darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
62e4b071cd
PEASS-ng/build_lists/regexes.yaml
carlospolop 4a0b8fb065 improvements
2023-04-13 22:02:50 +02:00

1224 lines
44 KiB
YAML
Raw Blame History

regular_expresions:
# Hashes passwords
- name: Hashed Passwords
regexes:
- name: Apr1 MD5
regex: '\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
example: $apr1$wfw75FKf$WnUqyuLbiqq6.SFF8xJ4h.
- name: Apache SHA
regex: '\{SHA\}[0-9a-zA-Z/_=]{10,}'
example: >
{SHA}sMt=Yjm=Z_90ysdabtRhxjZXYNMcMt5SF8cfEcsFinq/f=gItL/yStd4PpXIE62nGWW9zEAX6W7OnJRt
- name: Blowfish
regex: '\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*'
example: $2$56$/HL_61V6F0cJMmfms7cu/3qzNx6OeHSRfNqiPzwizC_Se/BVNW0/opOha0AP6UZCPOySjOY
- name: Drupal
regex: '\$S\$[a-zA-Z0-9_/\.]{52}'
example: $S$oYgf2/JoUwxprWYrbPOXShF7gdb9OBkQ85k6vxgffmwR34hdAseI
- name: Joomlavbulletin
regex: '[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}'
example: l3SRau7fy20zuc3NBaFB7x13Fp5q3sWr:AoD4BojyIiXv0bCdTTyYC
- name: Linux MD5
regex: '\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}'
example: $1$pm184XyU$BSwp2.eFChH_IYZlUrgTlz
- name: phpbb3
regex: '\$H\$[a-zA-Z0-9_/\.]{31}'
example: $H$Yl90nWKFGs/KmYA9KKa5BCpK7cC3PAd
- name: sha512crypt
regex: '\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}'
example: $6$Ce1ild5UdTmRIM/N$CMDumnYFdiAlQAvbcaZ7YqX8hTyhFvQbBZ/6TgmPgfZAuqago5mXDdIMrtkS2GA1iWuSMSpqqEu1nuz6P.7A2e
- name: Wordpress
regex: '\$P\$[a-zA-Z0-9_/\.]{31}'
example: $P$3kreQHPdsLC_2_4_eLtjWPlmk33mlix
# Raw Hashes
- name: Raw Hashes
regexes:
- name: md5 #Too many false positives
regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)'
example: '129aF9e0aFD4537EF7cBEfdD48Bd2E5B'
falsePositives: True
- name: sha1 #Too many false positives
regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)'
example: 'CbD3EDA0f6B83BF12Dc263a75211cB967fCeDeD6'
falsePositives: True
- name: sha256 #Too many false positives
regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)'
example: 'Ba99CcF0dfDe6eAC6fE9Bcf37aEEAEd5292D3Bd37cc9d0638687EF3Ab7ED7e15+'
falsePositives: True
- name: sha512
regex: '(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)'
example: '#961EfAbD2fa0FFF57F5e0Ffae75EEDc1c3E16fD9A597eDAde7ADcEb0DDa19eF92798B9C47f2ebbF55d0E9bfCeC7988AdC8C89cbbafbC2F1acdfCeF2c3133f9db'
# APIs
# https://github.com/l4yton/RegHex/blob/master/README.md
- name: APIs
regexes:
- name: Artifactory API Token # False +
regex: 'AKC[a-zA-Z0-9]{10,}' # False +
example: 'AKCEoCMlFkeYNmd4Wcqegqp29emhzZNgOCWgQWGrON9nLVBhY'
falsePositives: True
- name: Artifactory Password
regex: 'AP[0-9ABCDEF][a-zA-Z0-9]{8,}'
example: 'APAbCuDoU02wd5zuA423XeGf'
falsePositives: True
- name: Authorization Basic # Too many false positives
regex: 'basic [a-zA-Z0-9_:\.=\-]+'
example: 'basic _FWaszX4nLMF2RozmQS19y'
falsePositives: True
- name: Authorization Bearer # Too many false positives
regex: 'bearer [a-zA-Z0-9_\.=\-]+'
example: 'bearer CydywyUjXWUf'
falsePositives: True
- name: Adafruit API Key
regex: '([a-z0-9_-]{32})'
example: 16bkl1dofm2-ct-93a8cpdd58pu98dtc
falsePositives: True
- name: Adobe Client Id (Oauth Web)
regex: >
(adobe[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{32})['"]
caseinsensitive: True
example: adobe_key="abfbc6ccd7dcc43a0b40864b3053c947"
- name: Abode Client Secret
regex: >
(p8e-)[a-z0-9]{32}
caseinsensitive: True
example: p8e-wg5onua8kmrzdd9cft5f36qw02m6bxda
- name: Age Secret Key
regex: >
AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}
example: AGE-SECRET-KEY-1K3WZXJG2V6ERG49R2L5UK8RHT49T2XKXFPPU4UL0SF6GWR6HKVKEC5V969
- name: Airtable API Key
regex: >
([a-z0-9]{17})
example: 7u11v0ktvh2ebisfm
falsePositives: True
- name: Alchemi API Key
regex: >
(alchemi[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9-]{32})['"]
caseinsensitive: True
example: alchemi_api_kew='OKPUGsiiZ7iVOPC03J0YP1z55xlJW1CA'
- name: Alibaba Access Key ID
regex: >
(LTAI)[a-z0-9]{20}
caseinsensitive: True
example: LTAIjzto443k30bsher79cf1
- name: Alibaba Secret Key
regex: >
(alibaba[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{30})['"]
caseinsensitive: True
example: alibaba_key=>'47c0gportvf7cv0d6cbd8lsh5a1ulh'
- name: Artifactory API Key & Password
regex: >
["']AKC[a-zA-Z0-9]{10,}["']|["']AP[0-9ABCDEF][a-zA-Z0-9]{8,}["']
example: >
"AP6XBwIRozqtcJXCax1Sqnerb9X5n0krYeBD93A7UtUuiQczuWM3lwGybD7T7sFNc17f7iw2TMwjWI4ySAiOcBjbvrIGrFz45pRpcvj"
- name: Asana Client ID
regex: >
((asana[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9]{16})['"])|((asana[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"])
caseinsensitive: True
example: >
asana_key ="8495730476014822"
- name: Atlassian API Key
regex: >
(atlassian[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{24})['"]
caseinsensitive: True
example: >
atlassian_apikey:'i6xoje8cbxlb32ray2z6eo1o'
- name: AWS Client ID
regex: '(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
extra_grep: '-Ev ":#|:<\!\-\-"'
example: AKIAC7Y99LK8QKG1QWKP
- name: AWS MWS Key
regex: 'amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
example: amzn.mws.92ace9f0-3185-779b-583b-2f0c8a92c506
- name: AWS Secret Key
regex: aws(.{0,20})?['"][0-9a-zA-Z\/+]{40}['"]
example: aws_key="i6xoje8cbaasxlb32ray2z6eo1oadgfg5e56645a"
- name: AWS AppSync GraphQL Key
regex: da2-[a-z0-9]{26}
example: da2-0dzr45lxiqwtjq7kbek03wf543
#B
- name: Base32 #Too many false positives
regex: '(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?'
example: 'KYZL4CCR7JWGYEFE5V747WSPXSD7LZJDDGBBZPJRCMB65Q5JY74VAUSKVSGMQ3KNXTIFWBHJKQ2FI6Y7L6SLOBUYOCAIRFRYKCYAU2YCUSVS6ODNQHHTJQU3Q47C5IRZIXJ5YZNTMXH2AVRVC2XQPWKL6YT65OKAYZIZQPO3MS4W4JGNCCK2SYTQUYZ5QN3VIZ5YKOWYFKMV55MZNEPTQJO6LHQCOGS2FP3SCAKZCSGIIMS23VXJGTSTL2FP6WVHWNYEHSF3NER5RY42Y7HDYOL2FP3GNTT2HG7X7VGGKRWLS6N73AE2MDGOMW26TCV6VMDLBG2Z4S6BX6FNT33MVXRIQGGGFD42W7PHM4LIOTQL7UCPYXW7WAICZNRBJPMWDXUHXFLQQPICLOIFBQQRYB6WHMR5KIADSKUBGSH47CJZN6NBY5DXH4LW63TGLWV2XHBBYNJDYJ2X3YUAX62AIAEQ4TTLM7WYYRYJRPDCCVVTS6IEBCXWQXLUUJCCUODZKZ2LMIFLI252NW7ROYC47I3EFYMGBKUMXRVTKXU42YMX5NONTZRXPTWSLAZVAT5HX5QJGOUO6NK6NYM7MUB5LSRYTULGE3PQVI3TBAWE6AXQUG2KLH4S6YEACHKDT3PRHSWMIM36ETCQLDI3YDM7HILDWSP4X5FUUNILGRUPQ6MBA5KPWFEKOQBK5ZCKDYYU2NASMJZ25ACP5ZK3HH753ZLSXMP7WXBETCZDQB2OGKI5QICU7I6NAPOSBGHYFYDNQB6WIIOH'
falsePositives: True
- name: Base64 #Too many false positives
regex: '(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[a-zA-Z0-9+/]+={0,2}'
example: 'aHR0cHM6LFRGovTvghMQEwj+Qeq6rhoYcgDSW1e3ZImGF7gmx5I3abFUzFmixjiYyAwEMsrDIULlNypIeZUMthW60/C0J'
falsePositives: True
- name: Basic Auth Credentials
regex: '://[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z]+'
example: '://username:password@domain.com'
- name: Beamer Client Secret
regex: >
(beamer[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"](b_[a-z0-9=_\-]{44})['"]
caseinsensitive: True
example: >
beamer_secret>'b_b4mercz6k_4vmbhk5xbhl6ocnnqcgg0qlmxq8-cts=s6'
- name: Binance API Key
regex: >
(binance[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{64})['"]
caseinsensitive: True
example: >
binance-apikey=>"1q1MFdKkCpJdaIl6d0oqPsO1KAATglQuRhQsCgZoj8atWRAzgyWmi3eleuuJ31J3'
- name: Bitbucket Client Id
regex: >
((bitbucket[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"])
caseinsensitive: True
example: >
bitbucket-client-id="zuvwzyrzs26ut4bh6oxel0e7444mpd7c"
- name: Bitbucket Client Secret
regex: >
((bitbucket[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9_\-]{64})['"])
caseinsensitive: True
example: >
bitbucketd-client-secret='vnx0ngdq1bvaq1ygo8mcez4vk88ovthfx86y8dgaw1y2s020e1v0o4l1l6tu6q7u"
- name: BitcoinAverage API Key
regex: >
(bitcoin.?average[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{43})['"]
caseinsensitive: True
example: >
bitcoin3average-apikey ="M39fxqAGAt9c5KdyKwi8LwpInxsIrHq6Q2EdW3pCiW2"
- name: Bitquery API Key
regex: >
(bitquery[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Za-z0-9]{32})['"]
caseinsensitive: True
example: >
bitquery-apikey="NWUlHtnehbYZCQN5O46q7oRhzfbZeDjr'
- name: Bittrex Access Key and Access Key
regex: >
([a-z0-9]{32})
example: zyppbifc36v4whhn6b0q9x3znqqgkeel
falsePositives: True
- name: Birise API Key
regex: >
(bitrise[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9_\-]{86})['"]
caseinsensitive: True
example: >
bitrisejme="BzVkwOcKAqUPeFAiQCAdlREdK6gUOMIKl3TXKnkxn2frFtkzgw4iDfnI-fkfP3HHXSnt6R9ebZdsNieCm9zQ6m"
- name: Block API Key
regex: >
(block[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4})['"]
caseinsensitive: True
example: >
block-api-key>'6d6i-b8z9-rgob-gzn7'
- name: Blockchain API Key
regex: >
mainnet[a-zA-Z0-9]{32}|testnet[a-zA-Z0-9]{32}|ipfs[a-zA-Z0-9]{32}
example: mainnetXahUq3S6jcKpNODEnZuswNASzNl3SWA0
- name: Blockfrost API Key
regex: >
(blockchain[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[0-9a-f]{12})['"]
caseinsensitive: True
example: >
blockchain='7f803740-47a6-4491-2630-fed376f83003'
- name: Box API Key
regex: >
(box[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{32})['"]
caseinsensitive: True
example: >
box-apikey='fwtfdyIEe47lkfI7ErloLt8wgzLgoLsc'
- name: Bravenewcoin API Key
regex: >
(bravenewcoin[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{50})['"]
caseinsensitive: True
example: >
bravenewcoinq93-key<="r42uv5ahxu9ohr4blcom4fkc2vh873f2g8hi64l2ddsit6ipk6"
#C
- name: Clearbit API Key
regex: >
sk_[a-z0-9]{32}
example: sk_oywau29kv7gcazau366iqeri6rm9qvxz
- name: Clojars API Key
regex: >
(CLOJARS_)[a-zA-Z0-9]{60}
example: CLOJARS_zU0NGGFrLJZP4QUC46UdwkOCfHJsD6BBssuWSsI0ubOoNNRE9M3dX3BQouu3
- name: Cloudinary Basic Auth
regex: 'cloudinary://[0-9]{15}:[0-9A-Za-z]+@[a-z]+'
example: cloudinary://152763652812343:PoA@tyrqrxt
# - name: CoinAPI API Key
# regex: >
# cloudinary://152763652812343:PoA@tyrqrxtrqhxthhhowoohrwwmgkugcizomojityqatiyvfzonomebafubqwlpseppdfgsybuagjrtthlolkifoyg
# caseinsensitive: True
# example: >
# cloudinary://152763652812343:PoA@tyrqrxtrqhxthhhowoohrwwmgkugcizomojityqatiyvfzonomebafubqwlpseppdfgsybuagjrtthlolkifoyg
- name: Coinbase Access Token
regex: >
([a-z0-9_-]{64})
example: ez8c5hpyy258a-9gjtsjf-ov7bir--tksmepd_7vg0jcxo8cq85i2p-lnlvdu_rb
falsePositives: True
- name: Coinlayer API Key
regex: >
(coinlayer[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"]
caseinsensitive: True
example: >
coinlayer-apikey=>'mhv6iadrtuiad424xvrhxwgdhqysnmkc'
- name: Coinlib API Key
regex: >
(coinlib[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{16})['"]
caseinsensitive: True
example: >
coinlib-apikey="9vsan5dmjnnlnwqf"
- name: Confluent Access Token & Secret Key
regex: >
([a-z0-9]{16})
example: rd7j4d1is0jpr5d3
falsePositives: True
- name: Contentful delivery API Key
regex: >
(contentful[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9=_\-]{43})['"]
caseinsensitive: True
example: >
contentful-key>"0a9cqu5ppw11j0qh-pdydco7c_liooohdv6hcgeqyw5"
- name: Covalent API Key
regex: >
ckey_[a-z0-9]{27}
example: ckey_63aarh0ax2u56buzhrcsthl9rjo
- name: Charity Search API Key
regex: >
(charity.?search[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"]
caseinsensitive: True
example: >
charitysearch-apikey="bcd9589xb6xbrkmhotwvjem16q27a48d"
#D
- name: Databricks API Key
regex: >
dapi[a-h0-9]{32}
example: dapi3d7473490ca0a6fcdffhdb22c834f3h6
- name: DDownload API Key
regex: >
(ddownload[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{22})['"]
caseinsensitive: True
example: >
ddownload-key="pbthiugya51o99xqf8p1wn"
- name: Defined Networking API token
regex: >
(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})
example: dnkey-22ekn3bd_augf8fg_4vfudl9w2-778r_de4slu1ksk2h8nc8tg53_p4nq=ny5-_li72-3bna9l0_lx9
- name: Discord API Key, Client ID & Client Secret
regex: >
((discord[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-h0-9]{64}|[0-9]{18}|[a-z0-9=_\-]{32})['"])
caseinsensitive: True
example: >
discord-apikey="231ahdc61b46afg8hd39bbbf75f40f9e1e1a637df02de861751ahab6fhgf210e"
- name: Droneci Access Token
regex: >
([a-z0-9]{32})
example: 0ewqr6fc0bhsveyemc0891o53x13z0m6
falsePositives: True
- name: Dropbox API Key
regex: >
sl.[a-zA-Z0-9_-]{136}
example: sl&M-ECOse0dUJnSVECSH6TXIj3JJUPCWUEu6Cy2URGlElV8eZgEA9ASDZ3V3B1QnNGZVU8p4DCjl-bBLhmtkF4WzAPNpGOxzfp3SsVjC5aOiYjFXpM_Rw3g8w7O9Ow5X5gwb7HGQHu
- name: Doppler API Key
regex: >
(dp\.pt\.)[a-zA-Z0-9]{43}
example: dp.pt.uOy0bgBrCHHFqCo2SVN0oZh6SjVqcNnSQaVhs1s2tBR
- name: Dropbox API secret/key, short & long lived API Key
regex: >
(dropbox[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{15}|sl\.[a-z0-9=_\-]{135}|[a-z0-9]{11}(AAAAAAAAAA)[a-z0-9_=\-]{43})['"]
caseinsensitive: True
example: >
dropbox="yxmet57firzAAAAAAAAAAbt2vvca5egmx5e2srt1q2k2tt6td8szseyd==9wdb7h"
- name: Duffel API Key
regex: >
duffel_(test|live)_[a-zA-Z0-9_-]{43}
example: duffel_live_-24wL_oJ8O0gr_dBDvPMQR7-02eVoVq3iT85o62FG3x
- name: Dynatrace API Key
regex: >
dt0c01\.[a-zA-Z0-9]{24}\.[a-z0-9]{64}
example: dt0c01.rG3Hz503P4Tmy5lqVo6Sa6lc.2fwfacxwb7e1fhdo1tu43rjwz6jfqx2t3c7x0w8xzgnw7l8d405w1bcw68t3b74f
#E
- name: EasyPost API Key
regex: >
EZAK[a-zA-Z0-9]{54}
example: EZAKvZpo6bs0bnqOY3ty0ircwUQQJNK2nhTSL5lF65itLP8OIhQDvOYaBP
- name: EasyPost test API Key
regex: >
EZTK[a-zA-Z0-9]{54}
example: EZTK47b3UoWmg9DhE7Jif1pw8YnWyNqHwbb1yGHk8IaKYLQP52tbubKhk4
- name: Etherscan API Key
regex: >
(etherscan[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Z0-9]{34})['"]
example: >
etherscan-apikey="VOOB4X83RVIL0G9B4GN0CMDB103KYKS2VE"
- name: Etsy Access Token
regex: >
([a-z0-9]{24})
example: d71s4p3clzc2gnlshgxbwpgn
falsePositives: True
#F
- name: Facebook Access Token
regex: 'EAACEdEose0cBA[0-9A-Za-z]+'
example: EAACEdEose0cBANhYw0IOm0ca1l5wt6AosU7OBvtKHtApURC3sSRIH3VlcCnZBapibvKR9XtiJuiwg5T0U8FLdOl3DF4LMlVp3wCF3N
- name: Facebook Client ID
regex: ([fF][aA][cC][eE][bB][oO][oO][kK]|[fF][bB])(.{0,20})?['"][0-9]{13,17}
example: >
fACEBOOK-clientID="4507045253731
- name: Facebook Oauth
regex: >
[fF][aA][cC][eE][bB][oO][oO][kK].*['|"][0-9a-f]{32}['|"]
example: >
FACEBooK-oauth='ff2a9017d57f3b483d5459187522624c'
- name: Facebook Secret Key
regex: >
([fF][aA][cC][eE][bB][oO][oO][kK]|[fF][bB])(.{0,20})?['"][0-9a-f]{32}
example: >
faceBOOk-secret='c0fcb075723dac614f1d01651ec75c79
- name: Fastly API Key
regex: >
(fastly[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9=_\-]{32})['"]
caseinsensitive: True
example: >
fastly-apikey="487liqwns3mx2zdfyyun=m6co2s2-s1x"
- name: Finicity API Key & Client Secret
regex: >
(finicity[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{32}|[a-z0-9]{20})['"]
caseinsensitive: True
example: >
finicity-key="78cf798530fd0c892d863dd0991a6e90"
- name: Flickr Access Token
regex: >
([a-z0-9]{32})
example: 36ce23shl017fi72pdeyz2lf3d9vda9w
falsePositives: True
- name: Flutterweave Keys
regex: >
FLWPUBK_TEST-[a-hA-H0-9]{32}-X|FLWSECK_TEST-[a-hA-H0-9]{32}-X|FLWSECK_TEST[a-hA-H0-9]{12}
example: >
FLWPUBK_TEST-40672c4BFaHBHe84a9fd2af3e98c7D23-X
- name: Frame.io API Key
regex: >
fio-u-[a-zA-Z0-9_=\-]{64}
example: >
fio-u-Qq8OTgvWoXvJNK815rMihgunAdKXk9X0n8P_j52CJKtcpww1h1VCZ4UD9Wd4IhMW
- name: Freshbooks Access Token
regex: >
([a-z0-9]{64})
example: bjbv4xvi5g55oqtkdlokxgp3af1bq02ryhsgmhhj9qt7c4hl7t1jvtx0so6y45gd
falsePositives: True
#G
- name: Github
regex: >
github(.{0,20})?['"][0-9a-zA-Z]{35,40}
example: >
github="5fJnOG7J5g32cudy8X1moNmFmLLt3V5ZQxvE
#- name: Github App Token, OAuth Access Token, Personal Access Token & Refresh Token
# regex: >
# (ghu|ghs)_[0-9a-zA-Z]{36}|gho_[0-9a-zA-Z]{36}|ghp_[0-9a-zA-Z]{36}|ghr_[0-9a-zA-Z]{76}
- name: Github App Token
regex: >
(ghu|ghs)_[0-9a-zA-Z]{36}
example: >
ghu_di9hDkVMVGKPN1jjTt9UuTf363LhlmHm9mws
- name: Github OAuth Access Token
regex: >
gho_[0-9a-zA-Z]{36}
example: >
gho_sfo8CcdMKCREliT5E5siPIp8gHEWeYC4GcQF
- name: Github Personal Access Token
regex: >
ghp_[0-9a-zA-Z]{36}
example: >
ghp_QwoInpFNt286yfutmm0wAJzg9zbHKpUY8G34
- name: Github Refresh Token
regex: >
ghr_[0-9a-zA-Z]{76}
example: >
ghr_T3PPq0D1KnSVY7tERnMgVV5dcDkt0q4lXOuYMdEPpefkROVgJQWYSxEJk4hG1idcLdEu1TR1eWDi
- name: GitHub Fine-Grained Personal Access Token
regex: >
github_pat_[0-9a-zA-Z_]{82}
example: >
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
- name: Gitlab Personal Access Token
regex: >
glpat-[0-9a-zA-Z\-]{20}
example: >
glpat-RrZBU3rfrA2UahiOH6XQ
- name: GitLab Pipeline Trigger Token
regex: >
glptt-[0-9a-f]{40}
example: >
glptt-30810ea3eda2611d3500eb3a95dd004fa1965928
- name: GitLab Runner Registration Token
regex: >
GR1348941[0-9a-zA-Z\_\-]{20}
example: >
GR1348941RzEF5zAQQ0ljjE72T-33
- name: Gitter Access Token
regex: >
([a-z0-9_-]{40})
example: 9rh0n83z874h767-2-lmwmjq-t63dcsik6yr0awn
falsePositives: True
- name: GoCardless API Key
regex: >
live_[a-zA-Z0-9_=\-]{40}
example: >
live_tQ-4JaiqLoamdNuNMtwbP52m-HgqyS52gVedEBoC
- name: GoFile API Key
regex: >
(gofile[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{32})['"]
caseinsensitive: True
example: >
gofile-apikey="Tt3euLPBD4iwHfGRq3pk7CRysWqkk2ge"
- name: Google API Key
regex: 'AIza[0-9A-Za-z_\-]{35}'
example: >
'AIzah9OABA-RY7awgoau_C6RRi5R3g3e9d9Q37P'
- name: Google Cloud Platform API Key
regex: >
(google|gcp|youtube|drive|yt)(.{0,20})?['"][AIza[0-9a-z_\-]{35}]['"]
example: >
google-cloud-apikey='uhldjibyb56zz-Afos3m[wxa-mnp1oAfs6e]'
- name: Google Drive Oauth
regex: '[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com'
example: 06181489670499612563316814427797547102771400020446857617056-osFKrSfrtmoEl3dSshnlTHDM6rTevnn4.apps.googleusercontent.com
- name: Google Oauth Access Token
regex: 'ya29\.[0-9A-Za-z_\-]+'
example: ya29.j8lNIMiRgzGa4KQTehLAlBUx441wduUe9vYLQqp
- name: Google (GCP) Service-account
regex: '"type.+:.+"service_account'
example: >
"type": "service_account"
# - name: Google API Key, Drive Oauth, Oauth Access Token, Service Account, Signed storage URLs, Legacy creds and Signed policy documents in HTML
# regex: >
# (AIza[0-9A-Za-z_\-]{35})|([0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com)|(ya29\.[0-9A-Za-z_\-]+)|("type": "service_account")|(storage.googleapis.com.*?Goog-Signature=[a-f0-9]+)|([^{}]*?client_id[^{}]*?client_secret.*)|(<form action.*googleapis.com.*name="signature" value=".*">)
- name: Grafana API Key
regex: >
eyJrIjoi[a-z0-9_=\-]{72,92}
caseinsensitive: True
example: eyJrIjoi-grafana-api-key=-asadcaxcpg319pihinvbs=bm-qhxyoag6ol0hdhjdb7b5tl1dx_uqhl
- name: Grafana cloud api token
regex: >
glc_[A-Za-z0-9\+/]{32,}={0,2}
example: >
glc_vC2f5kkH7NDcyRd/8I9mSPmKsrpwDpWHCmjxNOjmXLN+AuYmh0y9gA5/X3BD0b5qkBNV7TTwatcJC4mvIq0VEySn2bfnsXQIxtuqaPw/xc3/9PmALD/EHfoR6ebEGgMO1C2lW81Nz6Js94BX5eMDPn/0+WRwMrYnxNxqwJr7yI0Kw0ZfNDC+ROHE7XjcDfRmzUvn7mZoxePoI4aYd0RAUmzbfCs/bwSWzWVuLkc63uNsNApUSMhQG5Vndb/QQGzb79XX+yHuXrLYy=
- name: Grafana service account token
regex: >
(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})
example: glsa_fWkrfIUhX7gYNSQIFWSbnNyR1kAyOiA9_ecd27EAb
#H
- name: Hashicorp Terraform user/org API Key
regex: >
[a-z0-9]{14}\.atlasv1\.[a-z0-9_=\-]{60,70}
example: >
izk1hawfnui5xc.atlasv1.kxfv6ncrmadace26slc1-sbbaim4yw5k2f2-y4-8wtv_ukr=61-bnatt71551o6qgeo5
- name: Heroku API Key
regex: '[hH][eE][rR][oO][kK][uU].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}'
example: >
HeRokU-apikey=WBEA1B3FE-4C62-30C9-B600-45D4382AC0A5
- name: Hubspot API Key
regex: >
['"][a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12}['"]
caseinsensitive: True
example: >
"f69772hb-3d78-c7hd-47eh-9fg423a4beh1"
#I
- name: Instatus API Key
regex: >
(instatus[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"]
caseinsensitive: True
example: >
instatus-apikey="ux6mmcb4hvbd37ypufm9wtag8c6it8i9"
- name: Intercom API Key & Client Secret/ID
regex: >
(intercom[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9=_]{60}|[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['"]
caseinsensitive: True
example: >
intercom-apikey='20db6c3a-7e9g-4115-fgga-8e9g9bdb66ga'
- name: Ionic API Key
regex: >
(ionic[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"](ion_[a-z0-9]{42})['"]
caseinsensitive: True
example: >
ionic-apikey="ion_iftdb2dqw2p4zjrx4ukmd3gyu1j09tisku8krr7ftb"
#J
- name: Jenkins Creds
regex: >
<[a-zA-Z]*>{[a-zA-Z0-9=+/]*}<
example: >
<oMNRqXbKSxcxaKtcpzrbYxtiNhSovGCbABoWXhhZVWTPJtjxNdxweX>{zNWoeLK6b/VTY/zjcXLRicWTgygWmieeyS55L5RCaAul9Y3B5hrySZeWIO/u68LMVa0QuvOZoviAAW6Ewlz0Vy9vFgAi8zhzC}<
- name: JSON Web Token
regex: >
(ey[0-9a-z]{30,34}\.ey[0-9a-z\/_\-]{30,}\.[0-9a-zA-Z\/_\-]{10,}={0,2})
example: >
ey1j0if36vnu4kd71g19bwm90albqy3ghdpo.ey_-l6_8nramid0tsubb0y4uuf/m7e/wv804gd19bl4r3ddohfiqqfhavbaa9koe_4_34s_4uo70w_gec8t1-jvnqn9qxgdtav_pq_h0km0lh/v51ymqd7s-rd2bx8v0v4zceq4bojrtltxh.LIlpO2lRyoIXqI33jrJ6BNyh_BbGH-nsqjRTABzoOURRhK1NhKtzBmOwRd4Q1pBWAOJC_PyAmTPIxise9MU0zNO6bycbx==
#K
- name: Kraken Access Token
regex: >
([a-z0-9\/=_\+\-]{80,90})
example: 78v5z=/0wzau+a3hmj2dtw3og5zl64_g-7hy/w8tpa68evvu+2yx73dnhr7xff-p7w0simau/8qlz0p=b
- name: Kucoin Access Token
regex: >
([a-f0-9]{24})
example: 1a74895b3e160591722b5b27
falsePositives: True
- name: Kucoin Secret Key
regex: >
([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
example: 94a1b7bd-3d95-1358-cfe5-dc139bf0fd38
#L
- name: Launchdarkly Access Token
regex: >
([a-z0-9=_\-]{40})
example: jqn==s5wkr4ky1=u1wm=rt2rh9y69futftgcztr9
falsePositives: True
- name: Linear API Key
regex: >
(lin_api_[a-zA-Z0-9]{40})
example: >
lin_api_Z0jIN8ST4vHdrVskbfwp2KGiW7IdYwjNGbRKwLP6
- name: Linear Client Secret/ID
regex: >
((linear[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-f0-9]{32})['"])
example: >
linear-secret="9956feac192dfb52a9ab1ed56b82f9c9"
- name: LinkedIn Client ID
regex: >
linkedin(.{0,20})?['"][0-9a-z]{12}['"]
example: >
linkedin-clienId = 'cznnp67tejf8'
- name: LinkedIn Secret Key
regex: >
linkedin(.{0,20})?['"][0-9a-z]{16}['"]
example: >
linkedin-secret-key='ob99z693jsuo7squ'
- name: Lob API Key
regex: >
((lob[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]((live|test)_[a-f0-9]{35})['"])|((lob[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]((test|live)_pub_[a-f0-9]{31})['"])
caseinsensitive: True
example: >
lob-key='live_pub_057b776b74ef015b3dedeef0ad00e75'
- name: Lob Publishable API Key
regex: >
((test|live)_pub_[a-f0-9]{31})
example: live_pub_f85c6881326b1054d35a88edfaeeb5c
#M
- name: MailboxValidator
regex: >
(mailbox.?validator[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Z0-9]{20})['"]
caseinsensitive: True
example: >
mailboxCvalidator="ZKLAP8XCH2748GFZO5YQ"
- name: Mailchimp API Key
regex: '[0-9a-f]{32}-us[0-9]{1,2}'
example: >
1a5576f801fd309054c2a33565a4861a-us0
# - name: Mailgun API Key, Public Validation Key & Webhook signing key
# regex: >
# key-[0-9a-zA-Z]{32}'|pubkey-[a-f0-9]{32}|[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8}
- name: Mailgun API Key
regex: >
key-[0-9a-zA-Z]{32}'
example: >
key-aW3RBFRd70BUjs8RF0kO52mzMT5dumQa'
- name: Mailgun Public Validation Key
regex: >
pubkey-[a-f0-9]{32}
example: pubkey-520f647b5c0aef421bb2dd609a2f2435
- name: Mailgun Webhook signing key
regex: >
[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8}
example: 332f30ehda61ggg1gc3cd272c1eh275c-d6cadcge-abd44751
- name: Mapbox API Key
regex: '(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'
caseinsensitive: True
example: >
pk.5ao0tbtxbbjaqil39ayfv9dufje7756s32htr3k2mk85lmq895g2edwyon6c.e4ivqopwbuulo78o09il94
- name: Mattermost Access Token
regex: >
([a-z0-9]{26})
example: oiptatdsolk3v3ez1bssf132ob
falsePositives: True
- name: MessageBird API Key & API client ID
regex: >
(messagebird[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{25}|[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['"]
caseinsensitive: True
example: >
messagebird-clientid='45a929hf-bc4e-0b17-1bae-4hbce55dg348'
- name: Microsoft Teams Webhook
regex: >
https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}
example: >
https://ceftexl1bdkycusaze1xpwgss9sh8mjwo63lcx9wps3ii9yp9bxn10wradj81dc4bb42y7htxmbf6rybe12.webhook.office.com/webhookb2/wjph4wcu-5pd2-mzib-gm5k-hn2pxkhrokgx@61jrwbxf-i1aq-gn0f-3jee-ce7i69plt8je/IncomingWebhook/1uc2a14qtejjcradtkofxbmi9d7oasot/5p58k8hx-23qy-pq90-qdql-xgkl746l8hq6
- name: MojoAuth API Key
regex: >
[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}
example: c226c5fc-11d5-9715-82e1-9992fba09ab7
falsePositives: True
#N
- name: Netlify Access Token
regex: >
([a-z0-9=_\-]{40,46})
example: 981ppppz8if=o5tv61mb4ozxyt=2sgx_-unn2ycpvyffh
falsePositives: True
- name: New Relic User API Key, User API ID & Ingest Browser API Key
regex: >
(NRAK-[A-Z0-9]{27})|((newrelic[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Z0-9]{64})['"])|(NRJS-[a-f0-9]{19})
example: >
NRJS-a22f182e458a8b3c1be
- name: Nownodes
regex: >
(nownodes[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Za-z0-9]{32})['"]
example: >
nownodes="Aj1oaOKzBMQbeJmbDJrQynPdnQZLNVs4"
- name: Npm Access Token
regex: >
(npm_[a-zA-Z0-9]{36})
example: npm_4B7WG9aTx3E82k5RVFf75NnZ1a3AgQDSmmVr
- name: Nytimes Access Token
regex: >
([a-z0-9=_\-]{32})
example: knl9e1tk954c5o38urb7yv9nemx6_4n9
falsePositives: True
#O
- name: Okta Access Token
regex: >
([a-z0-9=_\-]{42})
example: 3hyl=yjq9ctnc4dv44c72_ij93c_0auxzad8ybb4e8
falsePositives: True
- name: ORB Intelligence Access Key
regex: >
['"][a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]
example: >
'25753e76-3c39-81e8-5d79-dc5d516df5ac'
#P
- name: Pastebin API Key
regex: >
(pastebin[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{32})['"]
caseinsensitive: True
example: >
pastebin-apikey='i7oebqjseaz6ykkiounpy7qsg0dodtvz'
- name: PayPal Braintree Access Token
regex: >
access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}
example: >
access_token$production$0ryxj99lrf9du9nd$dd5c8484b79bfe6fc0083d479ade256d
- name: Picatic API Key
regex: 'sk_live_[0-9a-z]{32}'
example: sk_live_wwo1bqvcv038p28p6t7tjwrd890w6cfy
- name: Pinata API Key
regex: >
(pinata[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{64})['"]
caseinsensitive: True
example: >
pinata-apikey="0qzrcgwdjf75gqo8k1jmahsx0z9yfhn29r6qrtpbebb8cpxwze1jw87w7rnco5rt"
- name: Planetscale API Key
regex: >
pscale_tkn_[a-zA-Z0-9_\.\-]{43}
example: >
pscale_tkn_Be8DvVdA-lx5bFT5zSm9dB.j5h9Wf28udxNZzuAUta.
- name: PlanetScale OAuth token
regex: >
(pscale_oauth_[a-zA-Z0-9_\.\-]{32,64})
example: >
pscale_oauth_s81e5G44cwgi0l6_6YyRIxRLtXSJcaVB-8UtQ-hU-X_SS75J
- name: Planetscale Password
regex: >
pscale_pw_[a-zA-Z0-9_\.\-]{43}
example: >
pscale_pw_hjn.wGE5_4QyNi9oTU6zTISo3a6z7KEFYTkRoqftKY9
- name: Plaid API Token
regex: >
(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
example: access-production-e76e4577-7d49-3798-55dd-ae74fbfbc35c
- name: Plaid Client ID
regex: >
([a-z0-9]{24})
example: kb3rphq68yglgqx9tm4ieggx
falsePositives: True
- name: Plaid Secret key
regex: >
([a-z0-9]{30})
example: nj6e8igjbii8qd1kzg0vceiywemfsy
falsePositives: True
- name: Prefect API token
regex: >
(pnu_[a-z0-9]{36})
example: pnu_hcozg01pfx6buqf66jjqlbl1tt28kvm13vya
- name: Postman API Key
regex: >
PMAK-[a-fA-F0-9]{24}-[a-fA-F0-9]{34}
example: >
PMAK-7C6A2bB463efEF8d475e5fFA-dEBf2BcA21fC3fC2fFcbc9bDD7F490bDbf
- name: Private Keys
regex: >
\-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN OPENSSH PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN PGP PRIVATE KEY BLOCK\-\-\-\-\-|\-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\-|\-\-\-\-\-BEGIN EC PRIVATE KEY\-\-\-\-\-
example: -----BEGIN PGP PRIVATE KEY BLOCK-----
- name: Pulumi API Key
regex: >
pul-[a-f0-9]{40}
example: pul-810ee274558b1d4259bad12e69813fe882dc088d
- name: PyPI upload token
regex: >
pypi-AgEIcHlwaS5vcmc[A-Za-z0-9_\-]{50,}
example: pypi-AgEIcHlwaS5vcmcMSAFV3tdkC4E3igwL3BBXYihtA9DksF308NrGABBCUo5XUqOrRwHr6wlGdBtV7sdbF9rYRz_K4sestJOyVhDUmGe7sAlXq7IWa2U8wPA5dxzGyoBOOq71P53rgGUvI-OG4VXe8qauHENTvW2H-bHS3jvBP3AKWAi3ux3qxl4oyp7752I8sF3Ho6YA6yIwQLBGWk_tQueTkxSVSTqfDUmbDd87AZXWLG1q5YCPS1vxU5CAr-2iQMp3B94c7wVkbO1gt3HGPMZhk8BFQF0k24PigC4q4ZUP917XJsC9GOfdJkZxoBOtjf8df2xJyriDxNlD3Xd4g5ugEkwg-isiulEMHJSl89WJbGcXWmdUJIPAfmcI6QjaoYEemlEkRxHlOWa_tavMHnARKCkLq2XAB65WpKipsD3WlqPw2A8ekc131ok2psVtFnxE6RFmYB2QacVa1ZQ8bd8Z5V5InAEDA7cBkhcaBFhgcfJRr0YBUmUB2BpZFimgOn3gewiBNU_NRPSK0v319k7CQI57gzyU9BajW3vVte8RKorviV94fytNx-epCP
#Q
- name: Quip API Key
regex: >
(quip[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-zA-Z0-9]{15}=\|[0-9]{10}\|[a-zA-Z0-9\/+]{43}=)['"]
caseinsensitive: True
example: >
quip-apikey= "ynkkxF8S9sm67Z8=|8554544522|S2Ortt+EcWPwdb0gi8c/XWXXAX30nIJH7pdygqsMnXp='
#R
- name: RapidAPI Access Token
regex: >
([a-z0-9_-]{50})
example: jle6dmk-8n2s8sexr4_8_1iqqeoflouzbt1re4871iiwa3w0bi
falsePositives: True
- name: Rubygem API Key
regex: >
rubygems_[a-f0-9]{48}
example: rubygems_f59b6a3470ed9e76f6ea9c9cd7b3b8543fb7c386c626f92c
- name: Readme API token
regex: >
rdme_[a-z0-9]{70}
example: rdme_k50cmrdy4vuysoe6gtuwgajs58em0bobohk747mf5lgtjw477nvllkz37tedjqok362xaf
#S
- name: Sendbird Access ID
regex: >
([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
example: 99525f82-5f75-cc96-dd2a-f5ae9fb78002
- name: Sendbird Access Token
regex: >
([a-f0-9]{40})
example: d214692636fda359cb7cd3d752a03c9785e9a18c
falsePositives: True
- name: Sendgrid API Key
regex: >
SG\.[a-zA-Z0-9_\.\-]{66}
example: SG.SAOyez.icLIwv1UnBSGxw0jnMLlwAO65yHWh4uwL_jc6tmPf4kI1B08YvnWx0XpJGX
- name: Sendinblue API Key
regex: >
xkeysib-[a-f0-9]{64}-[a-zA-Z0-9]{16}
example: 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
- name: Sentry Access Token
regex: >
([a-f0-9]{64})
example: 03f0995a9ac969aa0325da15b006865031733e421fa0594c8025d6321793d5af
falsePositives: True
- name: Shippo API Key, Access Token, Custom Access Token, Private App Access Token & Shared Secret
regex: >
shippo_(live|test)_[a-f0-9]{40}|shpat_[a-fA-F0-9]{32}|shpca_[a-fA-F0-9]{32}|shppa_[a-fA-F0-9]{32}|shpss_[a-fA-F0-9]{32}
example: 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
- name: Sidekiq Secret
regex: >
([a-f0-9]{8}:[a-f0-9]{8})
example: aa6971d0:acbd1cdf
- name: Sidekiq Sensitive URL
regex: >
([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)
example: >
8ffd9ff3:69359946@enterprisebcontribsysrcom
- name: Slack Token
regex: 'xox[baprs]-([0-9a-zA-Z]{10,48})?'
example: >
xoxr-D4tmaOXPgFU8b9b5fdLEinAI
- name: Slack Webhook #Not interesting
regex: 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{10}/B[a-zA-Z0-9_]{10}/[a-zA-Z0-9_]{24}'
example: >
https://hooks~slack4com/services/TT2AyZS32eh/BgMtxMkFcGT/lgXCUInK2hgMgs2VIoDrYBbK
- name: Smarksheel API Key
regex: >
(smartsheet[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{26})['"]
caseinsensitive: True
example: >
smartsheet-apikey='2dqi66zfexrmtmgo6fwbpwr4dk'
- name: Square Access Token
regex: 'sqOatp-[0-9A-Za-z_\-]{22}'
example: >
sqOatp-QzdbHA0Vb5xMWSzlJZq0G3
- name: Square API Key
regex: >
EAAAE[a-zA-Z0-9_-]{59}
example: EAAAEN71jw35eKEfh8Tuduzbjf2WDl1p3Jt9MtDLL4A0w2GMa7zliU1mI-DouJML
- name: Square Oauth Secret
regex: 'sq0csp-[ 0-9A-Za-z_\-]{43}'
example: >
sq0csp-6NsAS fw9NQQ6nnOMzqHt-JJEDHIxuBSFjoU37VqTda
- name: Stytch API Key
regex: 'secret-.*-[a-zA-Z0-9_=\-]{36}'
example: >
secret-2&5="]g`/7%1!fM|+nw*T:>QQZsZEe-IRtV|w<W.bgX=Zpp5fL*V$O*~@U_drVBL:{vN+38(B|;7&_0jgw72)F 90a)-nJ5L5Uaz9rY_VrHI1wI0IUhbnzo=Y0RolqMU
- name: Stripe Access Token & API Key
regex: >
(sk|pk)_(test|live)_[0-9a-z]{10,32}|k_live_[0-9a-zA-Z]{24}
caseinsensitive: True
example: >
sk_test_t9abh3jbt4h54uscv00xbvj
- name: SumoLogic Access ID
regex: >
([a-z0-9]{14})
example: 96c2p2dkmot543
falsePositives: True
- name: SumoLogic Access Token
regex: >
([a-z0-9]{64})
example: elnz883f0nr0bq2w4iwmubu1nzxoy9vl76230yiz88latw21ci5e5vlo0npoznq7
falsePositives: True
#T
- name: Telegram Bot API Token
regex: >
[0-9]+:AA[0-9A-Za-z\\-_]{33}
example: >
45319947787793085566872946499104659857938160004516372140868611:AA7HRqPqHBc]rgeV73I2^Vy2^]gn2Zqag5E
- name: Travis CI Access Token
regex: >
([a-z0-9]{22})
example: yil7rjygrps8n92ume8eie
falsePositives: True
- name: Trello API Key
regex: >
(trello[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-z]{32})['"]
example: >
trellop-apikey='fefv0v1t1u0kcu27aghl6x7rkgh22o9j'
- name: Twilio API Key
regex: 'SK[0-9a-fA-F]{32}'
example: SK7dAbbd7E729f7B15aBf2E23936dB1f1E
- name: Twitch API Key
regex: >
(twitch[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([a-z0-9]{30})['"]
example: >
twitch-apikey='m1apxmp9wx0zho75dqepftliue4lki'
- name: Twitter Client ID
regex: >
[tT][wW][iI][tT][tT][eE][rR](.{0,20})?['"][0-9a-z]{18,25}
example: >
twITter"8dbvxacfwy156oy7bju
- name: Twitter Bearer Token
regex: >
(A{22}[a-zA-Z0-9%]{80,100})
example: AAAAAAAAAAAAAAAAAAAAAAsrIRuumqNo14xDR667rmftkzr3Wf2l7RjZaDkn8dNPoW6AZ7SLNEkY3DUwlcadFYI9TGeY0fhJfQ85kM5lt5X3vm%BpAOe2E5Hm
- name: Twitter Oauth
regex: >
[tT][wW][iI][tT][tT][eE][rR].{0,30}['"\\s][0-9a-zA-Z]{35,44}['"\\s]
example: >
TwittER%bwO{:ApFxi(vPdsWfKrJSJzDvq9k23tIrYmpLi1iKJTaSjLuYd22L'
- name: Twitter Secret Key
regex: >
[tT][wW][iI][tT][tT][eE][rR](.{0,20})?['"][0-9a-z]{35,44}
example: >
TWiTTer'lv93m7sakl98b0b42cn3vka3zc2952oicl4w
- name: Typeform API Key
regex: >
tfp_[a-z0-9_\.=\-]{59}
example: >
tfp_k-hu0c.._s1of67nozvagd2j-i09w6x.r-jsj_qd2wnqanobjz.ln=d3d1f
#U
- name: URLScan API Key
regex: >
['"][a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]
example: >
"96d6faf6-2e24-2c35-0538-390a7f3a9961"
- name: Vault Token #False +
regex: '[sb]\.[a-zA-Z0-9]{24}'
example: 'b.fw94cMfbUwIUqTi6JgZACqcL'
falsePositives: true
#Y
- name: Yandex Access Token
regex: >
(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})
example: t1.yandex-access-token=.dlYbt__bUqHydFrwsu9ZwyaXntQILjfpFiwqYAaOsjiwA1WCyR-CNuYIWb2_7Elc8nXTfRVK8018V9cxpEWzte
- name: Yandex API Key
regex: >
(AQVN[A-Za-z0-9_\-]{35,38})
example: AQVNpkr5yIKylWh-Edv4XCokHgnTIp3f2PQTXWJ
- name: Yandex AWS Access Token
regex: >
(YC[a-zA-Z0-9_\-]{38})
example: YCeKYhqk9alQFHsIvTkb6_0lciJm0ZkEmaaKM2ml
#W
- name: Web3 API Key
regex: >
(web3[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([A-Za-z0-9_=\-]+\.[A-Za-z0-9_=\-]+\.?[A-Za-z0-9_.+/=\-]*)['"]
caseinsensitive: True
example: >
web3-apikey='_WfF7x3Cey.NMZS4K6MDz7ONmYT9iEqn2MiqenLs0o69VIc18GYOqfhpDp-OQcqFj9mtfo0InxQCQeCD1Rhjo4esJoQlNRfsrtiweSfHCM17Ir.RPigbHjYLwNTSgsp_0QhqIO7z0+YkXOS7w==uwx-eDPuj7nDSwxIUFPkyw4QIhg5YNZMkncDx1_i0/OQ/GJ'
#Z
- name: Zendesk Secret Key
regex: >
([a-z0-9]{40})
example: kwyilgkkvb2bi6m2xqyh5snuikuawgbd9h2tdgn6
falsePositives: True
# Misc
- name: Misc
regexes:
- name: Generic API Key
regex: >
((key|api|token|secret|password)[a-z0-9_ \.,\-]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-zA-Z_=\-]{8,64})['"]
example: >
secret-key="FLdz-Wt1CQYcl9EywqaeZ2_IL65oH5HwL7jUWpdFucN"
falsePositives: True
- name: Generic Secret
regex: >
[sS][eE][cC][rR][eE][tT].*['"][0-9a-zA-Z]{32,45}['"]
example: >
sECret = "aso3pje4ghu4gbf3rgu3gr3rg34gdiwubeyfvwDEf6ed"
# Disable in winpeas because of RegexDoS (for some reason)
- name: Basic Auth
regex: >
//(.+):(.+)@
example: >
//UserName237.e4r3%:Compl3x&/Password1763@domain.com
- name: PHP Passwords
regex: >
(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass|pass').*[=:].+|define ?\('(\w*pass|\w*pwd|\w*user|\w*datab)
example: >
dbpass = "asdasd"
- name: Config Secrets
regex: >
passwd.*|creden.*|^kind:[^a-zA-Z0-9_]?Secret|[^a-zA-Z0-9_]env:|secret:|secretName:|^kind:[^a-zA-Z0-9_]?EncryptionConfiguration|\-\-encryption\-provider\-config
example: " secret: 'lala'"
- name: Simple Passwords
regex: >
passw.*[=:].+
example: >
passw='sz&v5u.}WJV>v'
- name: Generiac API tokens search
regex: >
(access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|
amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|
api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|
application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|
aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|
bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|
bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|
cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|
client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|
cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|conn.login|
connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|
datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|
digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|
docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|
dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|
env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .,<\-]{0,25}(=|>|:=|\|\|:|<=|=>|:).{0,5}['"]([0-9a-zA-Z_=\-]{8,64})['"]
example: >
aws_token='-A1nivVI1TSm_e4Og2akP_3vI9FxGj'
- name: Usernames
regex: >
username.*[=:].+
example: >
usernameF~K\68*X[:Pz("\`*BAZn4de%I1P8Lce`pIh)EJ9Og[*;Xy+*!xc4#|f%GpE8TN2AjEl>A>9&6(C[=;42X6%zhifQvai%G*IB^tm{%b&E#(>m'<}!\(qehQwy&*K{HM{m_sj
- name: Net user add
regex: >
net user .+ /add
example: >
net user UserNamer234234 passwordIg]N:X0,07GOY/wO}]P1Xy] /add
- name: IPs
regex: '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
example: '251.093.15.235'
falsePositives: True
- name: Emails # Too many false positives
regex: '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}'
example: 'example_email@sub.domain.com'
falsePositives: True
Reference in New Issue View Git Blame Copy Permalink