Only High Confidences REGEX
parent
7fbe9480a9
commit
10fea98701
6722
rules-stable.yml
6722
rules-stable.yml
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,105 @@
|
||||||
|
patterns:
|
||||||
|
- pattern:
|
||||||
|
name: Slack Token
|
||||||
|
regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: test
|
||||||
|
regex: "test"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: generic password
|
||||||
|
regex: "password.+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Generic secret
|
||||||
|
regex: "secret.+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Generic token
|
||||||
|
regex: "token.+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Generic key
|
||||||
|
regex: "(private|public|api|secret|password|pass|passphrase|access).+(key|token|secret).+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Generic webhook secret
|
||||||
|
regex: "(webhook).+(secret|token|key).+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: ADMIN_PASSWORD
|
||||||
|
regex: "(admin).+(secret|token|key).+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Bearer token
|
||||||
|
regex: "(bearer).+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Basic token
|
||||||
|
regex: "basic [a-zA-Z0-9_\\-:\\.=]+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: REDIS_URL
|
||||||
|
regex: "(REDIS_URL).+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: master_password
|
||||||
|
regex: "(master_password).+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: generic credit card
|
||||||
|
regex: "^(?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: AWS client ID
|
||||||
|
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: AWS MWS ID
|
||||||
|
regex: "mzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: aws_secret_key
|
||||||
|
regex: "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: basic_auth_credentials
|
||||||
|
regex: "([a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+)"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: facebook_client_id
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: facebook_oauth
|
||||||
|
regex: "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: facebook_secret_key
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: google_cloud_platform_api_key
|
||||||
|
regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: google_cloud_platform_api_key
|
||||||
|
regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Vault Token
|
||||||
|
regex: "([sb]\\.[a-zA-Z0-9]{24})"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Instagram oauth
|
||||||
|
regex: "[0-9a-fA-F]{7}.[0-9a-fA-F]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: mfa_token
|
||||||
|
regex: "(?:token=[A-Za-z0-9\\s_]*[A-Za-z0-9][A-Za-z0-9\\s_])"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: google_cloud_platform_api_key
|
||||||
|
regex: "^(v[0-9]\\.)?[0-9a-f]{40}$"
|
||||||
|
confidence: low
|
|
@ -0,0 +1,245 @@
|
||||||
|
patterns:
|
||||||
|
- pattern:
|
||||||
|
name: AWS Access Key
|
||||||
|
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS Secret Key
|
||||||
|
regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS MWS key
|
||||||
|
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Secret Key
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Client ID
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twitter Secret Key
|
||||||
|
regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twitter Client ID
|
||||||
|
regex: "(?i)twitter(.{0,20})?[0-9a-z]{18,25}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Github Personal Access Token
|
||||||
|
regex: "ghp_[0-9a-zA-Z]{36}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Github OAuth Access Token
|
||||||
|
regex: "gho_[0-9a-zA-Z]{36}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Github App Token
|
||||||
|
regex: "(ghu|ghs)_[0-9a-zA-Z]{36}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Github Refresh Token
|
||||||
|
regex: "ghr_[0-9a-zA-Z]{76}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: LinkedIn Client ID
|
||||||
|
regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: LinkedIn Secret Key
|
||||||
|
regex: "(?i)linkedin(.{0,20})?[0-9a-z]{16}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Slack
|
||||||
|
regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Asymmetric Private Key
|
||||||
|
regex: "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google API key
|
||||||
|
regex: "AIza[0-9A-Za-z\\\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google (GCP) Service Account
|
||||||
|
regex: "\"type\": \"service_account\""
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Heroku API key
|
||||||
|
regex: "(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: MailChimp API key
|
||||||
|
regex: "(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Mailgun API key
|
||||||
|
regex: "((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: PayPal Braintree access token
|
||||||
|
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Picatic API key
|
||||||
|
regex: "sk_live_[0-9a-z]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: SendGrid API Key
|
||||||
|
regex: "SG\\.[\\w_]{16,32}\\.[\\w_]{16,64}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Slack Webhook
|
||||||
|
regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Stripe API key
|
||||||
|
regex: "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Square access token
|
||||||
|
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Square OAuth secret
|
||||||
|
regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twilio API key
|
||||||
|
regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Dynatrace ttoken
|
||||||
|
regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Shopify shared secret
|
||||||
|
regex: "shpss_[a-fA-F0-9]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Shopify access token
|
||||||
|
regex: "shpat_[a-fA-F0-9]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Shopify custom app access token
|
||||||
|
regex: "shpca_[a-fA-F0-9]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Shopify private app access token
|
||||||
|
regex: "shppa_[a-fA-F0-9]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: PyPI upload token
|
||||||
|
regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS Access Key
|
||||||
|
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS cred file info
|
||||||
|
regex: "(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\\/+]{20,40}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS Secret Key
|
||||||
|
regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS MWS key
|
||||||
|
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Secret Key
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Client ID
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twitter Secret Key
|
||||||
|
regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{35,44}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twitter Client ID
|
||||||
|
regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{18,25}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Github
|
||||||
|
regex: "(?i)github(.{0,20})?(?-i)['\\\"][0-9a-zA-Z]{35,40}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: LinkedIn Client ID
|
||||||
|
regex: "(?i)linkedin(.{0,20})?(?-i)['\\\"][0-9a-z]{12}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: LinkedIn Secret Key
|
||||||
|
regex: "(?i)linkedin(.{0,20})?['\\\"][0-9a-z]{16}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Slack
|
||||||
|
regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: EC
|
||||||
|
regex: "-----BEGIN EC PRIVATE KEY-----"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google API key
|
||||||
|
regex: "AIza[0-9A-Za-z\\\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Heroku API key
|
||||||
|
regex: "(?i)heroku(.{0,20})?['\"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: MailChimp API key
|
||||||
|
regex: "(?i)(mailchimp|mc)(.{0,20})?['\"][0-9a-f]{32}-us[0-9]{1,2}['\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Mailgun API key
|
||||||
|
regex: "(?i)(mailgun|mg)(.{0,20})?['\"][0-9a-z]{32}['\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: PayPal Braintree access token
|
||||||
|
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Picatic API key
|
||||||
|
regex: "sk_live_[0-9a-z]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Slack Webhook
|
||||||
|
regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Stripe API key
|
||||||
|
regex: "(?i)stripe(.{0,20})?['\\\"][sk|rk]_live_[0-9a-zA-Z]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Square access token
|
||||||
|
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Square OAuth secret
|
||||||
|
regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twilio API key
|
||||||
|
regex: "(?i)twilio(.{0,20})?['\\\"][0-9a-f]{32}['\\\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Env Var
|
||||||
|
regex: "(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Generic Credential
|
||||||
|
regex: "(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|\"]([0-9a-zA-Z-_\\/+!{}/=]{4,120})['|\"]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: WP-Config
|
||||||
|
regex: "define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|\"].{10,120}['|\"]"
|
||||||
|
confidence: high
|
|
@ -0,0 +1,157 @@
|
||||||
|
patterns:
|
||||||
|
- pattern:
|
||||||
|
name: Slack Token
|
||||||
|
regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: RSA private key
|
||||||
|
regex: "-----BEGIN RSA PRIVATE KEY-----"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: SSH (DSA) private key
|
||||||
|
regex: "-----BEGIN DSA PRIVATE KEY-----"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: SSH (EC) private key
|
||||||
|
regex: "-----BEGIN EC PRIVATE KEY-----"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: PGP private key block
|
||||||
|
regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS API Key
|
||||||
|
regex: "AKIA[0-9A-Z]{16}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Amazon MWS Auth Token
|
||||||
|
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: AWS AppSync GraphQL Key
|
||||||
|
regex: "da2-[a-z0-9]{26}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Access Token
|
||||||
|
regex: "EAACEdEose0cBA[0-9A-Za-z]+"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Facebook OAuth
|
||||||
|
regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[''|"][0-9a-f]{32}[''|"]'
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: GitHub
|
||||||
|
regex: '[gG][iI][tT][hH][uU][bB].*[''|"][0-9a-zA-Z]{35,40}[''|"]'
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Generic API Key
|
||||||
|
regex: '[aA][pP][iI]_?[kK][eE][yY].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Generic Secret
|
||||||
|
regex: '[sS][eE][cC][rR][eE][tT].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google API Key
|
||||||
|
regex: "AIza[0-9A-Za-z\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google Cloud Platform API Key
|
||||||
|
regex: "AIza[0-9A-Za-z\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google Cloud Platform OAuth
|
||||||
|
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google Drive API Key
|
||||||
|
regex: "AIza[0-9A-Za-z\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google Drive OAuth
|
||||||
|
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google (GCP) Service-account
|
||||||
|
regex: '"type": "service_account"'
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google Gmail API Key
|
||||||
|
regex: "AIza[0-9A-Za-z\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google Gmail OAuth
|
||||||
|
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google OAuth Access Token
|
||||||
|
regex: "ya29\\.[0-9A-Za-z\\-_]+"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google YouTube API Key
|
||||||
|
regex: "AIza[0-9A-Za-z\\-_]{35}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Google YouTube OAuth
|
||||||
|
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Heroku API Key
|
||||||
|
regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: MailChimp API Key
|
||||||
|
regex: "[0-9a-f]{32}-us[0-9]{1,2}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Mailgun API Key
|
||||||
|
regex: "key-[0-9a-zA-Z]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Password in URL
|
||||||
|
regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: PayPal Braintree Access Token
|
||||||
|
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Picatic API Key
|
||||||
|
regex: "sk_live_[0-9a-z]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Slack Webhook
|
||||||
|
regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Stripe API Key
|
||||||
|
regex: "sk_live_[0-9a-zA-Z]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Stripe Restricted API Key
|
||||||
|
regex: "rk_live_[0-9a-zA-Z]{24}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Square Access Token
|
||||||
|
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Square OAuth Secret
|
||||||
|
regex: "sq0csp-[0-9A-Za-z\\-_]{43}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Telegram Bot API Key
|
||||||
|
regex: "[0-9]+:AA[0-9A-Za-z\\-_]{33}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twilio API Key
|
||||||
|
regex: "SK[0-9a-fA-F]{32}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twitter Access Token
|
||||||
|
regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}"
|
||||||
|
confidence: high
|
||||||
|
- pattern:
|
||||||
|
name: Twitter OAuth
|
||||||
|
regex: '[tT][wW][iI][tT][tT][eE][rR].*[''|"][0-9a-zA-Z]{35,44}[''|"]'
|
||||||
|
confidence: high
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,253 @@
|
||||||
|
patterns:
|
||||||
|
- pattern:
|
||||||
|
name: Amazon MWS Auth Token
|
||||||
|
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Amazon MWS Auth Token
|
||||||
|
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Amazon SNS Topic Disclosure
|
||||||
|
regex: "arn:aws:sns:[a-z0-9\\-]+:[0-9]+:[A-Za-z0-9\\-_]+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: AWS Access Key ID Value
|
||||||
|
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Artifactory Password Disclosure
|
||||||
|
regex: '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Artifactory API Token Disclosure
|
||||||
|
regex: '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Bitly Secret Key Disclosure
|
||||||
|
regex: 'R_[0-9a-f]{32}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Cloudinary Credentials Disclosure
|
||||||
|
regex: 'cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Cloudinary Credentials Disclosure
|
||||||
|
regex: "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Discord Webhook Disclosure
|
||||||
|
regex: 'https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: JDBC Connection String Disclosure
|
||||||
|
regex: 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: JWT Token
|
||||||
|
regex: 'eyJ[a-zA-Z0-9]{10,}\.eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_\-]{10,}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Shoppable Service Auth
|
||||||
|
regex: 'data-shoppable-auth-token.+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: FCM Server Key
|
||||||
|
regex: "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Google Calendar URI
|
||||||
|
regex: 'https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Google OAuth Access Key
|
||||||
|
regex: 'ya29\.[0-9A-Za-z\-_]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Mailchimp API
|
||||||
|
regex: "[0-9a-f]{32}-us[0-9]{1,2}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Microsoft Teams Webhook
|
||||||
|
regex: 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Newrelic Admin API Key
|
||||||
|
regex: '(?i)NRAA-[a-f0-9]{27}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Newrelic Insights API Key
|
||||||
|
regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Newrelic Insights API Key
|
||||||
|
regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Newrelic REST API Key
|
||||||
|
regex: '(?i)NRRA-[a-f0-9]{42}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Newrelic Synthetics Location Key
|
||||||
|
regex: '(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: PayPal Braintree Access Token
|
||||||
|
regex: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Picatic API Key Disclosure
|
||||||
|
regex: 'sk_live_[0-9a-z]{32}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Sendgrid API Key
|
||||||
|
regex: 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Slack access token
|
||||||
|
regex: "xoxb-[0-9A-Za-z\\-]{51}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Slack User token disclosure
|
||||||
|
regex: "xoxp-[0-9A-Za-z\\-]{72}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Slack Webhook
|
||||||
|
regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: SonarQube Token
|
||||||
|
regex: "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Stripe Restriced Key
|
||||||
|
regex: 'rk_(?:live|test)_[0-9a-zA-Z]{24}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Stripe Secret Key
|
||||||
|
regex: 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Zapier Webhook
|
||||||
|
regex: 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Zoho Webhook
|
||||||
|
regex: 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+'
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Amazon MWS Auth Token
|
||||||
|
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: AWS Access Key ID
|
||||||
|
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: AWS Cognito Pool ID
|
||||||
|
regex: ":[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Basic Auth Credentials
|
||||||
|
regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Dynatrace Token
|
||||||
|
regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Client ID
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Facebook Secret Key
|
||||||
|
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Firebase Database Detect
|
||||||
|
regex: "[a-z0-9.-]+\\.firebaseio\\.com"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Firebase Database Detect
|
||||||
|
regex: "[a-z0-9.-]+\\.firebaseapp\\.com"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Google (GCP) Service-account
|
||||||
|
regex: "\"type\": \"service_account\""
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Google API key
|
||||||
|
regex: "AIza[0-9A-Za-z\\-_]{35}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Linkedin Client ID
|
||||||
|
regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Mailchimp API Key
|
||||||
|
regex: "[0-9a-f]{32}-us[0-9]{1,2}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Mailgun API Key
|
||||||
|
regex: "key-[0-9a-zA-Z]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Paypal Braintree Access Token
|
||||||
|
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Pictatic API Key
|
||||||
|
regex: "sk_live_[0-9a-z]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Pictatic API Key
|
||||||
|
regex: "sk_live_[0-9a-z]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Sendgrid API Key
|
||||||
|
regex: "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Shopify Custom App Access Token
|
||||||
|
regex: "shpca_[a-fA-F0-9]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Shopify Private App Access Token
|
||||||
|
regex: "shppa_[a-fA-F0-9]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Shopify Shared Secret
|
||||||
|
regex: "shpss_[a-fA-F0-9]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Shopify Access Token
|
||||||
|
regex: "shpat_[a-fA-F0-9]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Slack API Key
|
||||||
|
regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Slack Webhook
|
||||||
|
regex: "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Square Accesss Token
|
||||||
|
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Square Accesss Token
|
||||||
|
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Square OAuth Secret
|
||||||
|
regex: "sq0csp-[0-9A-Za-z\\-_]{43}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Twilio API Key
|
||||||
|
regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
|
||||||
|
confidence: low
|
||||||
|
- pattern:
|
||||||
|
name: Twitter Secret
|
||||||
|
regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
|
||||||
|
confidence: low
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,64 @@
|
||||||
|
# A script to remove invalid Regex and repeated values
|
||||||
|
import yaml
|
||||||
|
import sys
|
||||||
|
import re
|
||||||
|
|
||||||
|
if len(sys.argv) < 2:
|
||||||
|
print(f"\nUsage:\n\t{sys.argv[0]} [regex-db.yml]")
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
with open(sys.argv[1], 'r') as stream:
|
||||||
|
y = yaml.safe_load(stream)
|
||||||
|
|
||||||
|
|
||||||
|
output = []
|
||||||
|
all_regexes = []
|
||||||
|
all_names = []
|
||||||
|
for i in y["patterns"]:
|
||||||
|
r = i["pattern"]["regex"]
|
||||||
|
name = i["pattern"]["name"]
|
||||||
|
try:
|
||||||
|
re.compile(r)
|
||||||
|
except re.error:
|
||||||
|
continue
|
||||||
|
|
||||||
|
# check for duplicated regexes
|
||||||
|
if r in all_regexes:
|
||||||
|
# print(f"DUP-REGEX: {r}")
|
||||||
|
continue
|
||||||
|
all_regexes.append(r)
|
||||||
|
|
||||||
|
# check for duplicated names
|
||||||
|
# if name.lower() in all_names:
|
||||||
|
# print(f"DUP: {name}")
|
||||||
|
|
||||||
|
all_names.append(name.lower())
|
||||||
|
|
||||||
|
output.append(i)
|
||||||
|
|
||||||
|
|
||||||
|
# print regexes
|
||||||
|
# for a in output:
|
||||||
|
# print(a["pattern"]["regex"])
|
||||||
|
|
||||||
|
|
||||||
|
# Sort output
|
||||||
|
output = sorted(output, key=lambda i: i['pattern']['name'])
|
||||||
|
|
||||||
|
|
||||||
|
newData = {"patterns": output}
|
||||||
|
|
||||||
|
# Print YAML
|
||||||
|
# class MyDumper(yaml.Dumper):
|
||||||
|
# def increase_indent(self, flow=False, indentless=False):
|
||||||
|
# return super(MyDumper, self).increase_indent(flow, False)
|
||||||
|
|
||||||
|
# yaml.dump(newData, sys.stdout,
|
||||||
|
# default_flow_style=False, Dumper=MyDumper, sort_keys=False)
|
||||||
|
|
||||||
|
|
||||||
|
# Save into JSON export
|
||||||
|
# a = json.dumps(newData)
|
||||||
|
# f = open("exported.json", "w")
|
||||||
|
# f.write(a)
|
||||||
|
# f.close()
|
Loading…
Reference in New Issue