├── urlparams.json ├── firebase.json ├── jsvar.json ├── jwt.json ├── urls.json ├── go-functions.json ├── typos.json ├── twilio-key.json ├── meg-headers.json ├── picatic-keys_secrets.json ├── servers.json ├── swearwords.json ├── twilio-keys_secrets.json ├── mailgun-keys_secrets.json ├── facebook-token_secrets.json ├── google-keys_secrets.json ├── google-token_secrets.json ├── mailchimp-keys_secrets.json ├── parsers.json ├── slack-token.json ├── square-secret.json ├── cors.json ├── facebook-access-token.json ├── github_secrets.json ├── http-auth.json ├── serial.json ├── upload-fields.json ├── xml.json ├── execs.json ├── facebook-oauth_secrets.json ├── twitter-token_secrets.json ├── ccode.json ├── github.json ├── google-service-account_secrets.json ├── twitter-oauth_secrets.json ├── twitter-secret.json ├── secrets.json ├── strings.json ├── google-oauth_secrets.json ├── aws-secret-key.json ├── paypal-token_secrets.json ├── php-curl.json ├── slack-token_secrets.json ├── aws-keys.json ├── aws-keys_secrets.json ├── facebook-oauth.json ├── heroku-keys_secrets.json ├── aws-mws-key.json ├── base64.json ├── twitter-oauth.json ├── php-open-filesystem-handler.json ├── php-serialized.json ├── asymmetric-keys_secrets.json ├── ip.json ├── php-commandexec.json ├── slack-webhook.json ├── slack-webhook_secrets.json ├── php-sources.json ├── stripe-keys_secrets.json ├── crypto.json ├── php-codeexec.json ├── square-keys_secrets.json ├── auth.json ├── badwords.json ├── img-traversal.json ├── sec.json ├── php-sinks.json ├── ssti.json ├── firebase_secrets.json ├── json-sec.json ├── README.md ├── interestingsubs.json ├── js-sinks.json ├── debug-pages.json ├── php-informationdisclosure.json ├── idor.json ├── aws-s3_secrets.json ├── s3-buckets.json ├── php-write-filesystem.json ├── php-errors.json ├── php-callbacks.json ├── xss.json ├── debug_logic.json ├── fw.json ├── sqli.json ├── rce.json ├── lfi.json ├── php-read-filesystem.json ├── interestingEXT.json ├── ssrf.json ├── redirect.json ├── takeovers.json ├── truffle.json ├── api-keys.json ├── interestingparams.json └── Allin1gf.json /urlparams.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-riE", 3 | "pattern": "[?].*[&]?" 4 | } 5 | -------------------------------------------------------------------------------- /firebase.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Hnri", 3 | "pattern": "firebaseio.com" 4 | } 5 | -------------------------------------------------------------------------------- /jsvar.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanroE", 3 | "pattern": "var [a-z0-9_]+\\=." 4 | } 5 | -------------------------------------------------------------------------------- /jwt.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(jwt|jks|jwk|jku)" 4 | } 5 | -------------------------------------------------------------------------------- /urls.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-oriahE", 3 | "pattern": "https?://[^\"\\'<>) ]+" 4 | } 5 | -------------------------------------------------------------------------------- /go-functions.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "func [a-z0-9_]+\\(" 4 | } 5 | -------------------------------------------------------------------------------- /typos.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(pasword|passsword)" 4 | } 5 | -------------------------------------------------------------------------------- /twilio-key.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "SK[0-9a-fA-F]{32}" 4 | } 5 | -------------------------------------------------------------------------------- /meg-headers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hroiE", 3 | "pattern": "^\u003c [a-z0-9_\\-]+: .*" 4 | } 5 | -------------------------------------------------------------------------------- /picatic-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "sk_live_[0-9a-z]{32}" 4 | } -------------------------------------------------------------------------------- /servers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hri", 3 | "pattern": "server: ", 4 | "unique": true 5 | } 6 | -------------------------------------------------------------------------------- /swearwords.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(fuck|shit|stupid|dumb)" 4 | } 5 | -------------------------------------------------------------------------------- /twilio-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "SK[0-9a-fA-F]{32}" 4 | } -------------------------------------------------------------------------------- /mailgun-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "key-[0-9a-zA-Z]{32}" 4 | } -------------------------------------------------------------------------------- /facebook-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "EAACEdEose0cBA[0-9A-Za-z]+" 4 | } -------------------------------------------------------------------------------- /google-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "AIza[0-9A-Za-z\\-\\_]{35}" 4 | } -------------------------------------------------------------------------------- /google-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "ya29\\.[0-9A-Za-z\\-\\_]+" 4 | } -------------------------------------------------------------------------------- /mailchimp-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "[0-9a-f]{32}-us[0-9]{1,2}" 4 | } -------------------------------------------------------------------------------- /parsers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(parse|open|request|validate|verify)" 4 | } 5 | -------------------------------------------------------------------------------- /slack-token.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "xox[baprs]-([0-9a-zA-Z]{10,48})?" 4 | } 5 | -------------------------------------------------------------------------------- /square-secret.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "sq0csp-[ 0-9A-Za-z\\-_]{43}" 4 | } 5 | -------------------------------------------------------------------------------- /cors.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "Access-Control-Allow" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /facebook-access-token.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "EAACEdEose0cBA[0-9A-Za-z]+" 4 | } 5 | -------------------------------------------------------------------------------- /github_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "github.*['|\"][0-9a-zA-Z]{35,40}['|\"]" 4 | } -------------------------------------------------------------------------------- /http-auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hrioaE", 3 | "pattern": "[a-z0-9_/\\.:-]+@[a-z0-9-]+\\.[a-z0-9.-]+" 4 | } 5 | -------------------------------------------------------------------------------- /serial.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(pickle|yaml|serialize|marshal|objectinput)" 4 | } 5 | -------------------------------------------------------------------------------- /upload-fields.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "\u003cinput[^\u003e]+type=[\"']?file[\"']?" 4 | } 5 | -------------------------------------------------------------------------------- /xml.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(xml|xerces|sax|etree|xpath|documentbuilder)" 4 | } 5 | -------------------------------------------------------------------------------- /execs.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(eval|run|exec|process|system|popen|spawn|dup2)" 4 | } 5 | -------------------------------------------------------------------------------- /facebook-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "facebook.*['|\"][0-9a-f]{32}['|\"]" 4 | } -------------------------------------------------------------------------------- /twitter-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "twitter.*[1-9][0-9]+-[0-9a-zA-Z]{40}" 4 | } -------------------------------------------------------------------------------- /ccode.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(alloc|free|strcpy|gets|strncpy|strcat|sprintf|scanf)" 4 | } 5 | -------------------------------------------------------------------------------- /github.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}" 4 | } 5 | -------------------------------------------------------------------------------- /google-service-account_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "\"type\": \"service_account\"" 4 | } -------------------------------------------------------------------------------- /twitter-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "twitter.*['|\"][0-9a-zA-Z]{35,44}['|\"]" 4 | } -------------------------------------------------------------------------------- /twitter-secret.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}" 4 | } 5 | -------------------------------------------------------------------------------- /secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(password|private|token|secret|key|authorization|bearer)" 4 | } 5 | -------------------------------------------------------------------------------- /strings.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hroiaE", 3 | "patterns": [ 4 | "\"[^\"]+\"", 5 | "'[^']+'" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /google-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 4 | } -------------------------------------------------------------------------------- /aws-secret-key.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]" 4 | } 5 | 6 | -------------------------------------------------------------------------------- /paypal-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 4 | } -------------------------------------------------------------------------------- /php-curl.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnrE", 3 | "pattern": "CURLOPT_(HTTPHEADER|HEADER|COOKIE|RANGE|REFERER|USERAGENT|PROXYHEADER)" 4 | } 5 | -------------------------------------------------------------------------------- /slack-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 4 | } -------------------------------------------------------------------------------- /aws-keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrE", 3 | "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" 4 | } 5 | -------------------------------------------------------------------------------- /aws-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" 4 | } -------------------------------------------------------------------------------- /facebook-oauth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" 4 | } 5 | -------------------------------------------------------------------------------- /heroku-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "heroku.*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}" 4 | } -------------------------------------------------------------------------------- /aws-mws-key.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 4 | } 5 | -------------------------------------------------------------------------------- /base64.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnroE", 3 | "pattern": "([^A-Za-z0-9+/]|^)(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[%a-zA-Z0-9+/]+={0,2}" 4 | } 5 | 6 | 7 | -------------------------------------------------------------------------------- /twitter-oauth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]" 4 | } 5 | -------------------------------------------------------------------------------- /php-open-filesystem-handler.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "fopen\\(|tmpfile\\(|bzopen\\(|gzopen\\(|SplFileObject::__construct" 4 | } 5 | 6 | -------------------------------------------------------------------------------- /php-serialized.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnrE", 3 | "patterns": [ 4 | "a:[0-9]+:{", 5 | "O:[0-9]+:\"", 6 | "s:[0-9]+:\"" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /asymmetric-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "\\-\\-\\-\\-\\-BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?\\-\\-\\-\\-\\-" 4 | } -------------------------------------------------------------------------------- /ip.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnroE", 3 | "pattern": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" 4 | } 5 | -------------------------------------------------------------------------------- /php-commandexec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "exec\\(|system\\(|passthru\\(|popen\\(|shell_exec\\(|proc_open\\(|pcntl_exec\\(" 4 | } 5 | 6 | 7 | -------------------------------------------------------------------------------- /slack-webhook.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "pattern": "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 4 | } 5 | -------------------------------------------------------------------------------- /slack-webhook_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 4 | } -------------------------------------------------------------------------------- /php-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnrE", 3 | "patterns": [ 4 | "\\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)", 5 | "php://(input|stdin)" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /stripe-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "sk_live_[0-9a-zA-Z]{24}", 5 | "rk_live_[0-9a-zA-Z]{24}" 6 | ] 7 | } -------------------------------------------------------------------------------- /crypto.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(aes|rsa|dsa|des|cbc|ecb|hmac|gcm|privatekey|publickey|md5|sha1|sha256|cipher|crypto|encrypt|decrypt|digest)" 4 | } 5 | -------------------------------------------------------------------------------- /php-codeexec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "assert\\(|eval\\(|preg_replace\\(|create_function\\(|include\\(|include_once\\(|require\\(|require_once\\(" 4 | } 5 | -------------------------------------------------------------------------------- /square-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "sq0atp-[0-9A-Za-z\\-\\_]{22}", 5 | "rsq0csp-[0-9A-Za-z\\-\\_]{43}" 6 | ] 7 | } -------------------------------------------------------------------------------- /auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(privilege|permissions|capability|role|rbac|policy|authorization|auth|claims|access|login|register|registration|logout)" 4 | } 5 | -------------------------------------------------------------------------------- /badwords.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(TODO|FIXME|ISSUE|TEMPORARY FIX|TEMPORARY HACK|WORKAROUND|BE CAREFUL|SENSITIVE|LEGACY|RAW|DANGEROUS|INSECURE|UNSAFE)" 4 | } 5 | -------------------------------------------------------------------------------- /img-traversal.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "=.*.jpg", 6 | "=.*.jpeg", 7 | "=.*.gif", 8 | "=.*.png" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /sec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(aws_access|aws_secret|api[_-]?key|ListBucketResult|S3_ACCESS_KEY|Authorization:|RSA PRIVATE|Index of|aws_|secret|ssh-rsa AA)" 4 | } 5 | -------------------------------------------------------------------------------- /php-sinks.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "[^a-z0-9_](system|shell_exec|exec|popen|pcntl_exec|eval|create_function|unserialize|file_exists|md5_file|filemtime|filesize|assert) ?\\(" 4 | } 5 | -------------------------------------------------------------------------------- /ssti.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "flags": "-iE", 4 | "patterns": [ 5 | 6 | "template=", 7 | "preview=", 8 | "id=", 9 | "view=", 10 | "activity=", 11 | "name=", 12 | "content=", 13 | "redirect=" 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /firebase_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.firebaseio\\.com", 5 | "[a-z0-9.-]+\\.firebaseapp\\.com", 6 | "[a-z0-9.-]+\\.appspot\\.com" 7 | ] 8 | } -------------------------------------------------------------------------------- /json-sec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-harioE", 3 | "pattern": "(\\\\?\"|"|%22)[a-z0-9_-]*(api[_-]?key|S3|aws_|secret|passw|auth)[a-z0-9_-]*(\\\\?\"|"|%22): ?(\\\\?\"|"|%22)[^\"&]+(\\\\?\"|"|%22)" 4 | } 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # gf-patterns 2 | Some of the gf patterns which i use while hunting 3 | 4 | contribution and suggestions are always welcome at https://twitter.com/Nitinydv14. 5 | 6 | # Thanks to all the authors for publishing these patterns 7 | -------------------------------------------------------------------------------- /interestingsubs.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "admin", 5 | "jenkins", 6 | "test", 7 | "proxy", 8 | "stage", 9 | "test", 10 | "dev", 11 | "devops", 12 | "staff", 13 | "db", 14 | "qa", 15 | "internal" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /js-sinks.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "location(\\.href)?( ?=|\\.replace)", 5 | "eval\\(", 6 | "(setTimeout|setInterval)\\([\\\"']", 7 | "new Function\\([\\\"']" 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /debug-pages.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnraiE", 3 | "pattern": "(Application-Trace|Routing Error|DEBUG\"? ?[=:] ?True|Caused by:|stack trace:|Microsoft .NET Framework|Traceback|[0-9]:in `|#!/us|WebApplicationException|java\\.lang\\.|phpinfo|swaggerUi|on line [0-9]|SQLSTATE)" 4 | 5 | } 6 | -------------------------------------------------------------------------------- /php-informationdisclosure.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "phpinfo|posix_mkfifo|posix_getlogin|posix_ttyname|getenv|get_current_user|proc_get_status|get_cfg_var|disk_free_space|disk_total_space|diskfreespace|getcwd|getlastmo|getmygid|getmyinode|getmypid|getmyuid" 4 | } 5 | -------------------------------------------------------------------------------- /idor.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "id=", 6 | "user=", 7 | "account=", 8 | "number=", 9 | "order=", 10 | "no=", 11 | "doc=", 12 | "key=", 13 | "email=", 14 | "group=", 15 | "profile=", 16 | "edit=", 17 | "report=" 18 | 19 | ] 20 | } 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /aws-s3_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", 5 | "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", 6 | "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", 7 | "//s3\\.amazonaws\\.com/[a-z0-9._-]+", 8 | "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" 9 | ] 10 | } -------------------------------------------------------------------------------- /s3-buckets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Prohi", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", 5 | "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", 6 | "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", 7 | "//s3\\.amazonaws\\.com/[a-z0-9._-]+", 8 | "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /php-write-filesystem.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "chgrp\\(|chmod\\(|chown\\(|copy\\(|file_put_contents\\(|lchgrp\\(|lchown\\(|link\\(|mkdir\\(|move_uploaded_file\\(|rename\\(|rmdir\\(|symlink\\(|tempnam\\(|touch\\(|unlink\\(|imagepng\\(|imagewbmp\\(|image2wbmp\\(|imagejpeg\\(|imagexbm\\(|imagegif\\(|imagegd\\(|imagegd2\\(|iptcembed\\(|ftp_get\\(|ftp_nb_get\\(" 4 | } 5 | -------------------------------------------------------------------------------- /php-errors.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "php warning", 5 | "php error", 6 | "fatal error", 7 | "uncaught exception", 8 | "include_path", 9 | "undefined index", 10 | "undefined variable", 11 | "\\?php", 12 | "<\\?[^x]", 13 | "stack trace\\:", 14 | "expects parameter [0-9]*", 15 | "Debug Trace" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /php-callbacks.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "ob_start|array_diff_uassoc|array_diff_ukey|array_filter|array_intersect_uassoc|array_intersect_ukey|array_map|array_reduce|array_udiff_assoc|array_udiff_uassoc|array_udiff|array_uintersect_assoc|array_uintersect_uassoc|array_uintersect|array_walk_recursive|array_walk|assert_options|uasort|uksort|usort|preg_replace_callback|spl_autoload_register|iterator_apply|call_user_func|call_user_func_array|register_shutdown_function|register_tick_function|set_error_handler|set_exception_handler|session_set_save_handler|sqlite_create_aggregate|sqlite_create_function" 4 | } 5 | 6 | 7 | -------------------------------------------------------------------------------- /xss.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "q=", 5 | "s=", 6 | "search=", 7 | "lang=", 8 | "keyword=", 9 | "query=", 10 | "page=", 11 | "keywords=", 12 | "year=", 13 | "view=", 14 | "email=", 15 | "type=", 16 | "name=", 17 | "p=", 18 | "callback=", 19 | "jsonp=", 20 | "api_key=", 21 | "api=", 22 | "password=", 23 | "email=", 24 | "emailto=", 25 | "token=", 26 | "username=", 27 | "csrf_token=", 28 | "unsubscribe_token=", 29 | "id=", 30 | "item=", 31 | "page_id=", 32 | "month=", 33 | "immagine=", 34 | "list_type=", 35 | "url=", 36 | "terms=", 37 | "categoryid=", 38 | "key=", 39 | "l=", 40 | "begindate=", 41 | "enddate=" 42 | 43 | ] 44 | } 45 | -------------------------------------------------------------------------------- /debug_logic.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "access=", 6 | "admin=", 7 | "dbg=", 8 | "debug=", 9 | "edit=", 10 | "grant=", 11 | "test=", 12 | "alter=", 13 | "clone=", 14 | "create=", 15 | "delete=", 16 | "disable=", 17 | "enable=", 18 | "exec=", 19 | "execute=", 20 | "load=", 21 | "make=", 22 | "modify=", 23 | "rename=", 24 | "reset=", 25 | "shell=", 26 | "toggle=", 27 | "adm=", 28 | "root=", 29 | "cfg=", 30 | "config=" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /fw.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "django", 5 | "laravel", 6 | "symfony", 7 | "graphite", 8 | "grafana", 9 | "X-Drupal-Cache", 10 | "struts", 11 | "code ?igniter", 12 | "cake ?php", 13 | "grails", 14 | "elastic ?search", 15 | "kibana", 16 | "log ?stash", 17 | "tomcat", 18 | "jenkins", 19 | "hudson", 20 | "com.atlassian.jira", 21 | "Apache Subversion", 22 | "Chef Server", 23 | "RabbitMQ Management", 24 | "Mongo", 25 | "Travis CI - Enterprise", 26 | "BMC Remedy", 27 | "artifactory" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /sqli.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "id=", 6 | "select=", 7 | "report=", 8 | "role=", 9 | "update=", 10 | "query=", 11 | "user=", 12 | "name=", 13 | "sort=", 14 | "where=", 15 | "search=", 16 | "params=", 17 | "process=", 18 | "row=", 19 | "view=", 20 | "table=", 21 | "from=", 22 | "sel=", 23 | "results=", 24 | "sleep=", 25 | "fetch=", 26 | "order=", 27 | "keyword=", 28 | "column=", 29 | "field=", 30 | "delete=", 31 | "string=", 32 | "number=", 33 | "filter=" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /rce.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "daemon=", 6 | "upload=", 7 | "dir=", 8 | "download=", 9 | "log=", 10 | "ip=", 11 | "cli=", 12 | "cmd=", 13 | "exec=", 14 | "command=", 15 | "execute=", 16 | "ping=", 17 | "query=", 18 | "jump=", 19 | "code=", 20 | "reg=", 21 | "do=", 22 | "func=", 23 | "arg=", 24 | "option=", 25 | "load=", 26 | "process=", 27 | "step=", 28 | "read=", 29 | "function", 30 | "req=", 31 | "feature=", 32 | "exe=", 33 | "module=", 34 | "payload=", 35 | "run=", 36 | "print=" 37 | ] 38 | } 39 | -------------------------------------------------------------------------------- /lfi.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "file=", 6 | "document=", 7 | "folder=", 8 | "root=", 9 | "path=", 10 | "pg=", 11 | "style=", 12 | "pdf=", 13 | "template=", 14 | "php_path=", 15 | "doc=", 16 | "page=", 17 | "name=", 18 | "cat=", 19 | "dir=", 20 | "action=", 21 | "board=", 22 | "date=", 23 | "detail=", 24 | "download=", 25 | "prefix=", 26 | "include=", 27 | "inc=", 28 | "locate=", 29 | "show=", 30 | "site=", 31 | "type=", 32 | "view=", 33 | "content=", 34 | "layout=", 35 | "mod=", 36 | "conf=", 37 | "url=" 38 | 39 | 40 | ] 41 | } 42 | -------------------------------------------------------------------------------- /php-read-filesystem.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "file_exists\\(|file_get_contents\\(|file\\(|fileatime\\(|filectime\\(|filegroup\\(|fileinode\\(|filemtime\\(|fileowner\\(|fileperms\\(|filesize\\(|filetype\\(|glob\\(|is_dir\\(|is_executable\\(|is_file\\(|is_link\\(|is_readable\\(|is_uploaded_file\\(|is_writable\\(|is_writeable\\(|linkinfo\\(|lstat\\(|parse_ini_file\\(|pathinfo\\(|readfile\\(|readlink\\(|realpath\\(|stat\\(|gzfile\\(|readgzfile\\(|getimagesize\\(|imagecreatefromgif\\(|imagecreatefromjpeg\\(|imagecreatefrompng\\(|imagecreatefromwbmp\\(|imagecreatefromxbm\\(|imagecreatefromxpm\\(|ftp_put\\(|ftp_nb_put\\(|exif_read_data\\(|read_exif_data\\(|exif_thumbnail\\(|exif_imagetype\\(|hash_file\\(|hash_hmac_file\\(|hash_update_file\\(|md5_file\\(|sha1_file\\(|highlight_file\\(|show_source\\(|php_strip_whitespace\\(|get_meta_tags\\(" 4 | } 5 | 6 | -------------------------------------------------------------------------------- /interestingEXT.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "\\.action", 6 | "\\.adr", 7 | "\\.ascx", 8 | "\\.asmx", 9 | "\\.axd", 10 | "\\.backup", 11 | "\\.bak", 12 | "\\.bkf", 13 | "\\.bkp", 14 | "\\.bok", 15 | "\\.achee", 16 | "\\.cfg", 17 | "\\.cfm", 18 | "\\.cgi", 19 | "\\.cnf", 20 | "\\.conf", 21 | "\\.config", 22 | "\\.crt", 23 | "\\.csr", 24 | "\\.csv", 25 | "\\.dat", 26 | "\\.doc", 27 | "\\.docx", 28 | "\\.eml", 29 | "\\.env", 30 | "\\.exe", 31 | "\\.gz", 32 | "\\.ica", 33 | "\\.inf", 34 | "\\.ini", 35 | "\\.java", 36 | "\\.json", 37 | "\\.key", 38 | "\\.log", 39 | "\\.lst", 40 | "\\.mai", 41 | "\\.mbox", 42 | "\\.mbx", 43 | "\\.md", 44 | "\\.mdb", 45 | "\\.nsf", 46 | "\\.old", 47 | "\\.ora", 48 | "\\.pac", 49 | "\\.passwd", 50 | "\\.pcf", 51 | "\\.pdf", 52 | "\\.pem", 53 | "\\.pgp", 54 | "\\.pl", 55 | " plist", 56 | "\\.pwd", 57 | "\\.rdp", 58 | "\\.reg", 59 | "\\.rtf", 60 | "\\.skr", 61 | "\\.sql", 62 | "\\.swf", 63 | "\\.tpl", 64 | "\\.txt", 65 | "\\.url", 66 | "\\.wml", 67 | "\\.xls", 68 | "\\.xlsx", 69 | "\\.xml", 70 | "\\.xsd", 71 | "\\.yml" 72 | ] 73 | } 74 | -------------------------------------------------------------------------------- /ssrf.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "access=", 6 | "admin=", 7 | "dbg=", 8 | "debug=", 9 | "edit=", 10 | "grant=", 11 | "test=", 12 | "alter=", 13 | "clone=", 14 | "create=", 15 | "delete=", 16 | "disable=", 17 | "enable=", 18 | "exec=", 19 | "execute=", 20 | "load=", 21 | "make=", 22 | "modify=", 23 | "rename=", 24 | "reset=", 25 | "shell=", 26 | "toggle=", 27 | "adm=", 28 | "root=", 29 | "cfg=", 30 | "dest=", 31 | "redirect=", 32 | "uri=", 33 | "path=", 34 | "continue=", 35 | "url=", 36 | "window=", 37 | "next=", 38 | "data=", 39 | "reference=", 40 | "site=", 41 | "html=", 42 | "val=", 43 | "validate=", 44 | "domain=", 45 | "callback=", 46 | "return=", 47 | "page=", 48 | "feed=", 49 | "host=", 50 | "port=", 51 | "to=", 52 | "out=", 53 | "view=", 54 | "dir=", 55 | "show=", 56 | "navigation=", 57 | "open=", 58 | "file=", 59 | "document=", 60 | "folder=", 61 | "pg=", 62 | "php_path=", 63 | "style=", 64 | "doc=", 65 | "img=", 66 | "filename=" 67 | 68 | ] 69 | } 70 | 71 | 72 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /redirect.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "Lmage_url=", 5 | "Open=", 6 | "callback=", 7 | "cgi-bin/redirect.cgi", 8 | "cgi-bin/redirect.cgi?", 9 | "checkout=", 10 | "checkout_url=", 11 | "continue=", 12 | "data=", 13 | "dest=", 14 | "destination=", 15 | "dir=", 16 | "domain=", 17 | "feed=", 18 | "file=", 19 | "file_name=", 20 | "file_url=", 21 | "folder=", 22 | "folder_url=", 23 | "forward=", 24 | "from_url=", 25 | "go=", 26 | "goto=", 27 | "host=", 28 | "html=", 29 | "image_url=", 30 | "img_url=", 31 | "load_file=", 32 | "load_url=", 33 | "login?to=", 34 | "login_url=", 35 | "logout=", 36 | "navigation=", 37 | "next=", 38 | "next_page=", 39 | "out=", 40 | "page=", 41 | "page_url=", 42 | "path=", 43 | "port=", 44 | "redir=", 45 | "redirect=", 46 | "redirect_to=", 47 | "redirect_uri=", 48 | "redirect_url=", 49 | "reference=", 50 | "return=", 51 | "returnTo=", 52 | "return_path=", 53 | "return_to=", 54 | "return_url=", 55 | "rt=", 56 | "rurl=", 57 | "show=", 58 | "site=", 59 | "target=", 60 | "to=", 61 | "uri=", 62 | "url=", 63 | "val=", 64 | "validate=", 65 | "view=", 66 | "window=" 67 | ] 68 | } 69 | -------------------------------------------------------------------------------- /takeovers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "There is no app configured at that hostname", 5 | "NoSuchBucket", 6 | "No Such Account", 7 | "You're Almost There", 8 | "a GitHub Pages site here", 9 | "There's nothing here", 10 | "project not found", 11 | "Your CNAME settings", 12 | "InvalidBucketName", 13 | "PermanentRedirect", 14 | "The specified bucket does not exist", 15 | "Repository not found", 16 | "Sorry, We Couldn't Find That Page", 17 | "The feed has not been found.", 18 | "The thing you were looking for is no longer here, or never was", 19 | "Please renew your subscription", 20 | "There isn't a Github Pages site here.", 21 | "We could not find what you're looking for.", 22 | "No settings were found for this company:", 23 | "No such app", 24 | "is not a registered InCloud YouTrack", 25 | "Unrecognized domain", 26 | "project not found", 27 | "This UserVoice subdomain is currently available!", 28 | "Do you want to register", 29 | "Help Center Closed" 30 | ] 31 | } 32 | 33 | -------------------------------------------------------------------------------- /truffle.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", 5 | "-----BEGIN RSA PRIVATE KEY-----", 6 | "-----BEGIN DSA PRIVATE KEY-----", 7 | "-----BEGIN EC PRIVATE KEY-----", 8 | "-----BEGIN PGP PRIVATE KEY BLOCK-----", 9 | "AKIA[0-9A-Z]{16}", 10 | "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", 11 | "AKIA[0-9A-Z]{16}", 12 | "EAACEdEose0cBA[0-9A-Za-z]+", 13 | "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]", 14 | "[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]", 15 | "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]", 16 | "[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]", 17 | "AIza[0-9A-Za-z\\-_]{35}", 18 | "AIza[0-9A-Za-z\\-_]{35}", 19 | "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com", 20 | "AIza[0-9A-Za-z\\-_]{35}", 21 | "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com", 22 | "\"type\": \"service_account\"", 23 | "AIza[0-9A-Za-z\\-_]{35}", 24 | "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com", 25 | "ya29\\.[0-9A-Za-z\\-_]+", 26 | "AIza[0-9A-Za-z\\-_]{35}", 27 | "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com", 28 | "[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}", 29 | "[0-9a-f]{32}-us[0-9]{1,2}", 30 | "key-[0-9a-zA-Z]{32}", 31 | "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]", 32 | "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}", 33 | "sk_live_[0-9a-z]{32}", 34 | "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", 35 | "sk_live_[0-9a-zA-Z]{24}", 36 | "rk_live_[0-9a-zA-Z]{24}", 37 | "sq0atp-[0-9A-Za-z\\-_]{22}", 38 | "sq0csp-[0-9A-Za-z\\-_]{43}", 39 | "SK[0-9a-fA-F]{32}", 40 | "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}", 41 | "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]" 42 | ] 43 | } 44 | -------------------------------------------------------------------------------- /api-keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriaE", 3 | "patterns": [ 4 | "access_key", 5 | "access_token", 6 | "accessKey", 7 | "accessToken", 8 | "api_key", 9 | "api_secret", 10 | "apikey", 11 | "app_id", 12 | "app_key", 13 | "app_secret", 14 | "application_id", 15 | "asws_secret_token", 16 | "aws_access", 17 | "aws_config", 18 | "aws_key", 19 | "aws_secret", 20 | "aws_secret_access_key", 21 | "aws_secret_key", 22 | "aws_token", 23 | "bucket_password", 24 | "client_secret", 25 | "connectionstring", 26 | "consumer_secret", 27 | "credentials", 28 | "db_password", 29 | "db_server", 30 | "db_username", 31 | "dbpasswd", 32 | "dbpassword", 33 | "dbuser", 34 | "django_password", 35 | "email_host_password", 36 | "facebook_app_secret", 37 | "facebook_secret", 38 | "fb_app_secret", 39 | "fb_secret", 40 | "google_id", 41 | "google_oauth", 42 | "google_oauth_client_id", 43 | "google_oauth_client_secret", 44 | "google_oauth_secret", 45 | "google_secret", 46 | "google_server_key", 47 | "gsecr", 48 | "heroku_api_key", 49 | "heroku_key", 50 | "heroku_oauth", 51 | "heroku_oauth_secret", 52 | "heroku_oauth_token", 53 | "heroku_secret", 54 | "heroku_secret_token", 55 | "jwt_secret", 56 | "jwt_token", 57 | "jwt_secret_token", 58 | "keyPassword", 59 | "mailgun_key", 60 | "mailgun_secret", 61 | "mysql_password", 62 | "oauth_key", 63 | "oauth_token", 64 | "oauth2_secret", 65 | "password", 66 | "paypal_identity_token", 67 | "paypal_sandbox", 68 | "paypal_secret", 69 | "paypal_token", 70 | "postgres_password", 71 | "private", 72 | "private_key", 73 | "redis_password", 74 | "root_password", 75 | "sa_password", 76 | "secret", 77 | "secret_access_key", 78 | "secret_bearer", 79 | "secret_key", 80 | "secret_token", 81 | "secretKey", 82 | "security_credentials", 83 | "send_keys", 84 | "sf_username", 85 | "slack_channel", 86 | "slack_key", 87 | "slack_secret", 88 | "slack_token", 89 | "slack_url", 90 | "slack_webhook", 91 | "slack_webhook_url", 92 | "square_access_token", 93 | "square_apikey", 94 | "square_app", 95 | "square_app_id", 96 | "square_appid", 97 | "square_secret", 98 | "square_token", 99 | "squareSecret", 100 | "squareToken", 101 | "ssh2_auth_password", 102 | "sshkey", 103 | "storePassword", 104 | "strip_key", 105 | "strip_secret", 106 | "strip_secret_token", 107 | "strip_token", 108 | "stripe_key", 109 | "stripe_secret", 110 | "stripe_secret_token", 111 | "stripe_token", 112 | "stripSecret", 113 | "stripToken", 114 | "twitter_api_secret", 115 | "twitter_consumer_key", 116 | "twitter_consumer_secret", 117 | "twitter_key", 118 | "twitter_secret", 119 | "twitter_token", 120 | "twitterKey", 121 | "twitterSecret", 122 | "wordpress_password" 123 | ] 124 | } 125 | -------------------------------------------------------------------------------- /interestingparams.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "flags": "-iE", 4 | "patterns": [ 5 | 6 | "template=", 7 | "preview=", 8 | "id=", 9 | "view=", 10 | "activity=", 11 | "name=", 12 | "content=", 13 | "redirect=", 14 | "(&|[?])access(&|=)", 15 | "(&|[?])admin(&|=)", 16 | "(&|[?])dbg(&|=)", 17 | "(&|[?])debug(&|=)", 18 | "(&|[?])edit(&|=)", 19 | "(&|[?])grant(&|=)", 20 | "(&|[?])test(&|=)", 21 | "(&|[?])alter(&|=)", 22 | "(&|[?])clone(&|=)", 23 | "(&|[?])create(&|=)", 24 | "(&|[?])delete(&|=)", 25 | "(&|[?])disable(&|=)", 26 | "(&|[?])enable(&|=)", 27 | "(&|[?])exec(&|=)", 28 | "(&|[?])execute(&|=)", 29 | "(&|[?])load(&|=)", 30 | "(&|[?])make(&|=)", 31 | "(&|[?])modify(&|=)", 32 | "(&|[?])rename(&|=)", 33 | "(&|[?])reset(&|=)", 34 | "(&|[?])shell(&|=)", 35 | "(&|[?])toggle(&|=)", 36 | "(&|[?])adm(&|=)", 37 | "(&|[?])root(&|=)", 38 | "(&|[?])cfg(&|=)", 39 | "(&|[?])dest(&|=)", 40 | "(&|[?])redirect(&|=)", 41 | "(&|[?])uri(&|=)", 42 | "(&|[?])path(&|=)", 43 | "(&|[?])continue(&|=)", 44 | "(&|[?])url(&|=)", 45 | "(&|[?])window(&|=)", 46 | "(&|[?])next(&|=)", 47 | "(&|[?])data(&|=)", 48 | "(&|[?])reference(&|=)", 49 | "(&|[?])site(&|=)", 50 | "(&|[?])html(&|=)", 51 | "(&|[?])val(&|=)", 52 | "(&|[?])validate(&|=)", 53 | "(&|[?])domain(&|=)", 54 | "(&|[?])callback(&|=)", 55 | "(&|[?])return(&|=)", 56 | "(&|[?])feed(&|=)", 57 | "(&|[?])host(&|=)", 58 | "(&|[?])port(&|=)", 59 | "(&|[?])to(&|=)", 60 | "(&|[?])out(&|=)", 61 | "(&|[?])view(&|=)", 62 | "(&|[?])dir(&|=)", 63 | "(&|[?])show(&|=)", 64 | "(&|[?])navigation(&|=)", 65 | "(&|[?])open(&|=)", 66 | "(&|[?])file(&|=)", 67 | "(&|[?])document(&|=)", 68 | "(&|[?])folder(&|=)", 69 | "(&|[?])pg(&|=)", 70 | "(&|[?])php_path(&|=)", 71 | "(&|[?])style(&|=)", 72 | "(&|[?])doc(&|=)", 73 | "(&|[?])img(&|=)", 74 | "(&|[?])filename(&|=)", 75 | "id=", 76 | "select=", 77 | "report=", 78 | "role=", 79 | "update=", 80 | "query=", 81 | "user=", 82 | "name=", 83 | "sort=", 84 | "where=", 85 | "search=", 86 | "params=", 87 | "process=", 88 | "row=", 89 | "view=", 90 | "table=", 91 | "from=", 92 | "sel=", 93 | "results=", 94 | "sleep=", 95 | "fetch=", 96 | "order=", 97 | "keyword=", 98 | "column=", 99 | "field=", 100 | "delete=", 101 | "string=", 102 | "number=", 103 | "filter=", 104 | "(&|[?])callback=", 105 | "(&|[?])cgi-bin/redirect.cgi", 106 | "(&|[?])checkout=", 107 | "(&|[?])checkout_url=", 108 | "(&|[?])continue=", 109 | "(&|[?])data=", 110 | "(&|[?])dest=", 111 | "(&|[?])destination=", 112 | "(&|[?])dir=", 113 | "(&|[?])domain=", 114 | "(&|[?])feed=", 115 | "(&|[?])file=", 116 | "(&|[?])file_name=", 117 | "(&|[?])file_url=", 118 | "(&|[?])folder=", 119 | "(&|[?])folder_url=", 120 | "(&|[?])forward=", 121 | "(&|[?])from_url=", 122 | "(&|[?])go=", 123 | "(&|[?])goto=", 124 | "(&|[?])host=", 125 | "(&|[?])html=", 126 | "(&|[?])image_url=", 127 | "(&|[?])img_url=", 128 | "(&|[?])load_file=", 129 | "(&|[?])load_url=", 130 | "(&|[?])login_url=", 131 | "(&|[?])logout=", 132 | "(&|[?])navigation=", 133 | "(&|[?])next=", 134 | "(&|[?])next_page=", 135 | "(&|[?])Open=", 136 | "(&|[?])out=", 137 | "(&|[?])page_url=", 138 | "(&|[?])path=", 139 | "(&|[?])port=", 140 | "(&|[?])redir=", 141 | "(&|[?])redirect=", 142 | "(&|[?])redirect_to=", 143 | "(&|[?])redirect_uri=", 144 | "(&|[?])redirect_url=", 145 | "(&|[?])reference=", 146 | "(&|[?])return=", 147 | "(&|[?])return_path=", 148 | "(&|[?])return_to=", 149 | "(&|[?])returnTo=", 150 | "(&|[?])return_url=", 151 | "(&|[?])rt=", 152 | "(&|[?])rurl=", 153 | "(&|[?])show=", 154 | "(&|[?])site=", 155 | "(&|[?])target=", 156 | "(&|[?])to=", 157 | "(&|[?])uri=", 158 | "(&|[?])url=", 159 | "(&|[?])val=", 160 | "(&|[?])validate=", 161 | "(&|[?])view=", 162 | "(&|[?])window=", 163 | "daemon=", 164 | "upload=", 165 | "dir=", 166 | "execute=", 167 | "download=", 168 | "log=", 169 | "ip=", 170 | "cli=", 171 | "cmd=", 172 | "file=", 173 | "document=", 174 | "folder=", 175 | "root=", 176 | "path=", 177 | "pg=", 178 | "style=", 179 | "pdf=", 180 | "template=", 181 | "php_path=", 182 | "doc=", 183 | "page=", 184 | "name=", 185 | "id=", 186 | "user=", 187 | "account=", 188 | "number=", 189 | "order=", 190 | "no=", 191 | "doc=", 192 | "key=", 193 | "email=", 194 | "group=", 195 | "profile=", 196 | "edit=", 197 | "report=", 198 | "access=", 199 | "admin=", 200 | "dbg=", 201 | "debug=", 202 | "edit=", 203 | "grant=", 204 | "test=", 205 | "alter=", 206 | "clone=", 207 | "create=", 208 | "delete=", 209 | "disable=", 210 | "enable=", 211 | "exec=", 212 | "execute=", 213 | "load=", 214 | "make=", 215 | "modify=", 216 | "rename=", 217 | "reset=", 218 | "shell=", 219 | "toggle=", 220 | "adm=", 221 | "root=", 222 | "cfg=", 223 | "config=" 224 | ] 225 | } 226 | 227 | 228 | -------------------------------------------------------------------------------- /Allin1gf.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | 6 | "access=", 7 | "admin=", 8 | "dbg=", 9 | "debug=", 10 | "edit=", 11 | "grant=", 12 | "test=", 13 | "alter=", 14 | "clone=", 15 | "create=", 16 | "delete=", 17 | "disable=", 18 | "enable=", 19 | "exec=", 20 | "execute=", 21 | "load=", 22 | "make=", 23 | "modify=", 24 | "rename=", 25 | "reset=", 26 | "shell=", 27 | "toggle=", 28 | "adm=", 29 | "root=", 30 | "cfg=", 31 | "config=" 32 | "id=", 33 | "user=", 34 | "account=", 35 | "number=", 36 | "order=", 37 | "no=", 38 | "doc=", 39 | "key=", 40 | "email=", 41 | "group=", 42 | "profile=", 43 | "edit=", 44 | "report=" 45 | "=.*.jpg", 46 | "=.*.jpeg", 47 | "=.*.gif", 48 | "=.*.png" 49 | "\\.action", 50 | "\\.adr", 51 | "\\.ascx", 52 | "\\.asmx", 53 | "\\.axd", 54 | "\\.backup", 55 | "\\.bak", 56 | "\\.bkf", 57 | "\\.bkp", 58 | "\\.bok", 59 | "\\.achee", 60 | "\\.cfg", 61 | "\\.cfm", 62 | "\\.cgi", 63 | "\\.cnf", 64 | "\\.conf", 65 | "\\.config", 66 | "\\.crt", 67 | "\\.csr", 68 | "\\.csv", 69 | "\\.dat", 70 | "\\.doc", 71 | "\\.docx", 72 | "\\.eml", 73 | "\\.env", 74 | "\\.exe", 75 | "\\.gz", 76 | "\\.ica", 77 | "\\.inf", 78 | "\\.ini", 79 | "\\.java", 80 | "\\.json", 81 | "\\.key", 82 | "\\.log", 83 | "\\.lst", 84 | "\\.mai", 85 | "\\.mbox", 86 | "\\.mbx", 87 | "\\.md", 88 | "\\.mdb", 89 | "\\.nsf", 90 | "\\.old", 91 | "\\.ora", 92 | "\\.pac", 93 | "\\.passwd", 94 | "\\.pcf", 95 | "\\.pdf", 96 | "\\.pem", 97 | "\\.pgp", 98 | "\\.pl", 99 | " plist", 100 | "\\.pwd", 101 | "\\.rdp", 102 | "\\.reg", 103 | "\\.rtf", 104 | "\\.skr", 105 | "\\.sql", 106 | "\\.swf", 107 | "\\.tpl", 108 | "\\.txt", 109 | "\\.url", 110 | "\\.wml", 111 | "\\.xls", 112 | "\\.xlsx", 113 | "\\.xml", 114 | "\\.xsd", 115 | "\\.yml" 116 | "template=", 117 | "preview=", 118 | "id=", 119 | "view=", 120 | "activity=", 121 | "name=", 122 | "content=", 123 | "redirect=", 124 | "(&|[?])access(&|=)", 125 | "(&|[?])admin(&|=)", 126 | "(&|[?])dbg(&|=)", 127 | "(&|[?])debug(&|=)", 128 | "(&|[?])edit(&|=)", 129 | "(&|[?])grant(&|=)", 130 | "(&|[?])test(&|=)", 131 | "(&|[?])alter(&|=)", 132 | "(&|[?])clone(&|=)", 133 | "(&|[?])create(&|=)", 134 | "(&|[?])delete(&|=)", 135 | "(&|[?])disable(&|=)", 136 | "(&|[?])enable(&|=)", 137 | "(&|[?])exec(&|=)", 138 | "(&|[?])execute(&|=)", 139 | "(&|[?])load(&|=)", 140 | "(&|[?])make(&|=)", 141 | "(&|[?])modify(&|=)", 142 | "(&|[?])rename(&|=)", 143 | "(&|[?])reset(&|=)", 144 | "(&|[?])shell(&|=)", 145 | "(&|[?])toggle(&|=)", 146 | "(&|[?])adm(&|=)", 147 | "(&|[?])root(&|=)", 148 | "(&|[?])cfg(&|=)", 149 | "(&|[?])dest(&|=)", 150 | "(&|[?])redirect(&|=)", 151 | "(&|[?])uri(&|=)", 152 | "(&|[?])path(&|=)", 153 | "(&|[?])continue(&|=)", 154 | "(&|[?])url(&|=)", 155 | "(&|[?])window(&|=)", 156 | "(&|[?])next(&|=)", 157 | "(&|[?])data(&|=)", 158 | "(&|[?])reference(&|=)", 159 | "(&|[?])site(&|=)", 160 | "(&|[?])html(&|=)", 161 | "(&|[?])val(&|=)", 162 | "(&|[?])validate(&|=)", 163 | "(&|[?])domain(&|=)", 164 | "(&|[?])callback(&|=)", 165 | "(&|[?])return(&|=)", 166 | "(&|[?])feed(&|=)", 167 | "(&|[?])host(&|=)", 168 | "(&|[?])port(&|=)", 169 | "(&|[?])to(&|=)", 170 | "(&|[?])out(&|=)", 171 | "(&|[?])view(&|=)", 172 | "(&|[?])dir(&|=)", 173 | "(&|[?])show(&|=)", 174 | "(&|[?])navigation(&|=)", 175 | "(&|[?])open(&|=)", 176 | "(&|[?])file(&|=)", 177 | "(&|[?])document(&|=)", 178 | "(&|[?])folder(&|=)", 179 | "(&|[?])pg(&|=)", 180 | "(&|[?])php_path(&|=)", 181 | "(&|[?])style(&|=)", 182 | "(&|[?])doc(&|=)", 183 | "(&|[?])img(&|=)", 184 | "(&|[?])filename(&|=)", 185 | "id=", 186 | "select=", 187 | "report=", 188 | "role=", 189 | "update=", 190 | "query=", 191 | "user=", 192 | "name=", 193 | "sort=", 194 | "where=", 195 | "search=", 196 | "params=", 197 | "process=", 198 | "row=", 199 | "view=", 200 | "table=", 201 | "from=", 202 | "sel=", 203 | "results=", 204 | "sleep=", 205 | "fetch=", 206 | "order=", 207 | "keyword=", 208 | "column=", 209 | "field=", 210 | "delete=", 211 | "string=", 212 | "number=", 213 | "filter=", 214 | "(&|[?])callback=", 215 | "(&|[?])cgi-bin/redirect.cgi", 216 | "(&|[?])checkout=", 217 | "(&|[?])checkout_url=", 218 | "(&|[?])continue=", 219 | "(&|[?])data=", 220 | "(&|[?])dest=", 221 | "(&|[?])destination=", 222 | "(&|[?])dir=", 223 | "(&|[?])domain=", 224 | "(&|[?])feed=", 225 | "(&|[?])file=", 226 | "(&|[?])file_name=", 227 | "(&|[?])file_url=", 228 | "(&|[?])folder=", 229 | "(&|[?])folder_url=", 230 | "(&|[?])forward=", 231 | "(&|[?])from_url=", 232 | "(&|[?])go=", 233 | "(&|[?])goto=", 234 | "(&|[?])host=", 235 | "(&|[?])html=", 236 | "(&|[?])image_url=", 237 | "(&|[?])img_url=", 238 | "(&|[?])load_file=", 239 | "(&|[?])load_url=", 240 | "(&|[?])login_url=", 241 | "(&|[?])logout=", 242 | "(&|[?])navigation=", 243 | "(&|[?])next=", 244 | "(&|[?])next_page=", 245 | "(&|[?])Open=", 246 | "(&|[?])out=", 247 | "(&|[?])page_url=", 248 | "(&|[?])path=", 249 | "(&|[?])port=", 250 | "(&|[?])redir=", 251 | "(&|[?])redirect=", 252 | "(&|[?])redirect_to=", 253 | "(&|[?])redirect_uri=", 254 | "(&|[?])redirect_url=", 255 | "(&|[?])reference=", 256 | "(&|[?])return=", 257 | "(&|[?])return_path=", 258 | "(&|[?])return_to=", 259 | "(&|[?])returnTo=", 260 | "(&|[?])return_url=", 261 | "(&|[?])rt=", 262 | "(&|[?])rurl=", 263 | "(&|[?])show=", 264 | "(&|[?])site=", 265 | "(&|[?])target=", 266 | "(&|[?])to=", 267 | "(&|[?])uri=", 268 | "(&|[?])url=", 269 | "(&|[?])val=", 270 | "(&|[?])validate=", 271 | "(&|[?])view=", 272 | "(&|[?])window=", 273 | "daemon=", 274 | "upload=", 275 | "dir=", 276 | "execute=", 277 | "download=", 278 | "log=", 279 | "ip=", 280 | "cli=", 281 | "cmd=", 282 | "file=", 283 | "document=", 284 | "folder=", 285 | "root=", 286 | "path=", 287 | "pg=", 288 | "style=", 289 | "pdf=", 290 | "template=", 291 | "php_path=", 292 | "doc=", 293 | "page=", 294 | "name=", 295 | "id=", 296 | "user=", 297 | "account=", 298 | "number=", 299 | "order=", 300 | "no=", 301 | "doc=", 302 | "key=", 303 | "email=", 304 | "group=", 305 | "profile=", 306 | "edit=", 307 | "report=", 308 | "access=", 309 | "admin=", 310 | "dbg=", 311 | "debug=", 312 | "edit=", 313 | "grant=", 314 | "test=", 315 | "alter=", 316 | "clone=", 317 | "create=", 318 | "delete=", 319 | "disable=", 320 | "enable=", 321 | "exec=", 322 | "execute=", 323 | "load=", 324 | "make=", 325 | "modify=", 326 | "rename=", 327 | "reset=", 328 | "shell=", 329 | "toggle=", 330 | "adm=", 331 | "root=", 332 | "cfg=", 333 | "config=" 334 | "admin", 335 | "jenkins", 336 | "test", 337 | "proxy", 338 | "stage", 339 | "test", 340 | "dev", 341 | "devops", 342 | "staff", 343 | "db", 344 | "qa", 345 | "internal" 346 | "file=", 347 | "document=", 348 | "folder=", 349 | "root=", 350 | "path=", 351 | "pg=", 352 | "style=", 353 | "pdf=", 354 | "template=", 355 | "php_path=", 356 | "doc=", 357 | "page=", 358 | "name=" 359 | "daemon=", 360 | "upload=", 361 | "dir=", 362 | "execute=", 363 | "download=", 364 | "log=", 365 | "ip=", 366 | "cli=", 367 | "cmd=" 368 | "(&|[?])callback=", 369 | "(&|[?])cgi-bin/redirect.cgi", 370 | "(&|[?])checkout=", 371 | "(&|[?])checkout_url=", 372 | "(&|[?])continue=", 373 | "(&|[?])data=", 374 | "(&|[?])dest=", 375 | "(&|[?])destination=", 376 | "(&|[?])dir=", 377 | "(&|[?])domain=", 378 | "(&|[?])feed=", 379 | "(&|[?])file=", 380 | "(&|[?])file_name=", 381 | "(&|[?])file_url=", 382 | "(&|[?])folder=", 383 | "(&|[?])folder_url=", 384 | "(&|[?])forward=", 385 | "(&|[?])from_url=", 386 | "(&|[?])go=", 387 | "(&|[?])goto=", 388 | "(&|[?])host=", 389 | "(&|[?])html=", 390 | "(&|[?])image_url=", 391 | "(&|[?])img_url=", 392 | "(&|[?])load_file=", 393 | "(&|[?])load_url=", 394 | "(&|[?])login_url=", 395 | "(&|[?])logout=", 396 | "(&|[?])navigation=", 397 | "(&|[?])next=", 398 | "(&|[?])next_page=", 399 | "(&|[?])Open=", 400 | "(&|[?])out=", 401 | "(&|[?])page_url=", 402 | "(&|[?])path=", 403 | "(&|[?])port=", 404 | "(&|[?])redir=", 405 | "(&|[?])redirect=", 406 | "(&|[?])redirect_to=", 407 | "(&|[?])redirect_uri=", 408 | "(&|[?])redirect_url=", 409 | "(&|[?])reference=", 410 | "(&|[?])return=", 411 | "(&|[?])return_path=", 412 | "(&|[?])return_to=", 413 | "(&|[?])returnTo=", 414 | "(&|[?])return_url=", 415 | "(&|[?])rt=", 416 | "(&|[?])rurl=", 417 | "(&|[?])show=", 418 | "(&|[?])site=", 419 | "(&|[?])target=", 420 | "(&|[?])to=", 421 | "(&|[?])uri=", 422 | "(&|[?])url=", 423 | "(&|[?])val=", 424 | "(&|[?])validate=", 425 | "(&|[?])view=", 426 | "(&|[?])window=" 427 | "id=", 428 | "select=", 429 | "report=", 430 | "role=", 431 | "update=", 432 | "query=", 433 | "user=", 434 | "name=", 435 | "sort=", 436 | "where=", 437 | "search=", 438 | "params=", 439 | "process=", 440 | "row=", 441 | "view=", 442 | "table=", 443 | "from=", 444 | "sel=", 445 | "results=", 446 | "sleep=", 447 | "fetch=", 448 | "order=", 449 | "keyword=", 450 | "column=", 451 | "field=", 452 | "delete=", 453 | "string=", 454 | "number=", 455 | "filter=" 456 | "(&|[?])access(&|=)", 457 | "(&|[?])admin(&|=)", 458 | "(&|[?])dbg(&|=)", 459 | "(&|[?])debug(&|=)", 460 | "(&|[?])edit(&|=)", 461 | "(&|[?])grant(&|=)", 462 | "(&|[?])test(&|=)", 463 | "(&|[?])alter(&|=)", 464 | "(&|[?])clone(&|=)", 465 | "(&|[?])create(&|=)", 466 | "(&|[?])delete(&|=)", 467 | "(&|[?])disable(&|=)", 468 | "(&|[?])enable(&|=)", 469 | "(&|[?])exec(&|=)", 470 | "(&|[?])execute(&|=)", 471 | "(&|[?])load(&|=)", 472 | "(&|[?])make(&|=)", 473 | "(&|[?])modify(&|=)", 474 | "(&|[?])rename(&|=)", 475 | "(&|[?])reset(&|=)", 476 | "(&|[?])shell(&|=)", 477 | "(&|[?])toggle(&|=)", 478 | "(&|[?])adm(&|=)", 479 | "(&|[?])root(&|=)", 480 | "(&|[?])cfg(&|=)", 481 | "(&|[?])dest(&|=)", 482 | "(&|[?])redirect(&|=)", 483 | "(&|[?])uri(&|=)", 484 | "(&|[?])path(&|=)", 485 | "(&|[?])continue(&|=)", 486 | "(&|[?])url(&|=)", 487 | "(&|[?])window(&|=)", 488 | "(&|[?])next(&|=)", 489 | "(&|[?])data(&|=)", 490 | "(&|[?])reference(&|=)", 491 | "(&|[?])site(&|=)", 492 | "(&|[?])html(&|=)", 493 | "(&|[?])val(&|=)", 494 | "(&|[?])validate(&|=)", 495 | "(&|[?])domain(&|=)", 496 | "(&|[?])callback(&|=)", 497 | "(&|[?])return(&|=)", 498 | "(&|[?])feed(&|=)", 499 | "(&|[?])host(&|=)", 500 | "(&|[?])port(&|=)", 501 | "(&|[?])to(&|=)", 502 | "(&|[?])out(&|=)", 503 | "(&|[?])view(&|=)", 504 | "(&|[?])dir(&|=)", 505 | "(&|[?])show(&|=)", 506 | "(&|[?])navigation(&|=)", 507 | "(&|[?])open(&|=)", 508 | "(&|[?])file(&|=)", 509 | "(&|[?])document(&|=)", 510 | "(&|[?])folder(&|=)", 511 | "(&|[?])pg(&|=)", 512 | "(&|[?])php_path(&|=)", 513 | "(&|[?])style(&|=)", 514 | "(&|[?])doc(&|=)", 515 | "(&|[?])img(&|=)", 516 | "(&|[?])filename(&|=)" 517 | "template=", 518 | "preview=", 519 | "id=", 520 | "view=", 521 | "activity=", 522 | "name=", 523 | "content=", 524 | "redirect=" 525 | 526 | ] 527 | } 528 | --------------------------------------------------------------------------------