URI
+      regex: 'https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+'
+      confidence: low
+  - pattern:
+      name: Google OAuth Access Key
+      regex: 'ya29\.[0-9A-Za-z\-_]+'
+      confidence: low
+  - pattern:
+      name: Mailchimp API
+      regex: "[0-9a-f]{32}-us[0-9]{1,2}"
+      confidence: low
+  - pattern:
+      name: Microsoft Teams Webhook
+      regex: 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+'
+      confidence: low
+  - pattern:
+      name: Newrelic Admin API Key
+      regex: '(?i)NRAA-[a-f0-9]{27}'
+      confidence: low
+  - pattern:
+      name: Newrelic Insights API Key
+      regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
+      confidence: low
+  - pattern:
+      name: Newrelic Insights API Key
+      regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
+      confidence: low
+  - pattern:
+      name: Newrelic REST API Key
+      regex: '(?i)NRRA-[a-f0-9]{42}'
+      confidence: low
+  - pattern:
+      name: Newrelic Synthetics Location Key
+      regex: '(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}'
+      confidence: low
+  - pattern:
+      name: PayPal Braintree Access Token
+      regex: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
+      confidence: low
+  - pattern:
+      name: Picatic API Key Disclosure
+      regex: 'sk_live_[0-9a-z]{32}'
+      confidence: low
+  - pattern:
+      name: Sendgrid API Key
+      regex: 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}'
+      confidence: low
+  - pattern:
+      name: Slack access token
+      regex: "xoxb-[0-9A-Za-z\\-]{51}"
+      confidence: low
+  - pattern:
+      name: Slack User token disclosure
+      regex: "xoxp-[0-9A-Za-z\\-]{72}"
+      confidence: low
+  - pattern:
+      name: Slack Webhook
+      regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
+      confidence: low
+  - pattern:
+      name: SonarQube Token
+      regex: "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?"
+      confidence: low
+  - pattern:
+      name: Stripe Restriced Key
+      regex: 'rk_(?:live|test)_[0-9a-zA-Z]{24}'
+      confidence: low
+  - pattern:
+      name: Stripe Secret Key
+      regex: 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
+      confidence: low
+  - pattern:
+      name: Zapier Webhook
+      regex: 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/'
+      confidence: low
+  - pattern:
+      name: Zoho Webhook
+      regex: 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+'
+      confidence: low
+  - pattern:
+      name: Amazon MWS Auth Token
+      regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
+      confidence: low
+  - pattern:
+      name: AWS Access Key ID
+      regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+      confidence: low
+  - pattern:
+      name:  AWS Cognito Pool ID
+      regex: ":[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+      confidence: low
+  - pattern:
+      name:  Basic Auth Credentials
+      regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
+      confidence: low
+  - pattern:
+      name:  Dynatrace Token
+      regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
+      confidence: low
+  - pattern:
+      name: Facebook Client ID
+      regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
+      confidence: low
+  - pattern:
+      name: Facebook Secret Key
+      regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
+      confidence: low
+  - pattern:
+      name: Firebase Database Detect
+      regex: "[a-z0-9.-]+\\.firebaseio\\.com"
+      confidence: low
+  - pattern:
+      name: Firebase Database Detect
+      regex: "[a-z0-9.-]+\\.firebaseapp\\.com"
+      confidence: low
+  - pattern:
+      name: Google (GCP) Service-account
+      regex: "\"type\": \"service_account\""
+      confidence: low
+  - pattern:
+      name: Google API key
+      regex: "AIza[0-9A-Za-z\\-_]{35}"
+      confidence: low
+  - pattern:
+      name: Linkedin Client ID
+      regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
+      confidence: low
+  - pattern:
+      name: Mailchimp API Key
+      regex: "[0-9a-f]{32}-us[0-9]{1,2}"
+      confidence: low
+  - pattern:
+      name: Mailgun API Key
+      regex: "key-[0-9a-zA-Z]{32}"
+      confidence: low
+  - pattern:
+      name: Paypal Braintree Access Token
+      regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
+      confidence: low
+  - pattern:
+      name: Pictatic API Key
+      regex: "sk_live_[0-9a-z]{32}"
+      confidence: low
+  - pattern:
+      name: Pictatic API Key
+      regex: "sk_live_[0-9a-z]{32}"
+      confidence: low
+  - pattern:
+      name: Sendgrid API Key
+      regex: "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}"
+      confidence: low
+  - pattern:
+      name: Shopify Custom App Access Token
+      regex: "shpca_[a-fA-F0-9]{32}"
+      confidence: low
+  - pattern:
+      name: Shopify Private App Access Token
+      regex: "shppa_[a-fA-F0-9]{32}"
+      confidence: low
+  - pattern:
+      name: Shopify Shared Secret
+      regex: "shpss_[a-fA-F0-9]{32}"
+      confidence: low
+  - pattern:
+      name: Shopify Access Token
+      regex:  "shpat_[a-fA-F0-9]{32}"
+      confidence: low
+  - pattern:
+      name: Slack API Key
+      regex:  "xox[baprs]-([0-9a-zA-Z]{10,48})?"
+      confidence: low
+  - pattern:
+      name: Slack Webhook
+      regex: "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}"
+      confidence: low
+  - pattern:
+      name:  Square Accesss Token
+      regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
+      confidence: low
+  - pattern:
+      name:  Square Accesss Token
+      regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
+      confidence: low
+  - pattern:
+      name:  Square OAuth Secret
+      regex: "sq0csp-[0-9A-Za-z\\-_]{43}"
+      confidence: low
+  - pattern:
+      name:  Twilio API Key
+      regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
+      confidence: low
+  - pattern:
+      name: Twitter Secret
+      regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
+      confidence: low

rules/update-findings.py

@@ -0,0 +1,64 @@
+# A script to remove invalid Regex and repeated values
+import yaml
+import sys
+import re
+
+if len(sys.argv) < 2:
+    print(f"\nUsage:\n\t{sys.argv[0]} [regex-db.yml]")
+    exit(1)
+
+with open(sys.argv[1], 'r') as stream:
+    y = yaml.safe_load(stream)
+
+
+output = []
+all_regexes = []
+all_names = []
+for i in y["patterns"]:
+    r = i["pattern"]["regex"]
+    name = i["pattern"]["name"]
+    try:
+        re.compile(r)
+    except re.error:
+        continue
+
+    # check for duplicated regexes
+    if r in all_regexes:
+        # print(f"DUP-REGEX: {r}")
+        continue
+    all_regexes.append(r)
+
+    # check for duplicated names
+    # if name.lower() in all_names:
+        # print(f"DUP: {name}")
+
+    all_names.append(name.lower())
+
+    output.append(i)
+
+
+# print regexes
+# for a in output:
+#     print(a["pattern"]["regex"])
+
+
+# Sort output
+output = sorted(output, key=lambda i: i['pattern']['name'])
+
+
+newData = {"patterns": output}
+
+# Print YAML
+# class MyDumper(yaml.Dumper):
+#     def increase_indent(self, flow=False, indentless=False):
+#         return super(MyDumper, self).increase_indent(flow, False)
+
+# yaml.dump(newData, sys.stdout,
+#           default_flow_style=False, Dumper=MyDumper, sort_keys=False)
+
+
+# Save into JSON export
+# a = json.dumps(newData)
+# f = open("exported.json", "w")
+# f.write(a)
+# f.close()