diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..6d31942 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +## 2023-12-22 +### Added +- Added signatures for: + - Alibaba + - Akamai \ No newline at end of file diff --git a/signatures/tokens_and_credentials/akamai.yaml b/signatures/tokens_and_credentials/akamai.yaml new file mode 100644 index 0000000..683fa36 --- /dev/null +++ b/signatures/tokens_and_credentials/akamai.yaml @@ -0,0 +1,51 @@ +--- +filename: akamai.yaml +signatures: + + - name: Akamai API Access Tokens + status: enabled + author: PaperMtn + date: "2023-12-22" + description: Detects exposed Akamai API Access tokens + severity: "90" + notes: + references: + watchman_apps: + slack_std: + category: secrets + scope: + - messages + file_types: + search_strings: + - akab- + slack_eg: + scope: + - messages + - drafts + file_types: + locations: + - public + - private + - connect + search_strings: + - akab- + gitlab: + scope: + - blobs + - commits + - milestones + - wiki_blobs + - issues + - merge_requests + - notes + - snippet_titles + search_strings: + - akab- -(svg|png|jpeg) + test_cases: + match_cases: + - "client_token: akab-rWdcwwASNbe9fcGk-00qwecOueticOXxA" + fail_cases: + - "host: akab-fakehost.akamaiapis.net" + patterns: + - "akab-[0-9a-zA-Z]{16}-[0-9a-zA-Z]{16}" + diff --git a/signatures/tokens_and_credentials/alibaba.yaml b/signatures/tokens_and_credentials/alibaba.yaml new file mode 100644 index 0000000..b74d737 --- /dev/null +++ b/signatures/tokens_and_credentials/alibaba.yaml @@ -0,0 +1,95 @@ +--- +filename: alibaba.yaml +signatures: + - name: Alibaba IAM Access Key ID + status: enabled + author: PaperMtn + date: 2023-12-22 + description: Detects exposed Alibaba IAM access key IDs + severity: "50" + notes: null + references: null + watchman_apps: + slack_std: + category: secrets + scope: + - messages + file_types: null + search_strings: + - LTAI + slack_eg: + scope: + - messages + - drafts + file_types: null + locations: + - public + - private + - connect + search_strings: + - LTAI + gitlab: + scope: + - blobs + - commits + - milestones + - wiki_blobs + - issues + - merge_requests + - notes + - snippet_titles + search_strings: + - LTAI -(svg|png|jpeg) + test_cases: + match_cases: + - accessKeyId=LTAIAAAZ5BhleEv7 + fail_cases: + - accessKeyId=LAAIAAAZ5BhleEv7 + patterns: + - LTAI[0-9a-zA-Z]{12,20} + - name: Alibaba IAM Secret Access Key + status: enabled + author: PaperMtn + date: 2023-12-22 + description: Detects exposed Alibaba IAM secret access key + severity: "90" + notes: null + references: null + watchman_apps: + slack_std: + category: secrets + scope: + - messages + file_types: null + search_strings: + - LTAI + slack_eg: + scope: + - messages + - drafts + file_types: null + locations: + - public + - private + - connect + search_strings: + - LTAI + gitlab: + scope: + - blobs + - commits + - milestones + - wiki_blobs + - issues + - merge_requests + - notes + - snippet_titles + search_strings: + - LTAI -(svg|png|jpeg) + test_cases: + match_cases: + - $accessKeySecret = "6pbpC5bqTJ6aATHAd5434dq13XaEe7"; + fail_cases: + - accessKeyId=LAAIAAAZ5BhleEv7 + patterns: + - "[\\W\\s]{1}([0-9a-zA-Z]{30,48})[\\W\\s]{1}"