Only High Confidences REGEX

main
Swissky 2023-05-05 19:16:16 +02:00
parent 7fbe9480a9
commit 10fea98701
10 changed files with 7092 additions and 8386 deletions

1687
main.go

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

105
rules/generic.yml Normal file
View File

@ -0,0 +1,105 @@
patterns:
- pattern:
name: Slack Token
regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
confidence: high
- pattern:
name: test
regex: "test"
confidence: low
- pattern:
name: generic password
regex: "password.+"
confidence: low
- pattern:
name: Generic secret
regex: "secret.+"
confidence: low
- pattern:
name: Generic token
regex: "token.+"
confidence: low
- pattern:
name: Generic key
regex: "(private|public|api|secret|password|pass|passphrase|access).+(key|token|secret).+"
confidence: low
- pattern:
name: Generic webhook secret
regex: "(webhook).+(secret|token|key).+"
confidence: low
- pattern:
name: ADMIN_PASSWORD
regex: "(admin).+(secret|token|key).+"
confidence: low
- pattern:
name: Bearer token
regex: "(bearer).+"
confidence: low
- pattern:
name: Basic token
regex: "basic [a-zA-Z0-9_\\-:\\.=]+"
confidence: low
- pattern:
name: REDIS_URL
regex: "(REDIS_URL).+"
confidence: low
- pattern:
name: master_password
regex: "(master_password).+"
confidence: low
- pattern:
name: generic credit card
regex: "^(?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})"
confidence: low
- pattern:
name: AWS client ID
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
confidence: low
- pattern:
name: AWS MWS ID
regex: "mzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: low
- pattern:
name: aws_secret_key
regex: "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]"
confidence: low
- pattern:
name: basic_auth_credentials
regex: "([a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+)"
confidence: low
- pattern:
name: facebook_client_id
regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}"
confidence: low
- pattern:
name: facebook_oauth
regex: "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]"
confidence: low
- pattern:
name: facebook_secret_key
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}"
confidence: low
- pattern:
name: google_cloud_platform_api_key
regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]"
confidence: low
- pattern:
name: google_cloud_platform_api_key
regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]"
confidence: low
- pattern:
name: Vault Token
regex: "([sb]\\.[a-zA-Z0-9]{24})"
confidence: low
- pattern:
name: Instagram oauth
regex: "[0-9a-fA-F]{7}.[0-9a-fA-F]{32}"
confidence: low
- pattern:
name: mfa_token
regex: "(?:token=[A-Za-z0-9\\s_]*[A-Za-z0-9][A-Za-z0-9\\s_])"
confidence: low
- pattern:
name: google_cloud_platform_api_key
regex: "^(v[0-9]\\.)?[0-9a-f]{40}$"
confidence: low

245
rules/git-leaks.yaml Normal file
View File

@ -0,0 +1,245 @@
patterns:
- pattern:
name: AWS Access Key
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
confidence: high
- pattern:
name: AWS Secret Key
regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]"
confidence: high
- pattern:
name: AWS MWS key
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: high
- pattern:
name: Facebook Secret Key
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]"
confidence: high
- pattern:
name: Facebook Client ID
regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]"
confidence: high
- pattern:
name: Twitter Secret Key
regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
confidence: high
- pattern:
name: Twitter Client ID
regex: "(?i)twitter(.{0,20})?[0-9a-z]{18,25}"
confidence: high
- pattern:
name: Github Personal Access Token
regex: "ghp_[0-9a-zA-Z]{36}"
confidence: high
- pattern:
name: Github OAuth Access Token
regex: "gho_[0-9a-zA-Z]{36}"
confidence: high
- pattern:
name: Github App Token
regex: "(ghu|ghs)_[0-9a-zA-Z]{36}"
confidence: high
- pattern:
name: Github Refresh Token
regex: "ghr_[0-9a-zA-Z]{76}"
confidence: high
- pattern:
name: LinkedIn Client ID
regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
confidence: high
- pattern:
name: LinkedIn Secret Key
regex: "(?i)linkedin(.{0,20})?[0-9a-z]{16}"
confidence: high
- pattern:
name: Slack
regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
confidence: high
- pattern:
name: Asymmetric Private Key
regex: "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----"
confidence: high
- pattern:
name: Google API key
regex: "AIza[0-9A-Za-z\\\\-_]{35}"
confidence: high
- pattern:
name: Google (GCP) Service Account
regex: "\"type\": \"service_account\""
confidence: high
- pattern:
name: Heroku API key
regex: "(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: high
- pattern:
name: MailChimp API key
regex: "(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}"
confidence: high
- pattern:
name: Mailgun API key
regex: "((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}"
confidence: high
- pattern:
name: PayPal Braintree access token
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
confidence: high
- pattern:
name: Picatic API key
regex: "sk_live_[0-9a-z]{32}"
confidence: high
- pattern:
name: SendGrid API Key
regex: "SG\\.[\\w_]{16,32}\\.[\\w_]{16,64}"
confidence: high
- pattern:
name: Slack Webhook
regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}"
confidence: high
- pattern:
name: Stripe API key
regex: "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}"
confidence: high
- pattern:
name: Square access token
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
confidence: high
- pattern:
name: Square OAuth secret
regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}"
confidence: high
- pattern:
name: Twilio API key
regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
confidence: high
- pattern:
name: Dynatrace ttoken
regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
confidence: high
- pattern:
name: Shopify shared secret
regex: "shpss_[a-fA-F0-9]{32}"
confidence: high
- pattern:
name: Shopify access token
regex: "shpat_[a-fA-F0-9]{32}"
confidence: high
- pattern:
name: Shopify custom app access token
regex: "shpca_[a-fA-F0-9]{32}"
confidence: high
- pattern:
name: Shopify private app access token
regex: "shppa_[a-fA-F0-9]{32}"
confidence: high
- pattern:
name: PyPI upload token
regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}"
confidence: high
- pattern:
name: AWS Access Key
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
confidence: high
- pattern:
name: AWS cred file info
regex: "(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\\/+]{20,40}"
confidence: high
- pattern:
name: AWS Secret Key
regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]"
confidence: high
- pattern:
name: AWS MWS key
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: high
- pattern:
name: Facebook Secret Key
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]"
confidence: high
- pattern:
name: Facebook Client ID
regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]"
confidence: high
- pattern:
name: Twitter Secret Key
regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{35,44}['\\\"]"
confidence: high
- pattern:
name: Twitter Client ID
regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{18,25}['\\\"]"
confidence: high
- pattern:
name: Github
regex: "(?i)github(.{0,20})?(?-i)['\\\"][0-9a-zA-Z]{35,40}['\\\"]"
confidence: high
- pattern:
name: LinkedIn Client ID
regex: "(?i)linkedin(.{0,20})?(?-i)['\\\"][0-9a-z]{12}['\\\"]"
confidence: high
- pattern:
name: LinkedIn Secret Key
regex: "(?i)linkedin(.{0,20})?['\\\"][0-9a-z]{16}['\\\"]"
confidence: high
- pattern:
name: Slack
regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
confidence: high
- pattern:
name: EC
regex: "-----BEGIN EC PRIVATE KEY-----"
confidence: high
- pattern:
name: Google API key
regex: "AIza[0-9A-Za-z\\\\-_]{35}"
confidence: high
- pattern:
name: Heroku API key
regex: "(?i)heroku(.{0,20})?['\"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['\"]"
confidence: high
- pattern:
name: MailChimp API key
regex: "(?i)(mailchimp|mc)(.{0,20})?['\"][0-9a-f]{32}-us[0-9]{1,2}['\"]"
confidence: high
- pattern:
name: Mailgun API key
regex: "(?i)(mailgun|mg)(.{0,20})?['\"][0-9a-z]{32}['\"]"
confidence: high
- pattern:
name: PayPal Braintree access token
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
confidence: high
- pattern:
name: Picatic API key
regex: "sk_live_[0-9a-z]{32}"
confidence: high
- pattern:
name: Slack Webhook
regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
confidence: high
- pattern:
name: Stripe API key
regex: "(?i)stripe(.{0,20})?['\\\"][sk|rk]_live_[0-9a-zA-Z]{24}"
confidence: high
- pattern:
name: Square access token
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
confidence: high
- pattern:
name: Square OAuth secret
regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}"
confidence: high
- pattern:
name: Twilio API key
regex: "(?i)twilio(.{0,20})?['\\\"][0-9a-f]{32}['\\\"]"
confidence: high
- pattern:
name: Env Var
regex: "(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}"
confidence: high
- pattern:
name: Generic Credential
regex: "(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|\"]([0-9a-zA-Z-_\\/+!{}/=]{4,120})['|\"]"
confidence: high
- pattern:
name: WP-Config
regex: "define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|\"].{10,120}['|\"]"
confidence: high

157
rules/high-confidence.yml Normal file
View File

@ -0,0 +1,157 @@
patterns:
- pattern:
name: Slack Token
regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})"
confidence: high
- pattern:
name: RSA private key
regex: "-----BEGIN RSA PRIVATE KEY-----"
confidence: high
- pattern:
name: SSH (DSA) private key
regex: "-----BEGIN DSA PRIVATE KEY-----"
confidence: high
- pattern:
name: SSH (EC) private key
regex: "-----BEGIN EC PRIVATE KEY-----"
confidence: high
- pattern:
name: PGP private key block
regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----"
confidence: high
- pattern:
name: AWS API Key
regex: "AKIA[0-9A-Z]{16}"
confidence: high
- pattern:
name: Amazon MWS Auth Token
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: high
- pattern:
name: AWS AppSync GraphQL Key
regex: "da2-[a-z0-9]{26}"
confidence: high
- pattern:
name: Facebook Access Token
regex: "EAACEdEose0cBA[0-9A-Za-z]+"
confidence: high
- pattern:
name: Facebook OAuth
regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[''|"][0-9a-f]{32}[''|"]'
confidence: high
- pattern:
name: GitHub
regex: '[gG][iI][tT][hH][uU][bB].*[''|"][0-9a-zA-Z]{35,40}[''|"]'
confidence: high
- pattern:
name: Generic API Key
regex: '[aA][pP][iI]_?[kK][eE][yY].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
confidence: high
- pattern:
name: Generic Secret
regex: '[sS][eE][cC][rR][eE][tT].*[''|"][0-9a-zA-Z]{32,45}[''|"]'
confidence: high
- pattern:
name: Google API Key
regex: "AIza[0-9A-Za-z\\-_]{35}"
confidence: high
- pattern:
name: Google Cloud Platform API Key
regex: "AIza[0-9A-Za-z\\-_]{35}"
confidence: high
- pattern:
name: Google Cloud Platform OAuth
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
confidence: high
- pattern:
name: Google Drive API Key
regex: "AIza[0-9A-Za-z\\-_]{35}"
confidence: high
- pattern:
name: Google Drive OAuth
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
confidence: high
- pattern:
name: Google (GCP) Service-account
regex: '"type": "service_account"'
confidence: high
- pattern:
name: Google Gmail API Key
regex: "AIza[0-9A-Za-z\\-_]{35}"
confidence: high
- pattern:
name: Google Gmail OAuth
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
confidence: high
- pattern:
name: Google OAuth Access Token
regex: "ya29\\.[0-9A-Za-z\\-_]+"
confidence: high
- pattern:
name: Google YouTube API Key
regex: "AIza[0-9A-Za-z\\-_]{35}"
confidence: high
- pattern:
name: Google YouTube OAuth
regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
confidence: high
- pattern:
name: Heroku API Key
regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}"
confidence: high
- pattern:
name: MailChimp API Key
regex: "[0-9a-f]{32}-us[0-9]{1,2}"
confidence: high
- pattern:
name: Mailgun API Key
regex: "key-[0-9a-zA-Z]{32}"
confidence: high
- pattern:
name: Password in URL
regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
confidence: high
- pattern:
name: PayPal Braintree Access Token
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
confidence: high
- pattern:
name: Picatic API Key
regex: "sk_live_[0-9a-z]{32}"
confidence: high
- pattern:
name: Slack Webhook
regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
confidence: high
- pattern:
name: Stripe API Key
regex: "sk_live_[0-9a-zA-Z]{24}"
confidence: high
- pattern:
name: Stripe Restricted API Key
regex: "rk_live_[0-9a-zA-Z]{24}"
confidence: high
- pattern:
name: Square Access Token
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
confidence: high
- pattern:
name: Square OAuth Secret
regex: "sq0csp-[0-9A-Za-z\\-_]{43}"
confidence: high
- pattern:
name: Telegram Bot API Key
regex: "[0-9]+:AA[0-9A-Za-z\\-_]{33}"
confidence: high
- pattern:
name: Twilio API Key
regex: "SK[0-9a-fA-F]{32}"
confidence: high
- pattern:
name: Twitter Access Token
regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}"
confidence: high
- pattern:
name: Twitter OAuth
regex: '[tT][wW][iI][tT][tT][eE][rR].*[''|"][0-9a-zA-Z]{35,44}[''|"]'
confidence: high

3105
rules/leakin-regexes.yml Normal file

File diff suppressed because it is too large Load Diff

253
rules/nuclei-regexes.yml Normal file
View File

@ -0,0 +1,253 @@
patterns:
- pattern:
name: Amazon MWS Auth Token
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: low
- pattern:
name: Amazon MWS Auth Token
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: low
- pattern:
name: Amazon SNS Topic Disclosure
regex: "arn:aws:sns:[a-z0-9\\-]+:[0-9]+:[A-Za-z0-9\\-_]+"
confidence: low
- pattern:
name: AWS Access Key ID Value
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
confidence: low
- pattern:
name: Artifactory Password Disclosure
regex: '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'
confidence: low
- pattern:
name: Artifactory API Token Disclosure
regex: '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'
confidence: low
- pattern:
name: Bitly Secret Key Disclosure
regex: 'R_[0-9a-f]{32}'
confidence: low
- pattern:
name: Cloudinary Credentials Disclosure
regex: 'cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+'
confidence: low
- pattern:
name: Cloudinary Credentials Disclosure
regex: "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+"
confidence: low
- pattern:
name: Discord Webhook Disclosure
regex: 'https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+'
confidence: low
- pattern:
name: JDBC Connection String Disclosure
regex: 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+'
confidence: low
- pattern:
name: JWT Token
regex: 'eyJ[a-zA-Z0-9]{10,}\.eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_\-]{10,}'
confidence: low
- pattern:
name: Shoppable Service Auth
regex: 'data-shoppable-auth-token.+'
confidence: low
- pattern:
name: FCM Server Key
regex: "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}"
confidence: low
- pattern:
name: Google Calendar URI
regex: 'https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+'
confidence: low
- pattern:
name: Google OAuth Access Key
regex: 'ya29\.[0-9A-Za-z\-_]+'
confidence: low
- pattern:
name: Mailchimp API
regex: "[0-9a-f]{32}-us[0-9]{1,2}"
confidence: low
- pattern:
name: Microsoft Teams Webhook
regex: 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+'
confidence: low
- pattern:
name: Newrelic Admin API Key
regex: '(?i)NRAA-[a-f0-9]{27}'
confidence: low
- pattern:
name: Newrelic Insights API Key
regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
confidence: low
- pattern:
name: Newrelic Insights API Key
regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}'
confidence: low
- pattern:
name: Newrelic REST API Key
regex: '(?i)NRRA-[a-f0-9]{42}'
confidence: low
- pattern:
name: Newrelic Synthetics Location Key
regex: '(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}'
confidence: low
- pattern:
name: PayPal Braintree Access Token
regex: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
confidence: low
- pattern:
name: Picatic API Key Disclosure
regex: 'sk_live_[0-9a-z]{32}'
confidence: low
- pattern:
name: Sendgrid API Key
regex: 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}'
confidence: low
- pattern:
name: Slack access token
regex: "xoxb-[0-9A-Za-z\\-]{51}"
confidence: low
- pattern:
name: Slack User token disclosure
regex: "xoxp-[0-9A-Za-z\\-]{72}"
confidence: low
- pattern:
name: Slack Webhook
regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
confidence: low
- pattern:
name: SonarQube Token
regex: "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?"
confidence: low
- pattern:
name: Stripe Restriced Key
regex: 'rk_(?:live|test)_[0-9a-zA-Z]{24}'
confidence: low
- pattern:
name: Stripe Secret Key
regex: 'sk_(?:live|test)_[0-9a-zA-Z]{24}'
confidence: low
- pattern:
name: Zapier Webhook
regex: 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/'
confidence: low
- pattern:
name: Zoho Webhook
regex: 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+'
confidence: low
- pattern:
name: Amazon MWS Auth Token
regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
confidence: low
- pattern:
name: AWS Access Key ID
regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
confidence: low
- pattern:
name: AWS Cognito Pool ID
regex: ":[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
confidence: low
- pattern:
name: Basic Auth Credentials
regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"
confidence: low
- pattern:
name: Dynatrace Token
regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}"
confidence: low
- pattern:
name: Facebook Client ID
regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]"
confidence: low
- pattern:
name: Facebook Secret Key
regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]"
confidence: low
- pattern:
name: Firebase Database Detect
regex: "[a-z0-9.-]+\\.firebaseio\\.com"
confidence: low
- pattern:
name: Firebase Database Detect
regex: "[a-z0-9.-]+\\.firebaseapp\\.com"
confidence: low
- pattern:
name: Google (GCP) Service-account
regex: "\"type\": \"service_account\""
confidence: low
- pattern:
name: Google API key
regex: "AIza[0-9A-Za-z\\-_]{35}"
confidence: low
- pattern:
name: Linkedin Client ID
regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}"
confidence: low
- pattern:
name: Mailchimp API Key
regex: "[0-9a-f]{32}-us[0-9]{1,2}"
confidence: low
- pattern:
name: Mailgun API Key
regex: "key-[0-9a-zA-Z]{32}"
confidence: low
- pattern:
name: Paypal Braintree Access Token
regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}"
confidence: low
- pattern:
name: Pictatic API Key
regex: "sk_live_[0-9a-z]{32}"
confidence: low
- pattern:
name: Pictatic API Key
regex: "sk_live_[0-9a-z]{32}"
confidence: low
- pattern:
name: Sendgrid API Key
regex: "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}"
confidence: low
- pattern:
name: Shopify Custom App Access Token
regex: "shpca_[a-fA-F0-9]{32}"
confidence: low
- pattern:
name: Shopify Private App Access Token
regex: "shppa_[a-fA-F0-9]{32}"
confidence: low
- pattern:
name: Shopify Shared Secret
regex: "shpss_[a-fA-F0-9]{32}"
confidence: low
- pattern:
name: Shopify Access Token
regex: "shpat_[a-fA-F0-9]{32}"
confidence: low
- pattern:
name: Slack API Key
regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?"
confidence: low
- pattern:
name: Slack Webhook
regex: "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}"
confidence: low
- pattern:
name: Square Accesss Token
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
confidence: low
- pattern:
name: Square Accesss Token
regex: "sq0atp-[0-9A-Za-z\\-_]{22}"
confidence: low
- pattern:
name: Square OAuth Secret
regex: "sq0csp-[0-9A-Za-z\\-_]{43}"
confidence: low
- pattern:
name: Twilio API Key
regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}"
confidence: low
- pattern:
name: Twitter Secret
regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}"
confidence: low

0
parse.py → rules/parse.py Normal file → Executable file
View File

3138
rules/trufflehog-v3.yaml Normal file

File diff suppressed because it is too large Load Diff

64
rules/update-findings.py Normal file
View File

@ -0,0 +1,64 @@
# A script to remove invalid Regex and repeated values
import yaml
import sys
import re
if len(sys.argv) < 2:
print(f"\nUsage:\n\t{sys.argv[0]} [regex-db.yml]")
exit(1)
with open(sys.argv[1], 'r') as stream:
y = yaml.safe_load(stream)
output = []
all_regexes = []
all_names = []
for i in y["patterns"]:
r = i["pattern"]["regex"]
name = i["pattern"]["name"]
try:
re.compile(r)
except re.error:
continue
# check for duplicated regexes
if r in all_regexes:
# print(f"DUP-REGEX: {r}")
continue
all_regexes.append(r)
# check for duplicated names
# if name.lower() in all_names:
# print(f"DUP: {name}")
all_names.append(name.lower())
output.append(i)
# print regexes
# for a in output:
# print(a["pattern"]["regex"])
# Sort output
output = sorted(output, key=lambda i: i['pattern']['name'])
newData = {"patterns": output}
# Print YAML
# class MyDumper(yaml.Dumper):
# def increase_indent(self, flow=False, indentless=False):
# return super(MyDumper, self).increase_indent(flow, False)
# yaml.dump(newData, sys.stdout,
# default_flow_style=False, Dumper=MyDumper, sort_keys=False)
# Save into JSON export
# a = json.dumps(newData)
# f = open("exported.json", "w")
# f.write(a)
# f.close()