Merge pull request #90 from PabloLec/main

Add common SSH public key formats

fixtures/file

@@ -1,42 +1,46 @@
-#! python3
-0x52908400098527886E0F7030069857D2E4169EE7
-DANHz6EQVoWyZ9rER56DwTXHWUxfkv9k2o
-print("hello)
-
-thm{"Can you guess what this is, now?"}
-THM{this is a flag}
-0x52908400098527886E0F7030069857D2E4169EE730000000000004
-0x52908400098527886E0F7030069857D2E4169EE7
-@pytest.mark.skip(reason="Fails Regex due to http://")
-"1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY"
-16ftSEQ4ctQFDtVZiUBusQUjRrGhM3JYwe
-4462030000000000
-thm{"uh hello?"}
-001-01-0001
-flag{"helo jenny dwi'n gwybod eich bod chi'n darllen hwn diolch am fod yn ffrind i mi "}
-340000000000009
-30569309025904
-http://10.1.1.1
-https://www.youtube.com/watch?v=ScOAntcCa78
-adsadasdasdhttps://www.youtube.com/watch?v=trj15fjXWDwasdasdasd
-6011000000000004
-htb{4111111111111111}
-3000 0000 0000 04
-5500000000000004
-
-james:S3cr37_P@$$W0rd
-ScOAntcCa78
-<h1> hello </h2>
-127.0.0.1
-github@skerritt.blog
-
-Access-Control-Allow-Headers: *
-
-47DF8D9NwtmefhFUghynYRMqrexiZTsm48T1hhi2jZcbfcwoPbkhMrrED6zqJRfeYpXFfdaqAT3jnBEwoMwCx6BYDJ1W3ub
-LRX8rSPVjifTxoLeoJtLf2JYdJFTQFcE7m
-bitcoincash:qzlg6uvceehgzgtz6phmvy8gtdqyt6vf359at4n3lq
-rBPAQmwMrt7FDDPNyjwFgwSqbWZPf6SLkk
-2001:0db8:85a3:0000:0000:8a2e:0370:7334
-
-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
-+91 (385) 985 2821
+#! python3
+0x52908400098527886E0F7030069857D2E4169EE7
+DANHz6EQVoWyZ9rER56DwTXHWUxfkv9k2o
+print("hello)
+
+thm{"Can you guess what this is, now?"}
+THM{this is a flag}
+0x52908400098527886E0F7030069857D2E4169EE730000000000004
+0x52908400098527886E0F7030069857D2E4169EE7
+@pytest.mark.skip(reason="Fails Regex due to http://")
+"1KFHE7w8BhaENAswwryaoccDb6qcT6DbYY"
+16ftSEQ4ctQFDtVZiUBusQUjRrGhM3JYwe
+4462030000000000
+thm{"uh hello?"}
+001-01-0001
+flag{"helo jenny dwi'n gwybod eich bod chi'n darllen hwn diolch am fod yn ffrind i mi "}
+340000000000009
+30569309025904
+http://10.1.1.1
+https://www.youtube.com/watch?v=ScOAntcCa78
+adsadasdasdhttps://www.youtube.com/watch?v=trj15fjXWDwasdasdasd
+6011000000000004
+htb{4111111111111111}
+3000 0000 0000 04
+5500000000000004
+
+james:S3cr37_P@$$W0rd
+ScOAntcCa78
+<h1> hello </h2>
+127.0.0.1
+github@skerritt.blog
+
+Access-Control-Allow-Headers: *
+
+47DF8D9NwtmefhFUghynYRMqrexiZTsm48T1hhi2jZcbfcwoPbkhMrrED6zqJRfeYpXFfdaqAT3jnBEwoMwCx6BYDJ1W3ub
+LRX8rSPVjifTxoLeoJtLf2JYdJFTQFcE7m
+bitcoincash:qzlg6uvceehgzgtz6phmvy8gtdqyt6vf359at4n3lq
+rBPAQmwMrt7FDDPNyjwFgwSqbWZPf6SLkk
+2001:0db8:85a3:0000:0000:8a2e:0370:7334
+
+eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
++91 (385) 985 2821
+
+ssh-rsa AAAAB3NzaC1tc2EAAAADAQABAAACAQDrnjkGtf3iA46rtwsvRiscvMTCw30l5Mmln/sf8Wohg4RPc7nuIx3/fB86K9jzBNoQk6Fb00p2cSW0dX6c3OTL5R5Q0rBjOFy6GV07MkS7rXa7WYh4ObxBh+M+LEzxVIw29anzQFZkR0TAf6x2rBoErK7JYU4fyqFBDFupTt3coQDPEEmVwtLLUCEnJrurbbnJKcWJ+/FbItLxYyMLPl8TwEn0iqiJ97onCU2DuBtiYv3hp1WoEH08b5WDF0F04zEPRdJT+WisxlEFRgaj51o2BtjOC+D2qZQDb4LHaAfJ0WcO4nu7YocdlcLp2JPfXKKgu9P5J8UDsmXbR3KCJ1oddFa2R6TbHc6d2hKyG4amBzMX5ltxXu7D6FLPZlFqua8YooY7A2zwIVirOUH/cfx+5O9o0CtspkNmj/iYzN0FPaOpELncWsuauy9hrGql/1cF4SUr20zHFoBoDQUtmvmBnWnKoGfpWXzuda449FVtmcrEjvBzCvCb3RStu0BbyOOybJagbKif3MkcYVO10pRbTveIUwgCD6F3ypD11XztoPNsgScmjme0sj/KWWNLyQkLWtpJEQ4k46745NAC5g+nP28TR2JM8doeqsxA8JovQkLWwDcR+WYZu2z/I8dfhOmalnoMRTJ2NzWDc0OSkKGYWjexR4fN6lAKCUOUptl9Nw== r00t@my-random_host
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCE9Uli8bGnD4hOWdeo5KKQJ/P/vOazI4MgqJK54w37emP2JwOAOdMmXuwpxbKng3KZz27mz+nKWIlXJ3rzSGMo= r00t@my-random_host
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0wmN/Cr3JXqmLW7u+g9pTh+wyqDHpSQEIQczXkVx9q r00t@my-random_host

pywhat/Data/regex.json

@@ -1,4 +1,40 @@
 [
+    {
+      "Name": "SSH RSA Public Key",
+      "Regex": "ssh-rsa [A-Za-z0-9+\/=]+ [^ \n]+",
+      "plural_name": false,
+      "Description": null,
+      "Rarity": 1,
+      "URL": null,
+      "Tags": [
+         "Credentials",
+         "Cyber Security"
+       ]
+    },
+    {
+      "Name": "SSH ECDSA Public Key",
+      "Regex": "ecdsa-sha2-nistp[0-9]{3} [A-Za-z0-9+\/=]+ [^ \n]+",
+      "plural_name": false,
+      "Description": null,
+      "Rarity": 1,
+      "URL": null,
+      "Tags": [
+         "Credentials",
+         "Cyber Security"
+       ]
+    },
+    {
+      "Name": "SSH ED25519 Public Key",
+      "Regex": "ssh-ed25519 [A-Za-z0-9+\/=]+ [^ \n]+",
+      "plural_name": false,
+      "Description": null,
+      "Rarity": 1,
+      "URL": null,
+      "Tags": [
+         "Credentials",
+         "Cyber Security"
+       ]
+    },
     {
        "Name": "Ethereum (ETH) Wallet Address",
        "Regex": "(?i)^0x[a-f0-9]{40}$",

tests/test_click.py

@@ -454,3 +454,21 @@ def test_only_text():
     result = runner.invoke(main, ["-o", "fixtures/file"])
     assert result.exit_code == 0
     assert "Nothing found" in result.output
+
+def test_ssh_rsa_key():
+    runner = CliRunner()
+    result = runner.invoke(main, ["fixtures/file"])
+    assert result.exit_code == 0
+    assert re.findall("SSH RSA", str(result.output))
+
+def test_ssh_ecdsa_key():
+    runner = CliRunner()
+    result = runner.invoke(main, ["fixtures/file"])
+    assert result.exit_code == 0
+    assert re.findall("SSH ECDSA", str(result.output))
+
+def test_ssh_ed25519_key():
+    runner = CliRunner()
+    result = runner.invoke(main, ["fixtures/file"])
+    assert result.exit_code == 0
+    assert re.findall("SSH ED25519", str(result.output))

tests/test_regex_identifier.py

@@ -389,3 +389,30 @@ def test_arn4():
     r = regex_identifier.RegexIdentifier()
     res = r.check(["arn:aws:s3:::my_corporate_bucket/Development/*"])
     assert "ARN" in str(res)
+
+def test_ssh_rsa_key():
+    r = regex_identifier.RegexIdentifier()
+    res = r.check(
+        [
+            "ssh-rsa AAAAB3NzaC1tc2EAAAADAQABAAACAQDrnjkGtf3iA46rtwsvRiscvMTCw30l5Mmln/sf8Wohg4RPc7nuIx3/fB86K9jzBNoQk6Fb00p2cSW0dX6c3OTL5R5Q0rBjOFy6GV07MkS7rXa7WYh4ObxBh+M+LEzxVIw29anzQFZkR0TAf6x2rBoErK7JYU4fyqFBDFupTt3coQDPEEmVwtLLUCEnJrurbbnJKcWJ+/FbItLxYyMLPl8TwEn0iqiJ97onCU2DuBtiYv3hp1WoEH08b5WDF0F04zEPRdJT+WisxlEFRgaj51o2BtjOC+D2qZQDb4LHaAfJ0WcO4nu7YocdlcLp2JPfXKKgu9P5J8UDsmXbR3KCJ1oddFa2R6TbHc6d2hKyG4amBzMX5ltxXu7D6FLPZlFqua8YooY7A2zwIVirOUH/cfx+5O9o0CtspkNmj/iYzN0FPaOpELncWsuauy9hrGql/1cF4SUr20zHFoBoDQUtmvmBnWnKoGfpWXzuda449FVtmcrEjvBzCvCb3RStu0BbyOOybJagbKif3MkcYVO10pRbTveIUwgCD6F3ypD11XztoPNsgScmjme0sj/KWWNLyQkLWtpJEQ4k46745NAC5g+nP28TR2JM8doeqsxA8JovQkLWwDcR+WYZu2z/I8dfhOmalnoMRTJ2NzWDc0OSkKGYWjexR4fN6lAKCUOUptl9Nw== r00t@my-random_host"
+        ]
+    )
+    assert "SSH RSA" in str(res)
+
+def test_ssh_ecdsa_key():
+    r = regex_identifier.RegexIdentifier()
+    res = r.check(
+        [
+            "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCE9Uli8bGnD4hOWdeo5KKQJ/P/vOazI4MgqJK54w37emP2JwOAOdMmXuwpxbKng3KZz27mz+nKWIlXJ3rzSGMo= r00t@my-random_host"
+        ]
+    )
+    assert "SSH ECDSA" in str(res)
+
+def test_ssh_ed25519_key():
+    r = regex_identifier.RegexIdentifier()
+    res = r.check(
+        [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0wmN/Cr3JXqmLW7u+g9pTh+wyqDHpSQEIQczXkVx9q r00t@my-random_host"
+        ]
+    )
+    assert "SSH ED25519" in str(res)