diff --git a/build_lists/regexes.yaml b/build_lists/regexes.yaml index 2313dd4..7c24c53 100644 --- a/build_lists/regexes.yaml +++ b/build_lists/regexes.yaml @@ -1,1223 +1,2 @@ -regular_expresions: - # Hashes passwords - - name: Hashed Passwords - regexes: - - name: Apr1 MD5 - regex: '\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' - example: $apr1$wfw75FKf$WnUqyuLbiqq6.SFF8xJ4h. - - - name: Apache SHA - regex: '\{SHA\}[0-9a-zA-Z/_=]{10,}' - example: > - {SHA}sMt=Yjm=Z_90ysdabtRhxjZXYNMcMt5SF8cfEcsFinq/f=gItL/yStd4PpXIE62nGWW9zEAX6W7OnJRt - - - name: Blowfish - regex: '\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' - example: $2$56$/HL_61V6F0cJMmfms7cu/3qzNx6OeHSRfNqiPzwizC_Se/BVNW0/opOha0AP6UZCPOySjOY - - - name: Drupal - regex: '\$S\$[a-zA-Z0-9_/\.]{52}' - example: $S$oYgf2/JoUwxprWYrbPOXShF7gdb9OBkQ85k6vxgffmwR34hdAseI - - - name: Joomlavbulletin - regex: '[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' - example: l3SRau7fy20zuc3NBaFB7x13Fp5q3sWr:AoD4BojyIiXv0bCdTTyYC - - - name: Linux MD5 - regex: '\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' - example: $1$pm184XyU$BSwp2.eFChH_IYZlUrgTlz - - - name: phpbb3 - regex: '\$H\$[a-zA-Z0-9_/\.]{31}' - example: $H$Yl90nWKFGs/KmYA9KKa5BCpK7cC3PAd - - - name: sha512crypt - regex: '\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' - example: $6$Ce1ild5UdTmRIM/N$CMDumnYFdiAlQAvbcaZ7YqX8hTyhFvQbBZ/6TgmPgfZAuqago5mXDdIMrtkS2GA1iWuSMSpqqEu1nuz6P.7A2e - - - name: Wordpress - regex: '\$P\$[a-zA-Z0-9_/\.]{31}' - example: $P$3kreQHPdsLC_2_4_eLtjWPlmk33mlix - - - # Raw Hashes - - name: Raw Hashes - regexes: - - name: md5 #Too many false positives - regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' - example: '129aF9e0aFD4537EF7cBEfdD48Bd2E5B' - falsePositives: True - - - name: sha1 #Too many false positives - regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' - example: 'CbD3EDA0f6B83BF12Dc263a75211cB967fCeDeD6' - falsePositives: True - - - name: sha256 #Too many false positives - regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' - example: 'Ba99CcF0dfDe6eAC6fE9Bcf37aEEAEd5292D3Bd37cc9d0638687EF3Ab7ED7e15+' - falsePositives: True - - - name: sha512 - regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' - example: '#961EfAbD2fa0FFF57F5e0Ffae75EEDc1c3E16fD9A597eDAde7ADcEb0DDa19eF92798B9C47f2ebbF55d0E9bfCeC7988AdC8C89cbbafbC2F1acdfCeF2c3133f9db' - - # APIs - # https://github.com/l4yton/RegHex/blob/master/README.md - - name: APIs - regexes: - - name: Artifactory API Token # False + - regex: 'AKC[a-zA-Z0-9]{10,}' # False + - example: 'AKCEoCMlFkeYNmd4Wcqegqp29emhzZNgOCWgQWGrON9nLVBhY' - falsePositives: True - - - name: Artifactory Password - regex: 'AP[0-9ABCDEF][a-zA-Z0-9]{8,}' - example: 'APAbCuDoU02wd5zuA423XeGf' - falsePositives: True - - - name: Authorization Basic # Too many false positives - regex: 'basic [a-zA-Z0-9_:\.=\-]+' - example: 'basic _FWaszX4nLMF2RozmQS19y' - falsePositives: True - - - name: Authorization Bearer # Too many false positives - regex: 'bearer [a-zA-Z0-9_\.=\-]+' - example: 'bearer CydywyUjXWUf' - falsePositives: True - - - name: Adafruit API Key - regex: '([a-z0-9_-]{32})' - example: 16bkl1dofm2-ct-93a8cpdd58pu98dtc - falsePositives: True - - - name: Adobe Client Id (Oauth Web) - regex: > - (adobe[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{32})['"] - caseinsensitive: True - example: adobe_key="abfbc6ccd7dcc43a0b40864b3053c947" - - - name: Abode Client Secret - regex: > - (p8e-)[a-z0-9]{32} - caseinsensitive: True - example: p8e-wg5onua8kmrzdd9cft5f36qw02m6bxda - - - name: Age Secret Key - regex: > - AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58} - example: AGE-SECRET-KEY-1K3WZXJG2V6ERG49R2L5UK8RHT49T2XKXFPPU4UL0SF6GWR6HKVKEC5V969 - - - name: Airtable API Key - regex: > - ([a-z0-9]{17}) - example: 7u11v0ktvh2ebisfm - falsePositives: True - - - name: Alchemi API Key - regex: > - (alchemi[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9-]{32})['"] - caseinsensitive: True - example: alchemi_api_kew='OKPUGsiiZ7iVOPC03J0YP1z55xlJW1CA' - - - name: Alibaba Access Key ID - regex: > - (LTAI)[a-z0-9]{20} - caseinsensitive: True - example: LTAIjzto443k30bsher79cf1 - - - name: Alibaba Secret Key - regex: > - (alibaba[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{30})['"] - caseinsensitive: True - example: alibaba_key=>'47c0gportvf7cv0d6cbd8lsh5a1ulh' - - - name: Artifactory API Key & Password - regex: > - ["']AKC[a-zA-Z0-9]{10,}["']|["']AP[0-9ABCDEF][a-zA-Z0-9]{8,}["'] - example: > - "AP6XBwIRozqtcJXCax1Sqnerb9X5n0krYeBD93A7UtUuiQczuWM3lwGybD7T7sFNc17f7iw2TMwjWI4ySAiOcBjbvrIGrFz45pRpcvj" - - - name: Asana Client ID - regex: > - ((asana[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9]{16})['"])|((asana[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"]) - caseinsensitive: True - example: > - asana_key ="8495730476014822" - - - name: Atlassian API Key - regex: > - (atlassian[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{24})['"] - caseinsensitive: True - example: > - atlassian_apikey:'i6xoje8cbxlb32ray2z6eo1o' - - - name: AWS Client ID - regex: '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}' - extra_grep: '-Ev ":#|:<\!\-\-"' - example: AKIAC7Y99LK8QKG1QWKP - - - name: AWS MWS Key - regex: 'amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' - example: amzn.mws.92ace9f0-3185-779b-583b-2f0c8a92c506 - - - name: AWS Secret Key - regex: aws(.{0,20})?['"][0-9a-zA-Z\/+]{40}['"] - example: aws_key="i6xoje8cbaasxlb32ray2z6eo1oadgfg5e56645a" - - - name: AWS AppSync GraphQL Key - regex: da2-[a-z0-9]{26} - example: da2-0dzr45lxiqwtjq7kbek03wf543 - - #B - - name: Base32 #Too many false positives - regex: '(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?' - example: 'KYZL4CCR7JWGYEFE5V747WSPXSD7LZJDDGBBZPJRCMB65Q5JY74VAUSKVSGMQ3KNXTIFWBHJKQ2FI6Y7L6SLOBUYOCAIRFRYKCYAU2YCUSVS6ODNQHHTJQU3Q47C5IRZIXJ5YZNTMXH2AVRVC2XQPWKL6YT65OKAYZIZQPO3MS4W4JGNCCK2SYTQUYZ5QN3VIZ5YKOWYFKMV55MZNEPTQJO6LHQCOGS2FP3SCAKZCSGIIMS23VXJGTSTL2FP6WVHWNYEHSF3NER5RY42Y7HDYOL2FP3GNTT2HG7X7VGGKRWLS6N73AE2MDGOMW26TCV6VMDLBG2Z4S6BX6FNT33MVXRIQGGGFD42W7PHM4LIOTQL7UCPYXW7WAICZNRBJPMWDXUHXFLQQPICLOIFBQQRYB6WHMR5KIADSKUBGSH47CJZN6NBY5DXH4LW63TGLWV2XHBBYNJDYJ2X3YUAX62AIAEQ4TTLM7WYYRYJRPDCCVVTS6IEBCXWQXLUUJCCUODZKZ2LMIFLI252NW7ROYC47I3EFYMGBKUMXRVTKXU42YMX5NONTZRXPTWSLAZVAT5HX5QJGOUO6NK6NYM7MUB5LSRYTULGE3PQVI3TBAWE6AXQUG2KLH4S6YEACHKDT3PRHSWMIM36ETCQLDI3YDM7HILDWSP4X5FUUNILGRUPQ6MBA5KPWFEKOQBK5ZCKDYYU2NASMJZ25ACP5ZK3HH753ZLSXMP7WXBETCZDQB2OGKI5QICU7I6NAPOSBGHYFYDNQB6WIIOH' - falsePositives: True - - - name: Base64 #Too many false positives - regex: '(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[a-zA-Z0-9+/]+={0,2}' - example: 'aHR0cHM6LFRGovTvghMQEwj+Qeq6rhoYcgDSW1e3ZImGF7gmx5I3abFUzFmixjiYyAwEMsrDIULlNypIeZUMthW60/C0J' - falsePositives: True - - - - name: Basic Auth Credentials - regex: '://[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z]+' - example: '://username:password@domain.com' - - - name: Beamer Client Secret - regex: > - (beamer[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"](b_[a-z0-9=_\-]{44})['"] - caseinsensitive: True - example: > - beamer_secret>'b_b4mercz6k_4vmbhk5xbhl6ocnnqcgg0qlmxq8-cts=s6' - - - name: Binance API Key - regex: > - (binance[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{64})['"] - caseinsensitive: True - example: > - binance-apikey=>"1q1MFdKkCpJdaIl6d0oqPsO1KAATglQuRhQsCgZoj8atWRAzgyWmi3eleuuJ31J3' - - - name: Bitbucket Client Id - regex: > - ((bitbucket[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"]) - caseinsensitive: True - example: > - bitbucket-client-id="zuvwzyrzs26ut4bh6oxel0e7444mpd7c" - - - name: Bitbucket Client Secret - regex: > - ((bitbucket[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9_\-]{64})['"]) - caseinsensitive: True - example: > - bitbucketd-client-secret='vnx0ngdq1bvaq1ygo8mcez4vk88ovthfx86y8dgaw1y2s020e1v0o4l1l6tu6q7u" - - - name: BitcoinAverage API Key - regex: > - (bitcoin.?average[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{43})['"] - caseinsensitive: True - example: > - bitcoin3average-apikey ="M39fxqAGAt9c5KdyKwi8LwpInxsIrHq6Q2EdW3pCiW2" - - - name: Bitquery API Key - regex: > - (bitquery[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Za-z0-9]{32})['"] - caseinsensitive: True - example: > - bitquery-apikey="NWUlHtnehbYZCQN5O46q7oRhzfbZeDjr' - - - name: Bittrex Access Key and Access Key - regex: > - ([a-z0-9]{32}) - example: zyppbifc36v4whhn6b0q9x3znqqgkeel - falsePositives: True - - - name: Birise API Key - regex: > - (bitrise[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9_\-]{86})['"] - caseinsensitive: True - example: > - bitrisejme="BzVkwOcKAqUPeFAiQCAdlREdK6gUOMIKl3TXKnkxn2frFtkzgw4iDfnI-fkfP3HHXSnt6R9ebZdsNieCm9zQ6m" - - - name: Block API Key - regex: > - (block[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4})['"] - caseinsensitive: True - example: > - block-api-key>'6d6i-b8z9-rgob-gzn7' - - - name: Blockchain API Key - regex: > - mainnet[a-zA-Z0-9]{32}|testnet[a-zA-Z0-9]{32}|ipfs[a-zA-Z0-9]{32} - example: mainnetXahUq3S6jcKpNODEnZuswNASzNl3SWA0 - - - name: Blockfrost API Key - regex: > - (blockchain[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[0-9a-f]{12})['"] - caseinsensitive: True - example: > - blockchain='7f803740-47a6-4491-2630-fed376f83003' - - - name: Box API Key - regex: > - (box[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{32})['"] - caseinsensitive: True - example: > - box-apikey='fwtfdyIEe47lkfI7ErloLt8wgzLgoLsc' - - - name: Bravenewcoin API Key - regex: > - (bravenewcoin[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{50})['"] - caseinsensitive: True - example: > - bravenewcoinq93-key<="r42uv5ahxu9ohr4blcom4fkc2vh873f2g8hi64l2ddsit6ipk6" - - #C - - name: Clearbit API Key - regex: > - sk_[a-z0-9]{32} - example: sk_oywau29kv7gcazau366iqeri6rm9qvxz - - - name: Clojars API Key - regex: > - (CLOJARS_)[a-zA-Z0-9]{60} - example: CLOJARS_zU0NGGFrLJZP4QUC46UdwkOCfHJsD6BBssuWSsI0ubOoNNRE9M3dX3BQouu3 - - - name: Cloudinary Basic Auth - regex: 'cloudinary://[0-9]{15}:[0-9A-Za-z]+@[a-z]+' - example: cloudinary://152763652812343:PoA@tyrqrxt - - # - name: CoinAPI API Key - # regex: > - # cloudinary://152763652812343:PoA@tyrqrxtrqhxthhhowoohrwwmgkugcizomojityqatiyvfzonomebafubqwlpseppdfgsybuagjrtthlolkifoyg - # caseinsensitive: True - # example: > - # cloudinary://152763652812343:PoA@tyrqrxtrqhxthhhowoohrwwmgkugcizomojityqatiyvfzonomebafubqwlpseppdfgsybuagjrtthlolkifoyg - - - name: Coinbase Access Token - regex: > - ([a-z0-9_-]{64}) - example: ez8c5hpyy258a-9gjtsjf-ov7bir--tksmepd_7vg0jcxo8cq85i2p-lnlvdu_rb - falsePositives: True - - - name: Coinlayer API Key - regex: > - (coinlayer[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"] - caseinsensitive: True - example: > - coinlayer-apikey=>'mhv6iadrtuiad424xvrhxwgdhqysnmkc' - - - name: Coinlib API Key - regex: > - (coinlib[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{16})['"] - caseinsensitive: True - example: > - coinlib-apikey="9vsan5dmjnnlnwqf" - - - name: Confluent Access Token & Secret Key - regex: > - ([a-z0-9]{16}) - example: rd7j4d1is0jpr5d3 - falsePositives: True - - - name: Contentful delivery API Key - regex: > - (contentful[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9=_\-]{43})['"] - caseinsensitive: True - example: > - contentful-key>"0a9cqu5ppw11j0qh-pdydco7c_liooohdv6hcgeqyw5" - - - name: Covalent API Key - regex: > - ckey_[a-z0-9]{27} - example: ckey_63aarh0ax2u56buzhrcsthl9rjo - - - name: Charity Search API Key - regex: > - (charity.?search[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"] - caseinsensitive: True - example: > - charitysearch-apikey="bcd9589xb6xbrkmhotwvjem16q27a48d" - - #D - - name: Databricks API Key - regex: > - dapi[a-h0-9]{32} - example: dapi3d7473490ca0a6fcdffhdb22c834f3h6 - - - name: DDownload API Key - regex: > - (ddownload[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{22})['"] - caseinsensitive: True - example: > - ddownload-key="pbthiugya51o99xqf8p1wn" - - - name: Defined Networking API token - regex: > - (dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52}) - example: dnkey-22ekn3bd_augf8fg_4vfudl9w2-778r_de4slu1ksk2h8nc8tg53_p4nq=ny5-_li72-3bna9l0_lx9 - - - name: Discord API Key, Client ID & Client Secret - regex: > - ((discord[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-h0-9]{64}|[0-9]{18}|[a-z0-9=_\-]{32})['"]) - caseinsensitive: True - example: > - discord-apikey="231ahdc61b46afg8hd39bbbf75f40f9e1e1a637df02de861751ahab6fhgf210e" - - - name: Droneci Access Token - regex: > - ([a-z0-9]{32}) - example: 0ewqr6fc0bhsveyemc0891o53x13z0m6 - falsePositives: True - - - name: Dropbox API Key - regex: > - sl.[a-zA-Z0-9_-]{136} - example: sl&M-ECOse0dUJnSVECSH6TXIj3JJUPCWUEu6Cy2URGlElV8eZgEA9ASDZ3V3B1QnNGZVU8p4DCjl-bBLhmtkF4WzAPNpGOxzfp3SsVjC5aOiYjFXpM_Rw3g8w7O9Ow5X5gwb7HGQHu - - - name: Doppler API Key - regex: > - (dp\.pt\.)[a-zA-Z0-9]{43} - example: dp.pt.uOy0bgBrCHHFqCo2SVN0oZh6SjVqcNnSQaVhs1s2tBR - - - name: Dropbox API secret/key, short & long lived API Key - regex: > - (dropbox[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{15}|sl\.[a-z0-9=_\-]{135}|[a-z0-9]{11}(AAAAAAAAAA)[a-z0-9_=\-]{43})['"] - caseinsensitive: True - example: > - dropbox="yxmet57firzAAAAAAAAAAbt2vvca5egmx5e2srt1q2k2tt6td8szseyd==9wdb7h" - - - name: Duffel API Key - regex: > - duffel_(test|live)_[a-zA-Z0-9_-]{43} - example: duffel_live_-24wL_oJ8O0gr_dBDvPMQR7-02eVoVq3iT85o62FG3x - - - name: Dynatrace API Key - regex: > - dt0c01\.[a-zA-Z0-9]{24}\.[a-z0-9]{64} - example: dt0c01.rG3Hz503P4Tmy5lqVo6Sa6lc.2fwfacxwb7e1fhdo1tu43rjwz6jfqx2t3c7x0w8xzgnw7l8d405w1bcw68t3b74f - - #E - - name: EasyPost API Key - regex: > - EZAK[a-zA-Z0-9]{54} - example: EZAKvZpo6bs0bnqOY3ty0ircwUQQJNK2nhTSL5lF65itLP8OIhQDvOYaBP - - - name: EasyPost test API Key - regex: > - EZTK[a-zA-Z0-9]{54} - example: EZTK47b3UoWmg9DhE7Jif1pw8YnWyNqHwbb1yGHk8IaKYLQP52tbubKhk4 - - - name: Etherscan API Key - regex: > - (etherscan[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Z0-9]{34})['"] - example: > - etherscan-apikey="VOOB4X83RVIL0G9B4GN0CMDB103KYKS2VE" - - - name: Etsy Access Token - regex: > - ([a-z0-9]{24}) - example: d71s4p3clzc2gnlshgxbwpgn - falsePositives: True - - #F - - name: Facebook Access Token - regex: 'EAACEdEose0cBA[0-9A-Za-z]+' - example: EAACEdEose0cBANhYw0IOm0ca1l5wt6AosU7OBvtKHtApURC3sSRIH3VlcCnZBapibvKR9XtiJuiwg5T0U8FLdOl3DF4LMlVp3wCF3N - - - name: Facebook Client ID - regex: ([fF][aA][cC][eE][bB][oO][oO][kK]|[fF][bB])(.{0,20})?['"][0-9]{13,17} - example: > - fACEBOOK-clientID="4507045253731 - - - name: Facebook Oauth - regex: > - [fF][aA][cC][eE][bB][oO][oO][kK].*['|"][0-9a-f]{32}['|"] - example: > - FACEBooK-oauth='ff2a9017d57f3b483d5459187522624c' - - - name: Facebook Secret Key - regex: > - ([fF][aA][cC][eE][bB][oO][oO][kK]|[fF][bB])(.{0,20})?['"][0-9a-f]{32} - example: > - faceBOOk-secret='c0fcb075723dac614f1d01651ec75c79 - - - name: Fastly API Key - regex: > - (fastly[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9=_\-]{32})['"] - caseinsensitive: True - example: > - fastly-apikey="487liqwns3mx2zdfyyun=m6co2s2-s1x" - - - name: Finicity API Key & Client Secret - regex: > - (finicity[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{32}|[a-z0-9]{20})['"] - caseinsensitive: True - example: > - finicity-key="78cf798530fd0c892d863dd0991a6e90" - - - name: Flickr Access Token - regex: > - ([a-z0-9]{32}) - example: 36ce23shl017fi72pdeyz2lf3d9vda9w - falsePositives: True - - - name: Flutterweave Keys - regex: > - FLWPUBK_TEST-[a-hA-H0-9]{32}-X|FLWSECK_TEST-[a-hA-H0-9]{32}-X|FLWSECK_TEST[a-hA-H0-9]{12} - example: > - FLWPUBK_TEST-40672c4BFaHBHe84a9fd2af3e98c7D23-X - - - name: Frame.io API Key - regex: > - fio-u-[a-zA-Z0-9_=\-]{64} - example: > - fio-u-Qq8OTgvWoXvJNK815rMihgunAdKXk9X0n8P_j52CJKtcpww1h1VCZ4UD9Wd4IhMW - - - name: Freshbooks Access Token - regex: > - ([a-z0-9]{64}) - example: bjbv4xvi5g55oqtkdlokxgp3af1bq02ryhsgmhhj9qt7c4hl7t1jvtx0so6y45gd - falsePositives: True - - #G - - name: Github - regex: > - github(.{0,20})?['"][0-9a-zA-Z]{35,40} - example: > - github="5fJnOG7J5g32cudy8X1moNmFmLLt3V5ZQxvE - - #- name: Github App Token, OAuth Access Token, Personal Access Token & Refresh Token - # regex: > - # (ghu|ghs)_[0-9a-zA-Z]{36}|gho_[0-9a-zA-Z]{36}|ghp_[0-9a-zA-Z]{36}|ghr_[0-9a-zA-Z]{76} - - - name: Github App Token - regex: > - (ghu|ghs)_[0-9a-zA-Z]{36} - example: > - ghu_di9hDkVMVGKPN1jjTt9UuTf363LhlmHm9mws - - - name: Github OAuth Access Token - regex: > - gho_[0-9a-zA-Z]{36} - example: > - gho_sfo8CcdMKCREliT5E5siPIp8gHEWeYC4GcQF - - - name: Github Personal Access Token - regex: > - ghp_[0-9a-zA-Z]{36} - example: > - ghp_QwoInpFNt286yfutmm0wAJzg9zbHKpUY8G34 - - - name: Github Refresh Token - regex: > - ghr_[0-9a-zA-Z]{76} - example: > - ghr_T3PPq0D1KnSVY7tERnMgVV5dcDkt0q4lXOuYMdEPpefkROVgJQWYSxEJk4hG1idcLdEu1TR1eWDi - - - name: GitHub Fine-Grained Personal Access Token - regex: > - github_pat_[0-9a-zA-Z_]{82} - example: > - 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 - - - name: Gitlab Personal Access Token - regex: > - glpat-[0-9a-zA-Z\-]{20} - example: > - glpat-RrZBU3rfrA2UahiOH6XQ - - - name: GitLab Pipeline Trigger Token - regex: > - glptt-[0-9a-f]{40} - example: > - glptt-30810ea3eda2611d3500eb3a95dd004fa1965928 - - - name: GitLab Runner Registration Token - regex: > - GR1348941[0-9a-zA-Z_\-]{20} - example: > - GR1348941RzEF5zAQQ0ljjE72T-33 - - - name: Gitter Access Token - regex: > - ([a-z0-9_-]{40}) - example: 9rh0n83z874h767-2-lmwmjq-t63dcsik6yr0awn - falsePositives: True - - - name: GoCardless API Key - regex: > - live_[a-zA-Z0-9_=\-]{40} - example: > - live_tQ-4JaiqLoamdNuNMtwbP52m-HgqyS52gVedEBoC - - - name: GoFile API Key - regex: > - (gofile[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{32})['"] - caseinsensitive: True - example: > - gofile-apikey="Tt3euLPBD4iwHfGRq3pk7CRysWqkk2ge" - - - name: Google API Key - regex: 'AIza[0-9A-Za-z_\-]{35}' - example: > - 'AIzah9OABA-RY7awgoau_C6RRi5R3g3e9d9Q37P' - - - name: Google Cloud Platform API Key - regex: > - (google|gcp|youtube|drive|yt)(.{0,20})?['"][AIza[0-9a-z_\-]{35}]['"] - example: > - google-cloud-apikey='uhldjibyb56zz-Afos3m[wxa-mnp1oAfs6e]' - - - name: Google Drive Oauth - regex: '[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com' - example: 06181489670499612563316814427797547102771400020446857617056-osFKrSfrtmoEl3dSshnlTHDM6rTevnn4.apps.googleusercontent.com - - - name: Google Oauth Access Token - regex: 'ya29\.[0-9A-Za-z_\-]+' - example: ya29.j8lNIMiRgzGa4KQTehLAlBUx441wduUe9vYLQqp - - - name: Google (GCP) Service-account - regex: '"type.+:.+"service_account' - example: > - "type": "service_account" - - - # - name: Google API Key, Drive Oauth, Oauth Access Token, Service Account, Signed storage URLs, Legacy creds and Signed policy documents in HTML - # regex: > - # (AIza[0-9A-Za-z_\-]{35})|([0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com)|(ya29\.[0-9A-Za-z_\-]+)|("type": "service_account")|(storage.googleapis.com.*?Goog-Signature=[a-f0-9]+)|([^{}]*?client_id[^{}]*?client_secret.*)|(
) - - - name: Grafana API Key - regex: > - eyJrIjoi[a-z0-9_=\-]{72,92} - caseinsensitive: True - example: eyJrIjoi-grafana-api-key=-asadcaxcpg319pihinvbs=bm-qhxyoag6ol0hdhjdb7b5tl1dx_uqhl - - - name: Grafana cloud api token - regex: > - glc_[A-Za-z0-9\+/]{32,}={0,2} - example: > - glc_vC2f5kkH7NDcyRd/8I9mSPmKsrpwDpWHCmjxNOjmXLN+AuYmh0y9gA5/X3BD0b5qkBNV7TTwatcJC4mvIq0VEySn2bfnsXQIxtuqaPw/xc3/9PmALD/EHfoR6ebEGgMO1C2lW81Nz6Js94BX5eMDPn/0+WRwMrYnxNxqwJr7yI0Kw0ZfNDC+ROHE7XjcDfRmzUvn7mZoxePoI4aYd0RAUmzbfCs/bwSWzWVuLkc63uNsNApUSMhQG5Vndb/QQGzb79XX+yHuXrLYy= - - - name: Grafana service account token - regex: > - (glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}) - example: glsa_fWkrfIUhX7gYNSQIFWSbnNyR1kAyOiA9_ecd27EAb - - #H - - name: Hashicorp Terraform user/org API Key - regex: > - [a-z0-9]{14}\.atlasv1\.[a-z0-9_=\-]{60,70} - example: > - izk1hawfnui5xc.atlasv1.kxfv6ncrmadace26slc1-sbbaim4yw5k2f2-y4-8wtv_ukr=61-bnatt71551o6qgeo5 - - - name: Heroku API Key - regex: '[hH][eE][rR][oO][kK][uU].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}' - example: > - HeRokU-apikey=WBEA1B3FE-4C62-30C9-B600-45D4382AC0A5 - - - name: Hubspot API Key - regex: > - ['"][a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12}['"] - caseinsensitive: True - example: > - "f69772hb-3d78-c7hd-47eh-9fg423a4beh1" - - #I - - name: Instatus API Key - regex: > - (instatus[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"] - caseinsensitive: True - example: > - instatus-apikey="ux6mmcb4hvbd37ypufm9wtag8c6it8i9" - - - name: Intercom API Key & Client Secret/ID - regex: > - (intercom[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9=_]{60}|[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['"] - caseinsensitive: True - example: > - intercom-apikey='20db6c3a-7e9g-4115-fgga-8e9g9bdb66ga' - - - name: Ionic API Key - regex: > - (ionic[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"](ion_[a-z0-9]{42})['"] - caseinsensitive: True - example: > - ionic-apikey="ion_iftdb2dqw2p4zjrx4ukmd3gyu1j09tisku8krr7ftb" - - #J - - name: Jenkins Creds - regex: > - <[a-zA-Z]*>{[a-zA-Z0-9=+/]*}< - example: > - {zNWoeLK6b/VTY/zjcXLRicWTgygWmieeyS55L5RCaAul9Y3B5hrySZeWIO/u68LMVa0QuvOZoviAAW6Ewlz0Vy9vFgAi8zhzC}< - - - name: JSON Web Token - regex: > - (ey[0-9a-z]{30,34}\.ey[0-9a-z\/_\-]{30,}\.[0-9a-zA-Z\/_\-]{10,}={0,2}) - example: > - ey1j0if36vnu4kd71g19bwm90albqy3ghdpo.ey_-l6_8nramid0tsubb0y4uuf/m7e/wv804gd19bl4r3ddohfiqqfhavbaa9koe_4_34s_4uo70w_gec8t1-jvnqn9qxgdtav_pq_h0km0lh/v51ymqd7s-rd2bx8v0v4zceq4bojrtltxh.LIlpO2lRyoIXqI33jrJ6BNyh_BbGH-nsqjRTABzoOURRhK1NhKtzBmOwRd4Q1pBWAOJC_PyAmTPIxise9MU0zNO6bycbx== - - #K - - - name: Kraken Access Token - regex: > - ([a-z0-9\/=_\+\-]{80,90}) - example: 78v5z=/0wzau+a3hmj2dtw3og5zl64_g-7hy/w8tpa68evvu+2yx73dnhr7xff-p7w0simau/8qlz0p=b - - - name: Kucoin Access Token - regex: > - ([a-f0-9]{24}) - example: 1a74895b3e160591722b5b27 - falsePositives: True - - - name: Kucoin Secret Key - regex: > - ([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) - example: 94a1b7bd-3d95-1358-cfe5-dc139bf0fd38 - - #L - - name: Launchdarkly Access Token - regex: > - ([a-z0-9=_\-]{40}) - example: jqn==s5wkr4ky1=u1wm=rt2rh9y69futftgcztr9 - falsePositives: True - - - name: Linear API Key - regex: > - (lin_api_[a-zA-Z0-9]{40}) - example: > - lin_api_Z0jIN8ST4vHdrVskbfwp2KGiW7IdYwjNGbRKwLP6 - - - name: Linear Client Secret/ID - regex: > - ((linear[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{32})['"]) - example: > - linear-secret="9956feac192dfb52a9ab1ed56b82f9c9" - - - name: LinkedIn Client ID - regex: > - linkedin(.{0,20})?['"][0-9a-z]{12}['"] - example: > - linkedin-clienId = 'cznnp67tejf8' - - - name: LinkedIn Secret Key - regex: > - linkedin(.{0,20})?['"][0-9a-z]{16}['"] - example: > - linkedin-secret-key='ob99z693jsuo7squ' - - - name: Lob API Key - regex: > - ((lob[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]((live|test)_[a-f0-9]{35})['"])|((lob[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]((test|live)_pub_[a-f0-9]{31})['"]) - caseinsensitive: True - example: > - lob-key='live_pub_057b776b74ef015b3dedeef0ad00e75' - - - name: Lob Publishable API Key - regex: > - ((test|live)_pub_[a-f0-9]{31}) - example: live_pub_f85c6881326b1054d35a88edfaeeb5c - - #M - - name: MailboxValidator - regex: > - (mailbox.?validator[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Z0-9]{20})['"] - caseinsensitive: True - example: > - mailboxCvalidator="ZKLAP8XCH2748GFZO5YQ" - - - name: Mailchimp API Key - regex: '[0-9a-f]{32}-us[0-9]{1,2}' - example: > - 1a5576f801fd309054c2a33565a4861a-us0 - - # - name: Mailgun API Key, Public Validation Key & Webhook signing key - # regex: > - # key-[0-9a-zA-Z]{32}'|pubkey-[a-f0-9]{32}|[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8} - - - name: Mailgun API Key - regex: > - key-[0-9a-zA-Z]{32}' - example: > - key-aW3RBFRd70BUjs8RF0kO52mzMT5dumQa' - - - name: Mailgun Public Validation Key - regex: > - pubkey-[a-f0-9]{32} - example: pubkey-520f647b5c0aef421bb2dd609a2f2435 - - - name: Mailgun Webhook signing key - regex: > - [a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8} - example: 332f30ehda61ggg1gc3cd272c1eh275c-d6cadcge-abd44751 - - - name: Mapbox API Key - regex: '(pk\.[a-z0-9]{60}\.[a-z0-9]{22})' - caseinsensitive: True - example: > - pk.5ao0tbtxbbjaqil39ayfv9dufje7756s32htr3k2mk85lmq895g2edwyon6c.e4ivqopwbuulo78o09il94 - - - name: Mattermost Access Token - regex: > - ([a-z0-9]{26}) - example: oiptatdsolk3v3ez1bssf132ob - falsePositives: True - - - name: MessageBird API Key & API client ID - regex: > - (messagebird[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{25}|[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['"] - caseinsensitive: True - example: > - messagebird-clientid='45a929hf-bc4e-0b17-1bae-4hbce55dg348' - - - name: Microsoft Teams Webhook - regex: > - https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12} - example: > - https://ceftexl1bdkycusaze1xpwgss9sh8mjwo63lcx9wps3ii9yp9bxn10wradj81dc4bb42y7htxmbf6rybe12.webhook.office.com/webhookb2/wjph4wcu-5pd2-mzib-gm5k-hn2pxkhrokgx@61jrwbxf-i1aq-gn0f-3jee-ce7i69plt8je/IncomingWebhook/1uc2a14qtejjcradtkofxbmi9d7oasot/5p58k8hx-23qy-pq90-qdql-xgkl746l8hq6 - - - name: MojoAuth API Key - regex: > - [a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} - example: c226c5fc-11d5-9715-82e1-9992fba09ab7 - falsePositives: True - - #N - - name: Netlify Access Token - regex: > - ([a-z0-9=_\-]{40,46}) - example: 981ppppz8if=o5tv61mb4ozxyt=2sgx_-unn2ycpvyffh - falsePositives: True - - - name: New Relic User API Key, User API ID & Ingest Browser API Key - regex: > - (NRAK-[A-Z0-9]{27})|((newrelic[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Z0-9]{64})['"])|(NRJS-[a-f0-9]{19}) - example: > - NRJS-a22f182e458a8b3c1be - - - name: Nownodes - regex: > - (nownodes[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Za-z0-9]{32})['"] - example: > - nownodes="Aj1oaOKzBMQbeJmbDJrQynPdnQZLNVs4" - - - name: Npm Access Token - regex: > - (npm_[a-zA-Z0-9]{36}) - example: npm_4B7WG9aTx3E82k5RVFf75NnZ1a3AgQDSmmVr - - - name: Nytimes Access Token - regex: > - ([a-z0-9=_\-]{32}) - example: knl9e1tk954c5o38urb7yv9nemx6_4n9 - falsePositives: True - - #O - - name: Okta Access Token - regex: > - ([a-z0-9=_\-]{42}) - example: 3hyl=yjq9ctnc4dv44c72_ij93c_0auxzad8ybb4e8 - falsePositives: True - - - name: ORB Intelligence Access Key - regex: > - ['"][a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"] - example: > - '25753e76-3c39-81e8-5d79-dc5d516df5ac' - - #P - - name: Pastebin API Key - regex: > - (pastebin[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"] - caseinsensitive: True - example: > - pastebin-apikey='i7oebqjseaz6ykkiounpy7qsg0dodtvz' - - - name: PayPal Braintree Access Token - regex: > - access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32} - example: > - access_token$production$0ryxj99lrf9du9nd$dd5c8484b79bfe6fc0083d479ade256d - - - name: Picatic API Key - regex: 'sk_live_[0-9a-z]{32}' - example: sk_live_wwo1bqvcv038p28p6t7tjwrd890w6cfy - - - name: Pinata API Key - regex: > - (pinata[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{64})['"] - caseinsensitive: True - example: > - pinata-apikey="0qzrcgwdjf75gqo8k1jmahsx0z9yfhn29r6qrtpbebb8cpxwze1jw87w7rnco5rt" - - - name: Planetscale API Key - regex: > - pscale_tkn_[a-zA-Z0-9_\.\-]{43} - example: > - pscale_tkn_Be8DvVdA-lx5bFT5zSm9dB.j5h9Wf28udxNZzuAUta. - - - name: PlanetScale OAuth token - regex: > - (pscale_oauth_[a-zA-Z0-9_\.\-]{32,64}) - example: > - pscale_oauth_s81e5G44cwgi0l6_6YyRIxRLtXSJcaVB-8UtQ-hU-X_SS75J - - - name: Planetscale Password - regex: > - pscale_pw_[a-zA-Z0-9_\.\-]{43} - example: > - pscale_pw_hjn.wGE5_4QyNi9oTU6zTISo3a6z7KEFYTkRoqftKY9 - - - name: Plaid API Token - regex: > - (access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) - example: access-production-e76e4577-7d49-3798-55dd-ae74fbfbc35c - - - name: Plaid Client ID - regex: > - ([a-z0-9]{24}) - example: kb3rphq68yglgqx9tm4ieggx - falsePositives: True - - - name: Plaid Secret key - regex: > - ([a-z0-9]{30}) - example: nj6e8igjbii8qd1kzg0vceiywemfsy - falsePositives: True - - - name: Prefect API token - regex: > - (pnu_[a-z0-9]{36}) - example: pnu_hcozg01pfx6buqf66jjqlbl1tt28kvm13vya - - - name: Postman API Key - regex: > - PMAK-[a-fA-F0-9]{24}-[a-fA-F0-9]{34} - example: > - PMAK-7C6A2bB463efEF8d475e5fFA-dEBf2BcA21fC3fC2fFcbc9bDD7F490bDbf - - - name: Private Keys - regex: > - \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN OPENSSH PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN PGP PRIVATE KEY BLOCK\-\-\-\-\-|\-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN EC PRIVATE KEY\-\-\-\-\- - example: -----BEGIN PGP PRIVATE KEY BLOCK----- - - - name: Pulumi API Key - regex: > - pul-[a-f0-9]{40} - example: pul-810ee274558b1d4259bad12e69813fe882dc088d - - - name: PyPI upload token - regex: > - pypi-AgEIcHlwaS5vcmc[A-Za-z0-9_\-]{50,} - example: pypi-AgEIcHlwaS5vcmcMSAFV3tdkC4E3igwL3BBXYihtA9DksF308NrGABBCUo5XUqOrRwHr6wlGdBtV7sdbF9rYRz_K4sestJOyVhDUmGe7sAlXq7IWa2U8wPA5dxzGyoBOOq71P53rgGUvI-OG4VXe8qauHENTvW2H-bHS3jvBP3AKWAi3ux3qxl4oyp7752I8sF3Ho6YA6yIwQLBGWk_tQueTkxSVSTqfDUmbDd87AZXWLG1q5YCPS1vxU5CAr-2iQMp3B94c7wVkbO1gt3HGPMZhk8BFQF0k24PigC4q4ZUP917XJsC9GOfdJkZxoBOtjf8df2xJyriDxNlD3Xd4g5ugEkwg-isiulEMHJSl89WJbGcXWmdUJIPAfmcI6QjaoYEemlEkRxHlOWa_tavMHnARKCkLq2XAB65WpKipsD3WlqPw2A8ekc131ok2psVtFnxE6RFmYB2QacVa1ZQ8bd8Z5V5InAEDA7cBkhcaBFhgcfJRr0YBUmUB2BpZFimgOn3gewiBNU_NRPSK0v319k7CQI57gzyU9BajW3vVte8RKorviV94fytNx-epCP - - #Q - - name: Quip API Key - regex: > - (quip[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{15}=\|[0-9]{10}\|[a-zA-Z0-9\/+]{43}=)['"] - caseinsensitive: True - example: > - quip-apikey= "ynkkxF8S9sm67Z8=|8554544522|S2Ortt+EcWPwdb0gi8c/XWXXAX30nIJH7pdygqsMnXp=' - - #R - - name: RapidAPI Access Token - regex: > - ([a-z0-9_-]{50}) - example: jle6dmk-8n2s8sexr4_8_1iqqeoflouzbt1re4871iiwa3w0bi - falsePositives: True - - - name: Rubygem API Key - regex: > - rubygems_[a-f0-9]{48} - example: rubygems_f59b6a3470ed9e76f6ea9c9cd7b3b8543fb7c386c626f92c - - - name: Readme API token - regex: > - rdme_[a-z0-9]{70} - example: rdme_k50cmrdy4vuysoe6gtuwgajs58em0bobohk747mf5lgtjw477nvllkz37tedjqok362xaf - - #S - - name: Sendbird Access ID - regex: > - ([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) - example: 99525f82-5f75-cc96-dd2a-f5ae9fb78002 - - - name: Sendbird Access Token - regex: > - ([a-f0-9]{40}) - example: d214692636fda359cb7cd3d752a03c9785e9a18c - falsePositives: True - - - name: Sendgrid API Key - regex: > - SG\.[a-zA-Z0-9_\.\-]{66} - example: SG.SAOyez.icLIwv1UnBSGxw0jnMLlwAO65yHWh4uwL_jc6tmPf4kI1B08YvnWx0XpJGX - - - name: Sendinblue API Key - regex: > - xkeysib-[a-f0-9]{64}-[a-zA-Z0-9]{16} - example: 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 - - - name: Sentry Access Token - regex: > - ([a-f0-9]{64}) - example: 03f0995a9ac969aa0325da15b006865031733e421fa0594c8025d6321793d5af - falsePositives: True - - - name: Shippo API Key, Access Token, Custom Access Token, Private App Access Token & Shared Secret - regex: > - shippo_(live|test)_[a-f0-9]{40}|shpat_[a-fA-F0-9]{32}|shpca_[a-fA-F0-9]{32}|shppa_[a-fA-F0-9]{32}|shpss_[a-fA-F0-9]{32} - example: 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 - - - name: Sidekiq Secret - regex: > - ([a-f0-9]{8}:[a-f0-9]{8}) - example: aa6971d0:acbd1cdf - - - name: Sidekiq Sensitive URL - regex: > - ([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com) - example: > - 8ffd9ff3:69359946@enterprisebcontribsysrcom - - - name: Slack Token - regex: 'xox[baprs]-([0-9a-zA-Z]{10,48})?' - example: > - xoxr-D4tmaOXPgFU8b9b5fdLEinAI - - - name: Slack Webhook #Not interesting - regex: 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{10}/B[a-zA-Z0-9_]{10}/[a-zA-Z0-9_]{24}' - example: > - https://hooks~slack4com/services/TT2AyZS32eh/BgMtxMkFcGT/lgXCUInK2hgMgs2VIoDrYBbK - - - name: Smarksheel API Key - regex: > - (smartsheet[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{26})['"] - caseinsensitive: True - example: > - smartsheet-apikey='2dqi66zfexrmtmgo6fwbpwr4dk' - - - name: Square Access Token - regex: 'sqOatp-[0-9A-Za-z_\-]{22}' - example: > - sqOatp-QzdbHA0Vb5xMWSzlJZq0G3 - - - name: Square API Key - regex: > - EAAAE[a-zA-Z0-9_-]{59} - example: EAAAEN71jw35eKEfh8Tuduzbjf2WDl1p3Jt9MtDLL4A0w2GMa7zliU1mI-DouJML - - - name: Square Oauth Secret - regex: 'sq0csp-[ 0-9A-Za-z_\-]{43}' - example: > - sq0csp-6NsAS fw9NQQ6nnOMzqHt-JJEDHIxuBSFjoU37VqTda - - - name: Stytch API Key - regex: 'secret-.*-[a-zA-Z0-9_=\-]{36}' - example: > - secret-2&5="]g`/7%1!fM|+nw*T:>QQZsZEe-IRtV|w - (sk|pk)_(test|live)_[0-9a-z]{10,32}|k_live_[0-9a-zA-Z]{24} - caseinsensitive: True - example: > - sk_test_t9abh3jbt4h54uscv00xbvj - - - name: SumoLogic Access ID - regex: > - ([a-z0-9]{14}) - example: 96c2p2dkmot543 - falsePositives: True - - - name: SumoLogic Access Token - regex: > - ([a-z0-9]{64}) - example: elnz883f0nr0bq2w4iwmubu1nzxoy9vl76230yiz88latw21ci5e5vlo0npoznq7 - falsePositives: True - - #T - - name: Telegram Bot API Token - regex: > - [0-9]+:AA[0-9A-Za-z\\-_]{33} - example: > - 45319947787793085566872946499104659857938160004516372140868611:AA7HRqPqHBc]rgeV73I2^Vy2^]gn2Zqag5E - - - name: Travis CI Access Token - regex: > - ([a-z0-9]{22}) - example: yil7rjygrps8n92ume8eie - falsePositives: True - - - name: Trello API Key - regex: > - (trello[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-z]{32})['"] - example: > - trellop-apikey='fefv0v1t1u0kcu27aghl6x7rkgh22o9j' - - - name: Twilio API Key - regex: 'SK[0-9a-fA-F]{32}' - example: SK7dAbbd7E729f7B15aBf2E23936dB1f1E - - - name: Twitch API Key - regex: > - (twitch[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{30})['"] - example: > - twitch-apikey='m1apxmp9wx0zho75dqepftliue4lki' - - - name: Twitter Client ID - regex: > - [tT][wW][iI][tT][tT][eE][rR](.{0,20})?['"][0-9a-z]{18,25} - example: > - twITter"8dbvxacfwy156oy7bju - - - name: Twitter Bearer Token - regex: > - (A{22}[a-zA-Z0-9%]{80,100}) - example: AAAAAAAAAAAAAAAAAAAAAAsrIRuumqNo14xDR667rmftkzr3Wf2l7RjZaDkn8dNPoW6AZ7SLNEkY3DUwlcadFYI9TGeY0fhJfQ85kM5lt5X3vm%BpAOe2E5Hm - - - name: Twitter Oauth - regex: > - [tT][wW][iI][tT][tT][eE][rR].{0,30}['"\\s][0-9a-zA-Z]{35,44}['"\\s] - example: > - TwittER%bwO{:ApFxi(vPdsWfKrJSJzDvq9k23tIrYmpLi1iKJTaSjLuYd22L' - - - name: Twitter Secret Key - regex: > - [tT][wW][iI][tT][tT][eE][rR](.{0,20})?['"][0-9a-z]{35,44} - example: > - TWiTTer'lv93m7sakl98b0b42cn3vka3zc2952oicl4w - - - name: Typeform API Key - regex: > - tfp_[a-z0-9_\.=\-]{59} - example: > - tfp_k-hu0c.._s1of67nozvagd2j-i09w6x.r-jsj_qd2wnqanobjz.ln=d3d1f - - #U - - name: URLScan API Key - regex: > - ['"][a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"] - example: > - "96d6faf6-2e24-2c35-0538-390a7f3a9961" - - - name: Vault Token #False + - regex: '[sb]\.[a-zA-Z0-9]{24}' - example: 'b.fw94cMfbUwIUqTi6JgZACqcL' - falsePositives: true - - #Y - - name: Yandex Access Token - regex: > - (t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}) - example: t1.yandex-access-token=.dlYbt__bUqHydFrwsu9ZwyaXntQILjfpFiwqYAaOsjiwA1WCyR-CNuYIWb2_7Elc8nXTfRVK8018V9cxpEWzte - - - name: Yandex API Key - regex: > - (AQVN[A-Za-z0-9_\-]{35,38}) - example: AQVNpkr5yIKylWh-Edv4XCokHgnTIp3f2PQTXWJ - - - name: Yandex AWS Access Token - regex: > - (YC[a-zA-Z0-9_\-]{38}) - example: YCeKYhqk9alQFHsIvTkb6_0lciJm0ZkEmaaKM2ml - - #W - - name: Web3 API Key - regex: > - (web3[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Za-z0-9_=\-]+\.[A-Za-z0-9_=\-]+\.?[A-Za-z0-9_.+/=\-]*)['"] - caseinsensitive: True - example: > - web3-apikey='_WfF7x3Cey.NMZS4K6MDz7ONmYT9iEqn2MiqenLs0o69VIc18GYOqfhpDp-OQcqFj9mtfo0InxQCQeCD1Rhjo4esJoQlNRfsrtiweSfHCM17Ir.RPigbHjYLwNTSgsp_0QhqIO7z0+YkXOS7w==uwx-eDPuj7nDSwxIUFPkyw4QIhg5YNZMkncDx1_i0/OQ/GJ' - - #Z - - name: Zendesk Secret Key - regex: > - ([a-z0-9]{40}) - example: kwyilgkkvb2bi6m2xqyh5snuikuawgbd9h2tdgn6 - falsePositives: True - - - # Misc - - name: Misc - regexes: - - name: Generic API Key - regex: > - ((key|api|token|secret|password)[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-zA-Z_=\-]{8,64})['"] - example: > - secret-key="FLdz-Wt1CQYcl9EywqaeZ2_IL65oH5HwL7jUWpdFucN" - falsePositives: True - - - name: Generic Secret - regex: > - [sS][eE][cC][rR][eE][tT].*['"][0-9a-zA-Z]{32,45}['"] - example: > - sECret = "aso3pje4ghu4gbf3rgu3gr3rg34gdiwubeyfvwDEf6ed" - - # Disable in winpeas because of RegexDoS (for some reason) - - name: Basic Auth - regex: > - //(.+):(.+)@ - example: > - //UserName237.e4r3%:Compl3x&/Password1763@domain.com - - - name: PHP Passwords - regex: > - (pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass|pass').*[=:].+|define ?\('(\w*pass|\w*pwd|\w*user|\w*datab) - example: > - dbpass = "asdasd" - - - name: Config Secrets - regex: > - passwd.*|creden.*|^kind:[^a-zA-Z0-9_]?Secret|[^a-zA-Z0-9_]env:|secret:|secretName:|^kind:[^a-zA-Z0-9_]?EncryptionConfiguration|\-\-encryption\-provider\-config - example: " secret: 'lala'" - - - name: Simple Passwords - regex: > - passw.*[=:].+ - example: > - passw='sz&v5u.}WJV>v' - - - name: Generiac API tokens search - regex: > - (access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key| - amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret| - api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret| - application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket| - aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password| - bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key| - bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver| - cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret| - client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password| - cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|conn.login| - connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test| - datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password| - digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd| - docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid| - dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password| - env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .,<\-]{0,25}(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-zA-Z_=\-]{8,64})['"] - example: > - aws_token='-A1nivVI1TSm_e4Og2akP_3vI9FxGj' - - name: Usernames - regex: > - username.*[=:].+ - example: > - usernameF~K\68*X[:Pz("\`*BAZn4de%I1P8Lce`pIh)EJ9Og[*;Xy+*!xc4#|f%GpE8TN2AjEl>A>9&6(C[=;42X6%zhifQvai%G*IB^tm{%b&E#(>m'<}!\(qehQwy&*K{HM{m_sj - - - name: Net user add - regex: > - net user .+ /add - example: > - net user UserNamer234234 passwordIg]N:X0,07GOY/wO}]P1Xy] /add - - - name: IPs - regex: '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' - example: '251.093.15.235' - falsePositives: True - - - name: Emails # Too many false positives - regex: '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}' - example: 'example_email@sub.domain.com' - falsePositives: True +This is a placeholder. +To fill this yaml execute one of the scripts download_regexes.py or download_regexes.ps1 \ No newline at end of file