diff --git a/go.mod b/go.mod index c68a16e..e9037b2 100644 --- a/go.mod +++ b/go.mod @@ -65,7 +65,7 @@ require ( github.com/projectdiscovery/gologger v1.1.12 github.com/projectdiscovery/katana v1.0.6-0.20240313185050-24c31f49c050 github.com/projectdiscovery/naabu/v2 v2.3.0 - github.com/projectdiscovery/nuclei/v3 v3.2.1 + github.com/projectdiscovery/nuclei/v3 v3.2.2 github.com/projectdiscovery/retryabledns v1.0.58 github.com/samber/lo v1.39.0 github.com/sergi/go-diff v1.3.1 diff --git a/go.sum b/go.sum index 7d3f933..ef792f8 100644 --- a/go.sum +++ b/go.sum @@ -1027,6 +1027,8 @@ github.com/projectdiscovery/networkpolicy v0.0.8 h1:XvfBaBwSDNTesSfNQP9VLk3HX9I7 github.com/projectdiscovery/networkpolicy v0.0.8/go.mod h1:xnjNqhemxUPxU+UD5Jgsc3+K8IVmcqT1SJeo6UzMtkI= github.com/projectdiscovery/nuclei/v3 v3.2.1 h1:p4Cg1i/rFysMeXnYBY28s6AWb1eZj6pXkWTNREFcaPA= github.com/projectdiscovery/nuclei/v3 v3.2.1/go.mod h1:LkKLQeiQRavbZAnpDCP1LWOC7854OmNwRn2Z+YwH/ME= +github.com/projectdiscovery/nuclei/v3 v3.2.2 h1:bCa0pW2EKVHxdx+2kKMJOlGftPzH0JCSrt1a0oh6H60= +github.com/projectdiscovery/nuclei/v3 v3.2.2/go.mod h1:LkKLQeiQRavbZAnpDCP1LWOC7854OmNwRn2Z+YwH/ME= github.com/projectdiscovery/ratelimit v0.0.33 h1:MT8Oa0VVBBI5w6ZMUJCIIQkjdTVNbzhGRDMrNqV1BQ4= github.com/projectdiscovery/ratelimit v0.0.33/go.mod h1:Mdbm5Olxd0zddUO3Khy330H1Ei7377/DFIuY9nRZuGM= github.com/projectdiscovery/rawhttp v0.1.41 h1:0n6CohOf0Aq7dsXv+ozznhlYr4ANDKLwvPmdzTet3qU= diff --git a/scan/gadget/sensitive/error.go b/scan/gadget/sensitive/error.go index ef47f58..fe0cea9 100644 --- a/scan/gadget/sensitive/error.go +++ b/scan/gadget/sensitive/error.go @@ -65,6 +65,24 @@ var errors = []ErrorMessage{ var seenRequests sync.Map // 这里主要是为了一些返回包检测类的判断是否识别过,减小开销,扫描类内部会判断是否扫描过 +type Regexp struct { + Re *regexp.Regexp + Msg ErrorMessage +} + +var errorCompiled map[string]*Regexp + +func init() { + // 只编译一次编译正则 + errorCompiled = make(map[string]*Regexp, len(errors)) + for _, errorMsg := range errors { + errorCompiled[errorMsg.Text] = &Regexp{ + Re: regexp.MustCompile(errorMsg.Text), + Msg: errorMsg, + } + } +} + func PageErrorMessageCheck(url, req, body string) []ErrorMessage { // 因为放到了 httpx.Request 中,所以会有很多重复,这里检验一下 url 是否已经检测过了 if _, ok := seenRequests.Load(url); ok { @@ -73,18 +91,18 @@ func PageErrorMessageCheck(url, req, body string) []ErrorMessage { seenRequests.Store(url, true) var results []ErrorMessage - for _, errorMsg := range errors { - re := regexp.MustCompile(errorMsg.Text) + for _, errorMsg := range errorCompiled { + re := errorMsg.Re result := re.FindString(body) if result != "" { // org.springframework.web.HttpRequestMethodNotSupportedException 这种也会匹配到,java 这样的会误报混淆 - if "([A-Za-z]+[.])+[A-Za-z]*Exception: " == errorMsg.Text && strings.Contains(body, ".java") { + if "([A-Za-z]+[.])+[A-Za-z]*Exception: " == errorMsg.Msg.Text && strings.Contains(body, ".java") { continue } results = append(results, ErrorMessage{ Text: result, - Type: errorMsg.Type, + Type: errorMsg.Msg.Type, }) output.OutChannel <- output.VulMessage{ @@ -92,7 +110,7 @@ func PageErrorMessageCheck(url, req, body string) []ErrorMessage { Plugin: "Sensitive error", VulnData: output.VulnData{ CreateTime: time.Now().Format("2006-01-02 15:04:05"), - VulnType: errorMsg.Text, + VulnType: errorMsg.Msg.Text, Target: url, Payload: result, Request: req, @@ -100,7 +118,7 @@ func PageErrorMessageCheck(url, req, body string) []ErrorMessage { }, Level: output.Low, } - logging.Logger.Infoln("[Sensitive]", url, errorMsg.Type, result) + logging.Logger.Infoln("[Sensitive]", url, errorMsg.Msg.Type, result) } } diff --git a/scan/gadget/sensitive/key.go b/scan/gadget/sensitive/key.go index ff5190a..3bce473 100644 --- a/scan/gadget/sensitive/key.go +++ b/scan/gadget/sensitive/key.go @@ -17,7 +17,7 @@ import ( @desc: 提取 https://github.com/projectdiscovery/nuclei-templates/tree/main/file/keys 中的规则 **/ -//go:embed rules/* +//go:embed keys/* var ruleFiles embed.FS var rules []templates.Template diff --git a/scan/gadget/sensitive/keys/adafruit-key.yaml b/scan/gadget/sensitive/keys/adafruit-key.yaml new file mode 100644 index 0000000..f80ffce --- /dev/null +++ b/scan/gadget/sensitive/keys/adafruit-key.yaml @@ -0,0 +1,23 @@ +id: adafruit-key + +info: + name: Adafruit API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.go + metadata: + verified: true + tags: adafruit,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100e18e66c25918d1d8e980ab39a1d206e65dc34ef8b6ae0e043c87d34f0496d4260220651cd87fb75b897e27766f354e0711534ef67b6f368885d00fbf79ed44ed72a7:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/adobe/adobe-client.yaml b/scan/gadget/sensitive/keys/adobe/adobe-client.yaml new file mode 100644 index 0000000..ffbc008 --- /dev/null +++ b/scan/gadget/sensitive/keys/adobe/adobe-client.yaml @@ -0,0 +1,23 @@ +id: adobe-client + +info: + name: Adobe Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.go + metadata: + verified: true + tags: keys,file,adobe,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a00463044022007eda94aded10055c992548f92f163ce142cfa63312df87ab1913d55655c84a402205cfb63b7803c40be56e370f98a2541ef20c37455b0b0f136a5c19164ee802429:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/adobe-secret.yaml b/scan/gadget/sensitive/keys/adobe/adobe-secret.yaml similarity index 65% rename from scan/gadget/sensitive/rules/adobe-secret.yaml rename to scan/gadget/sensitive/keys/adobe/adobe-secret.yaml index 3506378..800e1ed 100644 --- a/scan/gadget/sensitive/rules/adobe-secret.yaml +++ b/scan/gadget/sensitive/keys/adobe/adobe-secret.yaml @@ -10,8 +10,8 @@ info: - https://developer.adobe.com/developer-console/docs/guides/authentication/OAuthIntegration/ - https://developer.adobe.com/developer-console/docs/guides/authentication/OAuth/ metadata: - verified: "true" - tags: adobe,oauth,file,token + verified: true + tags: file,keys,adobe,oauth,token file: - extensions: @@ -21,4 +21,5 @@ file: - type: regex part: body regex: - - '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)' \ No newline at end of file + - '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)' +# digest: 4a0a00473045022100fbb2a00c904fe46b3138bc5a79cd5d3e108bf9a7ce64db4d82a47a40b4edfc7e022036f0b1d84e6bbde773bd90b9021e8202465c54346d9f1436af84e622a119114a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/age/age-identity-secret-key.yaml b/scan/gadget/sensitive/keys/age/age-identity-secret-key.yaml similarity index 63% rename from scan/gadget/sensitive/rules/age/age-identity-secret-key.yaml rename to scan/gadget/sensitive/keys/age/age-identity-secret-key.yaml index 60d5d67..8dba489 100644 --- a/scan/gadget/sensitive/rules/age/age-identity-secret-key.yaml +++ b/scan/gadget/sensitive/keys/age/age-identity-secret-key.yaml @@ -9,8 +9,8 @@ info: - https://github.com/FiloSottile/age/blob/main/doc/age.1.html - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type metadata: - verified: "true" - tags: age-encryption,file,token + verified: true + tags: file,keys,age-encryption,token file: - extensions: @@ -20,4 +20,5 @@ file: - type: regex part: body regex: - - '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b' \ No newline at end of file + - '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b' +# digest: 4a0a00473045022100967a33608a1ecaa232719a64590ae179e82473d9ff9960e1294033f41dcfafb3022011659ec4586dff37d9381700897e858d37c2b363d718315d96fa9db721bc7123:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/age/age-recipient-public-key.yaml b/scan/gadget/sensitive/keys/age/age-recipient-public-key.yaml similarity index 64% rename from scan/gadget/sensitive/rules/age/age-recipient-public-key.yaml rename to scan/gadget/sensitive/keys/age/age-recipient-public-key.yaml index 1793053..2a4c870 100644 --- a/scan/gadget/sensitive/rules/age/age-recipient-public-key.yaml +++ b/scan/gadget/sensitive/keys/age/age-recipient-public-key.yaml @@ -9,8 +9,8 @@ info: - https://github.com/FiloSottile/age/blob/main/doc/age.1.html - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type metadata: - verified: "true" - tags: age-encryption,file,token + verified: true + tags: file,keys,age-encryption,token file: - extensions: @@ -20,4 +20,5 @@ file: - type: regex part: body regex: - - '\bage1[0-9a-z]{58}\b' \ No newline at end of file + - '\bage1[0-9a-z]{58}\b' +# digest: 4b0a004830460221008efb372243352ac7767832750aa04221c747bfb407e0d3599f6716055832807402210084c3968cf28f080a9a1ef95e6cd8a9029e85c7fa0d051df56217ecc16d6aafb9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/airtable-key.yaml b/scan/gadget/sensitive/keys/airtable-key.yaml new file mode 100644 index 0000000..e03a14d --- /dev/null +++ b/scan/gadget/sensitive/keys/airtable-key.yaml @@ -0,0 +1,22 @@ +id: airtable-key + +info: + name: Airtable API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.go + metadata: + verified: true + tags: keys,file,airtable,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a004630440220673067de4dbbe1d9d4f9337d2eddd6903ed401646b5e2ef23b4cb4fbc15e4bb40220774a7aafc56f3023bd7d681d429badb45d714352a8fcb74844e5913b116cfce2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/algolia-key.yaml b/scan/gadget/sensitive/keys/algolia-key.yaml new file mode 100644 index 0000000..69d977c --- /dev/null +++ b/scan/gadget/sensitive/keys/algolia-key.yaml @@ -0,0 +1,23 @@ +id: algolia-key + +info: + name: Algolia API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.go + metadata: + verified: true + tags: algolia,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502200114ce7db1c3fde42b20020e1d0ccddb88507568c665f21e1cdc8a7b722defdb022100c707d824ef36106683f16cc962e32ac899c727c5b22db59a7af8a4ab957a27d6:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/alibaba/alibaba-key-id.yaml b/scan/gadget/sensitive/keys/alibaba/alibaba-key-id.yaml new file mode 100644 index 0000000..bb4c46c --- /dev/null +++ b/scan/gadget/sensitive/keys/alibaba/alibaba-key-id.yaml @@ -0,0 +1,23 @@ +id: alibaba-key-id + +info: + name: Alibaba Access Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.go + metadata: + verified: true + tags: alibaba,access,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a0046304402202a929c5a7c56fdcba6baf8a05f5ee26de1dc68039a330a33dba7e6973876605b0220499fe8d24c2d03e30f7ffa4077775380ea6b237262bfdc1319821135d3bf0faf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/alibaba/alibaba-secret-id.yaml b/scan/gadget/sensitive/keys/alibaba/alibaba-secret-id.yaml new file mode 100644 index 0000000..2bd7d43 --- /dev/null +++ b/scan/gadget/sensitive/keys/alibaba/alibaba-secret-id.yaml @@ -0,0 +1,23 @@ +id: alibaba-secret-id + +info: + name: Alibaba Secret Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.go + metadata: + verified: true + tags: alibaba,secret,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a0048304602210087f98e454e5064757753028db3f4a280d96ee2ba47163b503031bb9000820d73022100f8348ca58ad2ee80dba4b7ccbca37a95b7ba44742a4f0ed2f5fd64b952843ef1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/amazon/amazon-account-id.yaml b/scan/gadget/sensitive/keys/amazon/amazon-account-id.yaml new file mode 100644 index 0000000..0ca716b --- /dev/null +++ b/scan/gadget/sensitive/keys/amazon/amazon-account-id.yaml @@ -0,0 +1,29 @@ +id: amazon-account-id + +info: + name: Amazon Web Services Account ID - Detect + author: DhiyaneshDK + severity: info + description: Amazon Web Services Account ID token was detected. + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + metadata: + verified: true + tags: file,keys,aws,amazon,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})' + +# Enhanced by md on 2023/05/04 +# digest: 4b0a00483046022100ad930551f3063ad8ee7027d7e0af408452b42a4dc33ba7a99e5bcbcf845c7e05022100b1d4fcc47c2ae007d17b06c945a91c56d8f4f5166d69688d8707bc4fcb69266e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/amazon/amazon-mws-auth-token.yaml b/scan/gadget/sensitive/keys/amazon/amazon-mws-auth-token.yaml new file mode 100644 index 0000000..bf5622e --- /dev/null +++ b/scan/gadget/sensitive/keys/amazon/amazon-mws-auth-token.yaml @@ -0,0 +1,22 @@ +id: amazon-mws-auth-token-value + +info: + name: Amazon MWS Authentication Token - Detect + author: gaurang + severity: medium + description: Amazon MWS authentication token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 + tags: file,keys,token,amazon,auth,mws + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" +# digest: 4a0a00473045022100c334a6bda970ddcb70079df2f8a9a1769a7104636a611691c28787921fc2a1a102200bfe666c925c702093688b5f70b29028fa8c8c92c8b739cee1eaaa3a92144494:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/amazon/amazon-session-token.yaml b/scan/gadget/sensitive/keys/amazon/amazon-session-token.yaml new file mode 100644 index 0000000..4d886de --- /dev/null +++ b/scan/gadget/sensitive/keys/amazon/amazon-session-token.yaml @@ -0,0 +1,29 @@ +id: amazon-session-token + +info: + name: Amazon Session Token - Detect + author: DhiyaneshDK + severity: info + description: Amazon session token was detected. + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + metadata: + verified: true + tags: file,keys,aws,amazon,token,session + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]' + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022012a50d46848dcc172a05c5e2fd88e802af8022bf13ab09dbf8740ae3ad5855f5022100c16953404125451a8cfc4ed26412b99b0d25c02e73a6c7ba8337a905c7e2efa9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/amazon/amazon-sns-token.yaml b/scan/gadget/sensitive/keys/amazon/amazon-sns-token.yaml new file mode 100644 index 0000000..aaae19c --- /dev/null +++ b/scan/gadget/sensitive/keys/amazon/amazon-sns-token.yaml @@ -0,0 +1,25 @@ +id: amazon-sns-token + +info: + name: Amazon SNS Token - Detect + author: TheBinitGhimire + severity: info + description: Amazon SNS token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + tags: file,keys,token,amazon,aws,sns + +file: + - extensions: + - all + + extractors: + - type: regex + name: amazon-sns-topic + regex: + - 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+' + +# Enhanced by md on 2023/05/04 +# digest: 490a0046304402207e55ee87e40a2d4d85bcc06d548501b06c21297fdc881073d65676a4819deca30220739ca22a94917910a17365d5f3118dc91aec1092877dc91905cc1f2a0458100d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/amazon/aws-access-id.yaml b/scan/gadget/sensitive/keys/amazon/aws-access-id.yaml new file mode 100644 index 0000000..449aea7 --- /dev/null +++ b/scan/gadget/sensitive/keys/amazon/aws-access-id.yaml @@ -0,0 +1,22 @@ +id: aws-access-key + +info: + name: Amazon Web Services Access Key ID - Detect + author: gaurang + severity: info + description: Amazon Web Services Access Key ID token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + tags: file,keys,token,aws,amazon + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" +# digest: 4a0a0047304502204131589055933e9abecb047239e920aaa9798065f2947a61b8a2ddd8be6fa73a0221009f95d88336637ef94923f4724a94bf96e48debf07677bae0fa3a2e6988751396:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/amazon/aws-cognito.yaml b/scan/gadget/sensitive/keys/amazon/aws-cognito.yaml similarity index 79% rename from scan/gadget/sensitive/rules/amazon/aws-cognito.yaml rename to scan/gadget/sensitive/keys/amazon/aws-cognito.yaml index d6d5f5f..a077fb7 100644 --- a/scan/gadget/sensitive/rules/amazon/aws-cognito.yaml +++ b/scan/gadget/sensitive/keys/amazon/aws-cognito.yaml @@ -1,10 +1,15 @@ id: aws-cognito-pool info: - name: AWS Cognito Pool ID + name: Amazon Web Services Cognito Pool ID - Detect author: gaurang severity: info - tags: token,file + description: Amazon Web Services Cognito Pool ID token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + tags: file,keys,token,aws,amazon file: - extensions: @@ -30,3 +35,4 @@ file: - "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" - "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" +# digest: 4a0a0047304502210090ee38d9121141c817986346c8a6e0c5910ee05a6cef57dc63ca444a691e292902203a724d1adda15bb0aa60207d79057c6cf7dc3c84bc929f9bf50b34f314fef15d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/asana/asana-clientid.yaml b/scan/gadget/sensitive/keys/asana/asana-clientid.yaml new file mode 100644 index 0000000..bacc30c --- /dev/null +++ b/scan/gadget/sensitive/keys/asana/asana-clientid.yaml @@ -0,0 +1,23 @@ +id: asana-clientid + +info: + name: Asana Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.yaml + metadata: + verified: true + tags: asana,client,file,keys + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022100ee80a7c2a35b34bc0d48c69c1e26169ef5a2181505d3836e47974bc04e41fbde0220796c13e9c14005e438971b5e1aa2f241fb1a2736a98df48c1acc98e50b1562b9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/asana/asana-clientsecret.yaml b/scan/gadget/sensitive/keys/asana/asana-clientsecret.yaml new file mode 100644 index 0000000..fed08ff --- /dev/null +++ b/scan/gadget/sensitive/keys/asana/asana-clientsecret.yaml @@ -0,0 +1,23 @@ +id: asana-clientsecret + +info: + name: Asana Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.yaml + metadata: + verified: true + tags: asana,client,file,keys,secret + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100a61527e5da6fb4b6f5e194679ac675364422d0a7a09fef2ed10c8d3982694d55022100a24d80c553e4d28e07ce752f5ab161faff53f39ea00a37ea4872f3c8564c4f6d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/atlassian/atlassian-api-token.yaml b/scan/gadget/sensitive/keys/atlassian/atlassian-api-token.yaml new file mode 100644 index 0000000..fcb73fa --- /dev/null +++ b/scan/gadget/sensitive/keys/atlassian/atlassian-api-token.yaml @@ -0,0 +1,23 @@ +id: atlassian-api-token + +info: + name: Atlassian API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.yaml + metadata: + verified: true + tags: file,keys,atlassian,token,api + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a0046304402205433d3902cf7e3c7635bf23232f379b1aef00a5392fd97cd14771a114acd0a3902204babacddd38ce1156ad037e03c2f52b998acc6da7448013a7d6489edafd42644:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/azure/azure-connection-string.yaml b/scan/gadget/sensitive/keys/azure/azure-connection-string.yaml new file mode 100644 index 0000000..c8cdf15 --- /dev/null +++ b/scan/gadget/sensitive/keys/azure/azure-connection-string.yaml @@ -0,0 +1,24 @@ +id: azure-connection-string + +info: + name: Azure Connection String + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/azure.yml + - https://azure.microsoft.com/en-us/blog/windows-azure-web-sites-how-application-strings-and-connection-strings-work/ + - https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string + metadata: + verified: true + tags: file,keys,azure,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:AccountName|SharedAccessKeyName|SharedSecretIssuer)\s*=\s*([^;]{1,80})\s*;\s*.{0,10}\s*(?:AccountKey|SharedAccessKey|SharedSecretValue)\s*=\s*([^;]{1,100})(?:;|$) +# digest: 490a004630440220680a55e8f1637508067947365d16659ebab85715a5b72613a39a14ac532914d702200a85b3b169d8acce55b4c33ebac26467defc1310779b3b16244675de92908777:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/beamer-api-token.yaml b/scan/gadget/sensitive/keys/beamer-api-token.yaml new file mode 100644 index 0000000..fa3c093 --- /dev/null +++ b/scan/gadget/sensitive/keys/beamer-api-token.yaml @@ -0,0 +1,22 @@ +id: beamer-api-token + +info: + name: Beamer API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.go + metadata: + verified: true + tags: file,keys,beamer,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022100fcfc6abc15f7dbbac899737691fc7df9720aa9fa24c15b3ab39d26c012479b6f022014363cacef4a92e1d65e067c948733f94b555d8d657b9007bc52d804b3c444cc:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/bitbucket/bitbucket-client-id.yaml b/scan/gadget/sensitive/keys/bitbucket/bitbucket-client-id.yaml new file mode 100644 index 0000000..b4b4957 --- /dev/null +++ b/scan/gadget/sensitive/keys/bitbucket/bitbucket-client-id.yaml @@ -0,0 +1,23 @@ +id: bitbucket-client-id + +info: + name: BitBucket Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.go + metadata: + verified: true + tags: file,keys,bitbucket,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a0047304502201417604f83b80d514451141d4ae98b8b004d867c152282e139b7a294f55ac7af022100efab4733e59dc11e40c5cdfb08ab7409cf4a52bfe29eb62ebd63899ed943ff1d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/bitbucket/bitbucket-client-secret.yaml b/scan/gadget/sensitive/keys/bitbucket/bitbucket-client-secret.yaml new file mode 100644 index 0000000..0a570c8 --- /dev/null +++ b/scan/gadget/sensitive/keys/bitbucket/bitbucket-client-secret.yaml @@ -0,0 +1,23 @@ +id: bitbucket-client-secret + +info: + name: BitBucket Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.go + metadata: + verified: true + tags: keys,file,bitbucket,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022030dd4c8ba7ac15cf49da8046aa615f90ad0ca7bf9eb598d39ec8bac6bbbf17640221009bafe394c64b827479ac32383647bab0117a309f7c071f43399fddd575648bad:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/bittrex/bittrex-access-key.yaml b/scan/gadget/sensitive/keys/bittrex/bittrex-access-key.yaml new file mode 100644 index 0000000..0a6ecd1 --- /dev/null +++ b/scan/gadget/sensitive/keys/bittrex/bittrex-access-key.yaml @@ -0,0 +1,23 @@ +id: bittrex-access-key + +info: + name: Bittrex Access Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.go + metadata: + verified: true + tags: file,keys,bittrex,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022021ae3b7bce6c874e3e9933741ecdd4a2950a724f5db03308c3d049b7fc8e3be0022100e2d9f990ba789c6f762dbfd3b566867d99336ef9f7be3b21f08fbb17cbd7e74d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/bittrex/bittrex-secret-key.yaml b/scan/gadget/sensitive/keys/bittrex/bittrex-secret-key.yaml new file mode 100644 index 0000000..bf26332 --- /dev/null +++ b/scan/gadget/sensitive/keys/bittrex/bittrex-secret-key.yaml @@ -0,0 +1,23 @@ +id: bittrex-secret-key + +info: + name: Bittrex Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.go + metadata: + verified: true + tags: file,keys,bittrex,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a0048304602210080c3ff4f4d8f64380bbd4965cc0bf17aee48eec5d25f16020cd6c07a12e5a070022100f9df5e67a69fbd471e028a1fbe6e58159fc49c126517256fc1eeb86a0a25771d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/branch-key.yaml b/scan/gadget/sensitive/keys/branch-key.yaml new file mode 100644 index 0000000..4f6f02f --- /dev/null +++ b/scan/gadget/sensitive/keys/branch-key.yaml @@ -0,0 +1,25 @@ +id: branch-key + +info: + name: Branch.io Live Key - Detect + author: 0xh7ml + severity: info + description: Branch.io live key token was detected. + reference: + - https://github.com/BranchMetrics/android-branch-deep-linking-attribution/issues/74 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "key_live_.{32}" + +# Enhanced by md on 2023/05/04 +# digest: 490a004630440220307fbc9759a842b11dab44b3a55e808d8e8a5b11cfad4fab56ae5bf6d7ff7ff602203a4a0c6e88a0cc25f9b4869f95a86611d5b5a789fe519bf11f8be6fa685ba02c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/clojars-api-token.yaml b/scan/gadget/sensitive/keys/clojars-api-token.yaml new file mode 100644 index 0000000..87da730 --- /dev/null +++ b/scan/gadget/sensitive/keys/clojars-api-token.yaml @@ -0,0 +1,22 @@ +id: clojars-api-token + +info: + name: Clojars API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.go + metadata: + verified: true + tags: file,keys,clojars,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(CLOJARS_)[a-z0-9]{60} +# digest: 4a0a00473045022100e8e34978eeeb59acc43a8c856b5fc0749395c50c95f49496f094ac4cf789dfa0022023f583e761abc90a1bdc22094f12af0e622aa61686970bfa18d42db1cb3a79ff:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/cloudinary.yaml b/scan/gadget/sensitive/keys/cloudinary.yaml new file mode 100644 index 0000000..17ee53f --- /dev/null +++ b/scan/gadget/sensitive/keys/cloudinary.yaml @@ -0,0 +1,23 @@ +id: cloudinary-basic-auth + +info: + name: Cloudinary Basic Authorization - Detect + author: gaurang + severity: high + description: Cloudinary basic authorization token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 + tags: keys,file,token,cloudinary +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" + +# Enhanced by md on 2023/05/04 +# digest: 490a0046304402201744d25857ea77e5daf43a26dc6f905aeb2b0a623b26aa428c90aa67ff84b3c502205bc4dd714202f82f1cbd9ad2b1b5d7d9d97213f83918afc43b060b4970e5f493:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/code-climate-token.yaml b/scan/gadget/sensitive/keys/code-climate-token.yaml new file mode 100644 index 0000000..f17cf56 --- /dev/null +++ b/scan/gadget/sensitive/keys/code-climate-token.yaml @@ -0,0 +1,29 @@ +id: code-climate-token + +info: + name: Code Climate Token - Detect + author: DhiyaneshDK + severity: info + description: Code Climate token was detected. + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/codeclimate.yml + - https://github.com/codeclimate/ruby-test-reporter/issues/34 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + metadata: + verified: true + tags: file,keys,codeclimate,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '(?i)codeclima.{0,50}\b([a-f0-9]{64})\b' + +# Enhanced by md on 2023/05/04 +# digest: 4a0a0047304502200e6bd9867a66b28556bb5e59fc7dd5582ac68f9dff902978f3672453fcff2936022100ba11083fa52bea39929d563d17d8875f3464ce09d21e96d15a3b6faaea2b8453:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/codecov-access-token.yaml b/scan/gadget/sensitive/keys/codecov-access-token.yaml new file mode 100644 index 0000000..aa85ba5 --- /dev/null +++ b/scan/gadget/sensitive/keys/codecov-access-token.yaml @@ -0,0 +1,22 @@ +id: codecov-access-token + +info: + name: Codecov Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.go + metadata: + verified: true + tags: file,keys,codecov,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a004830460221008723ce3d0d49d00043601d70f614318dd71d3c20680925198c2a9894cc454460022100cd817ccf94a80cfa81cc2cb192791e916edb1a8612a6ee15e604bbf2dc33d1d6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/coinbase-access-token.yaml b/scan/gadget/sensitive/keys/coinbase-access-token.yaml new file mode 100644 index 0000000..7b258cb --- /dev/null +++ b/scan/gadget/sensitive/keys/coinbase-access-token.yaml @@ -0,0 +1,22 @@ +id: coinbase-access-token + +info: + name: Coinbase Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.go + metadata: + verified: true + tags: file,keys,coinbase,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022100b0e43a01846e52c6ab419c0c554ba0dd5ec2a1707ad7e7d487551fb5de15fe1e02205ffefab3d7d66389b1b96b8cb008b8673e94b4abdc43f32f3771722323bb5d32:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/confluent/confluent-access-token.yaml b/scan/gadget/sensitive/keys/confluent/confluent-access-token.yaml new file mode 100644 index 0000000..0165560 --- /dev/null +++ b/scan/gadget/sensitive/keys/confluent/confluent-access-token.yaml @@ -0,0 +1,23 @@ +id: confluent-access-token + +info: + name: Confluent Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.go + metadata: + verified: true + tags: file,keys,confluent,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022052eb9ef8330fc9119a458e687bfca7793b685ce74eddc06240c335e7c96a99bc022100c61c476b70924ed367251bd8c85ee9f3afa3d2eea7f7615a84a946483f5b4c0c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/confluent/confluent-secret-token.yaml b/scan/gadget/sensitive/keys/confluent/confluent-secret-token.yaml new file mode 100644 index 0000000..2372077 --- /dev/null +++ b/scan/gadget/sensitive/keys/confluent/confluent-secret-token.yaml @@ -0,0 +1,23 @@ +id: confluent-secret-token + +info: + name: Confluent Secret Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.go + metadata: + verified: true + tags: file,keys,confluent,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a00463044022007beb1f0b9057e5ecc0720838d8231c8e9ea04a7fe980a69a2bb92d2242a6ee90220521bc9d4be872b1d912312e2eb03e3e3dba550f0963fadf6eabfb4742fc72d2f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/contentful-api-token.yaml b/scan/gadget/sensitive/keys/contentful-api-token.yaml new file mode 100644 index 0000000..3a78188 --- /dev/null +++ b/scan/gadget/sensitive/keys/contentful-api-token.yaml @@ -0,0 +1,22 @@ +id: contentful-api-token + +info: + name: Contentful Delivery API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.go + metadata: + verified: true + tags: file,keys,contentful,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100a46c48e50f22fbb3d9976aa5180b3083c6d77903067dc0fee7c14580261a2da1022100fadbf251c47aea97f30f39aa444da8f271f7d5fb0833c77bc0a52ac6b39b7cbf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/cratesio-api-key.yaml b/scan/gadget/sensitive/keys/cratesio-api-key.yaml new file mode 100644 index 0000000..01c8097 --- /dev/null +++ b/scan/gadget/sensitive/keys/cratesio-api-key.yaml @@ -0,0 +1,30 @@ +id: cratesio-api-key + +info: + name: Crates.io API Key - Detect + author: DhiyaneshDK + severity: info + description: Crates.io API key was detected. + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/crates.io.yml + - https://crates.io/data-access + - https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + metadata: + verified: true + tags: keys,file,crates,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '\bcio[a-zA-Z0-9]{32}\b' + +# Enhanced by md on 2023/05/04 +# digest: 4b0a00483046022100cdb57fbebbea0f610e2da0421aa23ce8ed6cdc12d5bb09d7b02f8b7f99f47eb5022100bf1a5d9c555af349ba146cd09185e141c95bd8e4ea0a6eb00049f2b22b21b300:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/credential-exposure-file.yaml b/scan/gadget/sensitive/keys/credential-exposure-file.yaml new file mode 100644 index 0000000..25e80b1 --- /dev/null +++ b/scan/gadget/sensitive/keys/credential-exposure-file.yaml @@ -0,0 +1,3468 @@ +id: credentials-disclosure-file + +info: + name: Credentials Disclosure Check + author: Sy3Omda,geeknik,forgedhallpass,ayadi + severity: unknown + description: Check for multiple keys/tokens/passwords hidden inside of files. + tags: exposure,token,file,disclosure +# Extract secrets regex like api keys, password, token, etc ... for different services. +# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. +# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. +# Regex count:- 687 +# Notes:- +# This template requires manual inspection once found valid match. +# Generic token could be anything matching below regex. +# Impact of leaked token depends on validation of leaked token. +# The regexes are copied from exposures/tokens/generic/credentials-disclosure.yaml +# TODO After https://github.com/projectdiscovery/nuclei/issues/1510 is implemented, we should be able to re-use them, instead of duplicating +# Example cases to match against: https://regex101.com/r/HPtaU2/1 +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - "(?i)[\"']?zopim[_-]?account[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?zhuliang[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?zensonatypepassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)zendesk(_api_token|_key|_token|-travis-github|_url|_username)(\\s|=)" + - "(?i)[\"']?yt[_-]?server[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?partner[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?partner[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?account[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?account[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yangshun[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yangshun[_-]?gh[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?www[_-]?googleapis[_-]?com[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?ssh[_-]?connect[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?report[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?prepare[_-]?dir[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?db[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?db[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wporg[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wordpress[_-]?db[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wordpress[_-]?db[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wincert[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?test[_-]?server[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?3[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?fb[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?5[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?4[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?3[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?watson[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?watson[_-]?device[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?watson[_-]?conversation[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wakatime[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vscetoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?visual[_-]?recognition[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?virustotal[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?v[_-]?sfdc[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?v[_-]?sfdc[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?usertravis[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?user[_-]?assets[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?user[_-]?assets[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?use[_-]?ssh[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?urban[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?urban[_-]?master[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?urban[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?unity[_-]?serial[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?unity[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitteroauthaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitteroauthaccesssecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitter[_-]?consumer[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitter[_-]?consumer[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twine[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?configuration[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?chat[_-]?account[_-]?api[_-]?service[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?api[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?trex[_-]?okta[_-]?client[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?trex[_-]?client[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?secure[_-]?env[_-]?vars[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?pull[_-]?request[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?e2e[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?com[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?branch[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?token[_-]?core[_-]?java[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?thera[_-]?oss[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?tester[_-]?keys[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?test[_-]?test[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?test[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?tesco[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?svn[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?surge[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?surge[_-]?login[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stripe[_-]?public[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stripe[_-]?private[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?strip[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?strip[_-]?publishable[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?starship[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?starship[_-]?account[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?location[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?staging[_-]?base[_-]?url[_-]?runscope[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ssmtp[_-]?config[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sshpass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?srcclr[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?square[_-]?reader[_-]?sdk[_-]?repository[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sqssecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sqsaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spring[_-]?mail[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spotify[_-]?api[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spotify[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spaces[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spaces[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?soundcloud[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?soundcloud[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatypepassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?token[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?token[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?gpg[_-]?passphrase[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?gpg[_-]?key[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonar[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonar[_-]?project[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonar[_-]?organization[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?socrata[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?socrata[_-]?app[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snyk[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snyk[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snoowrap[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snoowrap[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snoowrap[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?slate[_-]?user[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?slash[_-]?developer[_-]?space[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?slash[_-]?developer[_-]?space[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?setsecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?setdstsecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?setdstaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ses[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ses[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?service[_-]?account[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?endpoint[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?default[_-]?org[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendwithus[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?selion[_-]?selenium[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?selion[_-]?log[_-]?level[_-]?dev[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?segment[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secretaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?key[_-]?base[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?9[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?8[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?7[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?6[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?5[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?4[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?3[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?11[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?10[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?1[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?0[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sdr[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?scrutinizer[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sauce[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sandbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sandbox[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sacloud[_-]?api[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sacloud[_-]?access[_-]?token[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sacloud[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?user[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?secret[_-]?assets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?secret[_-]?app[_-]?logs[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?key[_-]?assets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?key[_-]?app[_-]?logs[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?assets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?app[_-]?logs[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rubygems[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rtd[_-]?store[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rtd[_-]?key[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?route53[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ropsten[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rinkeby[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rest[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?repotoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?reporting[_-]?webdav[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?reporting[_-]?webdav[_-]?pwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?release[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?release[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?registry[_-]?secure[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?registry[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rediscloud[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?redis[_-]?stunnel[_-]?urls[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?randrmusicapiaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rabbitmq[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?quip[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?qiita[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pypi[_-]?passowrd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pushover[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?publish[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?publish[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?publish[_-]?access[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?project[_-]?config[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prod[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prod[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prod[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?private[_-]?signing[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pring[_-]?mail[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?preferred[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prebuild[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgresql[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgresql[_-]?db[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?db[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?plugin[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?plotly[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?places[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?places[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pg[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pg[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?personal[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?personal[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?percy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?percy[_-]?project[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?paypal[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?passwordtravis[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?parse[_-]?js[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pagerduty[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?packagecloud[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?jira[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?os[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?os[_-]?auth[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?org[_-]?project[_-]?gradle[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?org[_-]?gradle[_-]?project[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?openwhisk[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?open[_-]?whisk[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?onesignal[_-]?user[_-]?auth[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?onesignal[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?skey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?pubkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?pkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?okta[_-]?oauth2[_-]?clientsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?okta[_-]?oauth2[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?okta[_-]?client[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ofta[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ofta[_-]?region[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ofta[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?octest[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?octest[_-]?app[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?octest[_-]?app[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?oc[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?store[_-]?creds[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?store[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?storage[_-]?region[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?storage[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?numbers[_-]?service[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nuget[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nuget[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nuget[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?now[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?non[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?secretaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?accesskeyid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?env[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ngrok[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ngrok[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nexuspassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?new[_-]?relic[_-]?beta[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?netlify[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nativeevents[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysqlsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysqlmasteruser[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?root[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?hostname[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?my[_-]?secret[_-]?env[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?workspace[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?workflow[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?disconnect[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?connect[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?bob[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?minio[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?minio[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mile[_-]?zero[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mh[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mh[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mg[_-]?public[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mg[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapboxaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manifest[_-]?app[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manifest[_-]?app[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mandrill[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?managementapiaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?management[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manage[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manage[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?secret[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?pub[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?pub[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?priv[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailer[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailchimp[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailchimp[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mail[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?magento[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?magento[_-]?auth[_-]?username [\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?magento[_-]?auth[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?happo[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?happo[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?looker[_-]?test[_-]?runner[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ll[_-]?shared[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ll[_-]?publish[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?linux[_-]?signing[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?linkedin[_-]?client[_-]?secretor lottie[_-]?s3[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lighthouse[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lektor[_-]?deploy[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lektor[_-]?deploy[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?leanplum[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kxoltsn3vogdop92m[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kubeconfig[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kubecfg[_-]?s3[_-]?path[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kovan[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?keystore[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kafka[_-]?rest[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kafka[_-]?instance[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kafka[_-]?admin[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jwt[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jdbc:mysql[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jdbc[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jdbc[_-]?databaseurl[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?itest[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ios[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?internal[_-]?secrets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?integration[_-]?test[_-]?appid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?integration[_-]?test[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?index[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ij[_-]?repo[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ij[_-]?repo[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hub[_-]?dxia2[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?homebrew[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hockeyapp[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?heroku[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?heroku[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?heroku[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hb[_-]?codesign[_-]?key[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hb[_-]?codesign[_-]?gpg[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hab[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hab[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?grgit[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gren[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?signing[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?signing[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?publish[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?publish[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?secret[_-]?keys[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?passphrase[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?ownertrust[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?keyname[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?key[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?maps[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?client[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?client[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?account[_-]?type[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gogs[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gitlab[_-]?user[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?tokens[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?repo[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?release[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?pwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?oauth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?hunter[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?hunter[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?deployment[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?committer[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?committer[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?author[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?author[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ghost[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ghb[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?repo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?next[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcs[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcr[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcloud[_-]?service[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcloud[_-]?project[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcloud[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?pw[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?login[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?fossa[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?flickr[_-]?api[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?flickr[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?flask[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firefox[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?project[_-]?develop[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?api[_-]?json[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?file[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?exp[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?eureka[_-]?awssecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?sonatype[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?heroku[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?github[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?end[_-]?user[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?encryption[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?elasticsearch[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?elastic[_-]?cloud[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dsonar[_-]?projectkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dsonar[_-]?login[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?droplet[_-]?travis[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dropbox[_-]?oauth[_-]?bearer[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?doordash[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dockerhubpassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dockerhub[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?postgres[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?passwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?hub[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?ids[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?body[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?digitalocean[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dgpg[_-]?passphrase[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?secure[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ddgc[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ddg[_-]?test[_-]?email[_-]?pw[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ddg[_-]?test[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?pw[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?connection[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?datadog[_-]?app[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?datadog[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?port[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?danger[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cypress[_-]?record[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coverity[_-]?scan[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coveralls[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coveralls[_-]?repo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coveralls[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cos[_-]?secrets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?conversation[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?conversation[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?v2[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?test[_-]?org[_-]?cma[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?php[_-]?management[_-]?test[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[_-]?new[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?integration[_-]?management[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?cma[_-]?test[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?consumerkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?consumer[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?conekta[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coding[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?codecov[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?codeclimate[_-]?repo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?codacy[_-]?project[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cocoapods[_-]?trunk[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cocoapods[_-]?trunk[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?clu[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?clu[_-]?repo[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudinary[_-]?url[_-]?staging[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudinary[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?auth[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?auth[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?service[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?processed[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?parsed[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?order[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?instance[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?audited[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?archived[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloud[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?clojars[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cli[_-]?e2e[_-]?cma[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?superuser[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?db[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?user[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?server[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?registry[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?project[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?deploy[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?chrome[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?chrome[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cheverny[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cf[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?certificate[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?censys[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cattle[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cattle[_-]?agent[_-]?instance[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cattle[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cargo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cache[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bx[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bx[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bundlesize[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?built[_-]?branch[_-]?deploy[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?browserstack[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?browser[_-]?stack[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?brackets[_-]?repo[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?pwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?pass[_-]?prod[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintraykey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?gpg[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?b2[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?b2[_-]?app[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awssecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awscn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awscn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awsaccesskeyid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?ses[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?ses[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secrets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?config[_-]?secretaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?config[_-]?accesskeyid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?access[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?author[_-]?npm[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?author[_-]?email[_-]?addr[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?auth0[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?auth0[_-]?api[_-]?clientsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?assistant[_-]?iam[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifactory[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?argos[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?apple[_-]?id[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?appclientsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?secrete[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?report[_-]?token[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?bucket[_-]?perm[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?apigw[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?apiary[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?key[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aos[_-]?sec[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aos[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ansible[_-]?vault[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?android[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?anaconda[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?amazon[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?amazon[_-]?bucket[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?alicloud[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?alicloud[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?alias[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?search[_-]?key[_-]?1[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?search[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?search[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?search[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?mcm[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?mcm[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?1[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?air[-_]?table[-_]?api[-_]?key[\"']?[=:][\"']?.+[\"']" + - "(?i)[\"']?adzerk[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?admin[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?account[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?access[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?access[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022100b72b69d337c25863bb7f860b4a6811ae2eefe0dd86e750fec9e74e84acbe9f61022035683b418d60d3eadb52eafc6261e03e9eb0e08e2c6f0f3d51bf38f43da64e66:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/credentials.yaml b/scan/gadget/sensitive/keys/credentials.yaml new file mode 100644 index 0000000..81abeee --- /dev/null +++ b/scan/gadget/sensitive/keys/credentials.yaml @@ -0,0 +1,23 @@ +id: basic-auth-creds + +info: + name: Basic Authorization Credentials Check + author: gaurang + severity: high + description: Basic authorization credentials check was conducted. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 + tags: file,keys,token,auth +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a0047304502202df27d9178759221ccfd4f42d805760dde03a437cdc608ec1f4f2db3eb89ecde022100d7db05435aaea98edaf4c7bf280ba2d6f0705d6241b5cf95a5502da2d507f8a2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/databricks-api-token.yaml b/scan/gadget/sensitive/keys/databricks-api-token.yaml new file mode 100644 index 0000000..4af26e0 --- /dev/null +++ b/scan/gadget/sensitive/keys/databricks-api-token.yaml @@ -0,0 +1,22 @@ +id: databricks-api-token + +info: + name: Databricks API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.go + metadata: + verified: true + tags: file,keys,databricks,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100d6d700b349ee1fb96e6cd411540efe63b8889339763cbb99e050c5f818336a55022100e87d0bfb5914fdd8aeabf876d62b8cabd4ceefd2150d4f5b51fea00e13847dc6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/datadog-access-token.yaml b/scan/gadget/sensitive/keys/datadog-access-token.yaml new file mode 100644 index 0000000..95b8316 --- /dev/null +++ b/scan/gadget/sensitive/keys/datadog-access-token.yaml @@ -0,0 +1,22 @@ +id: datadog-access-token + +info: + name: Datadog Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.go + metadata: + verified: true + tags: keys,file,datadog,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100934a76ae8d3357dca6e4451871e708a0b644e72c823623aa11e4b212b5df92d5022100df2cce06f252dc3bd0cd517ca757cf1569d1c306f51776bdf2503fe71bc9e20e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/dependency/dependency-track.yaml b/scan/gadget/sensitive/keys/dependency/dependency-track.yaml new file mode 100644 index 0000000..1f7d0cc --- /dev/null +++ b/scan/gadget/sensitive/keys/dependency/dependency-track.yaml @@ -0,0 +1,25 @@ +id: dependency-track + +info: + name: Dependency Track API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dependency_track.yml + - https://docs.dependencytrack.org/integrations/rest-api/ + - https://docs.dependencytrack.org/getting-started/configuration/ + metadata: + verified: true + max-request: 1 + tags: dependency,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(odt_[A-Za-z0-9]{32,255})\b +# digest: 4a0a004730450220702a4c3c4219c5f6c449c503a1ada1924589fe8a8ee69ca9788a4fd1da542a7f022100c396ad3ca884547cbb32a55a497a33e09e9d592987536b27742dae33485e1abf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/digitalocean/digitalocean-access-token.yaml b/scan/gadget/sensitive/keys/digitalocean/digitalocean-access-token.yaml new file mode 100644 index 0000000..069331c --- /dev/null +++ b/scan/gadget/sensitive/keys/digitalocean/digitalocean-access-token.yaml @@ -0,0 +1,23 @@ +id: digitalocean-personal-token + +info: + name: DigitalOcean Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/digitalocean.yml + - https://docs.digitalocean.com/reference/api/ + metadata: + verified: true + tags: keys,file,digitalocean,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(doo_v1_[a-f0-9]{64})\b +# digest: 4a0a0047304502201ccaf3d5a659a1894d1c7a03933525e497128dcc3bf18923983865cbc0589f4f022100d373d44b781d6d17d86eb95e98b1293ea6fe64100591124dc0aba8caa73c600e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/digitalocean/digitalocean-personal-access.yaml b/scan/gadget/sensitive/keys/digitalocean/digitalocean-personal-access.yaml new file mode 100644 index 0000000..fee67e0 --- /dev/null +++ b/scan/gadget/sensitive/keys/digitalocean/digitalocean-personal-access.yaml @@ -0,0 +1,23 @@ +id: digitalocean-personal-access + +info: + name: DigitalOcean Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/digitalocean.yml + - https://docs.digitalocean.com/reference/api/ + metadata: + verified: true + tags: file,keys,digitalocean,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(dop_v1_[a-f0-9]{64})\b +# digest: 4a0a00473045022100f146de3e812aa02bc68e6bd8a380bbb31e19020d3b029b7058a43b25a50cd67c02201aaa5c47262abba69de2d0520cab36504880f2eb20785e5c81e7af2d4e20d1bd:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/digitalocean/digitalocean-refresh-token.yaml b/scan/gadget/sensitive/keys/digitalocean/digitalocean-refresh-token.yaml new file mode 100644 index 0000000..41f31f5 --- /dev/null +++ b/scan/gadget/sensitive/keys/digitalocean/digitalocean-refresh-token.yaml @@ -0,0 +1,23 @@ +id: digitalocean-refresh-token + +info: + name: DigitalOcean Refresh Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/digitalocean.yml + - https://docs.digitalocean.com/reference/api/ + metadata: + verified: true + tags: file,keys,digitalocean,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(dor_v1_[a-f0-9]{64})\b +# digest: 4a0a004730450220402ac7235c9f81afab06065b456d5b16538ef65064d66dc59b93ffe594109f6b022100eceb599d627e574fc31382e8444e8101d779d0480e9a98691a2834a2658e6dff:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/discord/discord-api-token.yaml b/scan/gadget/sensitive/keys/discord/discord-api-token.yaml new file mode 100644 index 0000000..97f0ed3 --- /dev/null +++ b/scan/gadget/sensitive/keys/discord/discord-api-token.yaml @@ -0,0 +1,23 @@ +id: discord-api-token + +info: + name: Discord API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.go + metadata: + verified: true + tags: file,keys,discord,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a00463044022037733afdc50da25bb9aad70105e098f1202e735dc5444395ce93ab296deaa5e9022067beba9000a0f6beb4c06e8ee726b8da6eb5c318ed497acb539100d2c07dee3b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/discord/discord-cilent-secret.yaml b/scan/gadget/sensitive/keys/discord/discord-cilent-secret.yaml new file mode 100644 index 0000000..232fbf0 --- /dev/null +++ b/scan/gadget/sensitive/keys/discord/discord-cilent-secret.yaml @@ -0,0 +1,23 @@ +id: discord-client-secret + +info: + name: Discord Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.go + metadata: + verified: true + tags: file,keys,discord,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a004730450220062ecfed26d7eb92b1d368f4f782bed33d615438b7c4b3a871d9f1091303a4fe0221009c6cea2becc2a92e0c9f93c543c62d968c6867ed5e09974db976775127e0979e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/discord/discord-client-id.yaml b/scan/gadget/sensitive/keys/discord/discord-client-id.yaml new file mode 100644 index 0000000..95318b6 --- /dev/null +++ b/scan/gadget/sensitive/keys/discord/discord-client-id.yaml @@ -0,0 +1,23 @@ +id: discord-client-id + +info: + name: Discord Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.go + metadata: + verified: true + tags: file,keys,discord,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a0047304502200d273d5de14ba14f6ffb36950cef0703e6397c3b39ce626788b05c5175646176022100b31634e39d09a01921856286b8498ec9d340d32e9b39c2a70878fc034bbf8499:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/docker/dockerhub-pat.yaml b/scan/gadget/sensitive/keys/docker/dockerhub-pat.yaml new file mode 100644 index 0000000..1452bce --- /dev/null +++ b/scan/gadget/sensitive/keys/docker/dockerhub-pat.yaml @@ -0,0 +1,23 @@ +id: dockerhub-pat + +info: + name: Docker Hub Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dockerhub.yml + - https://docs.docker.com/security/for-developers/access-tokens/ + metadata: + verified: true + tags: docker,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dckr_pat_[a-zA-Z0-9_-]{27})(?:$|[^a-zA-Z0-9_-]) +# digest: 4a0a00473045022100bc73fcf69453af6d917f363d99e57d06620e6b40f1e38b54ac72982c1aff0865022030218f700bce4f88878c34d596fcc3563ee6a6a0f233055703455751caaabd08:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/doppler-api-token.yaml b/scan/gadget/sensitive/keys/doppler-api-token.yaml new file mode 100644 index 0000000..eba984f --- /dev/null +++ b/scan/gadget/sensitive/keys/doppler-api-token.yaml @@ -0,0 +1,22 @@ +id: doppler-api-token + +info: + name: Doppler API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.go + metadata: + verified: true + tags: file,keys,doppler,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (dp\.pt\.)(?i)[a-z0-9]{43} +# digest: 4a0a00473045022100dc52d6b1fb23bf2c2c3c8d4d9e916c690983e2be8fab56fad96025202a66d37902200c8b8f6a353d9f716725c24c0de34f2ef15e0b3a7be7bb55442053a6f610daa2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/doppler/doppler-audit.yaml b/scan/gadget/sensitive/keys/doppler/doppler-audit.yaml new file mode 100644 index 0000000..796795c --- /dev/null +++ b/scan/gadget/sensitive/keys/doppler/doppler-audit.yaml @@ -0,0 +1,24 @@ +id: doppler-audit + +info: + name: Doppler Audit Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.audit\.[a-zA-Z0-9]{40,44})\b +# digest: 490a00463044022047f3853a49b38bfc41c3a21edae871fa20dbc00c3e4fec75a443da4c802ce4e702205fce2aa010ee24edfbc190aad5475ba28a4ea42e81476b2e36a2eb95de8c4479:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/doppler/doppler-cli.yaml b/scan/gadget/sensitive/keys/doppler/doppler-cli.yaml new file mode 100644 index 0000000..6626234 --- /dev/null +++ b/scan/gadget/sensitive/keys/doppler/doppler-cli.yaml @@ -0,0 +1,24 @@ +id: doppler-cli + +info: + name: Doppler CLI Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.ct\.[a-zA-Z0-9]{40,44})\b +# digest: 4b0a00483046022100de413ad22bea43d8292d3d22ed07b2d5c6a06bfb4819104c20eeb9134f913be2022100d2915ad20b135f4f8d477c1acec455af6c749833455e09d2542c0e849ab3fc7b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/doppler/doppler-scim.yaml b/scan/gadget/sensitive/keys/doppler/doppler-scim.yaml new file mode 100644 index 0000000..dc67ff5 --- /dev/null +++ b/scan/gadget/sensitive/keys/doppler/doppler-scim.yaml @@ -0,0 +1,24 @@ +id: doppler-scim + +info: + name: Doppler SCIM Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.scim\.[a-zA-Z0-9]{40,44})\b +# digest: 4a0a00473045022010274194b3725b6ef14112e5fc7f4e0d5c60123a51583f044bf2e94b76077001022100a0caa7739f04c145ec8ee920c613f38a6b5befd04918931bd0ee39cfdbcf3a44:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/doppler/doppler-service-account.yaml b/scan/gadget/sensitive/keys/doppler/doppler-service-account.yaml new file mode 100644 index 0000000..dd03b7a --- /dev/null +++ b/scan/gadget/sensitive/keys/doppler/doppler-service-account.yaml @@ -0,0 +1,24 @@ +id: doppler-service-account + +info: + name: Doppler Service Account Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.sa\.[a-zA-Z0-9]{40,44})\b +# digest: 4a0a00473045022100c8177f1a0244e794af08cc9615e65a415d8cb7dc3616acc9f779e61aab518eb002204d63814164c93815807eb87c0919830977be1d4f878bd1697b90644de744894c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/doppler/doppler-service.yaml b/scan/gadget/sensitive/keys/doppler/doppler-service.yaml new file mode 100644 index 0000000..36faeb5 --- /dev/null +++ b/scan/gadget/sensitive/keys/doppler/doppler-service.yaml @@ -0,0 +1,24 @@ +id: doppler-service + +info: + name: Doppler Service + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/doppler.yml + - https://docs.doppler.com/reference/api + - https://docs.doppler.com/reference/auth-token-formats + metadata: + verified: true + tags: doppler,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(dp\.st\.(?:[a-z0-9\-_]{2,35}\.)?[a-zA-Z0-9]{40,44})\b +# digest: 4a0a00473045022100b61969103e1649c2c330814280aea5b020d5f47ca55c9601d0647af01c47ddbf02200698f545c2217332324593dffcc44a82bccb5ec45faf31507c356b71ee4ad7cf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/droneci-access-token.yaml b/scan/gadget/sensitive/keys/droneci-access-token.yaml new file mode 100644 index 0000000..51965b2 --- /dev/null +++ b/scan/gadget/sensitive/keys/droneci-access-token.yaml @@ -0,0 +1,22 @@ +id: droneci-access-token + +info: + name: Droneci Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.go + metadata: + verified: true + tags: file,keys,droneci,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100b8f035e2f690ff06f1064c2fad434ef3faf43af1d86770b66ad77ecd44b93910022100fcf85bc0bcc2f473500998a866956b53f21d72f6325c80dbf3f758f0009614a2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/dropbox/dropbox-access.yaml b/scan/gadget/sensitive/keys/dropbox/dropbox-access.yaml new file mode 100644 index 0000000..34e24c0 --- /dev/null +++ b/scan/gadget/sensitive/keys/dropbox/dropbox-access.yaml @@ -0,0 +1,25 @@ +id: dropbox-access + +info: + name: Dropbox Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/dropbox.yml + - https://developers.dropbox.com/oauth-guide + - https://www.dropbox.com/developers/ + - https://www.dropbox.com/developers/documentation/http/documentation + metadata: + verified: true + tags: dropbox,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(sl\.[a-zA-Z0-9_-]{130,152})(?:$|[^a-zA-Z0-9_-]) +# digest: 490a0046304402203d0305c1997e320e30d2d0ad0460beb9c8478986a0f1b75f621167a79f8ca17302206da5b41a7402312c0d16fc2665349e3caf8aac3cee677a34f34089d739a743c6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/dropbox/dropbox-api-token.yaml b/scan/gadget/sensitive/keys/dropbox/dropbox-api-token.yaml new file mode 100644 index 0000000..982f5f5 --- /dev/null +++ b/scan/gadget/sensitive/keys/dropbox/dropbox-api-token.yaml @@ -0,0 +1,23 @@ +id: dropbox-api-token + +info: + name: Dropbox API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.go + metadata: + verified: true + tags: file,keys,dropbox,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022100e195768a79de92a350e9ebbad15bac8d585c15a3990f36e0090992948eba7f0002203a3094d187586339c95b773f2a4c5f68f4dcc23bcebea94b0e590dc3751053b7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/dropbox/dropbox-longlived-token.yaml b/scan/gadget/sensitive/keys/dropbox/dropbox-longlived-token.yaml new file mode 100644 index 0000000..85f73a1 --- /dev/null +++ b/scan/gadget/sensitive/keys/dropbox/dropbox-longlived-token.yaml @@ -0,0 +1,23 @@ +id: dropbox-longlived-token + +info: + name: Dropbox Long Lived API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.go + metadata: + verified: true + tags: file,keys,dropbox,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a004730450220600b28a10ce8749e2bf39b10f83a1b0e1da1bd3319d054a1915a49db90f28393022100fe4ded4b3701ce5f48ce8bebadec45469a6b81359de76e161f40b3a29a4acdc1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/dropbox/dropbox-shortlived-token.yaml b/scan/gadget/sensitive/keys/dropbox/dropbox-shortlived-token.yaml new file mode 100644 index 0000000..2c4aa09 --- /dev/null +++ b/scan/gadget/sensitive/keys/dropbox/dropbox-shortlived-token.yaml @@ -0,0 +1,23 @@ +id: dropbox-shortlived-token + +info: + name: Dropbox Short Lived API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.go + metadata: + verified: true + tags: file,keys,dropbox,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 490a00463044022033ed532c958e77394bb29e2e0d62c753914de655409ff23f7baed5576027a5770220052af03c0f1363b4acc54b0a01da4503325c089caaf4f74410db82d91dbf5f28:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/duffel-api-token.yaml b/scan/gadget/sensitive/keys/duffel-api-token.yaml new file mode 100644 index 0000000..759d46d --- /dev/null +++ b/scan/gadget/sensitive/keys/duffel-api-token.yaml @@ -0,0 +1,22 @@ +id: duffel-api-token + +info: + name: Duffel API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.go + metadata: + verified: true + tags: keys,file,duffel,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - duffel_(test|live)_(?i)[a-z0-9_\-=]{43} +# digest: 4a0a0047304502202421c143203a023a8285876328e3581df769889a541d51b3bdcf72ab8fc117ff022100cb6b572f959e94b842ee120dd67fb14cafc499e3b4b6d4665dd07eb3e53b60f3:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/dynatrace-token.yaml b/scan/gadget/sensitive/keys/dynatrace-token.yaml new file mode 100644 index 0000000..60d4248 --- /dev/null +++ b/scan/gadget/sensitive/keys/dynatrace-token.yaml @@ -0,0 +1,23 @@ +id: dynatrace-token + +info: + name: Dynatrace Token - Detect + author: gaurang + severity: high + description: Dynatrace token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022100ab64299fac317f6ebc2349e91b5e7fb30e50b5c612e13c00d561ee816089222602207a3b30fbfc67583401a9e652198a3dc609e1877e0f5451748c91df5ac5a1fffa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/easypost/easypost-api-token.yaml b/scan/gadget/sensitive/keys/easypost/easypost-api-token.yaml new file mode 100644 index 0000000..14c02e1 --- /dev/null +++ b/scan/gadget/sensitive/keys/easypost/easypost-api-token.yaml @@ -0,0 +1,23 @@ +id: easypost-api-token + +info: + name: Easypost Test API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.yaml + metadata: + verified: true + tags: file,keys,easypost,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - EZAK(?i)[a-z0-9]{54} +# digest: 4b0a00483046022100e61496ecd8994a3249bfa7ced4fdb49d6518b2b47fc556b3e611abeecd64c2c1022100c69eb40905d2e780d9e2a07b44b0a0956cbfc868c0b9e46c93421e26a73b9c21:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/easypost/easypost-test-token.yaml b/scan/gadget/sensitive/keys/easypost/easypost-test-token.yaml new file mode 100644 index 0000000..e92a7af --- /dev/null +++ b/scan/gadget/sensitive/keys/easypost/easypost-test-token.yaml @@ -0,0 +1,23 @@ +id: easypost-test-token + +info: + name: Easypost Test API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.yaml + metadata: + verified: true + tags: file,keys,easypost,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - EZTK(?i)[a-z0-9]{54} +# digest: 4b0a00483046022100a8a903d8c12982d4215d7d686683821b3a72ee119e106b1c62de92ea9e2e8891022100dda07ef96999d284589a8ab9524c24512ac4e4be6190717fd70fb0837e99b08d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/etsy-access-token.yaml b/scan/gadget/sensitive/keys/etsy-access-token.yaml new file mode 100644 index 0000000..ec92b7b --- /dev/null +++ b/scan/gadget/sensitive/keys/etsy-access-token.yaml @@ -0,0 +1,22 @@ +id: etsy-access-token + +info: + name: Etsy Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.go + metadata: + verified: true + tags: file,keys,etsy,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022060ce8a53571f37202449c1685892f383465c312d2048578d5a202817d0611dfe022100e934a548eea41ac9818e3efffe2c9da795a395f884d4a1f10c0392de726fcf15:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/facebook/facebook-api-token.yaml b/scan/gadget/sensitive/keys/facebook/facebook-api-token.yaml new file mode 100644 index 0000000..856570e --- /dev/null +++ b/scan/gadget/sensitive/keys/facebook/facebook-api-token.yaml @@ -0,0 +1,23 @@ +id: facebook-api-token + +info: + name: Facebook API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.go + metadata: + verified: true + tags: keys,file,facebook,token + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022039cfc3385a5e54130639427498934edb6851cbbfa0cb2fa9e0766c80de9c2f06022100a24d18ff30e17c296e32f42a80fee23cf4ae78eb0e82b85e1b399663945788f7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/facebook/facebook-client-id.yaml b/scan/gadget/sensitive/keys/facebook/facebook-client-id.yaml new file mode 100644 index 0000000..976fe26 --- /dev/null +++ b/scan/gadget/sensitive/keys/facebook/facebook-client-id.yaml @@ -0,0 +1,24 @@ +id: facebook-client-id + +info: + name: Facebook Client ID - Detect + author: gaurang + severity: info + description: Facebook client ID token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 + tags: keys,file,token,facebook + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" + +# Enhanced by md on 2023/05/04 +# digest: 490a0046304402205c3ed81a6b30472131610c16c17b09e837f4a50a24ea7855646cd4f63681693102206d187a7c8a35d1a8a6d44bc7ffb3df51f06401d98e210d0f0233744e5cf0496b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/facebook/facebook-secret.yaml b/scan/gadget/sensitive/keys/facebook/facebook-secret.yaml new file mode 100644 index 0000000..de987e0 --- /dev/null +++ b/scan/gadget/sensitive/keys/facebook/facebook-secret.yaml @@ -0,0 +1,18 @@ +id: facebook-secret-key + +info: + name: Facebook Secret Key - Detect + author: gaurang + severity: low + description: Facebook secret key token was detected. + tags: keys,file,token,facebook + +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" +# digest: 490a004630440220088a4482a94c06fc1c8f203f3c7c1bb1c49303682b030f8012e682c9b0b1a4d6022069258d660c85e0daa2e6406090f1d54b78ac348fbb963c372d123327433408ee:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/facebook/fb-access-token.yaml b/scan/gadget/sensitive/keys/facebook/fb-access-token.yaml similarity index 57% rename from scan/gadget/sensitive/rules/facebook/fb-access-token.yaml rename to scan/gadget/sensitive/keys/facebook/fb-access-token.yaml index 28d949e..c2d0295 100644 --- a/scan/gadget/sensitive/rules/facebook/fb-access-token.yaml +++ b/scan/gadget/sensitive/keys/facebook/fb-access-token.yaml @@ -8,8 +8,8 @@ info: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/facebook.yml - https://developers.facebook.com/docs/facebook-login/access-tokens/ metadata: - verified: "true" - tags: facebook,token,file + verified: true + tags: file,keys,facebook,token file: - extensions: @@ -19,4 +19,5 @@ file: - type: regex part: body regex: - - '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b' \ No newline at end of file + - '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b' +# digest: 4b0a00483046022100906343469fb8f96da3ccf0963909ce5c20670bdff9d3b67347567d8983225e880221008bae64c94e2bbd5ae50d2d96d011e27e00695b52e82a7be86533132940bd8095:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/fastly-api-token.yaml b/scan/gadget/sensitive/keys/fastly-api-token.yaml new file mode 100644 index 0000000..c9bccc6 --- /dev/null +++ b/scan/gadget/sensitive/keys/fastly-api-token.yaml @@ -0,0 +1,22 @@ +id: fastly-api-token + +info: + name: Fastly API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.go + metadata: + verified: true + tags: keys,file,fastly,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100d8441e43f35e1384e748abac2ddc93f5e90a14d06b06fb6f76e4762dcbe29ea602210095180944d4b581d9d4ee114b75f3ee2d820269c52e7da2d4d8a105f3e245a0ba:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/fcm-api-key.yaml b/scan/gadget/sensitive/keys/fcm-api-key.yaml new file mode 100644 index 0000000..945d471 --- /dev/null +++ b/scan/gadget/sensitive/keys/fcm-api-key.yaml @@ -0,0 +1,16 @@ +id: fcm-api-key + +info: + name: Firebase Cloud Messaging Token + author: Devang-Solanki + severity: medium + tags: file,keys,token,fcm,firebase,google +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - '[A-Za-z0-9-_]+:APA91b[A-Za-z0-9-_#]+' +# digest: 4a0a00473045022041f056406b85bb039bce810b2835a5ab8a446a6b6dfac1a5656b0ff7bff221f2022100b130f489cf048057110e68b3a5d891878db9a6bc0d486eb07842a6f37510479a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/figma-access-token.yaml b/scan/gadget/sensitive/keys/figma-access-token.yaml new file mode 100644 index 0000000..64ec063 --- /dev/null +++ b/scan/gadget/sensitive/keys/figma-access-token.yaml @@ -0,0 +1,22 @@ +id: figma-access-token + +info: + name: Figma Personal Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/figma.yml + - https://www.figma.com/developers/api + metadata: + verified: true + tags: file,keys,figma,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)figma.{0,20}\b([0-9a-f]{4}-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b +# digest: 4a0a00473045022100cbc7b923b9821d8b0da62a6152e2c9887062352d3f428e626da0e38bd455b6fe02201a9d7e25bc38f63682229f636ca9733c20b8de5e05453cd9ef09cda9f87186f8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/finicity/finicity-api-token.yaml b/scan/gadget/sensitive/keys/finicity/finicity-api-token.yaml new file mode 100644 index 0000000..8f5a7f0 --- /dev/null +++ b/scan/gadget/sensitive/keys/finicity/finicity-api-token.yaml @@ -0,0 +1,22 @@ +id: finicity-api-token + +info: + name: Finicity API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.go + metadata: + verified: true + tags: file,keys,finicity,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4b0a00483046022100f241e2b7819d9662106d68984ceab12ce6488feefc724d94bc7a131c814f1bc3022100d335261dd3b17fa626f653da06a0287f63003626693e3a6ae7dc137786af7a13:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/finicity/finicity-client-secret.yaml b/scan/gadget/sensitive/keys/finicity/finicity-client-secret.yaml new file mode 100644 index 0000000..5dfb6fe --- /dev/null +++ b/scan/gadget/sensitive/keys/finicity/finicity-client-secret.yaml @@ -0,0 +1,22 @@ +id: finicity-client-secret + +info: + name: Finicity Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.go + metadata: + verified: true + tags: file,keys,finicity,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a004730450220654a1f5a3e4adeca05a57c66008b411228a269685dc3c0029b8f81a6199cf45e022100ef719245aad660e2cd86603013a99c42ea967eeb6626760cc0c33070b7e54f81:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/finnhub-access-token.yaml b/scan/gadget/sensitive/keys/finnhub-access-token.yaml new file mode 100644 index 0000000..b04fbb9 --- /dev/null +++ b/scan/gadget/sensitive/keys/finnhub-access-token.yaml @@ -0,0 +1,22 @@ +id: finnhub-access-token + +info: + name: Finnhub Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.go + metadata: + verified: true + tags: file,keys,finnhub,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) +# digest: 4a0a00473045022100b50377388b15123b007f295e2b22c113fbbf59ec497c11f8245addf21da0d8a402200d62fc352af0319cc578ce82baed797de40b401a4885bd1abd5351225f01e68f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/firebase-database.yaml b/scan/gadget/sensitive/keys/firebase-database.yaml similarity index 55% rename from scan/gadget/sensitive/rules/firebase-database.yaml rename to scan/gadget/sensitive/keys/firebase-database.yaml index b02e6e2..b382ba5 100644 --- a/scan/gadget/sensitive/rules/firebase-database.yaml +++ b/scan/gadget/sensitive/keys/firebase-database.yaml @@ -4,8 +4,7 @@ info: name: Firebase Database Detect author: gaurang severity: info - tags: token,file,firebase - + tags: file,keys,token,firebase file: - extensions: - all @@ -15,3 +14,4 @@ file: regex: - "[a-z0-9.-]+\\.firebaseio\\.com" - "[a-z0-9.-]+\\.firebaseapp\\.com" +# digest: 490a004630440220035a4d1d44e47b7b20a0944a2cfe2939806e33f5341fa5ccf188db65d7aa8e0802203d0226609d88e9be2f2c31212b32ec0a6785a3855820655cb94c95fa66f738a0:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/flickr-access-token.yaml b/scan/gadget/sensitive/keys/flickr-access-token.yaml new file mode 100644 index 0000000..d734cf9 --- /dev/null +++ b/scan/gadget/sensitive/keys/flickr-access-token.yaml @@ -0,0 +1,23 @@ +id: flickr-access-token + +info: + name: Flickr Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.go + metadata: + verified: true + tags: flickr,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100e34de1ee37b96835acda1132433eec7c4b02c2a35b1139ae4b8e5aaa38e85e5e0220612e97d89129b040693343da576a8d7eee35944a3769c76dd269f5602e0d02db:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/flutter/flutterwave-encryption-key.yaml b/scan/gadget/sensitive/keys/flutter/flutterwave-encryption-key.yaml new file mode 100644 index 0000000..8d0c8d2 --- /dev/null +++ b/scan/gadget/sensitive/keys/flutter/flutterwave-encryption-key.yaml @@ -0,0 +1,23 @@ +id: flutterwave-encryption-key + +info: + name: Flutterwave Encryption Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.go + metadata: + verified: true + tags: flutter,file,keys,flutterwave +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWSECK_TEST-(?i)[a-h0-9]{12} + +# digest: 490a00463044022001bb728280f64a65aad5cf17534d751dbe1cda89c68bb06251a2232fe7ca0810022037d2fb62e03bd86162102d5d381a0c5a6c54728628a5381af1eeaac926773f91:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/flutter/flutterwave-public-key.yaml b/scan/gadget/sensitive/keys/flutter/flutterwave-public-key.yaml new file mode 100644 index 0000000..917c090 --- /dev/null +++ b/scan/gadget/sensitive/keys/flutter/flutterwave-public-key.yaml @@ -0,0 +1,23 @@ +id: flutterwave-public-key + +info: + name: Flutterwave Public Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.yaml + metadata: + verified: true + tags: flutter,file,keys,flutterwave +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWPUBK_TEST-(?i)[a-h0-9]{32}-X + +# digest: 4a0a0047304502201663f48cdd3af7e4e844c938a840b398231226cf267ce2b9b71aee64b4f01b070221009b15d106d4003dba20c9c1de1a7531478ba5abe063299fa31fad81343c1b8e07:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/flutter/flutterwave-secret-key.yaml b/scan/gadget/sensitive/keys/flutter/flutterwave-secret-key.yaml new file mode 100644 index 0000000..cfbd727 --- /dev/null +++ b/scan/gadget/sensitive/keys/flutter/flutterwave-secret-key.yaml @@ -0,0 +1,23 @@ +id: flutterwave-secret-key + +info: + name: Flutterwave Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.go + metadata: + verified: true + tags: flutter,file,keys,flutterwave +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWSECK_TEST-(?i)[a-h0-9]{32}-X + +# digest: 4a0a00473045022100ef800d5ff9a0070b05c95c26fea14222a4efb0739951eea468e07f08ccef665a022008c000020cb1a4316a03521c4fd6d3af85de85340d924cff0d0936b80b1ed85f:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/frameio-api-token.yaml b/scan/gadget/sensitive/keys/frameio-api-token.yaml new file mode 100644 index 0000000..2ec16d8 --- /dev/null +++ b/scan/gadget/sensitive/keys/frameio-api-token.yaml @@ -0,0 +1,23 @@ +id: frameio-api-token + +info: + name: Frameio API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.go + metadata: + verified: true + tags: frameio,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - fio-u-(?i)[a-z0-9\-_=]{64} + +# digest: 4a0a0047304502200c5a4dfba3c1a826c28c745bd3debafd32fa105a12cd37a5c018300440233ad8022100836571fe9c99297bbbcd639faaac0f0b856d4a6049e8fcc201537c5068d7ac57:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/freshbooks-access-token.yaml b/scan/gadget/sensitive/keys/freshbooks-access-token.yaml new file mode 100644 index 0000000..4998e53 --- /dev/null +++ b/scan/gadget/sensitive/keys/freshbooks-access-token.yaml @@ -0,0 +1,23 @@ +id: freshbooks-access-token + +info: + name: Freshbooks Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.go + metadata: + verified: true + tags: freshbooks,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - fio-u-(?i)[a-z0-9\-_=]{64} + +# digest: 490a004630440220373919559ed5f79b42f4628fe2e75f9de9582f7447fdd43a711fe32f13993ece02207d990413ca61229e70e14b9d17990afbec9396475b33ba44faf734c9e4e27c16:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/rules/gcp-service-account.yaml b/scan/gadget/sensitive/keys/gcp-service-account.yaml similarity index 50% rename from scan/gadget/sensitive/rules/gcp-service-account.yaml rename to scan/gadget/sensitive/keys/gcp-service-account.yaml index 9dd972a..a05d2ed 100644 --- a/scan/gadget/sensitive/rules/gcp-service-account.yaml +++ b/scan/gadget/sensitive/keys/gcp-service-account.yaml @@ -4,8 +4,7 @@ info: name: Google (GCP) Service-account author: gaurang severity: low - tags: token,file,google - + tags: file,keys,token,google file: - extensions: - all @@ -14,3 +13,4 @@ file: - type: regex regex: - "\"type\": \"service_account\"" +# digest: 4a0a00473045022100cb6dcfa7dcc1544a9d22b921bfe6ea06c853f81c2dba5230df89bb222cded8390220220342a2699d75a6104f3af08f65b6bc97b873889fadf53fb7214b9b712dd5f2:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/github/github-app-token.yaml b/scan/gadget/sensitive/keys/github/github-app-token.yaml similarity index 50% rename from scan/gadget/sensitive/rules/github/github-app-token.yaml rename to scan/gadget/sensitive/keys/github/github-app-token.yaml index f8b16c1..0f9c51f 100644 --- a/scan/gadget/sensitive/rules/github/github-app-token.yaml +++ b/scan/gadget/sensitive/keys/github/github-app-token.yaml @@ -4,8 +4,7 @@ info: name: Github App Token author: tanq16,DhiyaneshDK severity: medium - tags: token,file,github - + tags: keys,file,token,github file: - extensions: - all @@ -14,3 +13,4 @@ file: - type: regex regex: - "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b" +# digest: 4b0a00483046022100b9d3d1fd11451fe2d5bb3cc0d433ee22cae5ca24e86f5b60845cb3103ad053fe0221009741eb11789fe97cedd0f7fb821d82fa102bb7b65a4f00a99e9c3f2792cb8306:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/github/github-oauth-token.yaml b/scan/gadget/sensitive/keys/github/github-oauth-token.yaml new file mode 100644 index 0000000..9367953 --- /dev/null +++ b/scan/gadget/sensitive/keys/github/github-oauth-token.yaml @@ -0,0 +1,16 @@ +id: github-oauth-token + +info: + name: Github OAuth Access Token + author: tanq16 + severity: high + tags: file,keys,token,github +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "gho_.{36}" +# digest: 4a0a004730450221008c53926b33a3b4059610c1a3fea1979833257a4acc6a7b3f42f1be341cd326320220284a515e5b905b6e7eb5cfba9858b243614aaceaf6da411d2e1cd9368de769fe:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/github/github-outdated-key.yaml b/scan/gadget/sensitive/keys/github/github-outdated-key.yaml similarity index 81% rename from scan/gadget/sensitive/rules/github/github-outdated-key.yaml rename to scan/gadget/sensitive/keys/github/github-outdated-key.yaml index 32b41ba..9209ed0 100644 --- a/scan/gadget/sensitive/rules/github/github-outdated-key.yaml +++ b/scan/gadget/sensitive/keys/github/github-outdated-key.yaml @@ -10,9 +10,8 @@ info: - https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ - https://web.archive.org/web/20230316194229/https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints metadata: - verified: "true" - tags: file,github,ssh,rsa - + verified: true + tags: file,keys,github,ssh,rsa file: - extensions: - all @@ -22,3 +21,4 @@ file: regex: - SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa\+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf\+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB\+weqqUUmpaaasXVal72J\+UX2B\+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7\+wC604ydGXA8VJiS5ap43JXiUFFAaQ== +# digest: 4b0a0048304602210097d39a926e780cd375fdb4adaba3f38cf210fbc9da81445df494d206635403cb022100c7c85a7539d3e8aa0fe0d632358176e1ed6544ca71d770325f5f446070b6c555:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/github/github-personal-token.yaml b/scan/gadget/sensitive/keys/github/github-personal-token.yaml similarity index 51% rename from scan/gadget/sensitive/rules/github/github-personal-token.yaml rename to scan/gadget/sensitive/keys/github/github-personal-token.yaml index 7982d00..4a8bc34 100644 --- a/scan/gadget/sensitive/rules/github/github-personal-token.yaml +++ b/scan/gadget/sensitive/keys/github/github-personal-token.yaml @@ -4,8 +4,7 @@ info: name: Github Personal Token author: geeknik severity: high - tags: token,file,github - + tags: file,keys,token,github file: - extensions: - all @@ -15,3 +14,4 @@ file: regex: - "ghp_.{36}" - "github_pat_.{82}" +# digest: 4a0a0047304502203c2ec1412ad731d19d011f31640fed087cbff2458bb3566ef8b6eeab67685fb7022100ff8093aefd8308c39e24dd35a59ced0166d4d5142d2d53104ae639032ca9693f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/github/github-refresh-token.yaml b/scan/gadget/sensitive/keys/github/github-refresh-token.yaml new file mode 100644 index 0000000..044a6a8 --- /dev/null +++ b/scan/gadget/sensitive/keys/github/github-refresh-token.yaml @@ -0,0 +1,16 @@ +id: github-refresh-token + +info: + name: Github Refresh Token + author: tanq16 + severity: high + tags: file,keys,token,github +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "ghr_.{76}" +# digest: 4a0a0047304502206bdea7a5561d353ecf0a6457d342c940765d8eb423c3755d8333abf20dd73a4c022100bd0ba1e3a2ae3c4a5f075e75be2bf4db20ed798233f99cc306f29b550ec7a054:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/gitlab/gitlab-personal-accesstoken.yaml b/scan/gadget/sensitive/keys/gitlab/gitlab-personal-accesstoken.yaml similarity index 58% rename from scan/gadget/sensitive/rules/gitlab/gitlab-personal-accesstoken.yaml rename to scan/gadget/sensitive/keys/gitlab/gitlab-personal-accesstoken.yaml index 6e9c3a3..6d81c36 100644 --- a/scan/gadget/sensitive/rules/gitlab/gitlab-personal-accesstoken.yaml +++ b/scan/gadget/sensitive/keys/gitlab/gitlab-personal-accesstoken.yaml @@ -8,9 +8,8 @@ info: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/gitlab.yml - https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html metadata: - verified: "true" - tags: gitlab,token,file - + verified: true + tags: file,keys,gitlab,token file: - extensions: - all @@ -19,4 +18,5 @@ file: - type: regex part: body regex: - - '\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)' \ No newline at end of file + - '\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)' +# digest: 4a0a00473045022100d8f81a139d1a55d53b48483cf5f37388a5aa00533518f37e62262ce7d746a8e30220645f888c251b51c3e07bb926d8f51c1bc02d0e34e1970911c9aa95395364078b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/gitlab/gitlab-pipeline-triggertoken.yaml b/scan/gadget/sensitive/keys/gitlab/gitlab-pipeline-triggertoken.yaml similarity index 64% rename from scan/gadget/sensitive/rules/gitlab/gitlab-pipeline-triggertoken.yaml rename to scan/gadget/sensitive/keys/gitlab/gitlab-pipeline-triggertoken.yaml index 25fef56..baf5a80 100644 --- a/scan/gadget/sensitive/rules/gitlab/gitlab-pipeline-triggertoken.yaml +++ b/scan/gadget/sensitive/keys/gitlab/gitlab-pipeline-triggertoken.yaml @@ -10,9 +10,8 @@ info: - https://gitlab.com/gitlab-org/gitlab/-/issues/371396 - https://gitlab.com/gitlab-org/gitlab/-/issues/388379 metadata: - verified: "true" - tags: gitlab,token,file - + verified: true + tags: keys,file,gitlab,token file: - extensions: - all @@ -21,4 +20,5 @@ file: - type: regex part: body regex: - - '\b(glptt-[0-9a-f]{40})\b' \ No newline at end of file + - '\b(glptt-[0-9a-f]{40})\b' +# digest: 4a0a004730450221008cbf4eb94765a87a19f157f6c0c8c2bdf2065beccbd30d912cc939db48373953022029b0256eda9ca89370a55cd4af46c29517647ada90ad11704cd7dd580313882d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/gitlab/gitlab-runner-regtoken.yaml b/scan/gadget/sensitive/keys/gitlab/gitlab-runner-regtoken.yaml similarity index 65% rename from scan/gadget/sensitive/rules/gitlab/gitlab-runner-regtoken.yaml rename to scan/gadget/sensitive/keys/gitlab/gitlab-runner-regtoken.yaml index dd1e4e3..9c46323 100644 --- a/scan/gadget/sensitive/rules/gitlab/gitlab-runner-regtoken.yaml +++ b/scan/gadget/sensitive/keys/gitlab/gitlab-runner-regtoken.yaml @@ -10,9 +10,8 @@ info: - https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens-deprecated - https://docs.gitlab.com/ee/security/token_overview.html#security-considerations metadata: - verified: "true" - tags: gitlab,runner,token,file - + verified: true + tags: keys,file,gitlab,runner,token file: - extensions: - all @@ -21,4 +20,5 @@ file: - type: regex part: body regex: - - '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)' \ No newline at end of file + - '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)' +# digest: 4b0a00483046022100d013cf84c226c19433c9eb5d26b3e01b5e8836a0eb5d4ff3b9983b307e6e198b022100ee983342a74bf1953a0bdeaeb6f39798c018ad2ac2e23c3075f35ff0b5186010:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/gitter-access-token.yaml b/scan/gadget/sensitive/keys/gitter-access-token.yaml new file mode 100644 index 0000000..49bfefc --- /dev/null +++ b/scan/gadget/sensitive/keys/gitter-access-token.yaml @@ -0,0 +1,23 @@ +id: gitter-access-token + +info: + name: Gitter Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.go + metadata: + verified: true + tags: gitter,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022024b31fc9eb1fabba2e0853bff3057754737098dce170f37dae5b48e451e37adf022100cadc0986bb67a10f42b716e69921383c00f6e61fdc87f2bfded8780288c024c5:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/gocardless-api-token.yaml b/scan/gadget/sensitive/keys/gocardless-api-token.yaml new file mode 100644 index 0000000..742a0fb --- /dev/null +++ b/scan/gadget/sensitive/keys/gocardless-api-token.yaml @@ -0,0 +1,23 @@ +id: gocardless-api-token + +info: + name: Gocardless API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.go + metadata: + verified: true + tags: gocardless,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a004630440220155e107b0ad06304b29f2c77174e43f1a746c7a1919c6db1b92f8cdfdd9fde4702203b452239f0686864410852dc04f7f1f2ab9605ce5fd6f625f2f2a92d5c4bfe64:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/google/google-api.yaml b/scan/gadget/sensitive/keys/google/google-api.yaml new file mode 100644 index 0000000..30cb66c --- /dev/null +++ b/scan/gadget/sensitive/keys/google/google-api.yaml @@ -0,0 +1,16 @@ +id: google-api-key-file + +info: + name: Google API key + author: gaurang + severity: info + tags: keys,file,token,google +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "AIza[0-9A-Za-z\\-_]{35}" +# digest: 4a0a00473045022100d10b8c8ea01d04d065a9d13f5f60048a32c908cc2c5a3f9b4ddcb5ba2f7e823a022039f78018968a42018e32f1a2ccb17df81b9255d14d9094659d95e160eb09eb4a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/google/google-clientid.yaml b/scan/gadget/sensitive/keys/google/google-clientid.yaml similarity index 59% rename from scan/gadget/sensitive/rules/google/google-clientid.yaml rename to scan/gadget/sensitive/keys/google/google-clientid.yaml index 59191e5..e57b108 100644 --- a/scan/gadget/sensitive/rules/google/google-clientid.yaml +++ b/scan/gadget/sensitive/keys/google/google-clientid.yaml @@ -7,9 +7,8 @@ info: reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/google.yml metadata: - verified: "true" - tags: google,token,file - + verified: true + tags: file,keys,google,token file: - extensions: - all @@ -18,4 +17,5 @@ file: - type: regex part: body regex: - - '(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com' \ No newline at end of file + - '(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com' +# digest: 4a0a0047304502204d6ddfacde924e20772b34f26f8f705be85f7bf5bc9078c729a7f7edc99a9dcf022100a64c8e922783d1374f6cbc1f132b56a1efd3de3c59a2ed6ba3d3266225e7ffa4:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/google/google-oauth-clientsecret.yaml b/scan/gadget/sensitive/keys/google/google-oauth-clientsecret.yaml similarity index 54% rename from scan/gadget/sensitive/rules/google/google-oauth-clientsecret.yaml rename to scan/gadget/sensitive/keys/google/google-oauth-clientsecret.yaml index b3f4730..60ac34b 100644 --- a/scan/gadget/sensitive/rules/google/google-oauth-clientsecret.yaml +++ b/scan/gadget/sensitive/keys/google/google-oauth-clientsecret.yaml @@ -7,9 +7,8 @@ info: reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/google.yml metadata: - verified: "true" - tags: google,token,file - + verified: true + tags: file,keys,google,token file: - extensions: - all @@ -18,4 +17,5 @@ file: - type: regex part: body regex: - - '(GOCSPX-[a-zA-Z0-9_-]{28})' \ No newline at end of file + - '(GOCSPX-[a-zA-Z0-9_-]{28})' +# digest: 4a0a004730450220157b3e82f90478510f0f71167cfa1f517878cfc309707142fa439d38149c8a1a022100a54beacb6de85b38bddad57f4d7090ba367df0825c9c4fbfa165f7cb8ae0d4e9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/grafana/grafana-api-key.yaml b/scan/gadget/sensitive/keys/grafana/grafana-api-key.yaml new file mode 100644 index 0000000..ffdc8c0 --- /dev/null +++ b/scan/gadget/sensitive/keys/grafana/grafana-api-key.yaml @@ -0,0 +1,23 @@ +id: grafana-api-key + +info: + name: Grafana API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.go + metadata: + verified: true + tags: grafana,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100f94f26615c01ee3669910469b31e0011b160852246ed76ae9802f34d6be1911c022076cd3f3e6b5257f59db3fb098baf801c44b0a628196d408b70d1765bb646a7c9:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/grafana/grafana-cloud-api-token.yaml b/scan/gadget/sensitive/keys/grafana/grafana-cloud-api-token.yaml new file mode 100644 index 0000000..89714db --- /dev/null +++ b/scan/gadget/sensitive/keys/grafana/grafana-cloud-api-token.yaml @@ -0,0 +1,23 @@ +id: grafana-cloud-api-token + +info: + name: Grafana Cloud API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.go + metadata: + verified: true + tags: grafana,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100ac8747d010f2f8ecbbf15e54c1a4f79e1e965927e8077c7e25d72c003adf0d9a02205ec44b2c0ae24af123d96ec3b31d842f77287892e7f1f5a92d08a213dd5af080:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/grafana/grafana-service-account-token.yaml b/scan/gadget/sensitive/keys/grafana/grafana-service-account-token.yaml new file mode 100644 index 0000000..d965ba8 --- /dev/null +++ b/scan/gadget/sensitive/keys/grafana/grafana-service-account-token.yaml @@ -0,0 +1,23 @@ +id: grafana-service-account-token + +info: + name: Grafana Service Account Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.go + metadata: + verified: true + tags: grafana,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100d0d2caaae6ee74a09fb5d24db235ba021d75800eafa6dbc83777ac9213de0eff022100f4dde19703abd7a8925d6b3dbcfa20ac5d7e72e6f670baed1ea04e57e3fdfd5a:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/keys/hashicorp-api-token.yaml b/scan/gadget/sensitive/keys/hashicorp-api-token.yaml new file mode 100644 index 0000000..011b0c7 --- /dev/null +++ b/scan/gadget/sensitive/keys/hashicorp-api-token.yaml @@ -0,0 +1,23 @@ +id: hashicorp-api-token + +info: + name: Hashicorp API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.go + metadata: + verified: true + tags: hashicorp,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70} + +# digest: 490a004630440220077946f13881a3f72dcf81af66d6441c54bcfa9ebf55bb2a9b9b8e16ca48f82c022071b09b7aa278782ba81b70d8da7eed2b6876da0e551fc1a23533e1d67f4cce02:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/rules/heroku-key.yaml b/scan/gadget/sensitive/keys/heroku-key.yaml similarity index 59% rename from scan/gadget/sensitive/rules/heroku-key.yaml rename to scan/gadget/sensitive/keys/heroku-key.yaml index 9b02b53..b9819eb 100644 --- a/scan/gadget/sensitive/rules/heroku-key.yaml +++ b/scan/gadget/sensitive/keys/heroku-key.yaml @@ -8,9 +8,8 @@ info: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/heroku.yml - https://devcenter.heroku.com/articles/authentication metadata: - verified: "true" - tags: heroku,token,file - + verified: true + tags: file,keys,heroku,token file: - extensions: - all @@ -19,4 +18,5 @@ file: - type: regex part: body regex: - - '(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b' \ No newline at end of file + - '(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b' +# digest: 4a0a00473045022100e9a5fe2b9b5307955ba8c070625b450f87018040278cac9d857936ad0a3b43fc022030fdf2d770b0a7de20c15055be3d5c8cde50df6937d8ebf01072ac9f83b9f461:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/huggingface/huggingface-user-access.yaml b/scan/gadget/sensitive/keys/huggingface/huggingface-user-access.yaml new file mode 100644 index 0000000..e0b3ffc --- /dev/null +++ b/scan/gadget/sensitive/keys/huggingface/huggingface-user-access.yaml @@ -0,0 +1,23 @@ +id: huggingface-user-access + +info: + name: HuggingFace User Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/huggingface.yml + - https://huggingface.co/docs/hub/security-tokens + metadata: + verified: true + tags: huggingface,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '\b(hf_[a-zA-Z]{34})\b' +# digest: 4b0a00483046022100934e5db46a96a95fbd52e60737825b1ed564ae6f42363a5843a5317f25c8b15d0221008fd6451b353118cd6c0b7a054f49e79c36d5c4222658de97e4b5fea6731da789:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/jenkins-token.yaml b/scan/gadget/sensitive/keys/jenkins-token.yaml similarity index 66% rename from scan/gadget/sensitive/rules/jenkins-token.yaml rename to scan/gadget/sensitive/keys/jenkins-token.yaml index 02c9e5a..cb154d3 100644 --- a/scan/gadget/sensitive/rules/jenkins-token.yaml +++ b/scan/gadget/sensitive/keys/jenkins-token.yaml @@ -9,9 +9,8 @@ info: - https://www.jenkins.io/blog/2018/07/02/new-api-token-system/ - https://www.jenkins.io/doc/book/security/csrf-protection/ metadata: - verified: "true" - tags: jenkins,crumb,token,file - + verified: true + tags: file,keys,jenkins,crumb,token file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - '(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b' \ No newline at end of file + - '(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b' +# digest: 4b0a00483046022100bbae117ce6e36c2edabf974fd82254d93119455c3ffaae610bba874bb154fd14022100c94a0e7d792202691a4e8608e7cefcf2bcd0323c9b4c9dacb555345000ec4b0b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/kubernetes/kubernetes-dockercfg-secret.yaml b/scan/gadget/sensitive/keys/kubernetes/kubernetes-dockercfg-secret.yaml new file mode 100644 index 0000000..0983e54 --- /dev/null +++ b/scan/gadget/sensitive/keys/kubernetes/kubernetes-dockercfg-secret.yaml @@ -0,0 +1,23 @@ +id: kubernetes-dockercfg-secret + +info: + name: kubernetes.io/dockercfg Secret + author: dwisiswant0 + severity: info + reference: + - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets + metadata: + verified: true + tags: kubernetes,k8s,file,keys,secret + +file: + - extensions: + - yaml + - yml + + extractors: + - type: regex + part: body + regex: + - \.dockercfg:\s+["']?e(w|y)[\w=]+["']? +# digest: 4b0a0048304602210084bb6909a2c7963a555e1075de093962ffd4e4b125d3dd1bb559eccf252e697c022100d2e745493ab0b3a250e96f74744924d34f1cb1cf18b265e81ebba442c3eb52ad:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml b/scan/gadget/sensitive/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml new file mode 100644 index 0000000..89083fb --- /dev/null +++ b/scan/gadget/sensitive/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml @@ -0,0 +1,23 @@ +id: kubernetes-dockerconfigjson-secret + +info: + name: kubernetes.io/dockerconfigjson Secret + author: dwisiswant0 + severity: info + reference: + - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets + metadata: + verified: true + tags: kubernetes,k8s,file,keys,secret + +file: + - extensions: + - yaml + - yml + + extractors: + - type: regex + part: body + regex: + - \.dockerconfigjson:\s+["']?e(w|y)[\w=]+["']? +# digest: 490a0046304402205837efe22bf2818e0eff1697ee0cfa3f5e769e3c20fa63e1291c6243d921daa202207523ce58ac252a1a71bbbf192eb381aa08631c976b1860127bf5e77441876053:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/linkedin-id.yaml b/scan/gadget/sensitive/keys/linkedin-id.yaml new file mode 100644 index 0000000..c5b4a4a --- /dev/null +++ b/scan/gadget/sensitive/keys/linkedin-id.yaml @@ -0,0 +1,16 @@ +id: linkedin-id + +info: + name: Linkedin Client ID + author: gaurang + severity: low + tags: file,keys,token,linkedin +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" +# digest: 4a0a0047304502203d8afe36515a2055a46a90e36140bedad012308b2ee65ab71a018d3ebd0d502d022100e1ed5b6faf198657fe22358330ac6eb9dfbc042875faafbef04b8fa083eeecf9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/linkedin/linkedin-client.yaml b/scan/gadget/sensitive/keys/linkedin/linkedin-client.yaml new file mode 100644 index 0000000..03c271d --- /dev/null +++ b/scan/gadget/sensitive/keys/linkedin/linkedin-client.yaml @@ -0,0 +1,23 @@ +id: linkedin-client + +info: + name: LinkedIn Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml + - https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications + metadata: + verified: true + tags: linkedin,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)linkedin.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{12,14})\b +# digest: 4a0a00473045022100ade417f9932824017914990383cd867a37ba57dd1badc60aa55dac97e73cbf3f02203bb0babcad422204af64f70926c18827b3940c69f909d205f440468d18b0bb31:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/linkedin/linkedin-secret.yaml b/scan/gadget/sensitive/keys/linkedin/linkedin-secret.yaml new file mode 100644 index 0000000..698117b --- /dev/null +++ b/scan/gadget/sensitive/keys/linkedin/linkedin-secret.yaml @@ -0,0 +1,23 @@ +id: linkedin-secret + +info: + name: LinkedIn Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/linkedin.yml + - https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications + metadata: + verified: true + tags: linkedin,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)linkedin.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{16})\b +# digest: 4a0a0047304502205def151b767d6270018ea90666e56089b0dde70467ca94489c6ab9ec0b735fe2022100ea3cee5471199b7e21bd6a63b75a667adcddad7281d249e83cbb8eb8cda82fd7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/mailchimp-api.yaml b/scan/gadget/sensitive/keys/mailchimp-api.yaml new file mode 100644 index 0000000..f830354 --- /dev/null +++ b/scan/gadget/sensitive/keys/mailchimp-api.yaml @@ -0,0 +1,16 @@ +id: mailchimp-api-key + +info: + name: Mailchimp API Key + author: gaurang + severity: high + tags: keys,file,token,mailchimp +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[0-9a-f]{32}-us[0-9]{1,2}" +# digest: 4a0a00473045022100b7d7dc7f716b2b6aa9f8fc0e8f2455cd4598868f7cdf43257e6359058f2bb4ab02201b98b540e564948f56babb33b53688a32a426e54dc32d0ca159d70eebb798191:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/mailgun-api.yaml b/scan/gadget/sensitive/keys/mailgun-api.yaml new file mode 100644 index 0000000..ea2ef20 --- /dev/null +++ b/scan/gadget/sensitive/keys/mailgun-api.yaml @@ -0,0 +1,16 @@ +id: mailgun-api-key + +info: + name: Mailgun API Key + author: gaurang + severity: high + tags: file,keys,token,mailgun +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "key-[0-9a-zA-Z]{32}" +# digest: 4a0a00473045022006098cd86f41bfb24a9c4c7c6bfc1a855c71c69e8b834739e5ffc4567261266c022100bd407109d7d54367361ebda630747d01a6ba308679d3f50a1654629aa9da4873:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/mapbox-token.yaml b/scan/gadget/sensitive/keys/mapbox-token.yaml similarity index 71% rename from scan/gadget/sensitive/rules/mapbox-token.yaml rename to scan/gadget/sensitive/keys/mapbox-token.yaml index 265faf5..648c6a4 100644 --- a/scan/gadget/sensitive/rules/mapbox-token.yaml +++ b/scan/gadget/sensitive/keys/mapbox-token.yaml @@ -8,9 +8,8 @@ info: - https://docs.gitguardian.com/secrets-detection/detectors/specifics/mapbox_token - https://github.com/zricethezav/gitleaks/blob/master/cmd/generate/config/rules/mapbox.go metadata: - verified: "true" - tags: token,file,mapbox - + verified: true + tags: file,keys,token,mapbox file: - extensions: - all @@ -27,3 +26,4 @@ file: part: body regex: - 'sk\.eyJ1Ijoi\w+\.[\w-]*' +# digest: 4a0a00473045022100a7ea48306be5c2b2cfc395952e068bd2e299957868b11ba57c2c45fa49ff188502201ba10a29d5332a82ed0fa1c984668ce2df5e2213391127664a2eef6a04a299a9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/newrelic/newrelic-api-service.yaml b/scan/gadget/sensitive/keys/newrelic/newrelic-api-service.yaml new file mode 100644 index 0000000..c65ec1a --- /dev/null +++ b/scan/gadget/sensitive/keys/newrelic/newrelic-api-service.yaml @@ -0,0 +1,24 @@ +id: newrelic-api-service + +info: + name: New Relic API Service Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#user-key + metadata: + verified: true + tags: newrelic,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(nrak-[a-z0-9]{27})\b +# digest: 4a0a00473045022100b0305a1f0644ca813e1b1408183fb6100e36a5ccf5716a072f32d60cf9956d7102207b59c7dc0411cc69bf362c9a1035ac73c61bccbabbbfeea75aa3eff7db628214:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/newrelic/newrelic-license-non.yaml b/scan/gadget/sensitive/keys/newrelic/newrelic-license-non.yaml new file mode 100644 index 0000000..0304327 --- /dev/null +++ b/scan/gadget/sensitive/keys/newrelic/newrelic-license-non.yaml @@ -0,0 +1,24 @@ +id: newrelic-license-non + +info: + name: New Relic License Key (non-suffixed) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key + metadata: + verified: true + tags: newrelic,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)associated\ with\ your\ New\ Relic\ account\.\s+license_key:\s*([a-f0-9]{40})\b +# digest: 4b0a00483046022100cb892d11153aa7205e3a23dab514da50e195f959de8fc957589d622d9ab5cc2b0221008328f65ee06dc78d96499d42170e2fb036cfa2aacb467698c39c672dc53cba96:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/newrelic/newrelic-license.yaml b/scan/gadget/sensitive/keys/newrelic/newrelic-license.yaml new file mode 100644 index 0000000..4e05af4 --- /dev/null +++ b/scan/gadget/sensitive/keys/newrelic/newrelic-license.yaml @@ -0,0 +1,24 @@ +id: newrelic-license + +info: + name: New Relic License Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/newrelic.yml + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys + - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#license-key + metadata: + verified: true + tags: newrelic,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b([a-z0-9]{6}[a-f0-9]{30}nral)\b +# digest: 4b0a00483046022100e041b8d63bb59009c36c1d2f8b42a95d352acb3c8d0345afae5b908a78ab8f090221009e2de0a5b782aa3b65c7cbf357c0c7cd47497bef6ade233b239afa63ff863fff:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/newrelic/newrelic-pixie-apikey.yaml b/scan/gadget/sensitive/keys/newrelic/newrelic-pixie-apikey.yaml similarity index 62% rename from scan/gadget/sensitive/rules/newrelic/newrelic-pixie-apikey.yaml rename to scan/gadget/sensitive/keys/newrelic/newrelic-pixie-apikey.yaml index 572c055..3595c66 100644 --- a/scan/gadget/sensitive/rules/newrelic/newrelic-pixie-apikey.yaml +++ b/scan/gadget/sensitive/keys/newrelic/newrelic-pixie-apikey.yaml @@ -8,9 +8,8 @@ info: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/newrelic.yml - https://docs.px.dev/reference/admin/api-keys/ metadata: - verified: "true" - tags: newrelic,pixie,token,file - + verified: true + tags: file,keys,newrelic,pixie,token file: - extensions: - all @@ -19,4 +18,5 @@ file: - type: regex part: body regex: - - "(px-api-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" \ No newline at end of file + - "(px-api-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" +# digest: 4a0a00473045022100c87ef60160177e4dd9cf059f2a4fb1feb922f1dc810beec9f3153393645edb8d0220317d229ff5d7af76fce023056bc85f19f45ff91efeb256c4fca4137237156ad0:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/newrelic/newrelic-pixie-deploykey.yaml b/scan/gadget/sensitive/keys/newrelic/newrelic-pixie-deploykey.yaml similarity index 62% rename from scan/gadget/sensitive/rules/newrelic/newrelic-pixie-deploykey.yaml rename to scan/gadget/sensitive/keys/newrelic/newrelic-pixie-deploykey.yaml index b120358..d16b574 100644 --- a/scan/gadget/sensitive/rules/newrelic/newrelic-pixie-deploykey.yaml +++ b/scan/gadget/sensitive/keys/newrelic/newrelic-pixie-deploykey.yaml @@ -8,9 +8,8 @@ info: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/newrelic.yml - https://docs.px.dev/reference/admin/api-keys/ metadata: - verified: "true" - tags: newrelic,pixie,token,file - + verified: true + tags: file,keys,newrelic,pixie,token file: - extensions: - all @@ -19,4 +18,5 @@ file: - type: regex part: body regex: - - "(px-dep-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" \ No newline at end of file + - "(px-dep-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" +# digest: 4a0a0047304502203c71b329d4ef2552fb587dfa8d1a5717b95763f35295f0d2cb52eee420376850022100ac94ca2b4d48c633bf969eebd6fcbaff6894322bda4e05bce3129184cbfdd205:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/npm-accesstoken.yaml b/scan/gadget/sensitive/keys/npm-accesstoken.yaml similarity index 65% rename from scan/gadget/sensitive/rules/npm-accesstoken.yaml rename to scan/gadget/sensitive/keys/npm-accesstoken.yaml index 10225dd..61ad103 100644 --- a/scan/gadget/sensitive/rules/npm-accesstoken.yaml +++ b/scan/gadget/sensitive/keys/npm-accesstoken.yaml @@ -10,9 +10,8 @@ info: - https://github.com/github/roadmap/issues/557 - https://github.blog/changelog/2022-12-06-limit-scope-of-npm-tokens-with-the-new-granular-access-tokens/ metadata: - verified: "true" - tags: npm,token,file - + verified: true + tags: keys,file,npm,token file: - extensions: - all @@ -21,4 +20,5 @@ file: - type: regex part: body regex: - - "(npm_[A-Za-z0-9]{36})" \ No newline at end of file + - "\b(npm_[A-Za-z0-9]{36})\b" +# digest: 490a00463044022039866b0873f183f09afcd27823a4cc86515fb680c821d4ed80919cfa1ff69ac502202599aa40303d5467e19c13645105ca6c34c17796b73d6fabba5631c2476b3a73:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/nuget-key.yaml b/scan/gadget/sensitive/keys/nuget-key.yaml similarity index 58% rename from scan/gadget/sensitive/rules/nuget-key.yaml rename to scan/gadget/sensitive/keys/nuget-key.yaml index 745b448..d7f18c0 100644 --- a/scan/gadget/sensitive/rules/nuget-key.yaml +++ b/scan/gadget/sensitive/keys/nuget-key.yaml @@ -8,9 +8,8 @@ info: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/nuget.yml - https://docs.microsoft.com/en-us/nuget/nuget-org/publish-a-package#create-api-keys metadata: - verified: "true" - tags: nuget,token,file - + verified: true + tags: keys,file,nuget,token file: - extensions: - all @@ -19,4 +18,5 @@ file: - type: regex part: body regex: - - "(oy2[a-z0-9]{43})" \ No newline at end of file + - "(oy2[a-z0-9]{43})" +# digest: 4a0a004730450221009ee6a3a09c234f4c41ee6c71b99a1461f714627ed8456ccd26fcd90b919ae3ec02203456759520c590ad30114fbac0a6723adb8c53dfd531b655d1af290117c24c04:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/odbc/odbc-connection.yaml b/scan/gadget/sensitive/keys/odbc/odbc-connection.yaml new file mode 100644 index 0000000..3c501cd --- /dev/null +++ b/scan/gadget/sensitive/keys/odbc/odbc-connection.yaml @@ -0,0 +1,22 @@ +id: odbc-connection + +info: + name: ODBC Connection String + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/odbc.yml + metadata: + verified: true + tags: odbc,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:User|User\sId|UserId|Uid)\s*=\s*([^\s;]{3,100})\s*;[\ \t]*.{0,10}[\ \t]*(?:Password|Pwd)\s*=\s*([^\t\ ;]{3,100})\s*(?:[;]|$) +# digest: 4a0a004730450221009cdd18eb9c779b2230d9b141a315ef98d1da77f0173be2da4d099c46e3b5c46f02207ae6fac5ccfbcbe6ab6902e3e4431449873bf31680040ec3b616c0e3750e1c4d:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/okta/okta-api.yaml b/scan/gadget/sensitive/keys/okta/okta-api.yaml new file mode 100644 index 0000000..5bfae71 --- /dev/null +++ b/scan/gadget/sensitive/keys/okta/okta-api.yaml @@ -0,0 +1,24 @@ +id: okta-api + +info: + name: Okta API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/okta.yml + - https://devforum.okta.com/t/api-token-length/5519 + - https://developer.okta.com/docs/guides/create-an-api-token/main/ + metadata: + verified: true + tags: okta,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?s)(?:okta|ssws).{0,40}\b(00[a-z0-9_-]{39}[a-z0-9_])\b +# digest: 4b0a0048304602210099f31a1c5cf66963fb04f1f4a78317a1329098914e756d1a97879086ca81de74022100c51328ddf041ad3e06759c5ce691eed371adf63ef1c6d203b2a50d87b165b1f9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/openai-key.yaml b/scan/gadget/sensitive/keys/openai-key.yaml similarity index 60% rename from scan/gadget/sensitive/rules/openai-key.yaml rename to scan/gadget/sensitive/keys/openai-key.yaml index 5afc275..8066991 100644 --- a/scan/gadget/sensitive/rules/openai-key.yaml +++ b/scan/gadget/sensitive/keys/openai-key.yaml @@ -9,9 +9,8 @@ info: - https://platform.openai.com/docs/api-reference - https://platform.openai.com/docs/api-reference/authentication metadata: - verified: "true" - tags: openai,token,file - + verified: true + tags: file,keys,openai,token file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - "(sk-[a-zA-Z0-9]{48})" \ No newline at end of file + - \b(sk-[a-zA-Z0-9]{48})\b +# digest: 4a0a004730450220546f51da9aae790d391a6842237a517f47af7be274bdfa184f865fef630755fb022100fd67b83c7512040fa26564d51c5b03b08f6dc269a73b1fed32b696c5809bbc1c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/particle/particle-access.yaml b/scan/gadget/sensitive/keys/particle/particle-access.yaml new file mode 100644 index 0000000..e8dac98 --- /dev/null +++ b/scan/gadget/sensitive/keys/particle/particle-access.yaml @@ -0,0 +1,24 @@ +id: particle-access + +info: + name: particle.io Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/particle.io.yml + - https://docs.particle.io/reference/cloud-apis/api/ + metadata: + verified: true + tags: particle,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - 'https://api\.particle\.io/v1/[a-zA-Z0-9_\-\s/"\\?]*(?:access_token=|Authorization:\s*Bearer\s*)\b([a-zA-Z0-9]{40})\b' + - '(?:access_token=|Authorization:\s*Bearer\s*)\b([a-zA-Z0-9]{40})\b[\s"\\]*https://api\.particle\.io/v1' +# digest: 4b0a00483046022100a93af0a2a59859c973d5551ca538c3445e1bbdcdb6ffae6bb511031ab0920b6e022100b5528e182489365a2d48d40ff6ef41f6b79a28fa270c311e4fe6f767e45e4414:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/paypal-braintree-token.yaml b/scan/gadget/sensitive/keys/paypal-braintree-token.yaml similarity index 54% rename from scan/gadget/sensitive/rules/paypal-braintree-token.yaml rename to scan/gadget/sensitive/keys/paypal-braintree-token.yaml index 59dc3e8..cb24999 100644 --- a/scan/gadget/sensitive/rules/paypal-braintree-token.yaml +++ b/scan/gadget/sensitive/keys/paypal-braintree-token.yaml @@ -4,8 +4,7 @@ info: name: Paypal Braintree Access Token author: gaurang severity: high - tags: token,file,paypal - + tags: file,keys,token,paypal file: - extensions: - all @@ -14,3 +13,4 @@ file: - type: regex regex: - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" +# digest: 490a00463044022056d84dc6d601838e144b52aad17f5d96f5d7e968e394d85f12af03219b51d114022031accb17f2ac43db6480cb37ecd697e1c9b44aea60e02212aecf0eaa8163b0b8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/pictatic-api-key.yaml b/scan/gadget/sensitive/keys/pictatic-api-key.yaml new file mode 100644 index 0000000..0b11b7d --- /dev/null +++ b/scan/gadget/sensitive/keys/pictatic-api-key.yaml @@ -0,0 +1,16 @@ +id: pictatic-api-key + +info: + name: Pictatic API Key + author: gaurang + severity: high + tags: keys,file,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "sk_live_[0-9a-z]{32}" +# digest: 4a0a00473045022032fdd5dc224eeaffdef7c05502dfedc31e1bc930a446a4321c9b4e0943bff1c702210091f33fc218848d1e5987c600944cc9ba59195eb6891d01cd0052263c224464f8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/postman-api-key.yaml b/scan/gadget/sensitive/keys/postman-api-key.yaml new file mode 100644 index 0000000..66a78a2 --- /dev/null +++ b/scan/gadget/sensitive/keys/postman-api-key.yaml @@ -0,0 +1,23 @@ +id: postman-api-key + +info: + name: Postman API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/postman.yml + - https://learning.postman.com/docs/developer/intro-api/ + metadata: + verified: true + tags: postman,keys,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '\b(PMAK-[a-zA-Z0-9]{24}-[a-zA-Z0-9]{34})\b' + +# digest: 4b0a00483046022100e158e3c9539a86553368be020b6a63e4d2d7383d5ebabfc763746408d78466c3022100dd689e22c94823f880d079b79edb861cfc02f9dd2118c70b8fc23efe6047c933:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/rules/private-key.yaml b/scan/gadget/sensitive/keys/private-key.yaml similarity index 68% rename from scan/gadget/sensitive/rules/private-key.yaml rename to scan/gadget/sensitive/keys/private-key.yaml index d1f6cd8..12d9b19 100644 --- a/scan/gadget/sensitive/rules/private-key.yaml +++ b/scan/gadget/sensitive/keys/private-key.yaml @@ -4,8 +4,7 @@ info: name: Private Key Detect author: gaurang,geeknik severity: high - tags: token,file - + tags: file,keys,token file: - extensions: - all @@ -22,3 +21,4 @@ file: - "ssh-rsa" - "ssh-dsa" - "ssh-ed25519" +# digest: 4a0a004730450220012882f3d65764d754d5f19daface386c18880d36acae666c3661a7b5fac3489022100fbcfdc07b0b9362befde988d181bf2f3af23847bcb67d65249c51c918db3a4db:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/pypi-token.yaml b/scan/gadget/sensitive/keys/pypi-token.yaml similarity index 57% rename from scan/gadget/sensitive/rules/pypi-token.yaml rename to scan/gadget/sensitive/keys/pypi-token.yaml index c2bbfac..a5a309b 100644 --- a/scan/gadget/sensitive/rules/pypi-token.yaml +++ b/scan/gadget/sensitive/keys/pypi-token.yaml @@ -9,9 +9,8 @@ info: - https://github.com/pypa/warehouse/issues/6051 - https://pypi.org/project/pypitoken/ metadata: - verified: "true" - tags: pypi,token,file - + verified: true + tags: file,keys,pypi,token file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - "(pypi-AgEIcHlwaS5vcmc[a-zA-Z0-9_-]{50,})" \ No newline at end of file + - "(pypi-AgEIcHlwaS5vcmc[a-zA-Z0-9_-]{50,})" +# digest: 4b0a004830460221008fd309bb55fdcb10af63f0e5c49e66f96b5b63598001fd085e6ad1d7db4676480221009f8481869b196778dc1aa0a750367371173d1f41449f4dcb5cb906eaaa9f377b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/razorpay-client-id.yaml b/scan/gadget/sensitive/keys/razorpay-client-id.yaml similarity index 62% rename from scan/gadget/sensitive/rules/razorpay-client-id.yaml rename to scan/gadget/sensitive/keys/razorpay-client-id.yaml index 02e2a47..903e49a 100644 --- a/scan/gadget/sensitive/rules/razorpay-client-id.yaml +++ b/scan/gadget/sensitive/keys/razorpay-client-id.yaml @@ -7,8 +7,7 @@ info: reference: - https://github.com/streaak/keyhacks#Razorpay-keys - https://docs.gitguardian.com/secrets-detection/detectors/specifics/razorpay_apikey - tags: token,file,razorpay - + tags: file,keys,token,razorpay file: - extensions: - all @@ -17,3 +16,4 @@ file: - type: regex regex: - "rzp_(live|test)_.{14}" +# digest: 490a00463044022017958bca8d151dc9ccf82c6616ee782cd94dcfb9604195b37eab0e712de46b3a02205a23692aefd5d8b35b942ea874507b2b25b217c384ac028b05bf3882293cb32e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/react/reactapp-password.yaml b/scan/gadget/sensitive/keys/react/reactapp-password.yaml new file mode 100644 index 0000000..1f12960 --- /dev/null +++ b/scan/gadget/sensitive/keys/react/reactapp-password.yaml @@ -0,0 +1,24 @@ +id: reactapp-password + +info: + name: React App Password + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/react.yml + - https://create-react-app.dev/docs/adding-custom-environment-variables/ + - https://stackoverflow.com/questions/48699820/how-do-i-hide-an-api-key-in-create-react-app + metadata: + verified: true + tags: react,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \bREACT_APP(?:_[A-Z0-9]+)*_PASS(?:\s+WORD)?\s*=\s*['"]?([^\s'"$]{6,})(?:[\s'"$]|$) +# digest: 4b0a00483046022100b4791a0989f14242e6ffe187281643b8b1417e5aba7fe98f353e37dbdc2ffb6c022100c3eee981ff792f8372f7f9292d0e73e0718b69a12d6d40ba0a58dff15dc3f948:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/react/reactapp-username.yaml b/scan/gadget/sensitive/keys/react/reactapp-username.yaml new file mode 100644 index 0000000..ef635e0 --- /dev/null +++ b/scan/gadget/sensitive/keys/react/reactapp-username.yaml @@ -0,0 +1,24 @@ +id: reactapp-username + +info: + name: React App Username + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/react.yml + - https://create-react-app.dev/docs/adding-custom-environment-variables/ + - https://stackoverflow.com/questions/48699820/how-do-i-hide-an-api-key-in-create-react-app + metadata: + verified: true + tags: react,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \bREACT_APP(?:_[A-Z0-9]+)*_USER(?:\s+NAME)?\s*=\s*['"]?([^\s'"$]{3,})(?:[\s'"$]|$) +# digest: 4a0a0047304502201077003a86f122901374676e5f9dfda39f6c54f870a6e4f12b7dd01707a3a5e2022100c998646fe193fa833a18772b90679efa1ba4cca48a55a2da1c839b79e50b4cfd:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/rubygems-key.yaml b/scan/gadget/sensitive/keys/rubygems-key.yaml similarity index 58% rename from scan/gadget/sensitive/rules/rubygems-key.yaml rename to scan/gadget/sensitive/keys/rubygems-key.yaml index 94257eb..79ec909 100644 --- a/scan/gadget/sensitive/rules/rubygems-key.yaml +++ b/scan/gadget/sensitive/keys/rubygems-key.yaml @@ -9,9 +9,8 @@ info: - https://guides.rubygems.org/rubygems-org-api/ - https://guides.rubygems.org/api-key-scopes/ metadata: - verified: "true" - tags: rubygems,token,file,ruby - + verified: true + tags: file,keys,rubygems,token,ruby file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - "(rubygems_[a-f0-9]{48})" \ No newline at end of file + - "(rubygems_[a-f0-9]{48})" +# digest: 4a0a0047304502207bd78ce7b44dacf6aae4fbaa6afa5d82c7085d2cb323667240aff8b7d949cedb022100eeb152ea7c2cced5093efcfd79da8b9d80a89d1a8eb29b0ee3ed50ae61a49f15:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/s3-bucket.yaml b/scan/gadget/sensitive/keys/s3-bucket.yaml similarity index 66% rename from scan/gadget/sensitive/rules/s3-bucket.yaml rename to scan/gadget/sensitive/keys/s3-bucket.yaml index e51f559..4e8965c 100644 --- a/scan/gadget/sensitive/rules/s3-bucket.yaml +++ b/scan/gadget/sensitive/keys/s3-bucket.yaml @@ -4,8 +4,7 @@ info: name: S3 Bucket Detect author: gaurang severity: info - tags: token,file,bucket - + tags: file,keys,token,bucket file: - extensions: - all @@ -18,3 +17,4 @@ file: - "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)" - "//s3\\.amazonaws\\.com/[a-z0-9._-]+" - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" +# digest: 4a0a00473045022100c3ed21e6ff1fb637d42e18ec4636575c7df1069d9e355656d5f77ddb3a8fc8d7022027fc3fa8178e359af3509cc94dc1bf96cade6095d69409c4f521ef0175b091aa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/salesforce/salesforce-access.yaml b/scan/gadget/sensitive/keys/salesforce/salesforce-access.yaml new file mode 100644 index 0000000..08d7ba7 --- /dev/null +++ b/scan/gadget/sensitive/keys/salesforce/salesforce-access.yaml @@ -0,0 +1,22 @@ +id: salesforce-access + +info: + name: Salesforce Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/salesforce.yml + metadata: + verified: true + tags: salesforce,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - \b(00[a-zA-Z0-9]{13}![a-zA-Z0-9._]{96})(?:\b|$|[^a-zA-Z0-9._]) +# digest: 490a0046304402207a4efb9c2401eaa2ebf49fcc5ec4676dfc142a5f5d607777827383c94bf144f102207b75489de473e1c5e3264e2d664fbb87cecbfc5811b20e6ac658fcd3f1415806:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/sauce-access-token.yaml b/scan/gadget/sensitive/keys/sauce-access-token.yaml similarity index 52% rename from scan/gadget/sensitive/rules/sauce-access-token.yaml rename to scan/gadget/sensitive/keys/sauce-access-token.yaml index 638b1f2..12da8c8 100644 --- a/scan/gadget/sensitive/rules/sauce-access-token.yaml +++ b/scan/gadget/sensitive/keys/sauce-access-token.yaml @@ -7,9 +7,8 @@ info: reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/sauce.yml metadata: - verified: "true" - tags: sauce,token,file - + verified: true + tags: file,keys,sauce,token file: - extensions: - all @@ -18,4 +17,5 @@ file: - type: regex part: body regex: - - '(?i)sauce.{0,50}\b([a-f0-9-]{36})\b' \ No newline at end of file + - '(?i)sauce.{0,50}\b([a-f0-9-]{36})\b' +# digest: 490a00463044022009ca563154c28786be32017d641fca7d37b8615cd7054e15823cff495a98bba3022066116c3e58abf5f5091e8f649632b0a9768878dee3a7ea572eedac7adcdefdd6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/segment-public-api.yaml b/scan/gadget/sensitive/keys/segment-public-api.yaml similarity index 62% rename from scan/gadget/sensitive/rules/segment-public-api.yaml rename to scan/gadget/sensitive/keys/segment-public-api.yaml index 5283383..dd597c0 100644 --- a/scan/gadget/sensitive/rules/segment-public-api.yaml +++ b/scan/gadget/sensitive/keys/segment-public-api.yaml @@ -9,9 +9,8 @@ info: - https://segment.com/docs/api/public-api/ - https://segment.com/blog/how-segment-proactively-protects-customer-api-tokens/ metadata: - verified: "true" - tags: segment,token,file - + verified: true + tags: keys,file,segment,token file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - '(sgp_[a-zA-Z0-9]{64})' \ No newline at end of file + - '(sgp_[a-zA-Z0-9]{64})' +# digest: 4a0a0047304502202853fa0be0aad155b1bf710601dcb5443ebc8151a5852ae0e2c70357f8106f7c022100ab93a75342e2a408aa930452457c8bd908f297beb34396cf97af7ed89e76cf38:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/sendgrid-api.yaml b/scan/gadget/sensitive/keys/sendgrid-api.yaml similarity index 50% rename from scan/gadget/sensitive/rules/sendgrid-api.yaml rename to scan/gadget/sensitive/keys/sendgrid-api.yaml index 000c451..9d7d859 100644 --- a/scan/gadget/sensitive/rules/sendgrid-api.yaml +++ b/scan/gadget/sensitive/keys/sendgrid-api.yaml @@ -4,8 +4,7 @@ info: name: Sendgrid API Key author: gaurang severity: high - tags: token,file,sendgrid - + tags: keys,file,token,sendgrid file: - extensions: - all @@ -14,3 +13,4 @@ file: - type: regex regex: - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" +# digest: 4b0a00483046022100d3c8e8d194bf1de6ea48f9c0ed47cf49cc66a5f44195732b29617199ae5a360b022100d00c1fa924b6444959e020764b71559bc85f140c3c912d76e0fc6c35abe161d9:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/shopify-custom-token.yaml b/scan/gadget/sensitive/keys/shopify-custom-token.yaml new file mode 100644 index 0000000..30cee2f --- /dev/null +++ b/scan/gadget/sensitive/keys/shopify-custom-token.yaml @@ -0,0 +1,16 @@ +id: shopify-custom-token + +info: + name: Shopify Custom App Access Token + author: gaurang + severity: high + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shpca_[a-fA-F0-9]{32}" +# digest: 4a0a00473045022034a27b39b96e56d6c5c5f0bb8437e6760ba81fa31281a386906e8eaea515bca9022100b8c26487144b3cc4e78cfd69fc39a62fe1eab148e86bcd6101a5beeb2ec3015e:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/shopify-private-token.yaml b/scan/gadget/sensitive/keys/shopify-private-token.yaml new file mode 100644 index 0000000..4c8c3d8 --- /dev/null +++ b/scan/gadget/sensitive/keys/shopify-private-token.yaml @@ -0,0 +1,16 @@ +id: shopify-private-token + +info: + name: Shopify Private App Access Token + author: gaurang + severity: high + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shppa_[a-fA-F0-9]{32}" +# digest: 4b0a004830460221008a9fcfd1953cd27472015171cc2ff718e69112124812210ea6ba818da8c0de17022100a5dd54d3323017b989e594baf393a6915d32c96622b2be024cfad826b8a9d773:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/shopify-public-access.yaml b/scan/gadget/sensitive/keys/shopify-public-access.yaml similarity index 60% rename from scan/gadget/sensitive/rules/shopify-public-access.yaml rename to scan/gadget/sensitive/keys/shopify-public-access.yaml index 9330475..1c17773 100644 --- a/scan/gadget/sensitive/rules/shopify-public-access.yaml +++ b/scan/gadget/sensitive/keys/shopify-public-access.yaml @@ -9,9 +9,8 @@ info: - https://shopify.dev/apps/auth - https://shopify.dev/changelog/app-secret-key-length-has-increased metadata: - verified: "true" - tags: shopify,token,file - + verified: true + tags: file,keys,shopify,token file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - '\b(shpat_[a-fA-F0-9]{32})\b' \ No newline at end of file + - '\b(shpat_[a-fA-F0-9]{32})\b' +# digest: 4a0a00473045022056ae9c25283c7b064051f029d5dba8a224e83494727342a07f6ac9e97c7d96ad02210094d395337ca85abb5d825cab42781d3a2091f59355519823e9b7ec7994b8bd70:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/shopify-shared-secret.yaml b/scan/gadget/sensitive/keys/shopify-shared-secret.yaml new file mode 100644 index 0000000..e185304 --- /dev/null +++ b/scan/gadget/sensitive/keys/shopify-shared-secret.yaml @@ -0,0 +1,16 @@ +id: shopify-shared-secret + +info: + name: Shopify Shared Secret + author: gaurang + severity: high + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shpss_[a-fA-F0-9]{32}" +# digest: 4a0a00473045022070a5f8b18d6bfa572f7903f81f2f46a542b0e08c7dd5a822be8d79ded225a81e022100f75c2fa4f6a9aa7217aab9cf51b808d6008d492b2f8230650519227e95d98050:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/shopify-token.yaml b/scan/gadget/sensitive/keys/shopify-token.yaml new file mode 100644 index 0000000..1dae9c0 --- /dev/null +++ b/scan/gadget/sensitive/keys/shopify-token.yaml @@ -0,0 +1,16 @@ +id: shopify-access-token + +info: + name: Shopify Access Token + author: gaurang + severity: high + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "shpat_[a-fA-F0-9]{32}" +# digest: 4a0a0047304502200b41777dd82b3d396f4d76d75a526b7f5f863f8f1d2b4e313990480c398917ef022100810ddcd217e57655538d9153e898ad34e32c9b3179aceac031fbaf698de6ecc4:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/slack-api.yaml b/scan/gadget/sensitive/keys/slack-api.yaml new file mode 100644 index 0000000..f009ebc --- /dev/null +++ b/scan/gadget/sensitive/keys/slack-api.yaml @@ -0,0 +1,16 @@ +id: slack-api + +info: + name: Slack API Key + author: gaurang + severity: high + tags: file,keys,token,slack +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "xox[baprs]-([0-9a-zA-Z]{10,48})?" +# digest: 4a0a004730450220098e1929b6ec4c0b3e189cebf5142b7ee75dfd23c8c9303e1a9b43f25e00c94b02210094541a8012719eec9a5b6fb643a3ef4050a67ef02165ba3eb94120d6458fb5c7:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/slack-webhook.yaml b/scan/gadget/sensitive/keys/slack-webhook.yaml similarity index 55% rename from scan/gadget/sensitive/rules/slack-webhook.yaml rename to scan/gadget/sensitive/keys/slack-webhook.yaml index 97548ae..e5dc849 100644 --- a/scan/gadget/sensitive/rules/slack-webhook.yaml +++ b/scan/gadget/sensitive/keys/slack-webhook.yaml @@ -4,8 +4,7 @@ info: name: Slack Webhook author: gaurang severity: high - tags: token,file,slack - + tags: file,keys,token,slack file: - extensions: - all @@ -14,3 +13,4 @@ file: - type: regex regex: - "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{8}/B[0-9A-Za-z\\-_]{8}/[0-9A-Za-z\\-_]{24}" +# digest: 490a00463044022030754b3461d730219fc7c4e9ce0b08cb582a6842e1161dd92551d5c86bde1a88022070d798d9356477fdda4e122fe64f5b6f981b7db9d85596b65e8e49b20f2dc657:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/square-access-token.yaml b/scan/gadget/sensitive/keys/square-access-token.yaml similarity index 54% rename from scan/gadget/sensitive/rules/square-access-token.yaml rename to scan/gadget/sensitive/keys/square-access-token.yaml index 5601c99..899721c 100644 --- a/scan/gadget/sensitive/rules/square-access-token.yaml +++ b/scan/gadget/sensitive/keys/square-access-token.yaml @@ -4,8 +4,7 @@ info: name: Square Access Token author: gaurang,daffainfo severity: high - tags: token,file,square - + tags: file,keys,token,square file: - extensions: - all @@ -15,3 +14,4 @@ file: regex: - "EAAAE[a-zA-Z0-9_-]{59}" - "sq0atp-[0-9A-Za-z\\-_]{22}" +# digest: 490a00463044022016fc50e7940f4fb9d85db1563b7e86d644facdd66f530692b600d6cb0c4d3438022050fff84340f9f8afe3efbaeb9063ebc13bb5f4df8c13f328258d07ee43cc1998:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/square-oauth-secret.yaml b/scan/gadget/sensitive/keys/square-oauth-secret.yaml new file mode 100644 index 0000000..92c8a33 --- /dev/null +++ b/scan/gadget/sensitive/keys/square-oauth-secret.yaml @@ -0,0 +1,16 @@ +id: square-oauth-secret + +info: + name: Square OAuth Secret + author: gaurang + severity: high + tags: file,keys,token,square +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "sq0csp-[0-9A-Za-z\\-_]{43}" +# digest: 4b0a00483046022100b9d713ce6825a6aa6f3a38bb156f20588d72be414cdb570f0946f7dda4c809c7022100ab886a6c8e1afb2b271507fc2fe390137235ad84e1de02247de49ee5a86e3cfa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/stackhawk-api-key.yaml b/scan/gadget/sensitive/keys/stackhawk-api-key.yaml similarity index 56% rename from scan/gadget/sensitive/rules/stackhawk-api-key.yaml rename to scan/gadget/sensitive/keys/stackhawk-api-key.yaml index 2f22b4e..38dcd48 100644 --- a/scan/gadget/sensitive/rules/stackhawk-api-key.yaml +++ b/scan/gadget/sensitive/keys/stackhawk-api-key.yaml @@ -7,9 +7,8 @@ info: reference: - https://docs.stackhawk.com/apidocs.html metadata: - verified: "true" - tags: token,file - + verified: true + tags: file,keys,token file: - extensions: - all @@ -18,3 +17,4 @@ file: - type: regex regex: - "hawk\\.[0-9A-Za-z\\-_]{20}\\.[0-9A-Za-z\\-_]{20}" +# digest: 4a0a0047304502210097611c22dad431694acb1a7b7233bb23042461df6249cc72c417adf3d005f1250220257f95a6d89864ee22c1465cbd0bffb16a05aa4f28787ec0d65a7407d3258166:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/stripe-api-key.yaml b/scan/gadget/sensitive/keys/stripe-api-key.yaml similarity index 50% rename from scan/gadget/sensitive/rules/stripe-api-key.yaml rename to scan/gadget/sensitive/keys/stripe-api-key.yaml index d65411c..8890ac9 100644 --- a/scan/gadget/sensitive/rules/stripe-api-key.yaml +++ b/scan/gadget/sensitive/keys/stripe-api-key.yaml @@ -4,8 +4,7 @@ info: name: Stripe API Key author: gaurang severity: high - tags: token,file,stripe - + tags: file,keys,token,stripe file: - extensions: - all @@ -14,3 +13,4 @@ file: - type: regex regex: - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" +# digest: 4a0a00473045022100dcb13029ebf479d6aca563b1f1955ac0498c974f35af12006c2f9ebbb45c66770220286512d9e87b5923252c2c4fbb86ee621c42a66ec40ef13cd70937292e099cfa:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/telegram-token.yaml b/scan/gadget/sensitive/keys/telegram-token.yaml similarity index 58% rename from scan/gadget/sensitive/rules/telegram-token.yaml rename to scan/gadget/sensitive/keys/telegram-token.yaml index c396181..b91777e 100644 --- a/scan/gadget/sensitive/rules/telegram-token.yaml +++ b/scan/gadget/sensitive/keys/telegram-token.yaml @@ -9,9 +9,8 @@ info: - https://core.telegram.org/bots/api - https://core.telegram.org/bots/features#botfather metadata: - verified: "true" - tags: telegram,token,file - + verified: true + tags: file,keys,telegram,token file: - extensions: - all @@ -20,4 +19,5 @@ file: - type: regex part: body regex: - - '\b(\d+:AA[a-zA-Z0-9_-]{32,33})' \ No newline at end of file + - '\b(\d+:AA[a-zA-Z0-9_-]{32,33})' +# digest: 4a0a0047304502200d5ed3c8bfb5e36d8156b70f6307bdd05abdf92a55e6d486eac1ec3c88de967f022100fcd85801f37c8f52fa00d37262a861f0deec088f50d750da360932ff8ba21515:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/thingsboard/thingsboard-access.yaml b/scan/gadget/sensitive/keys/thingsboard/thingsboard-access.yaml new file mode 100644 index 0000000..b6ff0fd --- /dev/null +++ b/scan/gadget/sensitive/keys/thingsboard/thingsboard-access.yaml @@ -0,0 +1,24 @@ +id: thingsboard-access + +info: + name: ThingsBoard Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/thingsboard.yml + - https://thingsboard.io/docs/paas/reference/http-api/ + - https://thingsboard.io/docs/paas/reference/coap-api/ + metadata: + verified: true + tags: thingsboard,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - thingsboard\.cloud/api/v1/([a-z0-9]{20}) +# digest: 4b0a00483046022100e85330533e34d275242ad231bb436951116dabe56acafa94f3db46fca45ed3ae022100a799502b27b8e16f77e8406be58127578dd5f3465dab8b0a2381ee944432c239:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/truenas/truenas-api.yaml b/scan/gadget/sensitive/keys/truenas/truenas-api.yaml new file mode 100644 index 0000000..72b69be --- /dev/null +++ b/scan/gadget/sensitive/keys/truenas/truenas-api.yaml @@ -0,0 +1,28 @@ +id: truenas-api + +info: + name: TrueNAS API Key (WebSocket) + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/truenas.yml + - https://www.truenas.com/docs/api/core_websocket_api.html + - https://www.truenas.com/docs/api/scale_rest_api.html + - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/ + - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ + - https://www.truenas.com/docs/scale/api/ + - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ + metadata: + verified: true + tags: truenas,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - '"params"\s*:\s*\[\s*"(\d+-[a-zA-Z0-9]{64})"\s*\]' +# digest: 490a0046304402207bb4c8c5d8688099a5fb0972662080602259b4356fa5f947f6bf7ace68af235702201273f66e211b1ddfafc26dd957bc970aa1b23f7c0de5c142347e4d83f5ce1b49:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/twilio-api.yaml b/scan/gadget/sensitive/keys/twilio-api.yaml new file mode 100644 index 0000000..a9063bd --- /dev/null +++ b/scan/gadget/sensitive/keys/twilio-api.yaml @@ -0,0 +1,16 @@ +id: twilio-api + +info: + name: Twilio API Key + author: gaurang + severity: high + tags: file,keys,token +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" +# digest: 4b0a004830460221009edd6055d2937d438ddc5a460cb57ceaf448ee273900a3a2ff9d217329cbaf170221009df1b8754959e50ef0155608d8ea98f45e87c59221868f7ad7a762ba88ba28fc:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/twitter/twitter-client.yaml b/scan/gadget/sensitive/keys/twitter/twitter-client.yaml new file mode 100644 index 0000000..f897cd1 --- /dev/null +++ b/scan/gadget/sensitive/keys/twitter/twitter-client.yaml @@ -0,0 +1,23 @@ +id: twitter-client + +info: + name: Twitter Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/twitter.yml + - https://developer.twitter.com/en/docs/authentication/overview + metadata: + verified: true + tags: twitter,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\btwitter.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{18,25})\b +# digest: 4a0a00473045022030cb9bb226fc38ff17accc2fbe89603cae16c35050ec725ad20ce14d5fbc5ad2022100860577843f28d261d7fbf35ef59577e5fd0e84a50eb370cfbd714f1039338c19:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/twitter/twitter-secret.yaml b/scan/gadget/sensitive/keys/twitter/twitter-secret.yaml new file mode 100644 index 0000000..de49f43 --- /dev/null +++ b/scan/gadget/sensitive/keys/twitter/twitter-secret.yaml @@ -0,0 +1,23 @@ +id: twitter-secret + +info: + name: Twitter Secret Key + author: DhiyaneshDK,gaurang,daffainfo + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/twitter.yml + - https://developer.twitter.com/en/docs/authentication/overview + metadata: + verified: true + tags: twitter,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)twitter.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{35,44})\b +# digest: 4a0a00473045022100ae8d7dcc6d380f9b0ba6d16ca558e7af6254078b3f1a0a2230f8ddc28f47267102206348551061cffebd4da2b42ec393373ef0987eeeb4382f0e517c38c836fb46cf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/wireguard/wireguard-preshared.yaml b/scan/gadget/sensitive/keys/wireguard/wireguard-preshared.yaml new file mode 100644 index 0000000..3062583 --- /dev/null +++ b/scan/gadget/sensitive/keys/wireguard/wireguard-preshared.yaml @@ -0,0 +1,25 @@ +id: wireguard-preshared + +info: + name: WireGuard Preshared Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/wireguard.yml + - https://www.wireguard.com/quickstart/ + - https://manpages.debian.org/testing/wireguard-tools/wg.8.en.html + - https://gist.github.com/lanceliao/5d2977f417f34dda0e3d63ac7e217fd + metadata: + verified: true + tags: wireguard,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - PresharedKey\s*=\s*([A-Za-z0-9+/]{43}=) +# digest: 4a0a00473045022055b7809c89c44f01db811de03d659329878fabbb6006f65a5cfc4c231e72b5ce022100916852a09714e7cf50f5e239c48dba2b243d889df28c54c7671cb3b0ec8dc9e5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/wireguard/wireguard-private.yaml b/scan/gadget/sensitive/keys/wireguard/wireguard-private.yaml new file mode 100644 index 0000000..72778a0 --- /dev/null +++ b/scan/gadget/sensitive/keys/wireguard/wireguard-private.yaml @@ -0,0 +1,25 @@ +id: wireguard-private + +info: + name: WireGuard Private Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/builtin/rules/wireguard.yml + - https://www.wireguard.com/quickstart/ + - https://manpages.debian.org/testing/wireguard-tools/wg.8.en.html + - https://gist.github.com/lanceliao/5d2977f417f34dda0e3d63ac7e217fd + metadata: + verified: true + tags: wireguard,keys,file + +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - PrivateKey\s*=\s*([A-Za-z0-9+/]{43}=) +# digest: 4a0a004730450221008bd7fd7c9c74eb3c6d2f1d5e4c8cc9c0fcc230534b094814ee0ca7dff2f7f9800220688ed7ae288880609a373ea69defa1d5ed93ca3fcb312e5c4ea2acea46b2e27c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/zapier-webhook.yaml b/scan/gadget/sensitive/keys/zapier-webhook.yaml similarity index 65% rename from scan/gadget/sensitive/rules/zapier-webhook.yaml rename to scan/gadget/sensitive/keys/zapier-webhook.yaml index 1959f55..8d01d30 100644 --- a/scan/gadget/sensitive/rules/zapier-webhook.yaml +++ b/scan/gadget/sensitive/keys/zapier-webhook.yaml @@ -7,8 +7,7 @@ info: reference: - https://github.com/streaak/keyhacks#Zapier-Webhook-Token - https://docs.gitguardian.com/secrets-detection/detectors/specifics/zapier_webhook_url - tags: token,file,zapier - + tags: file,keys,token,zapier file: - extensions: - all @@ -17,3 +16,4 @@ file: - type: regex regex: - 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/' +# digest: 4a0a004730450221009177769af7a8468ea644e7787fa6c35c65b057e8ad3b35b6d27e064a3763add30220734af477f469387822e7570ce196e8907ac3d4bb13b77be3d6b432944fce1e4a:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/scan/gadget/sensitive/keys/zendesk-secret-key.yaml b/scan/gadget/sensitive/keys/zendesk-secret-key.yaml new file mode 100644 index 0000000..f80209b --- /dev/null +++ b/scan/gadget/sensitive/keys/zendesk-secret-key.yaml @@ -0,0 +1,23 @@ +id: zendesk-secret-key + +info: + name: Zendesk Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.go + metadata: + verified: true + tags: zendesk,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100ee6bae1cf90faa1beeae922204d58b2300e6ca7bf92065cb8a8402c597a1739002202c8bb2ae82d2e6c109dce0cce6fcb9d17f9f2977b098e1710dbdb8aafd92b8cd:922c64590222798bb761d5b6d8e72950 diff --git a/scan/gadget/sensitive/rules/amazon/amazon-account-id.yaml b/scan/gadget/sensitive/rules/amazon/amazon-account-id.yaml deleted file mode 100644 index 78aeda4..0000000 --- a/scan/gadget/sensitive/rules/amazon/amazon-account-id.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: amazon-account-id - -info: - name: AWS Account ID - author: DhiyaneshDK - severity: info - reference: - - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml - metadata: - verified: "true" - tags: aws,amazon,token,file - -file: - - extensions: - - all - - extractors: - - type: regex - part: body - regex: - - '(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})' \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/amazon/amazon-mws-auth-token.yaml b/scan/gadget/sensitive/rules/amazon/amazon-mws-auth-token.yaml deleted file mode 100644 index 0ab5703..0000000 --- a/scan/gadget/sensitive/rules/amazon/amazon-mws-auth-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: amazon-mws-auth-token-value - -info: - name: Amazon MWS Auth Token - author: gaurang - severity: medium - tags: token,file,amazon,auth - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" diff --git a/scan/gadget/sensitive/rules/amazon/amazon-session-token.yaml b/scan/gadget/sensitive/rules/amazon/amazon-session-token.yaml deleted file mode 100644 index 0877ad4..0000000 --- a/scan/gadget/sensitive/rules/amazon/amazon-session-token.yaml +++ /dev/null @@ -1,21 +0,0 @@ -id: amazon-session-token - -info: - name: Amazon Session Token - author: DhiyaneshDK - severity: info - reference: - - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml - metadata: - verified: "true" - tags: aws,amazon,token,file,session - -file: - - extensions: - - all - - extractors: - - type: regex - part: body - regex: - - '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]' \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/amazon/amazon-sns-token.yaml b/scan/gadget/sensitive/rules/amazon/amazon-sns-token.yaml deleted file mode 100644 index 96d12f5..0000000 --- a/scan/gadget/sensitive/rules/amazon/amazon-sns-token.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: amazon-sns-token - -info: - name: Amazon SNS Token Detect - author: TheBinitGhimire - severity: info - tags: file,token,amazon,aws - -file: - - extensions: - - all - - extractors: - - type: regex - name: amazon-sns-topic - regex: - - 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+' diff --git a/scan/gadget/sensitive/rules/amazon/aws-access-id.yaml b/scan/gadget/sensitive/rules/amazon/aws-access-id.yaml deleted file mode 100644 index 1bf83e5..0000000 --- a/scan/gadget/sensitive/rules/amazon/aws-access-id.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: aws-access-key - -info: - name: AWS Access Key ID - author: gaurang - severity: info - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" diff --git a/scan/gadget/sensitive/rules/branch-key.yaml b/scan/gadget/sensitive/rules/branch-key.yaml deleted file mode 100644 index 877dd31..0000000 --- a/scan/gadget/sensitive/rules/branch-key.yaml +++ /dev/null @@ -1,18 +0,0 @@ -id: branch-key - -info: - name: Branch.io Live Key - author: 0xh7ml - severity: info - reference: - - https://github.com/BranchMetrics/android-branch-deep-linking-attribution/issues/74 - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "key_live_.{32}" diff --git a/scan/gadget/sensitive/rules/cloudinary.yaml b/scan/gadget/sensitive/rules/cloudinary.yaml deleted file mode 100644 index 0823117..0000000 --- a/scan/gadget/sensitive/rules/cloudinary.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: cloudinary-basic-auth - -info: - name: Cloudinary Basic Auth - author: gaurang - severity: high - tags: token,file,cloudinary - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" diff --git a/scan/gadget/sensitive/rules/code-climate-token.yaml b/scan/gadget/sensitive/rules/code-climate-token.yaml deleted file mode 100644 index eeeba21..0000000 --- a/scan/gadget/sensitive/rules/code-climate-token.yaml +++ /dev/null @@ -1,22 +0,0 @@ -id: code-climate-token - -info: - name: Code Climate Token - author: DhiyaneshDK - severity: info - reference: - - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/codeclimate.yml - - https://github.com/codeclimate/ruby-test-reporter/issues/34 - metadata: - verified: "true" - tags: codeclimate,token,file - -file: - - extensions: - - all - - extractors: - - type: regex - part: body - regex: - - '(?i)codeclima.{0,50}\b([a-f0-9]{64})\b' \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/cratesio-api-key.yaml b/scan/gadget/sensitive/rules/cratesio-api-key.yaml deleted file mode 100644 index 69ede84..0000000 --- a/scan/gadget/sensitive/rules/cratesio-api-key.yaml +++ /dev/null @@ -1,23 +0,0 @@ -id: cratesio-api-key - -info: - name: Crates.io API Key - author: DhiyaneshDK - severity: info - reference: - - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/crates.io.yml - - https://crates.io/data-access - - https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs - metadata: - verified: "true" - tags: crates,token,file - -file: - - extensions: - - all - - extractors: - - type: regex - part: body - regex: - - '\bcio[a-zA-Z0-9]{32}\b' \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/credential-exposure.yaml b/scan/gadget/sensitive/rules/credential-exposure.yaml deleted file mode 100644 index 7ff73ac..0000000 --- a/scan/gadget/sensitive/rules/credential-exposure.yaml +++ /dev/null @@ -1,721 +0,0 @@ -id: credentials-disclosure-file - -# Extract secrets regex like api keys, password, token, etc ... for different services -# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. -# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. -# Regex count:- 687 - -# Notes:- -# This template requires manual inspection once found valid match. -# Generic token could be anything matching below regex. -# Impact of leaked token depends on validation of leaked token. - -info: - name: Credentials Disclosure Check - author: Sy3Omda,geeknik,forgedhallpass,ayadi - severity: unknown - description: Look for multiple keys/tokens/passwords hidden inside of files. - tags: exposure,token,file,disclosure - -# The regexes are copied from exposures/tokens/generic/credentials-disclosure.yaml -# TODO After https://github.com/projectdiscovery/nuclei/issues/1510 is implemented, we should be able to re-use them, instead of duplicating -# Example cases to match against: https://regex101.com/r/HPtaU2/1 - -file: - - extensions: - - all - - extractors: - - type: regex - part: body - regex: - - "(?i)[\"']?zopim[_-]?account[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?zhuliang[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?zensonatypepassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)zendesk(_api_token|_key|_token|-travis-github|_url|_username)(\\s|=)" - - "(?i)[\"']?yt[_-]?server[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?partner[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?partner[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?account[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?account[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yangshun[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yangshun[_-]?gh[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?www[_-]?googleapis[_-]?com[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?ssh[_-]?connect[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?report[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?prepare[_-]?dir[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?db[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?db[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wporg[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wordpress[_-]?db[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wordpress[_-]?db[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wincert[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?test[_-]?server[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?3[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?fb[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?5[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?4[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?3[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?watson[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?watson[_-]?device[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?watson[_-]?conversation[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wakatime[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vscetoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?visual[_-]?recognition[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?virustotal[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?v[_-]?sfdc[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?v[_-]?sfdc[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?usertravis[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?user[_-]?assets[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?user[_-]?assets[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?use[_-]?ssh[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?urban[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?urban[_-]?master[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?urban[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?unity[_-]?serial[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?unity[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitteroauthaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitteroauthaccesssecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitter[_-]?consumer[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitter[_-]?consumer[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twine[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?configuration[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?chat[_-]?account[_-]?api[_-]?service[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?api[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?trex[_-]?okta[_-]?client[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?trex[_-]?client[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?secure[_-]?env[_-]?vars[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?pull[_-]?request[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?e2e[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?com[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?branch[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?token[_-]?core[_-]?java[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?thera[_-]?oss[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?tester[_-]?keys[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?test[_-]?test[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?test[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?tesco[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?svn[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?surge[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?surge[_-]?login[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stripe[_-]?public[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stripe[_-]?private[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?strip[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?strip[_-]?publishable[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?starship[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?starship[_-]?account[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?location[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?staging[_-]?base[_-]?url[_-]?runscope[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ssmtp[_-]?config[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sshpass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?srcclr[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?square[_-]?reader[_-]?sdk[_-]?repository[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sqssecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sqsaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spring[_-]?mail[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spotify[_-]?api[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spotify[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spaces[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spaces[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?soundcloud[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?soundcloud[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatypepassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?token[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?token[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?gpg[_-]?passphrase[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?gpg[_-]?key[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonar[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonar[_-]?project[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonar[_-]?organization[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?socrata[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?socrata[_-]?app[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snyk[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snyk[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snoowrap[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snoowrap[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snoowrap[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?slate[_-]?user[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?slash[_-]?developer[_-]?space[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?slash[_-]?developer[_-]?space[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?setsecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?setdstsecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?setdstaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ses[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ses[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?service[_-]?account[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?endpoint[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?default[_-]?org[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendwithus[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?selion[_-]?selenium[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?selion[_-]?log[_-]?level[_-]?dev[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?segment[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secretaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?key[_-]?base[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?9[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?8[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?7[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?6[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?5[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?4[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?3[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?11[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?10[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?1[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?0[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sdr[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?scrutinizer[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sauce[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sandbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sandbox[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sacloud[_-]?api[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sacloud[_-]?access[_-]?token[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sacloud[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?user[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?secret[_-]?assets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?secret[_-]?app[_-]?logs[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?key[_-]?assets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?key[_-]?app[_-]?logs[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?assets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?app[_-]?logs[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rubygems[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rtd[_-]?store[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rtd[_-]?key[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?route53[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ropsten[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rinkeby[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rest[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?repotoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?reporting[_-]?webdav[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?reporting[_-]?webdav[_-]?pwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?release[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?release[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?registry[_-]?secure[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?registry[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rediscloud[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?redis[_-]?stunnel[_-]?urls[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?randrmusicapiaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rabbitmq[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?quip[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?qiita[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pypi[_-]?passowrd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pushover[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?publish[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?publish[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?publish[_-]?access[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?project[_-]?config[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prod[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prod[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prod[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?private[_-]?signing[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pring[_-]?mail[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?preferred[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prebuild[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgresql[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgresql[_-]?db[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?db[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?plugin[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?plotly[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?places[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?places[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pg[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pg[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?personal[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?personal[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?percy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?percy[_-]?project[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?paypal[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?passwordtravis[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?parse[_-]?js[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pagerduty[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?packagecloud[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?jira[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?os[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?os[_-]?auth[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?org[_-]?project[_-]?gradle[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?org[_-]?gradle[_-]?project[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?openwhisk[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?open[_-]?whisk[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?onesignal[_-]?user[_-]?auth[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?onesignal[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?skey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?pubkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?pkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?okta[_-]?oauth2[_-]?clientsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?okta[_-]?oauth2[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?okta[_-]?client[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ofta[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ofta[_-]?region[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ofta[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?octest[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?octest[_-]?app[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?octest[_-]?app[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?oc[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?store[_-]?creds[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?store[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?storage[_-]?region[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?storage[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?numbers[_-]?service[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nuget[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nuget[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nuget[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?now[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?non[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?secretaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?accesskeyid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?env[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ngrok[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ngrok[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nexuspassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?new[_-]?relic[_-]?beta[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?netlify[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nativeevents[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysqlsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysqlmasteruser[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?root[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?hostname[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?my[_-]?secret[_-]?env[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?workspace[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?workflow[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?disconnect[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?connect[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?bob[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?minio[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?minio[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mile[_-]?zero[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mh[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mh[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mg[_-]?public[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mg[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapboxaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manifest[_-]?app[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manifest[_-]?app[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mandrill[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?managementapiaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?management[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manage[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manage[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?secret[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?pub[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?pub[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?priv[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailer[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailchimp[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailchimp[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mail[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?magento[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?magento[_-]?auth[_-]?username [\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?magento[_-]?auth[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?happo[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?happo[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?looker[_-]?test[_-]?runner[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ll[_-]?shared[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ll[_-]?publish[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?linux[_-]?signing[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?linkedin[_-]?client[_-]?secretor lottie[_-]?s3[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lighthouse[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lektor[_-]?deploy[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lektor[_-]?deploy[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?leanplum[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kxoltsn3vogdop92m[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kubeconfig[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kubecfg[_-]?s3[_-]?path[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kovan[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?keystore[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kafka[_-]?rest[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kafka[_-]?instance[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kafka[_-]?admin[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jwt[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jdbc:mysql[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jdbc[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jdbc[_-]?databaseurl[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?itest[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ios[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?internal[_-]?secrets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?integration[_-]?test[_-]?appid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?integration[_-]?test[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?index[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ij[_-]?repo[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ij[_-]?repo[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hub[_-]?dxia2[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?homebrew[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hockeyapp[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?heroku[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?heroku[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?heroku[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hb[_-]?codesign[_-]?key[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hb[_-]?codesign[_-]?gpg[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hab[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hab[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?grgit[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gren[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?signing[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?signing[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?publish[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?publish[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?secret[_-]?keys[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?passphrase[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?ownertrust[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?keyname[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?key[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?maps[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?client[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?client[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?account[_-]?type[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gogs[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gitlab[_-]?user[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?tokens[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?repo[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?release[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?pwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?oauth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?hunter[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?hunter[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?deployment[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?committer[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?committer[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?author[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?author[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ghost[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ghb[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?repo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?next[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcs[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcr[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcloud[_-]?service[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcloud[_-]?project[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcloud[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?pw[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?login[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?fossa[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?flickr[_-]?api[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?flickr[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?flask[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firefox[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?project[_-]?develop[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?api[_-]?json[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?file[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?exp[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?eureka[_-]?awssecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?sonatype[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?heroku[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?github[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?end[_-]?user[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?encryption[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?elasticsearch[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?elastic[_-]?cloud[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dsonar[_-]?projectkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dsonar[_-]?login[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?droplet[_-]?travis[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dropbox[_-]?oauth[_-]?bearer[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?doordash[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dockerhubpassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dockerhub[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?postgres[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?passwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?hub[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?ids[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?body[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?digitalocean[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dgpg[_-]?passphrase[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?secure[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ddgc[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ddg[_-]?test[_-]?email[_-]?pw[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ddg[_-]?test[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?pw[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?connection[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?datadog[_-]?app[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?datadog[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?port[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?danger[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cypress[_-]?record[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coverity[_-]?scan[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coveralls[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coveralls[_-]?repo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coveralls[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cos[_-]?secrets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?conversation[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?conversation[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?v2[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?test[_-]?org[_-]?cma[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?php[_-]?management[_-]?test[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[_-]?new[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?integration[_-]?management[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?cma[_-]?test[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?consumerkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?consumer[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?conekta[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coding[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?codecov[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?codeclimate[_-]?repo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?codacy[_-]?project[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cocoapods[_-]?trunk[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cocoapods[_-]?trunk[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?clu[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?clu[_-]?repo[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudinary[_-]?url[_-]?staging[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudinary[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?auth[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?auth[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?service[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?processed[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?parsed[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?order[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?instance[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?audited[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?archived[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloud[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?clojars[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cli[_-]?e2e[_-]?cma[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?superuser[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?db[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?user[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?server[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?registry[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?project[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?deploy[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?chrome[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?chrome[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cheverny[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cf[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?certificate[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?censys[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cattle[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cattle[_-]?agent[_-]?instance[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cattle[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cargo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cache[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bx[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bx[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bundlesize[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?built[_-]?branch[_-]?deploy[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?browserstack[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?browser[_-]?stack[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?brackets[_-]?repo[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?pwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?pass[_-]?prod[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintraykey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?gpg[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?b2[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?b2[_-]?app[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awssecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awscn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awscn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awsaccesskeyid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?ses[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?ses[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secrets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?config[_-]?secretaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?config[_-]?accesskeyid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?access[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?author[_-]?npm[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?author[_-]?email[_-]?addr[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?auth0[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?auth0[_-]?api[_-]?clientsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?assistant[_-]?iam[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifactory[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?argos[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?apple[_-]?id[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?appclientsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?secrete[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?report[_-]?token[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?bucket[_-]?perm[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?apigw[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?apiary[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?key[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aos[_-]?sec[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aos[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ansible[_-]?vault[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?android[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?anaconda[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?amazon[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?amazon[_-]?bucket[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?alicloud[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?alicloud[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?alias[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?search[_-]?key[_-]?1[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?search[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?search[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?search[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?mcm[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?mcm[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?1[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?air[-_]?table[-_]?api[-_]?key[\"']?[=:][\"']?.+[\"']" - - "(?i)[\"']?adzerk[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?admin[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?account[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?access[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?access[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+" diff --git a/scan/gadget/sensitive/rules/credentials.yaml b/scan/gadget/sensitive/rules/credentials.yaml deleted file mode 100644 index 1c7e110..0000000 --- a/scan/gadget/sensitive/rules/credentials.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: basic-auth-creds - -info: - name: Basic Auth Credentials - author: gaurang - severity: high - tags: token,file,auth - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" diff --git a/scan/gadget/sensitive/rules/dynatrace-token.yaml b/scan/gadget/sensitive/rules/dynatrace-token.yaml deleted file mode 100644 index 3ad533d..0000000 --- a/scan/gadget/sensitive/rules/dynatrace-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: dynatrace-token - -info: - name: Dynatrace Token - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/facebook/facebook-client-id.yaml b/scan/gadget/sensitive/rules/facebook/facebook-client-id.yaml deleted file mode 100644 index 91942db..0000000 --- a/scan/gadget/sensitive/rules/facebook/facebook-client-id.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: facebook-client-id - -info: - name: Facebook Client ID - author: gaurang - severity: info - tags: token,file,facebook - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" diff --git a/scan/gadget/sensitive/rules/facebook/facebook-secret.yaml b/scan/gadget/sensitive/rules/facebook/facebook-secret.yaml deleted file mode 100644 index 63da7e7..0000000 --- a/scan/gadget/sensitive/rules/facebook/facebook-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: facebook-secret-key - -info: - name: Facebook Secret Key - author: gaurang - severity: low - tags: token,file,facebook - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" diff --git a/scan/gadget/sensitive/rules/fcm-api-key.yaml b/scan/gadget/sensitive/rules/fcm-api-key.yaml deleted file mode 100644 index 382f9e8..0000000 --- a/scan/gadget/sensitive/rules/fcm-api-key.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: fcm-api-key - -info: - name: Firebase Cloud Messaging Token - author: Devang-Solanki - severity: medium - tags: token,file,fcm,firebase,google - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - '[A-Za-z0-9-_]+:APA91b[A-Za-z0-9-_#]+' \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/github/github-oauth-token.yaml b/scan/gadget/sensitive/rules/github/github-oauth-token.yaml deleted file mode 100644 index c1c5eae..0000000 --- a/scan/gadget/sensitive/rules/github/github-oauth-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: github-oauth-token - -info: - name: Github OAuth Access Token - author: tanq16 - severity: high - tags: token,file,github - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "gho_.{36}" diff --git a/scan/gadget/sensitive/rules/github/github-refresh-token.yaml b/scan/gadget/sensitive/rules/github/github-refresh-token.yaml deleted file mode 100644 index 15b1684..0000000 --- a/scan/gadget/sensitive/rules/github/github-refresh-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: github-refresh-token - -info: - name: Github Refresh Token - author: tanq16 - severity: high - tags: token,file,github - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "ghr_.{76}" diff --git a/scan/gadget/sensitive/rules/google/google-api.yaml b/scan/gadget/sensitive/rules/google/google-api.yaml deleted file mode 100644 index 1242ce0..0000000 --- a/scan/gadget/sensitive/rules/google/google-api.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: google-api-key-file - -info: - name: Google API key - author: gaurang - severity: info - tags: token,file,google - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "AIza[0-9A-Za-z\\-_]{35}" diff --git a/scan/gadget/sensitive/rules/linkedin-id.yaml b/scan/gadget/sensitive/rules/linkedin-id.yaml deleted file mode 100644 index 209dcb4..0000000 --- a/scan/gadget/sensitive/rules/linkedin-id.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: linkedin-client-id - -info: - name: Linkedin Client ID - author: gaurang - severity: low - tags: token,file,linkedin - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" diff --git a/scan/gadget/sensitive/rules/mailchimp-api.yaml b/scan/gadget/sensitive/rules/mailchimp-api.yaml deleted file mode 100644 index 7e5a4ba..0000000 --- a/scan/gadget/sensitive/rules/mailchimp-api.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: mailchimp-api-key - -info: - name: Mailchimp API Key - author: gaurang - severity: high - tags: token,file,mailchimp - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "[0-9a-f]{32}-us[0-9]{1,2}" diff --git a/scan/gadget/sensitive/rules/mailgun-api.yaml b/scan/gadget/sensitive/rules/mailgun-api.yaml deleted file mode 100644 index ec96ecf..0000000 --- a/scan/gadget/sensitive/rules/mailgun-api.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: mailgun-api-key - -info: - name: Mailgun API Key - author: gaurang - severity: high - tags: token,file,mailgun - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "key-[0-9a-zA-Z]{32}" diff --git a/scan/gadget/sensitive/rules/pictatic-api-key.yaml b/scan/gadget/sensitive/rules/pictatic-api-key.yaml deleted file mode 100644 index ec20f07..0000000 --- a/scan/gadget/sensitive/rules/pictatic-api-key.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: pictatic-api-key - -info: - name: Pictatic API Key - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "sk_live_[0-9a-z]{32}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/shopify-custom-token.yaml b/scan/gadget/sensitive/rules/shopify-custom-token.yaml deleted file mode 100644 index fbdd23d..0000000 --- a/scan/gadget/sensitive/rules/shopify-custom-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: shopify-custom-token - -info: - name: Shopify Custom App Access Token - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "shpca_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/shopify-private-token.yaml b/scan/gadget/sensitive/rules/shopify-private-token.yaml deleted file mode 100644 index 7e308d7..0000000 --- a/scan/gadget/sensitive/rules/shopify-private-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: shopify-private-token - -info: - name: Shopify Private App Access Token - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "shppa_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/shopify-shared-secret.yaml b/scan/gadget/sensitive/rules/shopify-shared-secret.yaml deleted file mode 100644 index 8121c35..0000000 --- a/scan/gadget/sensitive/rules/shopify-shared-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: shopify-shared-secret - -info: - name: Shopify Shared Secret - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "shpss_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/shopify-token.yaml b/scan/gadget/sensitive/rules/shopify-token.yaml deleted file mode 100644 index a608786..0000000 --- a/scan/gadget/sensitive/rules/shopify-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: shopify-access-token - -info: - name: Shopify Access Token - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "shpat_[a-fA-F0-9]{32}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/slack-api.yaml b/scan/gadget/sensitive/rules/slack-api.yaml deleted file mode 100644 index ea761c2..0000000 --- a/scan/gadget/sensitive/rules/slack-api.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: slack-api - -info: - name: Slack API Key - author: gaurang - severity: high - tags: token,file,slack - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "xox[baprs]-([0-9a-zA-Z]{10,48})?" diff --git a/scan/gadget/sensitive/rules/square-oauth-secret.yaml b/scan/gadget/sensitive/rules/square-oauth-secret.yaml deleted file mode 100644 index 15571e7..0000000 --- a/scan/gadget/sensitive/rules/square-oauth-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: square-oauth-secret - -info: - name: Square OAuth Secret - author: gaurang - severity: high - tags: token,file,square - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "sq0csp-[0-9A-Za-z\\-_]{43}" diff --git a/scan/gadget/sensitive/rules/twilio-api.yaml b/scan/gadget/sensitive/rules/twilio-api.yaml deleted file mode 100644 index 9895746..0000000 --- a/scan/gadget/sensitive/rules/twilio-api.yaml +++ /dev/null @@ -1,16 +0,0 @@ -id: twilio-api - -info: - name: Twilio API Key - author: gaurang - severity: high - tags: token,file - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" \ No newline at end of file diff --git a/scan/gadget/sensitive/rules/twitter-secret.yaml b/scan/gadget/sensitive/rules/twitter-secret.yaml deleted file mode 100644 index 79c3de9..0000000 --- a/scan/gadget/sensitive/rules/twitter-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -id: twitter-secret - -info: - name: Twitter Secret - author: gaurang,daffainfo - severity: medium - tags: token,file,twitter - -file: - - extensions: - - all - - extractors: - - type: regex - regex: - - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" - - "(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}" \ No newline at end of file