├── uri
    ├── test.txt
    ├── non-english.txt
    ├── wrong_docker.sh
    ├── __snapshots__
    │   ├── ghcr_typos.csv
    │   ├── hardcoded_internal_urls.csv
    │   ├── hardcoded_internal_emails.csv
    │   ├── hardcoded_uri_passwords.csv
    │   └── any_ipv4_addresses.csv
    ├── ipv4_private.txt
    ├── ipv4.txt
    ├── email.js
    ├── ipv4_random.txt
    ├── database.txt
    ├── app.py
    ├── README.md
    └── patterns.yml
├── pii
    ├── generate_iban
    │   ├── requirements.txt
    │   ├── __snapshots__
    │   │   ├── iban_ad.csv
    │   │   ├── iban_ae.csv
    │   │   ├── iban_al.csv
    │   │   ├── iban_at.csv
    │   │   ├── iban_az.csv
    │   │   ├── iban_ba.csv
    │   │   ├── iban_be.csv
    │   │   ├── iban_bg.csv
    │   │   ├── iban_bh.csv
    │   │   ├── iban_bi.csv
    │   │   ├── iban_br.csv
    │   │   ├── iban_by.csv
    │   │   ├── iban_ch.csv
    │   │   ├── iban_cr.csv
    │   │   ├── iban_cy.csv
    │   │   ├── iban_cz.csv
    │   │   ├── iban_de.csv
    │   │   ├── iban_dj.csv
    │   │   ├── iban_dk.csv
    │   │   ├── iban_do.csv
    │   │   ├── iban_ee.csv
    │   │   ├── iban_eg.csv
    │   │   ├── iban_es.csv
    │   │   ├── iban_fi.csv
    │   │   ├── iban_fo.csv
    │   │   ├── iban_fr.csv
    │   │   ├── iban_gb.csv
    │   │   ├── iban_ge.csv
    │   │   ├── iban_gi.csv
    │   │   ├── iban_gl.csv
    │   │   ├── iban_gr.csv
    │   │   ├── iban_gt.csv
    │   │   ├── iban_hr.csv
    │   │   ├── iban_hu.csv
    │   │   ├── iban_ie.csv
    │   │   ├── iban_il.csv
    │   │   ├── iban_iq.csv
    │   │   ├── iban_is.csv
    │   │   ├── iban_it.csv
    │   │   ├── iban_jo.csv
    │   │   ├── iban_kw.csv
    │   │   ├── iban_kz.csv
    │   │   ├── iban_lb.csv
    │   │   ├── iban_lc.csv
    │   │   ├── iban_li.csv
    │   │   ├── iban_lt.csv
    │   │   ├── iban_lu.csv
    │   │   ├── iban_lv.csv
    │   │   ├── iban_ly.csv
    │   │   ├── iban_mc.csv
    │   │   ├── iban_md.csv
    │   │   ├── iban_me.csv
    │   │   ├── iban_mk.csv
    │   │   ├── iban_mr.csv
    │   │   ├── iban_mt.csv
    │   │   ├── iban_mu.csv
    │   │   ├── iban_nl.csv
    │   │   ├── iban_no.csv
    │   │   ├── iban_pk.csv
    │   │   ├── iban_pl.csv
    │   │   ├── iban_ps.csv
    │   │   ├── iban_pt.csv
    │   │   ├── iban_qa.csv
    │   │   ├── iban_ro.csv
    │   │   ├── iban_rs.csv
    │   │   ├── iban_ru.csv
    │   │   ├── iban_sa.csv
    │   │   ├── iban_sc.csv
    │   │   ├── iban_sd.csv
    │   │   ├── iban_se.csv
    │   │   ├── iban_si.csv
    │   │   ├── iban_sk.csv
    │   │   ├── iban_sm.csv
    │   │   ├── iban_so.csv
    │   │   ├── iban_st.csv
    │   │   ├── iban_sv.csv
    │   │   ├── iban_tl.csv
    │   │   ├── iban_tn.csv
    │   │   ├── iban_tr.csv
    │   │   ├── iban_ua.csv
    │   │   ├── iban_va.csv
    │   │   ├── iban_vg.csv
    │   │   └── iban_xk.csv
    │   └── extract_patterns_and_make_regex.py
    ├── __snapshots__
    │   ├── credit_card_visa.csv
    │   ├── credit_card_discovery.csv
    │   ├── credit_card_mastercard.csv
    │   ├── no_national_id_number.csv
    │   ├── iban.csv
    │   ├── credit_cards_american_express.csv
    │   └── credit_cards.csv
    ├── credit-cards.txt
    └── iban.txt
├── testing
    ├── requirements.txt
    ├── dev-requirements.txt
    ├── Makefile
    └── README.md
├── database
    ├── tsql_create_user.sql
    ├── __snapshots__
    │   ├── jdbc_connection_string.csv
    │   ├── database_connection_string_2.csv
    │   ├── mongodb_connection_string.csv
    │   ├── sqlalchemy_connection_string.csv
    │   ├── tsql_create_login_or_user.csv
    │   ├── database_connection_string_full.csv
    │   ├── database_connection_string_3.csv
    │   └── database_connection_string_1.csv
    ├── connection_strings.txt
    ├── docker_sqlserver.yml
    ├── patterns.yml
    └── README.md
├── vendors
    ├── azure.js
    ├── sentry_dsn.txt
    ├── sendgrid.py
    ├── __snapshots__
    │   ├── sendgrid.csv
    │   ├── azure_sas_token.csv
    │   ├── clickup_api_key.csv
    │   ├── flickr_api_key.csv
    │   ├── apollo_io_api_key.csv
    │   ├── aws_s3_presigned_url.csv
    │   ├── azure_client_secret.csv
    │   ├── circleci_api_token.csv
    │   ├── flickr_oauth_token.csv
    │   ├── jenkins_api_token.csv
    │   ├── launchdarkly_api_key.csv
    │   ├── okta_token_precise.csv
    │   ├── pagerduty_api_key.csv
    │   ├── uuidv4_bearer_token.csv
    │   ├── vercel_access_token.csv
    │   ├── vercel_cli_token.csv
    │   ├── alienvault_otx_api_key.csv
    │   ├── amazon_mws_auth_token.csv
    │   ├── azure_access_key_legacy.csv
    │   ├── browserstack_access_key.csv
    │   ├── browserstack_token_url.csv
    │   ├── mongodb_connection_string.csv
    │   ├── openstack_password_or_key.csv
    │   ├── teams_incoming_webhook.csv
    │   ├── vercel_access_token_imprecise.csv
    │   ├── vercel_oauth_client_secrets.csv
    │   ├── browserstack_access_key_imprecise.csv
    │   ├── google_private_key_id_or_old_api_token.csv
    │   ├── datadog_api_key.csv
    │   ├── datadog_app_key.csv
    │   ├── grafana_api_token.csv
    │   ├── sentry_dsn_secret.csv
    │   ├── sentry_webpack_plugin_token.csv
    │   ├── sentry_terraform_provider_token.csv
    │   ├── azure_sql_connection_string.csv
    │   ├── sentry_api_key.csv
    │   ├── sentry_auth_token.csv
    │   └── okta_token.csv
    ├── .sentryclirc
    ├── dotenv
    ├── sentry.properties
    ├── sentry.sh
    ├── terraform.tf
    ├── grafana.txt
    ├── okta.txt
    ├── webpack_sentry.js
    ├── not_okta.txt
    └── datadog.txt
├── .github
    ├── CODEOWNERS
    ├── secret_scanning.yml
    ├── ISSUE_TEMPLATE
    │   ├── false-positive.md
    │   └── pattern-request.md
    └── workflows
    │   ├── validate.yml
    │   ├── unit-tests.yml
    │   └── pr-markdown.yml
├── .gitignore
├── java-keystores
    ├── README.md
    └── PrivateStore.keystore
├── configs
    ├── example.yml
    ├── __snapshots__
    │   ├── json_token.csv
    │   ├── yaml_token.csv
    │   ├── env_passwords.csv
    │   ├── json_base64.csv
    │   ├── json_base64_uri.csv
    │   ├── yaml_base64.csv
    │   ├── yaml_base64_uri.csv
    │   ├── dotnet_configuration.csv
    │   ├── dotnet_machinekey.csv
    │   ├── yaml_passwords_plain.csv
    │   ├── yaml_passwords_multiline.csv
    │   ├── yaml_passwords_single_quoted.csv
    │   ├── github_actions_sha_checker.csv
    │   ├── django_secret_key.csv
    │   ├── yaml_static_password_fields.csv
    │   ├── hardcoded_database_passwords.csv
    │   └── hardcoded_spring_sql_passwords.csv
    ├── app.config
    ├── global_settings.py
    ├── mysql
    │   ├── run-mysql.sh
    │   └── docker-compose.yml
    ├── example.json
    ├── web.config
    ├── postgres
    │   └── docker-compose.yml
    └── application.properties
├── generic
    ├── __snapshots__
    │   ├── uuids.csv
    │   ├── bearer_tokens.csv
    │   ├── oauth_client_secret.csv
    │   ├── generic_passwords_base64.csv
    │   ├── generic_passwords_hex.csv
    │   ├── generic_passwords_base64_uri.csv
    │   ├── generic_passwords_fewer_fps.csv
    │   └── generic_passwords.csv
    ├── bearer.txt
    ├── passwords.js
    └── uuids.txt
├── password_store
    ├── __snapshots__
    │   └── arc.csv
    ├── meta.json
    ├── README.md
    └── patterns.yml
├── common
    ├── __snapshots__
    │   └── common_passwords_shortlist.csv
    ├── top-passwords-shortlist.txt
    ├── README.md
    └── patterns.yml
├── update_markdown.sh
├── .devcontainer
    └── devcontainer.json
├── jwt
    ├── test_jwt.txt
    ├── example.txt
    ├── __snapshots__
    │   └── jwt.csv
    ├── README.md
    ├── patterns.yml
    ├── generate_jwt.py
    └── owasp-juice-shop.ts
├── rsa
    ├── __snapshots__
    │   ├── ssh_public_key.csv
    │   ├── ssh_private_keys.csv
    │   ├── gpg_private_key.csv
    │   └── generic_rsa_keys.csv
    ├── ssh_rsa.pub
    ├── rsa.js
    ├── README.md
    ├── patterns.yml
    ├── rsa.json
    ├── ssh_rsa
    ├── GeekMasher GPG.asc
    └── GeekMasher_GPG_with_headers.asc
├── .vscode
    ├── settings.json
    └── tasks.json
├── SUPPORT.md
├── LICENSE
├── SECURITY.md
├── CONTRIBUTING
├── CODE_OF_CONDUCT.md
└── README.md


/uri/test.txt:
--------------------------------------------------------------------------------
1 | https
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/requirements.txt:
--------------------------------------------------------------------------------
1 | pyyaml==6.0
2 | 


--------------------------------------------------------------------------------
/uri/non-english.txt:
--------------------------------------------------------------------------------
1 | url=https://你好:你好@hello.example.net/
2 | 


--------------------------------------------------------------------------------
/testing/requirements.txt:
--------------------------------------------------------------------------------
1 | python-pcre==0.7
2 | hyperscan==0.3.2
3 | 
4 | 


--------------------------------------------------------------------------------
/database/tsql_create_user.sql:
--------------------------------------------------------------------------------
1 | CREATE USER phony WITH PASSWORD = 'mynewcreds';
2 | 


--------------------------------------------------------------------------------
/vendors/azure.js:
--------------------------------------------------------------------------------
1 | // Azure magic
2 | const db = "abc123.database.secure.windows.net"
3 | 


--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Codeowners
2 | 
3 | * @advanced-security/oss-maintainers @aegilops
4 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | 
2 | .env
3 | .venv
4 | *-current.csv
5 | 
6 | node_modules/
7 | 
8 | secrets.json
9 | 


--------------------------------------------------------------------------------
/uri/wrong_docker.sh:
--------------------------------------------------------------------------------
1 | echo $GHCR_TOKEN | docker login ghrc.io -u me@test.invalid --password-stdin
2 | 


--------------------------------------------------------------------------------
/vendors/sentry_dsn.txt:
--------------------------------------------------------------------------------
1 | https://cec9dfceb0b74c1c9a5e3c135585f364:4f6a592349e249c5906918393766718d@sentry.io/2


--------------------------------------------------------------------------------
/java-keystores/README.md:
--------------------------------------------------------------------------------
1 | # Java Keystore
2 | 
3 | ## Keystore
4 | 
5 | Password for Key Store: `Password`
6 | 


--------------------------------------------------------------------------------
/configs/example.yml:
--------------------------------------------------------------------------------
1 | 
2 | main:
3 |   database:
4 |     username: wordpress
5 |     password: MySecureSecretPassword!
6 | 


--------------------------------------------------------------------------------
/testing/dev-requirements.txt:
--------------------------------------------------------------------------------
1 | flake8==4.0.1
2 | bandit==1.7.4
3 | mypy==0.961
4 | yapf==0.32.0
5 | ruff==0.0.138
6 | 
7 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/uuids.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/sendgrid.py:
--------------------------------------------------------------------------------
1 | sendgrid_api_key = "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" # sample
2 | 
3 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/json_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/password_store/__snapshots__/arc.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/uri/__snapshots__/ghcr_typos.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/sendgrid.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/env_passwords.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/json_base64.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/json_base64_uri.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_base64.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_base64_uri.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/bearer_tokens.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/credit_card_visa.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/azure_sas_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/clickup_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/flickr_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/dotnet_configuration.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/dotnet_machinekey.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_passwords_plain.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/oauth_client_secret.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/credit_card_discovery.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/credit_card_mastercard.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/no_national_id_number.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ad.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ae.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_al.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_at.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_az.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ba.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_be.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_bg.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_bh.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_bi.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_br.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_by.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ch.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_cr.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_cy.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_cz.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_de.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_dj.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_dk.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_do.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ee.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_eg.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_es.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_fi.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_fo.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_fr.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_gb.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ge.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_gi.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_gl.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_gr.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_gt.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_hr.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_hu.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ie.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_il.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_iq.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_is.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_it.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_jo.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_kw.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_kz.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_lb.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_lc.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_li.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_lt.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_lu.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_lv.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ly.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_mc.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_md.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_me.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_mk.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_mr.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_mt.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_mu.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_nl.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_no.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_pk.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_pl.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ps.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_pt.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_qa.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ro.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_rs.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ru.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_sa.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_sc.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_sd.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_se.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_si.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_sk.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_sm.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_so.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_st.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_sv.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_tl.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_tn.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_tr.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_ua.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_va.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_vg.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/pii/generate_iban/__snapshots__/iban_xk.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/apollo_io_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/aws_s3_presigned_url.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/azure_client_secret.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/circleci_api_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/flickr_oauth_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/jenkins_api_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/launchdarkly_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/okta_token_precise.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/pagerduty_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/uuidv4_bearer_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/vercel_access_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/vercel_cli_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/common/__snapshots__/common_passwords_shortlist.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_passwords_multiline.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/database/__snapshots__/jdbc_connection_string.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/generic_passwords_base64.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/generic_passwords_hex.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/alienvault_otx_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/amazon_mws_auth_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/azure_access_key_legacy.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/browserstack_access_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/browserstack_token_url.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/mongodb_connection_string.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/openstack_password_or_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/teams_incoming_webhook.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_passwords_single_quoted.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/database/__snapshots__/database_connection_string_2.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/database/__snapshots__/mongodb_connection_string.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/database/__snapshots__/sqlalchemy_connection_string.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/database/__snapshots__/tsql_create_login_or_user.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/generic_passwords_base64_uri.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/generic_passwords_fewer_fps.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/.sentryclirc:
--------------------------------------------------------------------------------
1 | [auth]
2 | token=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
3 | api_key=1234567890abcdef1234567890abcdef
4 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/vercel_access_token_imprecise.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/vercel_oauth_client_secrets.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/dotenv:
--------------------------------------------------------------------------------
1 | SENTRY_AUTH_TOKEN=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
2 | SENTRY_API_KEY=1234567890abcdef1234567890abcdef
3 | 


--------------------------------------------------------------------------------
/vendors/sentry.properties:
--------------------------------------------------------------------------------
1 | auth.token=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
2 | auth.api_key=1234567890abcdef1234567890abcdef


--------------------------------------------------------------------------------
/configs/app.config:
--------------------------------------------------------------------------------
1 | <configuration>
2 | <appSettings>
3 |   <add key="password" value="correcthorsebatterystaple"/>
4 | </appSettings>
5 | </configuration>
6 | 


--------------------------------------------------------------------------------
/database/__snapshots__/database_connection_string_full.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/java-keystores/PrivateStore.keystore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/advanced-security/secret-scanning-custom-patterns/HEAD/java-keystores/PrivateStore.keystore


--------------------------------------------------------------------------------
/uri/ipv4_private.txt:
--------------------------------------------------------------------------------
1 | 
2 | # =====================
3 | # True Findings (private IPs)
4 | # =====================
5 | 
6 | 
7 | 192.168.0.1
8 | 10.0.0.1
9 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/browserstack_access_key_imprecise.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/.github/secret_scanning.yml:
--------------------------------------------------------------------------------
1 | paths-ignore:
2 |   - ".venv/**"
3 |   - "**/__snapshots__/**"
4 |   - "**/patterns.yml"
5 |   - "README.md"
6 |   - "**/README.md"
7 | 


--------------------------------------------------------------------------------
/configs/global_settings.py:
--------------------------------------------------------------------------------
1 | # this is a fake/sample Django setting file
2 | 
3 | SECRET_KEY = '!r7!(xjadix=(m5t9$0y%+bdxs#$^4u+7(s+kg&m67o0jsj&b$' # sample
4 | 
5 | 


--------------------------------------------------------------------------------
/configs/mysql/run-mysql.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | docker run \
4 |     --name some-mysql \
5 |     -e MYSQL_ROOT_PASSWORD=my-secret-pw \
6 |     -d mysql:latest
7 | 


--------------------------------------------------------------------------------
/generic/bearer.txt:
--------------------------------------------------------------------------------
1 | Host: some.example.com
2 | Authorization: Bearer this_is_just_a_test
3 | 
4 | 
5 | header = "Authorization: Bearer this_is_also_a_test"
6 | 
7 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/google_private_key_id_or_old_api_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | 


--------------------------------------------------------------------------------
/vendors/sentry.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | 
3 | sentry-cli --auth-token 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
4 | sentry-cli --api-key 1234567890abcdef1234567890abcdef
5 | 


--------------------------------------------------------------------------------
/configs/example.json:
--------------------------------------------------------------------------------
1 | {
2 |     "main": {
3 |         "database": {
4 |             "username": "wordpress",
5 |             "password": "MySecureSecretPassword!"
6 |         }
7 |     }
8 | }


--------------------------------------------------------------------------------
/generic/passwords.js:
--------------------------------------------------------------------------------
 1 | var password="itisaSEKRIT";
 2 | 
 3 | var secret="thisisalsonottobetold";
 4 | 
 5 | let ok=secret;
 6 | 
 7 | if (secret == "hardcodedsecret") {
 8 | 	do_admin();
 9 | }
10 | 
11 | 


--------------------------------------------------------------------------------
/generic/uuids.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | # UUID v4
 4 | 729b70cc-a239-4454-ad7b-33980a72fb27
 5 | c489dca0-b7c8-4952-8b94-616e9a0ec22d
 6 | 
 7 | e40ab2de817f4a2d98b6ca2137bc93e1
 8 | 
 9 | # UUID v1
10 | f99c644c-c708-11ec-9d64-0242ac120002
11 | 


--------------------------------------------------------------------------------
/vendors/terraform.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     sentry = {
 4 |       source = "jianyuan/sentry"
 5 |     }
 6 |   }
 7 | }
 8 | 
 9 | provider "sentry" {
10 |   token = "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
11 | }
12 | 


--------------------------------------------------------------------------------
/vendors/grafana.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | GET /api/auth/keys HTTP/1.1
 3 | Accept: application/json
 4 | Content-Type: application/json
 5 | Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 6 | 
 7 | eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
 8 | 
 9 | adasd
10 | 


--------------------------------------------------------------------------------
/database/connection_strings.txt:
--------------------------------------------------------------------------------
1 | # Azure
2 | "Data Source=tcp:aaa.database.windows.net,1433;Initial Catalog=bbb;Integrated Security=False;User ID=ccc@aaa;Password=ddd;"
3 | # pscale
4 | "server=127.0.0.1;uid=root;pwd=pscale_pw_fAagpYk49fh0rvL-Ag-7J3HMq6oXk7p1ObLDn4PLHO8;database=test"
5 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/datadog_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "datadog_api_key","DataDog API key","b4e67dacb27d549802aaa27029da59b8f877df1d939096f0bd5cd5b9ff0d2266","vendors/datadog.txt","2","2","12","44",
3 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/datadog_app_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "datadog_app_key","DataDog APP key","24d8f4e4081d8eda2006bb23752167e6e1a81a8506969397efc1c827f8dfe1ca","vendors/datadog.txt","3","3","12","52",
3 | 


--------------------------------------------------------------------------------
/password_store/meta.json:
--------------------------------------------------------------------------------
1 | {"id":2,"title":"Foo","encryption":"aes","created_at":"2023-04-28T14:33:09.863337+01:00","updated_at":"2023-04-28T14:33:09.863337+01:00","expired_at":"0001-01-01T00:00:00Z","prune":false,"notified":false,"compressed":false,"pinned":false,"size":199,"next_id":1}
2 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/grafana_api_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "grafana_api_token","Grafana API token","feb26c1fdafee077295232efc68397442bb9fc3d0d35bbbde6ec6d1fa049170e","vendors/grafana.txt","5","5","23","73",
3 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/sentry_dsn_secret.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "sentry_dsn_secret","Sentry DSN secret","2fc5e22335f9768d8bb6bef6a8d8cb067b9b3d6f7eed1131f80a3081cb11dd13","vendors/sentry_dsn.txt","1","1","42","74",
3 | 


--------------------------------------------------------------------------------
/vendors/okta.txt:
--------------------------------------------------------------------------------
1 | okta_token="00RCsRGyrF9QzBe0rnWmw221UeclqRXFQGEJFdhAFM"
2 | oktaSecret: 00O_nrlVErNTMYhMjaMj7Q5pZh_Z4Gj8JK_r_CZlyz
3 | "okta_secret": "00haado-dvHzVSCb7wPf1fnrAA0KGReQxdh6-eFUj4"
4 | okta_key:00iqMOKIplUddEWA5WEM4YwOkw7RXeGw31lFCMTvZ2
5 | okta_key:00123456789987654321456987412358


--------------------------------------------------------------------------------
/configs/web.config:
--------------------------------------------------------------------------------
1 | <machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B" decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F"
2 | validation="SHA1" decryption="AES" />
3 | 


--------------------------------------------------------------------------------
/uri/__snapshots__/hardcoded_internal_urls.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "hardcoded_internal_urls","Hardcoded Internal URLs","100680ad546ce6a577f42f52df33b4cfdca756859e664b8d7de329b150d09ce9","uri/email.js","7","7","14","33",
3 | 


--------------------------------------------------------------------------------
/uri/ipv4.txt:
--------------------------------------------------------------------------------
 1 | 4.4.4.4 is the IP for the Google DNS server
 2 | 
 3 | https://192.168.1.1/hello is a URL with a private IP address in it
 4 | 
 5 | This is a FP: 1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1
 6 | 
 7 | This is a version string: v1.1.1.2
 8 | 
 9 | This is also a version string: 1.0.1.0-beta
10 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/sentry_webpack_plugin_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "sentry_webpack_plugin_token","Sentry webpack plugin token","cc75443d8979fe5cdbdf2de55b822ec8b63bc55348c2e451b46b19f4746885ca","vendors/webpack_sentry.js","7","7","22","54",
3 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/github_actions_sha_checker.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "github_actions_sha_checker","GitHub Actions SHA Checker","4d3f15563a592095caa4092b45d768c848f4b174f33aad40d5bda8e42cb34d0a",".github/workflows/validate.yml","26","26","15","64",
3 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/sentry_terraform_provider_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "sentry_terraform_provider_token","Sentry Terraform provider token","35ab52a17f6ba835f9243d9fd1549534ff663ce66f30660022f47c004be622bd","vendors/terraform.tf","10","10","12","76",
3 | 


--------------------------------------------------------------------------------
/database/__snapshots__/database_connection_string_3.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "database_connection_string_3","Database Connection String (3)","49924b9a100a8aa9dab6014398ed23d567f59036f14de87175387fbc02dba7cc","database/docker_sqlserver.yml","14","14","122","133",
3 | 


--------------------------------------------------------------------------------
/update_markdown.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | if [ -z "$SECRET_SCANNING_TOOLS_PATH" ]; then
4 |   export SECRET_SCANNING_TOOLS_PATH="${HOME}"/secret-scanning-tools
5 |   echo "Defaulting to SECRET_SCANNING_TOOLS_PATH=${SECRET_SCANNING_TOOLS_PATH}"
6 | fi
7 | 
8 | CUSTOM_PATTERNS_PATH=$PWD "${SECRET_SCANNING_TOOLS_PATH}"/examples/update_custom_patterns_readme.sh
9 | 


--------------------------------------------------------------------------------
/uri/email.js:
--------------------------------------------------------------------------------
 1 | 
 2 | const maintainerEmail = "email@gmail.com";
 3 | 
 4 | const securityEmailAddress = "security@example.com";
 5 | const accountingEmailAddress = "accounting@example.com";
 6 | 
 7 | const uri = "https://example.com"
 8 | const uriUsername = "https://username@example.com"
 9 | const uriUsernamePath = "https://username@example.com/path"
10 | 


--------------------------------------------------------------------------------
/.devcontainer/devcontainer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "advanced-security/secret-scanning-custom-patterns",
 3 |     "extensions": [
 4 |         "github.copilot"
 5 |     ],
 6 |     "settings": {
 7 |         "editor.formatOnSave": true
 8 |     },
 9 |     "postCreateCommand": "git submodule init && git submodule update --recursive && pipenv install --system"
10 | }


--------------------------------------------------------------------------------
/configs/mysql/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '3.1'
 2 | 
 3 | services:
 4 |   db:
 5 |     image: mysql
 6 |     restart: always
 7 |     environment:
 8 |       MYSQL_ROOT_PASSWORD: SecretMySQLR00tPassword
 9 |       MYSQL_USER: wordpress
10 |       # ISSUE
11 |       MYSQL_PASSWORD: MySQLPassword
12 | 
13 |   adminer:
14 |     image: adminer
15 |     restart: always
16 |     ports:
17 |       - 8080:8080
18 | 


--------------------------------------------------------------------------------
/jwt/test_jwt.txt:
--------------------------------------------------------------------------------
1 | token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjM2MzcxNDkzLCJleHAiOjE5NTE5NDc0OTN9.T365h6AcgnvibAWvN_rIiaFnOK5R1ZGqdEkPI45zsNs
2 | token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYXVkIjoiYXRsYXNzaWFuIiwiaWF0IjoxNTE2MjM5MDIyLCJhbm90aGVyX2ZpZWxkIjoidmFsdWUifQ.ez5bJeF93WXSU-dCWlZVFlTl_inJCYVFFLOo1JBIsh0
3 | 
4 | 


--------------------------------------------------------------------------------
/rsa/__snapshots__/ssh_public_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "ssh_public_key","SSH Public Key","2d19538db131e38a5a60e9431dbdae2ca8cd74df0ccc5ca315dbd399997265e7","ssh/ssh_rsa.pub","1","1","1","553",
3 | "ssh_public_key","SSH Public Key","2d19538db131e38a5a60e9431dbdae2ca8cd74df0ccc5ca315dbd399997265e7","rsa/ssh_rsa.pub","1","1","1","553",
4 | 


--------------------------------------------------------------------------------
/rsa/__snapshots__/ssh_private_keys.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "ssh_private_keys","SSH Private Keys","aa0ecbfe194925a35a44b1c801ac58fececb6ee9e7f2480c0598f4cb33235908","ssh/ssh_rsa","1","39","4","31",
3 | "ssh_private_keys","SSH Private Keys","aa0ecbfe194925a35a44b1c801ac58fececb6ee9e7f2480c0598f4cb33235908","rsa/ssh_rsa","1","39","4","31",
4 | 


--------------------------------------------------------------------------------
/uri/ipv4_random.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | # =====================
 3 | # True Findings (any IPs)
 4 | # =====================
 5 | 
 6 | 1.1.1.1
 7 | 8.8.8.8
 8 | 127.0.0.1
 9 | 
10 | 
11 | u = url("https://192.168.0.10")
12 | 
13 | 
14 | # =====================
15 | # False Positives
16 | # =====================
17 | 
18 | 
19 | # Chrome build ID
20 | 105.0.5195.102      # The 3rd part of the version is 4 chars long
21 | v105.0.5195.102
22 | 


--------------------------------------------------------------------------------
/rsa/__snapshots__/gpg_private_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "gpg_private_key","GPG Private Key","dc028436592c7dd34fbdf69fb74de230ace70928848e1cdfa6baad29bd13641c","gpg/GeekMasher GPG.asc","1","106","4","33",
3 | "gpg_private_key","GPG Private Key","dc028436592c7dd34fbdf69fb74de230ace70928848e1cdfa6baad29bd13641c","rsa/GeekMasher GPG.asc","1","106","4","33",
4 | 


--------------------------------------------------------------------------------
/jwt/example.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | // secret: jwt
 3 | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
 4 | 
 5 | 
 6 | # ====================
 7 | # False Positives
 8 | # ====================
 9 | 
10 | # false-positive: Random Python snippet
11 | exclude_editable=options.exclude_editable
12 | error_handler=settings.error_encoding_error_handler
13 | 


--------------------------------------------------------------------------------
/vendors/webpack_sentry.js:
--------------------------------------------------------------------------------
 1 | var config = {
 2 |     plugins: [
 3 |         new SentryPlugin({
 4 |             // Sentry options are required
 5 |             organization: 'your-organization-name',
 6 |             project: 'your-project-name',
 7 |             apiKey: '1234567890abcdef1234567890abcdef',
 8 | 
 9 |             // Release version name/hash is required
10 |             release: process.env.GIT_SHA
11 |         })
12 |     ]
13 | }
14 | 


--------------------------------------------------------------------------------
/.vscode/settings.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "python.testing.unittestArgs": [
 3 |         "-v",
 4 |         "-s",
 5 |         "./tests",
 6 |         "-p",
 7 |         "test_*.py"
 8 |     ],
 9 |     "python.testing.pytestEnabled": false,
10 |     "python.testing.nosetestsEnabled": false,
11 |     "python.testing.unittestEnabled": true,
12 |     "editor.formatOnSave": true,
13 |     "python.formatting.provider": "black",
14 |     "restructuredtext.confPath": "${workspaceFolder}\\docs"
15 | }


--------------------------------------------------------------------------------
/jwt/__snapshots__/jwt.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "jwt","JWT","41518c9bfcd52b05477092be12d113332a71feff5bb18ace54ba886d4885f99e","jwt/test_jwt.txt","2","2","7","218",
3 | "jwt","JWT","1676bd1c75bda462c41749835f9c65ca1fcf006c8dbaddfc4498f897a8cc068d","jwt/owasp-juice-shop.ts","264","264","79","775",
4 | "jwt","JWT","7f75367e7881255134e1375e723d1dea8ad5f6a4fdb79d938df1f1754a830606","jwt/example.txt","2","2","1","156",
5 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/azure_sql_connection_string.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "azure_sql_connection_string","Azure SQL Connection String","bafd067904385cb71cf71b22e0fb5d579836392230cdb981d652bb5aeb646fef","vendors/azure.js","2","2","13","47",
3 | "azure_sql_connection_string","Azure SQL Connection String","fcdaf324b609297bec70987b77b8005d447fbe7ab87c619e7477f9045d346a4f","database/connection_strings.txt","2","2","18","42",
4 | 


--------------------------------------------------------------------------------
/database/__snapshots__/database_connection_string_1.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "database_connection_string_1","Database Connection String (1)","a2cd975fd6bce0de91cbc30e7b11d9b572d5a75a05650d859379ec4c4ce7a4ca","database/connection_strings.txt","4","4","32","85",
3 | "database_connection_string_1","Database Connection String (1)","730f75dafd73e047b86acb2dbd74e75dcb93272fa084a9082848f2341aa1abb6","database/connection_strings.txt","2","2","119","122",
4 | 


--------------------------------------------------------------------------------
/vendors/not_okta.txt:
--------------------------------------------------------------------------------
 1 | # just hex digits
 2 | 000102030405060708090a0b0c0d0e0f1020304050
 3 | 
 4 | # a label for a test
 5 | 0000001_this_is_a_very_long_label_for_test
 6 | 
 7 | # a number with an exponent
 8 | 0012345678910111213141516171819202122e-456
 9 | 
10 | # a hex number ending in 'x' to show it is hex
11 | 000102030405060708090a0b0c0d0e0f102030405x
12 | 
13 | # some build logs
14 | 0000000000003683_0000000000000001Archiving
15 | 005684341886080801486968994140625Adjusting
16 | 0088817841970012523233890533447265625Error
17 | 


--------------------------------------------------------------------------------
/rsa/__snapshots__/generic_rsa_keys.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "generic_rsa_keys","Generic RSA keys","e11cbf5a9ff8ddfad4406b45ccb07d3af39bbbac1f2c2ef43968d8a88670d7f7","rsa/rsa.js","3","3","24","898",
3 | "generic_rsa_keys","Generic RSA keys","aa0ecbfe194925a35a44b1c801ac58fececb6ee9e7f2480c0598f4cb33235908","ssh/ssh_rsa","1","39","4","31",
4 | "generic_rsa_keys","Generic RSA keys","aa0ecbfe194925a35a44b1c801ac58fececb6ee9e7f2480c0598f4cb33235908","rsa/ssh_rsa","1","39","4","31",
5 | 


--------------------------------------------------------------------------------
/rsa/ssh_rsa.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEVWukBBQA8AW5k0ryyKopARtsKJOLNX3poqFq4cg9B/8ljUlITOhHI1tOZgGxKH7ccOhp0JthndieHsh+KloW7VPPMqDH/l9+s9dz3d1TI8Yhna35KNPHQnTFydkHfcciX00ns5X7XKDYrx11LpmSshUHe7I9zJ4BXzrxfdQ3sPgegtvnQxo7teF5oy1coG7xTIybkqHF5jWl4ttIjh7BtAN2kxRwBLpfux3lUFFJkynE7hWHJDSjnV9K7pt1a6yT4BJhNXjQlE6PKvwhJUNNbl9PiXFnkkOxs581IrZFZdWwNZIY5EhzkjOvL/6AGt33leEZYRNC2xqKhZOnKrAvqHFvcYBAY7nme723Aw1j8HWKI/X+lnBgu+EKNFBzVKWzuaSTAkYZZTpkNRmSldj5Nimbw6jqEH6MZA8JfL+kHsj4uknjK2ucX37khTWQHP2IVKnkpYejKLDdrTc98DeMlbCer+jipHr+OmdNgDdnZr5UWCUNYicVSZzpsGRq+/U= random-device
2 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/django_secret_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "django_secret_key","Django Secret Key","fa0417793c67e8d9d29e6bc4f6cf1921fe161175c74f3ca0db1f42932218c200","configs/django/settings.py","3","3","15","33",
3 | "django_secret_key","Django Secret Key","54db0de80e3ae79d07f98e12af49746e2843698f14d05dd9cf9ba7a98bcda680","configs/django/settings.py","2","2","15","33",
4 | "django_secret_key","Django Secret Key","b6d52772ab642ce96361ca02bfc467ff9dbe90f86d98dde035d4b6f66b48c8bc","configs/django/settings.py","3","3","15","33",
5 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/false-positive.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Report False Positive
 3 | about: Report False Positive using a custom Secret Scanning Pattern
 4 | title: 'False Positive - {{ name }}'
 5 | labels: false-positive
 6 | assignees: 'GeekMasher'
 7 | 
 8 | ---
 9 | 
10 | ### Pattern Name / Description
11 | <!-- Provide the name or location of the pattern -->
12 | 
13 | 
14 | ### Sample Snippet
15 | <!-- Provide a sample of the False Positive -->
16 | 
17 | ```
18 | [snippet]
19 | ```
20 | 
21 | ### [optional] Propose Solution
22 | <!-- Please provide a solution to the issue of the False Positives -->
23 | 
24 | ```regex
25 | [suggestion]
26 | ```
27 | 


--------------------------------------------------------------------------------
/testing/Makefile:
--------------------------------------------------------------------------------
 1 | all: requirements lint
 2 | .PHONY: lint requirements
 3 | 
 4 | requirements:
 5 | 	sudo apt-get -qq install libpcre3-dev
 6 | 	python3 -m pip install -r requirements.txt > /dev/null 
 7 | 
 8 | lint:
 9 | 	python3 -m pip install -r dev-requirements.txt > /dev/null
10 | 	python3 -m yapf -i --style='{based_on_style: google, column_limit: 120, indent_width: 4}' test.py
11 | 	ruff --ignore=E501 test.py
12 | 	python3 -m flake8 --ignore=E501,W504,E124 test.py
13 | 	yes | python3 -m mypy --install-types
14 | 	python3 -m mypy --no-error-summary --ignore-missing-imports --strict test.py
15 | 	python3 -m bandit --quiet -r . # --configfile bandit.yml
16 | 
17 | 


--------------------------------------------------------------------------------
/uri/database.txt:
--------------------------------------------------------------------------------
 1 | # MySQL
 2 | mysql://sandy:seKr1t@myhost1:1111/db
 3 | 
 4 | # SMTP (encoded values)
 5 | smtp://foobar%40example.com:p4ssw0rd@smtp.example.com:465
 6 | 
 7 | # FTP (random)
 8 | ftp://test:hN6nQYPpsja3@example.com:22
 9 | # FTP (URL encoded password)
10 | ftp://test:g%40hxUFb-3aA!@example.com:22
11 | 
12 | # ====================
13 | # False Positives
14 | # ====================
15 | 
16 | # Actions Env Vars
17 | https://repository-sync:${{ secrets.ALL_REPOSITORIES_SECRET }}@github.com/${{ env.PRIVATE_REPOSITORY }}.git
18 | # Env Vars
19 | https://repository-sync:$ALL_REPOSITORIES_SECRET@github.com/test.git
20 | 
21 | # FTP (no password in string)
22 | ftp://test@example.com:22
23 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/sentry_api_key.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "sentry_api_key","Sentry API Key","cc75443d8979fe5cdbdf2de55b822ec8b63bc55348c2e451b46b19f4746885ca","vendors/sentry.sh","4","4","22","54",
3 | "sentry_api_key","Sentry API Key","cc75443d8979fe5cdbdf2de55b822ec8b63bc55348c2e451b46b19f4746885ca","vendors/sentry.properties","2","2","14","46",
4 | "sentry_api_key","Sentry API Key","cc75443d8979fe5cdbdf2de55b822ec8b63bc55348c2e451b46b19f4746885ca","vendors/.sentryclirc","3","3","9","41",
5 | "sentry_api_key","Sentry API Key","cc75443d8979fe5cdbdf2de55b822ec8b63bc55348c2e451b46b19f4746885ca","vendors/dotenv","2","2","16","48",
6 | 


--------------------------------------------------------------------------------
/SUPPORT.md:
--------------------------------------------------------------------------------
 1 | # Support
 2 | 
 3 | ## How to file issues and get help
 4 | 
 5 | This project uses GitHub issues to track bugs and feature requests.
 6 | Please search the existing issues before filing new issues to avoid duplicates.
 7 | For new issues, file your bug or feature request as a new issue.
 8 | 
 9 | For help or questions about using this project, please use the GitHub Discussions.
10 | 
11 | This repository is under active development and maintained by GitHub staff and the community.
12 | We will do our best to respond to support, feature requests, and community questions in a timely manner.
13 | 
14 | ## GitHub Support Policy
15 | 
16 | Support for this project is limited to the resources listed above.
17 | 


--------------------------------------------------------------------------------
/uri/app.py:
--------------------------------------------------------------------------------
 1 | from flask import Flask, render_template
 2 | from flask_sqlalchemy import SQLAlchemy
 3 | 
 4 | app = Flask(__name__)
 5 | app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql://python:HelloSecretScanning@myhost1:1111/db'
 6 | db = SQLAlchemy(app)
 7 | 
 8 | class User(db.Model):
 9 |     id = db.Column(db.Integer, primary_key=True)
10 |     username = db.Column(db.String(80), unique=True, nullable=False)
11 |     email = db.Column(db.String(120), unique=True, nullable=False)
12 | 
13 |     def __repr__(self):
14 |         return '<User %r>' % self.username
15 | 
16 | @app.route("/")
17 | def index():
18 |     return render_template("index.html")
19 | 
20 | if __name__ == "__main__":
21 |     app.run('0.0.0.0', 5000)
22 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/sentry_auth_token.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "sentry_auth_token","Sentry Auth Token","35ab52a17f6ba835f9243d9fd1549534ff663ce66f30660022f47c004be622bd","vendors/sentry.sh","3","3","25","89",
3 | "sentry_auth_token","Sentry Auth Token","35ab52a17f6ba835f9243d9fd1549534ff663ce66f30660022f47c004be622bd","vendors/sentry.properties","1","1","12","76",
4 | "sentry_auth_token","Sentry Auth Token","35ab52a17f6ba835f9243d9fd1549534ff663ce66f30660022f47c004be622bd","vendors/.sentryclirc","2","2","7","71",
5 | "sentry_auth_token","Sentry Auth Token","35ab52a17f6ba835f9243d9fd1549534ff663ce66f30660022f47c004be622bd","vendors/dotenv","1","1","19","83",
6 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/pattern-request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Pattern Request
 3 | about: Request a new custom pattern for Secret Scanning
 4 | title: 'Pattern Request'
 5 | labels: enhancement
 6 | assignees: 'GeekMasher'
 7 | 
 8 | ---
 9 | 
10 | ### Name / Description
11 | <!-- Provide the name or a description of the pattern requested -->
12 | 
13 | 
14 | ### Sample Snippets
15 | <!-- Provide a sample of both True Positives and False Positive -->
16 | 
17 | **True Positives**
18 | 
19 | ```
20 | [snippet]
21 | ```
22 | 
23 | **False Positives**
24 | 
25 | ```
26 | [snippet]
27 | ```
28 | 
29 | ### [optional] Propose Solution
30 | <!-- Please provide a solution to the issue of the False Positives -->
31 | 
32 | ```regex
33 | [suggestion]
34 | ```
35 | 


--------------------------------------------------------------------------------
/uri/__snapshots__/hardcoded_internal_emails.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "hardcoded_internal_emails","Hardcoded Internal Emails","795bcb4bf560f9867afb3de2d0d3a94976324007c45ea099ec14e90231540547","uri/email.js","8","8","30","50",
3 | "hardcoded_internal_emails","Hardcoded Internal Emails","1e670f7a76058ba5edcb9cb0f58f167fc08569a44b5b983a91295c15b70c36e6","uri/email.js","5","5","33","55",
4 | "hardcoded_internal_emails","Hardcoded Internal Emails","786906db96ef646937f205d3e7398630ce2e97df5364baf31b81ef84f1386c3f","uri/email.js","4","4","31","51",
5 | "hardcoded_internal_emails","Hardcoded Internal Emails","973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b","uri/database.txt","12","12","7","23",
6 | 


--------------------------------------------------------------------------------
/common/top-passwords-shortlist.txt:
--------------------------------------------------------------------------------
 1 | password=p@55w0rd
 2 | password=adm!n
 3 | password=t3mporary
 4 | password=Am3r1cA
 5 | password=indi@
 6 | password=mumb4i
 7 | password=1234567
 8 | password=abcdef
 9 | password=123
10 | password=1qaz
11 | password=qwerty
12 | password=m0nkey
13 | password=letmein
14 | password=drag0n
15 | password=0000000
16 | password=bA$k3tb4ll
17 | password=s0cc3r
18 | password=iloveyou
19 | password=tru5tn01
20 | password=Sun5h1ne
21 | password=m45ter
22 | password=w3lcome
23 | password=shad0w
24 | password=ashl3y
25 | password=f00tb@l
26 | password=j35us
27 | password=m1chAel
28 | password=n1nja
29 | password=mu5tang
30 | password=chrysler
31 | password=t0yot4
32 | password=w1nt3r
33 | password=spr1ng
34 | password=summ3r
35 | password=f@ll
36 | password=4utumn


--------------------------------------------------------------------------------
/database/docker_sqlserver.yml:
--------------------------------------------------------------------------------
 1 | version: "3"
 2 | services:
 3 |     web-balea:
 4 |         image: web
 5 |         container_name: web
 6 |         ports:
 7 |             - 8060:80
 8 |         build:
 9 |             context: ..
10 |             dockerfile: build/DockerfileEfCore
11 |         depends_on:
12 |             - sqlserver
13 |         environment:
14 |             - ConnectionStrings__Default=Server=tcp:sqlserver,1433;Initial Catalog=ContosoUniversity;User Id=sa;Password=Password12!
15 |             - ASPNETCORE_ENVIRONMENT=Development
16 |     sqlserver:
17 |         image: mcr.microsoft.com/mssql/server
18 |         restart: always
19 |         ports:
20 |             - 5433:1433
21 |         environment:
22 |             - ACCEPT_EULA=Y
23 |             - SA_PASSWORD=Password12!
24 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/iban.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "iban","IBAN","97486347bf79e40253a1191986ad4d3709e7ad5017bae24e4f9ddf3cba52aeab","pii/iban.txt","7","7","1","34",
3 | "iban","IBAN","61ec5f563d04fadee9b813245a0a60a5ca45b4ace124590d70723146e47e94de","pii/iban.txt","8","8","1","34",
4 | "iban","IBAN","98e4ab9904d6f7f48effecc7d988d78a1d0904e0100cb00ca79e5d3977cfeec1","pii/iban.txt","3","3","1","23",
5 | "iban","IBAN","767d9c95a175562396b3d5a5dacf27a5200277cd587fda0980fe9974cfcd926e","pii/iban.txt","5","5","1","28",
6 | "iban","IBAN","14c34fcf5b6069e9e36fa6a630c6052e14d7f4d06168c99302b879a9cbac59b0","pii/iban.txt","6","6","1","28",
7 | "iban","IBAN","1ce5bb0fa1a749c9ebf9ab066b92d57e9d10c2d0dd308ed85ceaea2381fb494e","pii/iban.txt","4","4","1","28",
8 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/credit_cards_american_express.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "credit_cards_american_express","Credit Cards - American Express","c4fdb6f6c2740911ac19e48600164e3b6d1b9fa26ba9a23a3aee7404a6e11617","pii/credit-cards.txt","29","29","1","16",
3 | "credit_cards_american_express","Credit Cards - American Express","273476b83f26d858e3e62e1fc042e06961ed9229a428156d7ccfa096297267ff","pii/credit-cards.txt","28","28","1","16",
4 | "credit_cards_american_express","Credit Cards - American Express","53a8fc816e63b7a5ccd17aaff93f28bcf13abbf418209dcd93947722d7c326ba","pii/credit-cards.txt","27","27","1","16",
5 | "credit_cards_american_express","Credit Cards - American Express","3a134ef77d4e2e4cdad2d2945ff1f76c1a23296c93c851f6244220a8cedea130","pii/credit-cards.txt","26","26","1","16",
6 | 


--------------------------------------------------------------------------------
/rsa/rsa.js:
--------------------------------------------------------------------------------
1 | 
2 | // Sample from Juice-Shop
3 | const privateKey = '-----BEGIN RSA PRIVATE KEY-----\r\nMIICXAIBAAKBgQDNwqLEe9wgTXCbC7+RPdDbBbeqjdbs4kOPOIGzqLpXvJXlxxW8iMz0EaM4BKUqYsIa+ndv3NAn2RxCd5ubVdJJcX43zO6Ko0TFEZx/65gY3BE0O6syCEmUP4qbSd6exou/F+WTISzbQ5FBVPVmhnYhG/kpwt/cIxK5iUn5hm+4tQIDAQABAoGBAI+8xiPoOrA+KMnG/T4jJsG6TsHQcDHvJi7o1IKC/hnIXha0atTX5AUkRRce95qSfvKFweXdJXSQ0JMGJyfuXgU6dI0TcseFRfewXAa/ssxAC+iUVR6KUMh1PE2wXLitfeI6JLvVtrBYswm2I7CtY0q8n5AGimHWVXJPLfGV7m0BAkEA+fqFt2LXbLtyg6wZyxMA/cnmt5Nt3U2dAu77MzFJvibANUNHE4HPLZxjGNXN+a6m0K6TD4kDdh5HfUYLWWRBYQJBANK3carmulBwqzcDBjsJ0YrIONBpCAsXxk8idXb8jL9aNIg15Wumm2enqqObahDHB5jnGOLmbasizvSVqypfM9UCQCQl8xIqy+YgURXzXCN+kwUgHinrutZms87Jyi+D8Br8NY0+Nlf+zHvXAomD2W5CsEK7C+8SLBr3k/TsnRWHJuECQHFE9RA2OP8WoaLPuGCyFXaxzICThSRZYluVnWkZtxsBhW2W8z1b8PvWUE7kMy7TnkzeJS2LSnaNHoyxi7IaPQUCQCwWU4U+v4lD7uYBw00Ga/xt+7+UqFPlPVdz1yyr4q24Zxaw0LgmuEvgU5dycq8N7JxjTubX0MIRR+G9fmDBBl8=\r\n-----END RSA PRIVATE KEY-----'
4 | 


--------------------------------------------------------------------------------
/uri/__snapshots__/hardcoded_uri_passwords.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "hardcoded_uri_passwords","Hardcoded URI Passwords","2fc5e22335f9768d8bb6bef6a8d8cb067b9b3d6f7eed1131f80a3081cb11dd13","vendors/sentry_dsn.txt","1","1","42","74",
3 | "hardcoded_uri_passwords","Hardcoded URI Passwords","670d9743542cae3ea7ebe36af56bd53648b0a1126162e78d81a32934a711302e","uri/non-english.txt","1","1","20","26",
4 | "hardcoded_uri_passwords","Hardcoded URI Passwords","90c845ce035506552f1cebd41b7ee96de25ff9824fc8dc3c96c015c020df0b0a","uri/database.txt","10","10","12","26",
5 | "hardcoded_uri_passwords","Hardcoded URI Passwords","c8f3d9dd0940a3b8e20b17543ac3c4367deb45552f3facabf185b1b522da78ff","uri/database.txt","8","8","12","24",
6 | "hardcoded_uri_passwords","Hardcoded URI Passwords","c01256aed0068fea1fc790b889e2bbe13a345b84bb0232c34a7f3ae43c5eb812","uri/app.py","5","5","57","76",
7 | 


--------------------------------------------------------------------------------
/.github/workflows/validate.yml:
--------------------------------------------------------------------------------
 1 | name: Results Validation
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [main, develop]
 6 |   pull_request:
 7 |     branches: [main, develop]
 8 | 
 9 |   workflow_dispatch:
10 | 
11 | jobs:
12 |   run:
13 |     runs-on: ubuntu-latest
14 | 
15 |     permissions:
16 |       security-events: write
17 | 
18 |     steps:
19 |       - uses: actions/checkout@v4
20 | 
21 |       - name: Get Token
22 |         id: get_workflow_token
23 |         uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 #v3.0.0
24 |         with:
25 |           application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
26 |           application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
27 | 
28 |       - name: Validate results against snapshot
29 |         uses: advanced-security/secret-scanning-tools@v1
30 |         with:
31 |           mode: validate
32 |           token: ${{ steps.get_workflow_token.outputs.token }}
33 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/yaml_static_password_fields.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "yaml_static_password_fields","YAML Static Password Fields","07afada2d81267b59eea355307a3ee3f1be5132ce91123e64869cf4ffaf93615","jwt/owasp-juice-shop.ts","218","218","20","56",
3 | "yaml_static_password_fields","YAML Static Password Fields","544e62cee8033709e389e5b2755343d0d0fa8c4850215cfb6331717e80d1aea3","jwt/owasp-juice-shop.ts","207","207","20","52",
4 | "yaml_static_password_fields","YAML Static Password Fields","b34e5475b55d84c7de90e07142d9427477c757a46a8e8712f7bc2f92dd6c6473","jwt/owasp-juice-shop.ts","43","43","20","29",
5 | "yaml_static_password_fields","YAML Static Password Fields","9f214b49fafc432e116884a5244442203267f200e72c6ad3ad4dbfd7b0f089c3","jwt/owasp-juice-shop.ts","146","146","22","37",
6 | "yaml_static_password_fields","YAML Static Password Fields","1e744b6a3177a1165c1d67ccfe8989267e8364189d9124aa87a756aa219db83c","configs/example.yml","5","5","15","38",
7 | 


--------------------------------------------------------------------------------
/testing/README.md:
--------------------------------------------------------------------------------
 1 | # Test Custom Secret Scanning patterns
 2 | 
 3 | This test Python script uses Intel's `hyperscan` to test custom GitHub Advanced Security Secret Scanning patterns.
 4 | 
 5 | ## Usage
 6 | 
 7 | First run `make requirements` to install required dependencies.
 8 | 
 9 | ``` bash
10 | ./test.py
11 | ```
12 | 
13 | By default it searches the directory above the `testing` directory for `pattern.yml` files, and tests those patterns on the same directory that file was found in.
14 | 
15 | or
16 | 
17 | ``` bash
18 | ./test.py --tests <directory>
19 | ```
20 | 
21 | For full usage use `./test.py --help`
22 | 
23 | ## Requirements
24 | 
25 | This only works on Intel-compatible platforms, since `hyperscan` is an Intel application and written to use Intel-specific instructions.
26 | 
27 | * Python 3.9
28 | * `hyperscan` module, which provides Python bindings to Intel's Hyperscan
29 | * `python-pcre` module, which provides Python bindings to libPCRE
30 | 
31 | ## Development notes
32 | 
33 | Please run `make lint` after any changes
34 | 
35 | 


--------------------------------------------------------------------------------
/pii/credit-cards.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | # ====================
 3 | # Credit Card Numbers
 4 | # ====================
 5 | - https://www.paypalobjects.com/en_GB/vhelp/paypalmanager_help/credit_card_numbers.htm
 6 | - https://support.bluesnap.com/docs/test-credit-card-numbers
 7 | 
 8 | ### MasterCard
 9 | 
10 | 5555555555554444
11 | 5105105105105100
12 | 5425233430109903
13 | 2222420000001113
14 | 2223000048410010
15 | 
16 | 
17 | ### Visa
18 | 
19 | 4111111111111111    (new format)
20 | 4012888888881881    (new format)
21 | 4222222222222	    (old format)
22 | 
23 | 
24 | ### American Express
25 | 
26 | 378282246310005
27 | 371449635398431
28 | 378734493671000
29 | 374245455400126
30 | 378282246310005
31 | 
32 | 
33 | ### Australian BankCard
34 | 
35 | 5610591081018250
36 | 
37 | 
38 | ### Diners Club
39 | 
40 | 30569309025904
41 | 38520000023237
42 | 
43 | 
44 | # Discover
45 | 
46 | 6011111111111117
47 | 6011000990139424
48 | 
49 | ### JCB
50 | 
51 | 3530111333300000
52 | 3566002020360505
53 | 
54 | 
55 | ### Dankort (PBS)
56 | 
57 | 76009244561
58 | 5019717010103742
59 | 
60 | ### Switch/Solo (Paymentech)
61 | 
62 | 6331101999990016
63 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 GitHub
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/vendors/__snapshots__/okta_token.csv:
--------------------------------------------------------------------------------
 1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
 2 | "okta_token","Okta token","35821823b599572690b53eb1c3790b5321404dc2d1aeab9bd1dafa659175a3b8","okta/token.txt","4","4","10","52",
 3 | "okta_token","Okta token","35821823b599572690b53eb1c3790b5321404dc2d1aeab9bd1dafa659175a3b8","vendors/okta.txt","4","4","10","52",
 4 | "okta_token","Okta token","09923263914c7c1ec55a644b427b880723e9824c911be686466802dd48ac65f6","okta/token.txt","3","3","17","59",
 5 | "okta_token","Okta token","09923263914c7c1ec55a644b427b880723e9824c911be686466802dd48ac65f6","vendors/okta.txt","3","3","17","59",
 6 | "okta_token","Okta token","a545ff8376db626ff2f47e6c2c5873cdc9d69c328e0ebb59a7341ca8be475086","okta/token.txt","1","1","13","55",
 7 | "okta_token","Okta token","a545ff8376db626ff2f47e6c2c5873cdc9d69c328e0ebb59a7341ca8be475086","vendors/okta.txt","1","1","13","55",
 8 | "okta_token","Okta token","0325196f39785e7082af6c696608caf612b3500b94d2f1b7cff77a06c0dc5219","okta/token.txt","2","2","13","55",
 9 | "okta_token","Okta token","0325196f39785e7082af6c696608caf612b3500b94d2f1b7cff77a06c0dc5219","vendors/okta.txt","2","2","13","55",
10 | 


--------------------------------------------------------------------------------
/.github/workflows/unit-tests.yml:
--------------------------------------------------------------------------------
 1 | name: Unit Tests with hyperscan
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [main, develop]
 6 |   pull_request:
 7 |     branches: [main, develop]
 8 | 
 9 |   workflow_dispatch:
10 | 
11 | jobs:
12 |   run:
13 |     runs-on: ubuntu-latest
14 | 
15 |     permissions:
16 |       security-events: write
17 | 
18 |     steps:
19 |       - name: Checkout custom patterns
20 |         uses: actions/checkout@v4
21 | 
22 |       - name: Checkout secret-scanning-tools
23 |         uses: actions/checkout@v4
24 |         with:
25 |           repository: "advanced-security/secret-scanning-tools"
26 |           path: "secret-scanning-tools"
27 | 
28 |       - name: Install dependencies
29 |         run: |
30 |           cd "${GITHUB_WORKSPACE}"/secret-scanning-tools/secretscanning
31 |           sudo apt-get -qq update
32 |           sudo apt-get -qq install libpcre3-dev
33 |           python3 -mpip -q install -r requirements.txt
34 |           python3 -mpip -q install tqdm
35 | 
36 |       - name: Unit Test patterns with hyperscan
37 |         run: |
38 |           cd "${GITHUB_WORKSPACE}"/secret-scanning-tools/secretscanning
39 |           python3 ./test.py --tests "${GITHUB_WORKSPACE}" --exclude django_secret_key
40 | 


--------------------------------------------------------------------------------
/vendors/datadog.txt:
--------------------------------------------------------------------------------
 1 | # env vars
 2 | DD_API_KEY=01000000000000000000000000000000
 3 | DD_APP_KEY=0100000000000000000000000000000000000000
 4 | 
 5 | # some other config format
 6 | DATADOG_API_KEY = "01000000000000000000000000000000"
 7 | DATADOG_APP_KEY= "0100000000000000000000000000000000000000"
 8 | 
 9 | # YAML
10 | datadog_api_key: 01000000000000000000000000000000
11 | datadog_app_key: 0100000000000000000000000000000000000000
12 | 
13 | # Docker
14 | env:
15 |   - name: DD_AP_KEY
16 |     value: "01000000000000000000000000000000"
17 |   - name: DATADOG_APP_KEY
18 |     value: "0100000000000000000000000000000000000000"
19 | 
20 | # Winston config
21 | new DataDogWinston({
22 |     apiKey:'01000000000000000000000000000000'
23 |     appKey:'0100000000000000000000000000000000000000'
24 | });
25 | 
26 | # shell script use of terraformer
27 | terraformer import datadog --api-key=01000000000000000000000000000000 --app-key==0100000000000000000000000000000000000000
28 | 
29 | # content of .tf file
30 | provider "datadog" {
31 | 	api_key = "01000000000000000000000000000000"
32 | 	app_key = "0100000000000000000000000000000000000000"
33 | }
34 | 
35 | # Capistrano, Capfile
36 | set :datadog_api_key, "01000000000000000000000000000000"
37 | set :datadog_app_key, "0100000000000000000000000000000000000000"
38 | 
39 | 
40 | 


--------------------------------------------------------------------------------
/jwt/README.md:
--------------------------------------------------------------------------------
 1 | <!-- WARNING: This README is generated automatically
 2 | -->
 3 | 
 4 | <!-- markdownlint-disable no-inline-html -->
 5 | 
 6 | # JWT
 7 | 
 8 | ## JWT
 9 | 
10 | 
11 | JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
12 | _version: v0.1_
13 | 
14 | 
15 | 
16 | <details>
17 | <summary>Pattern Format</summary>
18 | 
19 | ```regex
20 | e(?:y[IJ]|yL[CD]|yA[JKgi]|w[ko][JKgi])[A-Za-z0-9_-]{10,}(?:fQ|[3HXn]0|[1BFJNRVZdhlpx]9)={0,2}\.e(?:y[IJ]|yL[CD]|yA[JKgi]|w[ko][JKgi])[A-Za-z0-9_-]{10,}(?:fQ|[3HXn]0|[1BFJNRVZdhlpx]9)={0,2}(?:\.?[A-Za-z0-9_-]+={0,2})?
21 | ```
22 | 
23 | </details>
24 | 
25 | <details>
26 | <summary>Start Pattern</summary>
27 | 
28 | ```regex
29 | [^0-9A-Za-z_.-]|\A
30 | ```
31 | 
32 | </details><details>
33 | <summary>End Pattern</summary>
34 | 
35 | ```regex
36 | [^0-9A-Za-z_.=-]|\z
37 | ```
38 | 
39 | </details>
40 | 
41 | <details>
42 | <summary>Additional Matches</summary>
43 | 
44 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
45 | 
46 | 
47 | - Not Match:
48 | 
49 |   ```regex
50 |   eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIs
51 |   ```
52 | 
53 | </details>


--------------------------------------------------------------------------------
/configs/__snapshots__/hardcoded_database_passwords.csv:
--------------------------------------------------------------------------------
1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
2 | "hardcoded_database_passwords","Hardcoded Database Passwords","6ab5c67640a9b1f875050b158cdbb1d081ee76ff8e703279062ce8652a372332","configs/postgres/docker-compose.yml","37","37","27","34",
3 | "hardcoded_database_passwords","Hardcoded Database Passwords","cb1b7759c2c93af5a9359769ec4fa443112b4b7c145e99767c16620aaa3c2c6c","docker/mysql/docker-compose.yml","11","11","23","36",
4 | "hardcoded_database_passwords","Hardcoded Database Passwords","cb1b7759c2c93af5a9359769ec4fa443112b4b7c145e99767c16620aaa3c2c6c","configs/mysql/docker-compose.yml","11","11","23","36",
5 | "hardcoded_database_passwords","Hardcoded Database Passwords","e2587f6c678061df35dbff7fee253348085045f1a4d68549f0e4261330af080c","docker/mysql/docker-compose.yml","8","8","28","51",
6 | "hardcoded_database_passwords","Hardcoded Database Passwords","e2587f6c678061df35dbff7fee253348085045f1a4d68549f0e4261330af080c","configs/mysql/docker-compose.yml","8","8","28","51",
7 | "hardcoded_database_passwords","Hardcoded Database Passwords","897424aa34b2c490b136ba76b15cf697d8d11c066db6daec2b8a33ab069b8d22","docker/mysql/run-mysql.sh","5","5","28","40",
8 | "hardcoded_database_passwords","Hardcoded Database Passwords","897424aa34b2c490b136ba76b15cf697d8d11c066db6daec2b8a33ab069b8d22","configs/mysql/run-mysql.sh","5","5","28","40",
9 | 


--------------------------------------------------------------------------------
/jwt/patterns.yml:
--------------------------------------------------------------------------------
 1 | 
 2 | name: JWT
 3 | 
 4 | patterns:
 5 |   - name: JWT
 6 |     type: jwt
 7 |     description: "JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties."
 8 |     regex:
 9 |       pattern: |
10 |         e(?:y[IJ]|yL[CD]|yA[JKgi]|w[ko][JKgi])[A-Za-z0-9_-]{10,}(?:fQ|[3HXn]0|[1BFJNRVZdhlpx]9)={0,2}\.e(?:y[IJ]|yL[CD]|yA[JKgi]|w[ko][JKgi])[A-Za-z0-9_-]{10,}(?:fQ|[3HXn]0|[1BFJNRVZdhlpx]9)={0,2}(?:\.?[A-Za-z0-9_-]+={0,2})?
11 |       start: |
12 |         [^0-9A-Za-z_.-]|\A
13 |       end: |
14 |         [^0-9A-Za-z_.=-]|\z
15 |       # don't match on JWT that are used in private GitHub issues - they now always start with:
16 |       # {"iss":"github.com","aud":"raw.githubusercontent.com",
17 |       additional_not_match:
18 |         - eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIs
19 |     test:
20 |       data: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjM2MzcxNDkzLCJleHAiOjE5NTE5NDc0OTN9.T365h6AcgnvibAWvN_rIiaFnOK5R1ZGqdEkPI45zsNs
21 | 
22 |     expected:
23 |       - name: owasp-juice-shop.ts
24 |         start_offset: 8105
25 |         end_offset: 8801
26 |       - name: example.txt
27 |         start_offset: 16
28 |         end_offset: 171
29 |       - name: test_jwt.txt
30 |         start_offset: 6
31 |         end_offset: 163
32 |       - name: test_jwt.txt
33 |         start_offset: 170
34 |         end_offset: 381
35 | 


--------------------------------------------------------------------------------
/.github/workflows/pr-markdown.yml:
--------------------------------------------------------------------------------
 1 | name: Markdown Validation
 2 | permissions:
 3 |   contents: read
 4 |   pull-requests: write
 5 | 
 6 | on:
 7 |   pull_request:
 8 |     branches: [main, develop]
 9 | 
10 | jobs:
11 |   run:
12 |     runs-on: ubuntu-latest
13 | 
14 |     steps:
15 |       - uses: actions/checkout@v4
16 | 
17 |       - name: Get Token
18 |         id: get_workflow_token
19 |         uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 #v3.0.0
20 |         with:
21 |           application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
22 |           application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
23 | 
24 |       - name: Generate Markdown
25 |         uses: advanced-security/secret-scanning-tools@v1
26 |         with:
27 |           mode: markdown
28 |           token: ${{ steps.get_workflow_token.outputs.token }}
29 | 
30 |       - name: Check git status
31 |         run: |
32 |           if [ -z "$(git status --porcelain)" ]; then
33 |             gh pr comment --edit-last ${{ github.event.number }} \
34 |               --body "## :white_check_mark: Markdown Validation Passed :rocket:!" || true
35 |             exit 0
36 | 
37 |           else
38 |             PR_BODY=$'## :x: Markdown Failed\n\nPlease re-run the markdown generation \`pipenv run markdown\`'
39 |             gh pr comment ${{ github.event.number }} \
40 |               --body "$PR_BODY"
41 |             exit 1
42 |           fi
43 | 


--------------------------------------------------------------------------------
/password_store/README.md:
--------------------------------------------------------------------------------
 1 | <!-- WARNING: This README is generated automatically
 2 | -->
 3 | 
 4 | <!-- markdownlint-disable no-inline-html -->
 5 | 
 6 | # Password stores
 7 | 
 8 | ## Arc
 9 | 
10 | 
11 | Arc password stores are created by the Arc open source software (https://github.com/evilsocket/arc). They are AES encrypted, but should not be stored in shared repositories.
12 | _version: v0.1_
13 | 
14 | **Comments / Notes:**
15 | 
16 | 
17 | - This spots `meta.json` files created by Arc, not the secrets themselves
18 | 
19 | - The encrypted secrets will be in a numbered directory below the detected `meta.json` file
20 | 
21 | - This can also spot uncompressed tar file backups created by Arc
22 |   
23 | 
24 | <details>
25 | <summary>Pattern Format</summary>
26 | 
27 | ```regex
28 | {"id":[0-9]+,"title":"[^"]+","encryption":"[^"]+","created_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","updated_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","expired_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{6})?(Z|[+-][0-9]{2}:[0-9]{2})","prune":(true|false),"notified":(true|false),"compressed":(true|false),"pinned":(true|false),"size":[0-9]+,"next_id":[0-9]+}
29 | ```
30 | 
31 | </details>
32 | 
33 | <details>
34 | <summary>Start Pattern</summary>
35 | 
36 | ```regex
37 | \A|\x00
38 | ```
39 | 
40 | </details><details>
41 | <summary>End Pattern</summary>
42 | 
43 | ```regex
44 | \n?\Z|\x00
45 | ```
46 | 
47 | </details>


--------------------------------------------------------------------------------
/configs/postgres/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | # WebGoat 
 2 | # https://github.com/WebGoat/WebGoat/blob/v8.0.0/docker-compose-postgres.yml
 3 | version: '2.0'
 4 | 
 5 | services:
 6 |   webgoat:
 7 |     image: webgoat/webgoat-8.0
 8 |     user: webgoat
 9 |     environment:
10 |       - WEBWOLF_HOST=webwolf
11 |       - WEBWOLF_PORT=9090
12 |       - spring.datasource.url=jdbc:postgresql://webgoat_db:5432/webgoat?user=webgoat&password=webgoat
13 |       - spring.datasource.username=webgoat
14 |       - spring.datasource.password=webgoat
15 |       - spring.datasource.driver-class-name=org.postgresql.Driver
16 |       - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
17 |       - webgoat.server.directory=/home/webgoat/.webgoat/
18 |       - webgoat.user.directory=/home/webgoat/.webgoat/
19 |     ports:
20 |       - "8080:8080"
21 |   webwolf:
22 |     image: webgoat/webwolf
23 |     environment:
24 |       - spring.datasource.url=jdbc:postgresql://webgoat_db:5432/webgoat?user=webgoat&password=webgoat
25 |       - spring.datasource.username=webgoat
26 |       - spring.datasource.password=webgoat
27 |       - spring.datasource.driver-class-name=org.postgresql.Driver
28 |       - spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL94Dialect
29 |     ports:
30 |       - "9090:9090"
31 |   webgoat_db:
32 |     image: postgres:9.4
33 | # Uncomment to store the state of the database on the host.
34 | #    volumes:
35 | #      - ./database:/var/lib/postgresql
36 |     environment:
37 |       - POSTGRES_PASSWORD=webgoat
38 |       - POSTGRES_USER=webgoat
39 |       - POSTGRES_DB=webgoat
40 |     ports:
41 |       - "5432:5432"
42 | 
43 | 


--------------------------------------------------------------------------------
/password_store/patterns.yml:
--------------------------------------------------------------------------------
 1 | 
 2 | name: Password stores
 3 | 
 4 | patterns:
 5 |   - name: Arc
 6 |     type: arc
 7 |     description: "Arc password stores are created by the Arc open source software (https://github.com/evilsocket/arc). They are AES encrypted, but should not be stored in shared repositories."
 8 |     regex:
 9 |       pattern: |
10 |         {"id":[0-9]+,"title":"[^"]+","encryption":"[^"]+","created_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","updated_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","expired_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{6})?(Z|[+-][0-9]{2}:[0-9]{2})","prune":(true|false),"notified":(true|false),"compressed":(true|false),"pinned":(true|false),"size":[0-9]+,"next_id":[0-9]+}
11 |       start: |
12 |         \A|\x00
13 |       end: |
14 |         \n?\Z|\x00
15 | 
16 |     expected:
17 |       - name: meta.json
18 |         start_offset: 0
19 |         end_offset: 261
20 | 
21 |     test:
22 |       data: |
23 |         {"id":2,"title":"Foo","encryption":"aes","created_at":"2023-04-28T14:33:09.863337+01:00","updated_at":"2023-04-28T14:33:09.863337+01:00","expired_at":"0001-01-01T00:00:00Z","prune":false,"notified":false,"compressed":false,"pinned":false,"size":199,"next_id":1}
24 |       start_offset: 0
25 |       end_offset: 261
26 | 
27 |     comments:
28 |       - This spots `meta.json` files created by Arc, not the secrets themselves
29 |       - The encrypted secrets will be in a numbered directory below the detected `meta.json` file
30 |       - This can also spot uncompressed tar file backups created by Arc
31 |  
32 | 


--------------------------------------------------------------------------------
/.vscode/tasks.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     // See https://go.microsoft.com/fwlink/?LinkId=733558
 3 |     // for the documentation about the tasks.json format
 4 |     "version": "2.0.0",
 5 |     "tasks": [
 6 |         {
 7 |             "label": "Setup",
 8 |             "type": "shell",
 9 |             "command": "pipenv install --system",
10 |             "problemMatcher": [],
11 |             "group": {
12 |                 "kind": "build",
13 |                 "isDefault": true
14 |             }
15 |         },
16 |         {
17 |             "label": "Validate / Test",
18 |             "type": "shell",
19 |             "command": "pipenv run validate ",
20 |             "problemMatcher": [],
21 |             "group": {
22 |                 "kind": "build",
23 |                 "isDefault": true
24 |             }
25 |         },
26 |         {
27 |             "label": "Validate / Test (current file)",
28 |             "type": "shell",
29 |             "command": "pipenv run validate -p ${file}",
30 |             "problemMatcher": [],
31 |             "group": {
32 |                 "kind": "build",
33 |                 "isDefault": true
34 |             }
35 |         },
36 |         {
37 |             "label": "Snapshot",
38 |             "type": "shell",
39 |             "command": "pipenv run snapshot",
40 |             "problemMatcher": [],
41 |             "group": {
42 |                 "kind": "build",
43 |                 "isDefault": true
44 |             }
45 |         },
46 |         {
47 |             "label": "Markdown",
48 |             "type": "shell",
49 |             "command": "pipenv run markdown",
50 |             "problemMatcher": [],
51 |             "group": {
52 |                 "kind": "build",
53 |                 "isDefault": true
54 |             }
55 |         }
56 |     ]
57 | }


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | Thanks for helping make GitHub safe for everyone.
 2 | 
 3 | # Security
 4 | 
 5 | GitHub takes the security of our software products and services seriously, including all of the open source code repositories managed through our GitHub organizations, such as [GitHub](https://github.com/GitHub).
 6 | 
 7 | Even though [open source repositories are outside of the scope of our bug bounty program](https://bounty.github.com/index.html#scope) and therefore not eligible for bounty rewards, we will ensure that your finding gets passed along to the appropriate maintainers for remediation.
 8 | 
 9 | ## Reporting Security Issues
10 | 
11 | If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
12 | 
13 | **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
14 | 
15 | Instead, please send an email to opensource-security[@]github.com.
16 | 
17 | Please include as much of the information listed below as you can to help us better understand and resolve the issue:
18 | 
19 | - The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
20 | - Full paths of source file(s) related to the manifestation of the issue
21 | - The location of the affected source code (tag/branch/commit or direct URL)
22 | - Any special configuration required to reproduce the issue
23 | - Step-by-step instructions to reproduce the issue
24 | - Proof-of-concept or exploit code (if possible)
25 | - Impact of the issue, including how an attacker might exploit the issue
26 | 
27 | This information will help us triage your report more quickly.
28 | 
29 | ## Policy
30 | 
31 | See [GitHub's Safe Harbor Policy](https://docs.github.com/en/github/site-policy/github-bug-bounty-program-legal-safe-harbor#1-safe-harbor-terms)
32 | 


--------------------------------------------------------------------------------
/configs/__snapshots__/hardcoded_spring_sql_passwords.csv:
--------------------------------------------------------------------------------
 1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
 2 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","4813494d137e1631bba301d5acab6e7bb7aa74ce1185d456565ef51d737677b2","configs/application.properties","10","10","30","34",
 3 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","7c7853e3659d1c01e65f3cb460ac07d079288bfa5bc21aae3d31fe01a0814278","configs/application.properties","31","31","28","34",
 4 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","5f07dd6c436eefbd1ee0a62f2353dab5523c2a6a7e007dd4dc04ad3cb225348e","configs/application.properties","45","45","28","35",
 5 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","d451823f5c7ea01b991edb52a7890624607a24f1b8e00f2e89f6807433f079ec","configs/application.properties","14","14","29","49",
 6 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","90ff950e50d23ac032cf5705fc9b783fcf9c9a3d324b0c5e845a79da54d42ead","configs/application.properties","12","12","28","45",
 7 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","3820fe31b7bd9e2090f4a1f49c66f36006f8eedfb6552af35fe627bc070f27ae","configs/application.properties","24","24","28","35",
 8 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","6ab5c67640a9b1f875050b158cdbb1d081ee76ff8e703279062ce8652a372332","configs/postgres/docker-compose.yml","14","14","36","43",
 9 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","8d67877bcf2b6cba2f619aae5a3c6eff8210b74a26fa0466147622fc65237e2b","configs/application.properties","38","38","28","35",
10 | "hardcoded_spring_sql_passwords","Hardcoded Spring SQL passwords","9584c5ca00f5e717366a1c441d851c3daf00e4dd190b85e1cb0cb0d36af688de","configs/application.properties","31","31","28","35",
11 | 


--------------------------------------------------------------------------------
/configs/application.properties:
--------------------------------------------------------------------------------
 1 | # https://www.tutorialspoint.com/spring_boot/spring_boot_database_handling.htm
 2 | 
 3 | # driver
 4 | spring.datasource.driverClassName = com.mysql.jdbc.Driver
 5 | spring.datasource.url = jdbc:mysql://localhost:3306/PRODUCTSERVICE?autoreconnect = true
 6 | 
 7 | spring.datasource.username = root
 8 | 
 9 | # with spaces
10 | spring.datasource.password = root
11 | # no spaces
12 | spring.datasource.password=SQLSpringPassword
13 | # quoted password
14 | spring.datasource.password='QuotedSpringPassword'
15 | 
16 | # Encrypted
17 | datasource.driver=com.mysql.jdbc.Driver 
18 | datasource.url=jdbc:mysql://localhost/reportsdb 
19 | datasource.username=reportsUser 
20 | datasource.password=ENC(G6N718UuyPE5bHyWKyuLQSm02auQPUtm) 
21 | 
22 | 
23 | # Sources:
24 | #  - https://howtodoinjava.com/spring-boot2/datasource-configuration/
25 | 
26 | # H2 DB
27 | spring.datasource.url=jdbc:h2:file:C:/temp/test
28 | spring.datasource.username=sa
29 | spring.datasource.password=dbpass1
30 | spring.datasource.driverClassName=org.h2.Driver
31 | spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
32 | 
33 | # MySQL
34 | spring.datasource.url=jdbc:mysql://localhost:3306/test
35 | spring.datasource.username=dbuser
36 | spring.datasource.password=dbpass2
37 | spring.datasource.driver-class-name=com.mysql.jdbc.Driver
38 | spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
39 | 
40 | # Oracle
41 | spring.datasource.url=jdbc:oracle:thin:@localhost:1521:orcl
42 | spring.datasource.username=dbuser
43 | spring.datasource.password=dbpass3
44 | spring.datasource.driver-class-name=oracle.jdbc.OracleDriver
45 | spring.jpa.database-platform=org.hibernate.dialect.Oracle10gDialect
46 | 
47 | # SQL Server
48 | spring.datasource.url=jdbc:sqlserver://localhost;databaseName=springbootdb
49 | spring.datasource.username=dbuser
50 | spring.datasource.password=dbpass4
51 | spring.datasource.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
52 | spring.jpa.hibernate.dialect=org.hibernate.dialect.SQLServer2012Dialect
53 | 


--------------------------------------------------------------------------------
/rsa/README.md:
--------------------------------------------------------------------------------
  1 | <!-- WARNING: This README is generated automatically
  2 | -->
  3 | 
  4 | <!-- markdownlint-disable no-inline-html -->
  5 | 
  6 | # RSA Keys
  7 | 
  8 | ## Generic RSA keys
  9 | 
 10 | 
 11 | 
 12 | _version: v1.2_
 13 | 
 14 | **Comments / Notes:**
 15 | 
 16 | 
 17 | - Basic support for hardcoded strings in code with RSA private key
 18 | 
 19 | - Includes keys hardcoded in strings with escaped line breaks
 20 |   
 21 | 
 22 | <details>
 23 | <summary>Pattern Format</summary>
 24 | 
 25 | ```regex
 26 | --BEGIN (?:[A-Z]+ )?PRIVATE KEY--+(\\[nr]|[\r\n])+([a-zA-Z0-9+/=\s]|\\[rn])+(\\[rn]|[\r\n])+--+END (?:[A-Z]+ )?PRIVATE KEY--
 27 | ```
 28 | 
 29 | </details>
 30 | 
 31 | 
 32 | 
 33 | ## SSH Private Keys
 34 | 
 35 | 
 36 | 
 37 | _version: v0.1_
 38 | 
 39 | **Comments / Notes:**
 40 | 
 41 | 
 42 | - *SSH Password:* `MyPassword`
 43 |   
 44 | 
 45 | <details>
 46 | <summary>Pattern Format</summary>
 47 | 
 48 | ```regex
 49 | --BEGIN OPENSSH PRIVATE KEY--+[a-zA-Z0-9+/=\s]+--+END OPENSSH PRIVATE KEY--
 50 | ```
 51 | 
 52 | </details>
 53 | 
 54 | 
 55 | 
 56 | ## GPG Private Key
 57 | 
 58 | 
 59 | 
 60 | _version: v0.1_
 61 | 
 62 | 
 63 | 
 64 | <details>
 65 | <summary>Pattern Format</summary>
 66 | 
 67 | ```regex
 68 | --BEGIN PGP PRIVATE KEY BLOCK--+(?:[\r\n]+((Version|Comment|MessageID|Hash|Charset): [^\r\n]+[\r\n]+)+[\r\n]+)?[a-zA-Z0-9+/=\s]+--+END PGP PRIVATE KEY BLOCK--
 69 | ```
 70 | 
 71 | </details>
 72 | 
 73 | 
 74 | 
 75 | ## SSH Public Key
 76 | 
 77 | **⚠️ WARNING: THIS RULE IS EXPERIMENTAL AND MIGHT CAUSE A HIGH FALSE POSITIVE RATE (test before commiting to org level) ⚠️**
 78 | 
 79 | _version: v0.2_
 80 | 
 81 | **Comments / Notes:**
 82 | 
 83 | 
 84 | - SSH Public Key (not a secret)
 85 | 
 86 | - Ignores the name of the public key
 87 |   
 88 | 
 89 | <details>
 90 | <summary>Pattern Format</summary>
 91 | 
 92 | ```regex
 93 | ssh-rsa\s+[a-zA-Z0-9/\+=]{20,}
 94 | ```
 95 | 
 96 | </details>
 97 | 
 98 | <details>
 99 | <summary>End Pattern</summary>
100 | 
101 | ```regex
102 | \z|\s+[a-zA-Z0-9@-]+([\r\n]|\z)
103 | ```
104 | 
105 | </details>


--------------------------------------------------------------------------------
/CONTRIBUTING:
--------------------------------------------------------------------------------
 1 | # Contributing
 2 | 
 3 | [fork]: https://github.com/advanced-security/secret-scanning-custom-patterns/fork
 4 | [pr]: https://github.com/advanced-security/secret-scanning-custom-patterns/compare
 5 | [style]: https://github.com/advanced-security/secret-scanning-custom-patterns/blob/main/.eslintrc.json
 6 | [code-of-conduct]: CODE_OF_CONDUCT.md
 7 | 
 8 | Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
 9 | 
10 | Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE.md).
11 | 
12 | Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
13 | 
14 | 
15 | ## How to contribute
16 | 
17 | 1. Fork the project.
18 | 2. Create your feature branch: `git checkout -b my-new-feature`.
19 | 3. Create your changes.
20 | 4. Make sure the tests pass on your machine if you have added or updated any:
21 |   - `pipenv run test`
22 |   - If you don't have `pipenv` installed, you can install it with `pip install pipenv`.
23 |   - Tests will try to access the secret scanning API with the `GITHUB_TOKEN` environment variable.
24 | 5. Commit your changes: `git commit -am 'Add some feature'`.
25 | 6. Open a pull request.
26 | 
27 | Here are a few things you can do that will increase the likelihood of your pull request being accepted:
28 | 
29 | - Write expected tests for your changes.
30 | - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
31 | - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
32 | 
33 | ## Resources
34 | 
35 | - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
36 | - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
37 | - [GitHub Help](https://help.github.com)
38 | 


--------------------------------------------------------------------------------
/uri/__snapshots__/any_ipv4_addresses.csv:
--------------------------------------------------------------------------------
 1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
 2 | "any_ipv4_addresses","Any IPv4 Addresses","403f06e166941f11d11e79201ee3ed0df9dbb9bb011843899c4b6dd62693b27d","configs/pom.xml","42","42","22","30",
 3 | "any_ipv4_addresses","Any IPv4 Addresses","c77e473ca7d07f7addbaf0eb5e2a1c4ca664a2f832c38771d06fee5793704a64","uri/ipaddresses/ipv4_random.txt","11","11","18","30",
 4 | "any_ipv4_addresses","Any IPv4 Addresses","c77e473ca7d07f7addbaf0eb5e2a1c4ca664a2f832c38771d06fee5793704a64","uri/ipv4_random.txt","11","11","18","30",
 5 | "any_ipv4_addresses","Any IPv4 Addresses","a2c5576efda66704b0f03d6241a5a5539e7f9331b883ea5177ccbf98aca615ac","uri/ipv4.txt","1","1","1","8",
 6 | "any_ipv4_addresses","Any IPv4 Addresses","f5047344122f0dee9974ba6761e61c6b8649e1f3968d13a635ebbf7be53a3a0d","uri/ipaddresses/ipv4_private.txt","8","8","1","9",
 7 | "any_ipv4_addresses","Any IPv4 Addresses","f5047344122f0dee9974ba6761e61c6b8649e1f3968d13a635ebbf7be53a3a0d","uri/ipv4_private.txt","8","8","1","9",
 8 | "any_ipv4_addresses","Any IPv4 Addresses","37d7a80604871e579850a658c7add2ae7557d0c6abcc9b31ecddc4424207eba3","uri/ipaddresses/ipv4_private.txt","7","7","1","12",
 9 | "any_ipv4_addresses","Any IPv4 Addresses","37d7a80604871e579850a658c7add2ae7557d0c6abcc9b31ecddc4424207eba3","uri/ipv4_private.txt","7","7","1","12",
10 | "any_ipv4_addresses","Any IPv4 Addresses","838c4c2573848f58e74332341a7ca6bc5cd86a8aec7d644137d53b4d597f10f5","uri/ipaddresses/ipv4_random.txt","7","7","1","8",
11 | "any_ipv4_addresses","Any IPv4 Addresses","838c4c2573848f58e74332341a7ca6bc5cd86a8aec7d644137d53b4d597f10f5","uri/ipv4_random.txt","7","7","1","8",
12 | "any_ipv4_addresses","Any IPv4 Addresses","f1412386aa8db2579aff2636cb9511cacc5fd9880ecab60c048508fbe26ee4d9","uri/ipaddresses/ipv4_random.txt","6","6","1","8",
13 | "any_ipv4_addresses","Any IPv4 Addresses","f1412386aa8db2579aff2636cb9511cacc5fd9880ecab60c048508fbe26ee4d9","uri/ipv4_random.txt","6","6","1","8",
14 | "any_ipv4_addresses","Any IPv4 Addresses","c5eb5a4cc76a5cdb16e79864b9ccd26c3553f0c396d0a21bafb7be71c1efcd8c","uri/ipv4.txt","3","3","9","20",
15 | 


--------------------------------------------------------------------------------
/pii/__snapshots__/credit_cards.csv:
--------------------------------------------------------------------------------
 1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
 2 | "credit_cards","Credit Cards","d79449f462cec9af0d857c3e1af888d4fa8bbdaa511b9eaaafcd2805c4ea6471","pii/credit-cards.txt","52","52","1","17",
 3 | "credit_cards","Credit Cards","1c9d38ed26cd808fa3b02b9b3b988a7caf474e2e42d95789c0fe07e267c80d8f","pii/credit-cards.txt","51","51","1","17",
 4 | "credit_cards","Credit Cards","51a4ae4c6ae999146474a67cbcb3b05fbcf4c17ab683043a066459da95513ea8","pii/credit-cards.txt","40","40","1","15",
 5 | "credit_cards","Credit Cards","3a134ef77d4e2e4cdad2d2945ff1f76c1a23296c93c851f6244220a8cedea130","pii/credit-cards.txt","26","26","1","16",
 6 | "credit_cards","Credit Cards","3aebd9be84d81a1c5676e31adda86653aa5e7da0a6bda5ea02fec6526c19bb11","pii/credit-cards.txt","14","14","1","17",
 7 | "credit_cards","Credit Cards","be6a3050f2611250d0b50c1fa6aff7d23925922a35520c2d0a51a262ba894f8e","pii/credit-cards.txt","12","12","1","17",
 8 | "credit_cards","Credit Cards","b0967544705dcfb38a5fb64b61b611781424969de296a4eb4c286e357fcbf5c7","pii/credit-cards.txt","35","35","1","17",
 9 | "credit_cards","Credit Cards","273476b83f26d858e3e62e1fc042e06961ed9229a428156d7ccfa096297267ff","pii/credit-cards.txt","28","28","1","16",
10 | "credit_cards","Credit Cards","334b48feec00e7ec9808e50f1f05efd5eb1089abce7430e3a5b2b79dd2da1b73","pii/credit-cards.txt","13","13","1","17",
11 | "credit_cards","Credit Cards","2f725bbd1f405a1ed0336abaf85ddfeb6902a9984a76fd877c3b5cc3b5085a82","pii/credit-cards.txt","10","10","1","17",
12 | "credit_cards","Credit Cards","d8086d483c15c711ebba19f966b97d3c2adcba74025ff8d7e07c3698c9531deb","pii/credit-cards.txt","47","47","1","17",
13 | "credit_cards","Credit Cards","19ff47cc8024c133d5845d3f8938caca289929031e7d508c3adf7adff177f0c2","pii/credit-cards.txt","46","46","1","17",
14 | "credit_cards","Credit Cards","f41e7ca4a3d71c4f047581f2ae2d6a8dbb8c58e51a020fa227edc724474aab6e","pii/credit-cards.txt","41","41","1","15",
15 | "credit_cards","Credit Cards","c4fdb6f6c2740911ac19e48600164e3b6d1b9fa26ba9a23a3aee7404a6e11617","pii/credit-cards.txt","29","29","1","16",
16 | "credit_cards","Credit Cards","53a8fc816e63b7a5ccd17aaff93f28bcf13abbf418209dcd93947722d7c326ba","pii/credit-cards.txt","27","27","1","16",
17 | "credit_cards","Credit Cards","304945e91de3deff52a61d08733141d72dd42ec9d47972f1060534d54c0c7f90","pii/credit-cards.txt","11","11","1","17",
18 | 


--------------------------------------------------------------------------------
/common/README.md:
--------------------------------------------------------------------------------
 1 | <!-- WARNING: This README is generated automatically
 2 | -->
 3 | 
 4 | <!-- markdownlint-disable no-inline-html -->
 5 | 
 6 | # Commonly Used Secrets / Passwords
 7 | 
 8 | ## Common Passwords Shortlist
 9 | 
10 | 
11 | 
12 | _version: v0.1_
13 | 
14 | **Comments / Notes:**
15 | 
16 | 
17 | - ⚠️  prone to high numbers of false positives, use with caution ⚠️
18 | 
19 | - very small common password shortlist from SecLists
20 | 
21 | - allows for numbers and common punctuation at the end
22 | 
23 | - case insensitive
24 | 
25 | - adds some l33tsp3@k variations
26 |   
27 | 
28 | <details>
29 | <summary>Pattern Format</summary>
30 | 
31 | ```regex
32 | (?i)[!?%$@.*+_#-]*(1234?)?(p[@a][s5]{2}w[o0]rd|[a3@]dm[i1!]n|t[e3]mp(ora(ry|l))|[a4@]m[e3]r[i1!l]c[a4@]|[i1!]nd[i1!][a4@]|mumb[a4@][i1!]|123456(7|78|789|7890|78910)|((?-i)((abcd?e?f?|123|456|xyz|321|654|1?[qg]az|2?wsx|3?edc|4?rfv|5?tgb|6?yhn|za[qg]1?|xsw2?|cde3?|vfr4?|bgt5?|nhy6?|[qg]wer?|asdf?|zxcv?|1[qg]2w|3e4r|dog|ca[tr]|red|lol|azer?|qqq|www|zzz|xxx|yyy)[!?%$@.*+_#'-]?)+)|([qg][uw]|az)erty(uiop)?|m[o0]nk[e3][yi]|l[e3]tm[e3][i1!]n|dr[a4@]g[o0]n|0{6}|1{6}|2{6}|3{6}|4{6}|5{6}|6{6}|7{6}|8{6}|9{6}|b[a4@][s5$]k?[e3]t?b[a4@][l1!]{1,2}|[s5][o0]cc[e3@]r|[i1!]?l[o0]v[e3](y[o0]u|u|m[e3])?|tru[s5$]tn[o0](1|!|one)|[s5$]un[s5$]h[i1!]n[e3]|m[a4@][s5$]t[e3]r|w[e3][l1!]c[o0]m[e3]|[s5$]h[a4@]d[o0]w|[a4@][s5$]hl[e3]y|f[o0]{1,2}tb[a4@]l{1,2}|j[e3][s5$]u[s5$]|m[i1!]ch[a4@][e@]l|n[i1!]nj[a4@]|mu[s5$]t[a@]ng|chrys[l1!][e3@]r|t[o0]y[o0]t[a4@]|w[i1!]nt[e3]r|spr[i1!]ng|summ[e3]r|f[a4@]ll|[a4@]utumn)[!?%$@.*+_#-]*\d*[!?%$]*
33 | ```
34 | 
35 | </details>
36 | 
37 | <details>
38 | <summary>Start Pattern</summary>
39 | 
40 | ```regex
41 | (\b|\A)[a-zA-z][a-zA-Z0-9_-]+[A-Za-z][\t ]*(={1,3}|:)[\t ]*(b?["'])?
42 | ```
43 | 
44 | </details><details>
45 | <summary>End Pattern</summary>
46 | 
47 | ```regex
48 | \z|[\r\n'"]
49 | ```
50 | 
51 | </details>
52 | 
53 | <details>
54 | <summary>Additional Matches</summary>
55 | 
56 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
57 | 
58 | 
59 | - Not Match:
60 | 
61 |   ```regex
62 |   ^red'?$
63 |   ```
64 | - Not Match:
65 | 
66 |   ```regex
67 |   ^(master|shadow|password|\$PASSWORD|MASTER|www\.)$
68 |   ```
69 | - Not Match:
70 | 
71 |   ```regex
72 |   ^\#[0-9]+$
73 |   ```
74 | - Not Match:
75 | 
76 |   ```regex
77 |   ^.{20,}
78 |   ```
79 | 
80 | </details>


--------------------------------------------------------------------------------
/rsa/patterns.yml:
--------------------------------------------------------------------------------
 1 | name: RSA Keys
 2 | 
 3 | patterns:
 4 |   - name: Generic RSA keys
 5 |     type: generic_rsa_keys
 6 |     regex:
 7 |       version: 1.2
 8 |       pattern: |
 9 |         --BEGIN (?:[A-Z]+ )?PRIVATE KEY--+(\\[nr]|[\r\n])+([a-zA-Z0-9+/=\s]|\\[rn])+(\\[rn]|[\r\n])+--+END (?:[A-Z]+ )?PRIVATE KEY--
10 |     comments:
11 |       - "Basic support for hardcoded strings in code with RSA private key"
12 |       - "Includes keys hardcoded in strings with escaped line breaks"
13 |     expected:
14 |       - name: ssh_rsa
15 |         start_offset: 3
16 |         end_offset: 2631
17 |       - name: rsa.js
18 |         start_offset: 50
19 |         end_offset: 924
20 |       - name: rsa.json
21 |         start_offset: 49
22 |         end_offset: 2715
23 |     test:
24 |       data: |
25 |         --BEGIN PRIVATE KEY--\nAAAA\n--END PRIVATE KEY--
26 |       start_offset: 0
27 |       end_offset: 48
28 | 
29 |   - name: SSH Private Keys
30 |     type: ssh_private_keys
31 |     regex:
32 |       pattern: |
33 |         --BEGIN OPENSSH PRIVATE KEY--+[a-zA-Z0-9+/=\s]+--+END OPENSSH PRIVATE KEY--
34 |     comments:
35 |       - "*SSH Password:* `MyPassword`"
36 |     expected:
37 |       - name: ssh_rsa
38 |         start_offset: 3
39 |         end_offset: 2631
40 |     test:
41 |       data: |
42 |           --BEGIN OPENSSH PRIVATE KEY--AAAA--END OPENSSH PRIVATE KEY--
43 |       start_offset: 0
44 |       end_offset: 60
45 | 
46 |   - name: GPG Private Key
47 |     type: gpg_private_key
48 |     regex:
49 |       pattern: |
50 |         --BEGIN PGP PRIVATE KEY BLOCK--+(?:[\r\n]+((Version|Comment|MessageID|Hash|Charset): [^\r\n]+[\r\n]+)+[\r\n]+)?[a-zA-Z0-9+/=\s]+--+END PGP PRIVATE KEY BLOCK--
51 |     expected:
52 |       - name: GeekMasher GPG.asc
53 |         start_offset: 3
54 |         end_offset: 6651
55 |       - name: GeekMasher_GPG_with_headers.asc
56 |         start_offset: 3
57 |         end_offset: 6728
58 |     test:
59 |       data: |
60 |         --BEGIN PGP PRIVATE KEY BLOCK--AAAA--END PGP PRIVATE KEY BLOCK--
61 |       start_offset: 0
62 |       end_offset: 64
63 | 
64 |   - name: SSH Public Key
65 |     type: ssh_public_key
66 |     experimental: true
67 |     regex:
68 |       version: 0.2
69 |       pattern: |
70 |         ssh-rsa\s+[a-zA-Z0-9/\+=]{20,}
71 |       end: |
72 |         \z|\s+[a-zA-Z0-9@-]+([\r\n]|\z)
73 |     comments:
74 |       - "SSH Public Key (not a secret)"
75 |       - Ignores the name of the public key
76 |     expected:
77 |       - name: ssh_rsa.pub
78 |         start_offset: 0
79 |         end_offset: 552
80 |     test:
81 |       data: |
82 |         ssh-rsa aaaaaaaaaaaaaaaaaaaaa foo
83 |       start_offset: 0
84 |       end_offset: 29
85 | 


--------------------------------------------------------------------------------
/rsa/rsa.json:
--------------------------------------------------------------------------------
1 | {
2 |     "type": "rsa_test",
3 |     "private_key": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAxFVrpAQUAPAFuZNK8siqKQEbbCiTizV96aKhauHIPQf/JY1JSEzo\nRyNbTmYBsSh+3HDoadCbYZ3Ynh7IfipaFu1TzzKgx/5ffrPXc93dUyPGIZ2t+SjTx0J0xc\nnZB33HIl9NJ7OV+1yg2K8ddS6ZkrIVB3uyPcyeAV868X3UN7D4HoLb50MaO7XheaMtXKBu\n8UyMm5KhxeY1peLbSI4ewbQDdpMUcAS6X7sd5VBRSZMpxO4VhyQ0o51fSu6bdWusk+ASYT\nV40JROjyr8ISVDTW5fT4lxZ5JDsbOfNSK2RWXVsDWSGORIc5Izry/+gBrd95XhGWETQtsa\nioWTpyqwL6hxb3GAQGO55nu9twMNY/B1iiP1/pZwYLvhCjRQc1Sls7mkkwJGGWU6ZDUZkp\nXY+TYpm8Oo6hB+jGQPCXy/pB7I+LpJ4ytrnF9+5IU1kBz9iFSp5KWHoyiw3a03PfA3jJWw\nnq/o4qR6/jpnTYA3Z2a+VFglDWInFUmc6bBkavv1AAAFoCOTmREjk5kRAAAAB3NzaC1yc2\nEAAAGBAMRVa6QEFADwBbmTSvLIqikBG2wok4s1femioWrhyD0H/yWNSUhM6EcjW05mAbEo\nftxw6GnQm2Gd2J4eyH4qWhbtU88yoMf+X36z13Pd3VMjxiGdrfko08dCdMXJ2Qd9xyJfTS\nezlftcoNivHXUumZKyFQd7sj3MngFfOvF91Dew+B6C2+dDGju14XmjLVygbvFMjJuSocXm\nNaXi20iOHsG0A3aTFHAEul+7HeVQUUmTKcTuFYckNKOdX0rum3VrrJPgEmE1eNCUTo8q/C\nElQ01uX0+JcWeSQ7GznzUitkVl1bA1khjkSHOSM68v/oAa3feV4RlhE0LbGoqFk6cqsC+o\ncW9xgEBjueZ7vbcDDWPwdYoj9f6WcGC74Qo0UHNUpbO5pJMCRhllOmQ1GZKV2Pk2KZvDqO\noQfoxkDwl8v6QeyPi6SeMra5xffuSFNZAc/YhUqeSlh6MosN2tNz3wN4yVsJ6v6OKkev46\nZ02AN2dmvlRYJQ1iJxVJnOmwZGr79QAAAAMBAAEAAAGBAIEUI+u2XqxrIWhrhTfvY6gHuU\n63sqEwbvK+4F8TyAEQE9hNdmOZZJD4ltwJRo2BsT4e4T5ITw+zpin21RvVnls6dwJfJ8O0\n4nW7qSfdMtipSWbqcum/xNRZRcqPtScus1BO1bwHXtDeikVLhBN5qq/+csLzuTDWKP9/65\nG/h1mB+O6eXBNEU6f0ISRGetlOBQKRsFPL6J3ih1zjtAWUonX5ctlvQ12OTjYIIFSWJIs5\nvJljajXqQM1c9ryd+QkO20QmKDw77lHcpsgi77+UWpRR5pcDg7PoSDlFfBQoxqC1NZ71fg\nwqeqMCOYPWHlInILuMp6qtg2WWKYw1k1fK+fHkNUTJeufaNkkLBaMLdWqSDFSayvGSUJ2D\nWXej6D9Y+vXTWwY1E0xRFYHsha5TaHkCEa5M+EPSwcgHkxwn0wh2QI0BNu7+kw5Y6f+FpP\n4RcWOopkTF2Z+CXGRNx4DKR76bmyvj6bRRNqacXN/zjaUTRRILc7IxyEA1wuDbQpmJgQAA\nAMBWvhwyJ+nkibMZeZk2rQ+GtN2VLBfihvP6qxwKd60j13XvkiZrwaVkD9+HAiECTGB8rO\nTRIjdewULlRCtEteziJSdMlJ7kI8Umet+6JmgoQ5rDCxCzyPK3JuD8KPKXVZbupuh+LwpQ\n4xsezMHKo/kT6RBXoDdtP+KWS/FdemVEbw0J1gW8RvsQlCdTCw16rSknmtUvaTEitXEwYY\nHpGdVDOunODUjWpZiYuuSRAh8+l/J5nAu2f2lfo5lpyPBW/6wAAADBAPgBCmepjBaEPxkm\nT1p/gGZ2rc4jErYBMZk3WnbPwFmyyvh+kXe63k89bXC95pekSm8yPSRUVzKwZcD5lrLeXF\nJRinVjMDKFEWJXpmXTvjPjk1Nh3jmVKQd/AhvZfYizD6N+xAYBlZySMRCMc+2NQ7WWLE4p\n3hwLQaqyBlz95qRDuu86I15OHZNB8v+hjF8qLyi91MmvRpUanCK5NKB2Sb7KbsJH30ANB+\nEdRmfuNmyqFONuqY8+DKJCG6RNHNWUVQAAAMEAyqnn/VMJrklzfijlD/bwTAXq9DrhSl6S\nyNd/Z9pSBb9sA5xInMklbQssoH5zYZtm9jiLs8IFLaIX3vWKelRu7cRHHBiX4Ov+/J1B4B\n48m8pGQiWxPc4szx9lM81n36BRnmzdFWT48QNvyY+ixRfZD00aFlvrm9zKaJy3DrbbU6iL\n3S27FYrIkqkagSn1EMFIAy/wRGcoT//bkcWXNrtV2f1ecUHp5Pnh0/xykn6DJDDq7pa7Ln\nH+SW1V0sgy3GkhAAAAJ2dlZWttYXNoZXJAZ2Vla21hc2hlci1tYWNib29rLXByby5sb2Nh\nbAECAw==\n-----END OPENSSH PRIVATE KEY-----\n",
4 |     "client_email": "keyleaker@github-rsa.com"
5 | }


--------------------------------------------------------------------------------
/rsa/ssh_rsa:
--------------------------------------------------------------------------------
 1 | -----BEGIN OPENSSH PRIVATE KEY-----
 2 | b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
 3 | NhAAAAAwEAAQAAAYEAxFVrpAQUAPAFuZNK8siqKQEbbCiTizV96aKhauHIPQf/JY1JSEzo
 4 | RyNbTmYBsSh+3HDoadCbYZ3Ynh7IfipaFu1TzzKgx/5ffrPXc93dUyPGIZ2t+SjTx0J0xc
 5 | nZB33HIl9NJ7OV+1yg2K8ddS6ZkrIVB3uyPcyeAV868X3UN7D4HoLb50MaO7XheaMtXKBu
 6 | 8UyMm5KhxeY1peLbSI4ewbQDdpMUcAS6X7sd5VBRSZMpxO4VhyQ0o51fSu6bdWusk+ASYT
 7 | V40JROjyr8ISVDTW5fT4lxZ5JDsbOfNSK2RWXVsDWSGORIc5Izry/+gBrd95XhGWETQtsa
 8 | ioWTpyqwL6hxb3GAQGO55nu9twMNY/B1iiP1/pZwYLvhCjRQc1Sls7mkkwJGGWU6ZDUZkp
 9 | XY+TYpm8Oo6hB+jGQPCXy/pB7I+LpJ4ytrnF9+5IU1kBz9iFSp5KWHoyiw3a03PfA3jJWw
10 | nq/o4qR6/jpnTYA3Z2a+VFglDWInFUmc6bBkavv1AAAFoCOTmREjk5kRAAAAB3NzaC1yc2
11 | EAAAGBAMRVa6QEFADwBbmTSvLIqikBG2wok4s1femioWrhyD0H/yWNSUhM6EcjW05mAbEo
12 | ftxw6GnQm2Gd2J4eyH4qWhbtU88yoMf+X36z13Pd3VMjxiGdrfko08dCdMXJ2Qd9xyJfTS
13 | ezlftcoNivHXUumZKyFQd7sj3MngFfOvF91Dew+B6C2+dDGju14XmjLVygbvFMjJuSocXm
14 | NaXi20iOHsG0A3aTFHAEul+7HeVQUUmTKcTuFYckNKOdX0rum3VrrJPgEmE1eNCUTo8q/C
15 | ElQ01uX0+JcWeSQ7GznzUitkVl1bA1khjkSHOSM68v/oAa3feV4RlhE0LbGoqFk6cqsC+o
16 | cW9xgEBjueZ7vbcDDWPwdYoj9f6WcGC74Qo0UHNUpbO5pJMCRhllOmQ1GZKV2Pk2KZvDqO
17 | oQfoxkDwl8v6QeyPi6SeMra5xffuSFNZAc/YhUqeSlh6MosN2tNz3wN4yVsJ6v6OKkev46
18 | Z02AN2dmvlRYJQ1iJxVJnOmwZGr79QAAAAMBAAEAAAGBAIEUI+u2XqxrIWhrhTfvY6gHuU
19 | 63sqEwbvK+4F8TyAEQE9hNdmOZZJD4ltwJRo2BsT4e4T5ITw+zpin21RvVnls6dwJfJ8O0
20 | 4nW7qSfdMtipSWbqcum/xNRZRcqPtScus1BO1bwHXtDeikVLhBN5qq/+csLzuTDWKP9/65
21 | G/h1mB+O6eXBNEU6f0ISRGetlOBQKRsFPL6J3ih1zjtAWUonX5ctlvQ12OTjYIIFSWJIs5
22 | vJljajXqQM1c9ryd+QkO20QmKDw77lHcpsgi77+UWpRR5pcDg7PoSDlFfBQoxqC1NZ71fg
23 | wqeqMCOYPWHlInILuMp6qtg2WWKYw1k1fK+fHkNUTJeufaNkkLBaMLdWqSDFSayvGSUJ2D
24 | WXej6D9Y+vXTWwY1E0xRFYHsha5TaHkCEa5M+EPSwcgHkxwn0wh2QI0BNu7+kw5Y6f+FpP
25 | 4RcWOopkTF2Z+CXGRNx4DKR76bmyvj6bRRNqacXN/zjaUTRRILc7IxyEA1wuDbQpmJgQAA
26 | AMBWvhwyJ+nkibMZeZk2rQ+GtN2VLBfihvP6qxwKd60j13XvkiZrwaVkD9+HAiECTGB8rO
27 | TRIjdewULlRCtEteziJSdMlJ7kI8Umet+6JmgoQ5rDCxCzyPK3JuD8KPKXVZbupuh+LwpQ
28 | 4xsezMHKo/kT6RBXoDdtP+KWS/FdemVEbw0J1gW8RvsQlCdTCw16rSknmtUvaTEitXEwYY
29 | HpGdVDOunODUjWpZiYuuSRAh8+l/J5nAu2f2lfo5lpyPBW/6wAAADBAPgBCmepjBaEPxkm
30 | T1p/gGZ2rc4jErYBMZk3WnbPwFmyyvh+kXe63k89bXC95pekSm8yPSRUVzKwZcD5lrLeXF
31 | JRinVjMDKFEWJXpmXTvjPjk1Nh3jmVKQd/AhvZfYizD6N+xAYBlZySMRCMc+2NQ7WWLE4p
32 | 3hwLQaqyBlz95qRDuu86I15OHZNB8v+hjF8qLyi91MmvRpUanCK5NKB2Sb7KbsJH30ANB+
33 | EdRmfuNmyqFONuqY8+DKJCG6RNHNWUVQAAAMEAyqnn/VMJrklzfijlD/bwTAXq9DrhSl6S
34 | yNd/Z9pSBb9sA5xInMklbQssoH5zYZtm9jiLs8IFLaIX3vWKelRu7cRHHBiX4Ov+/J1B4B
35 | 48m8pGQiWxPc4szx9lM81n36BRnmzdFWT48QNvyY+ixRfZD00aFlvrm9zKaJy3DrbbU6iL
36 | 3S27FYrIkqkagSn1EMFIAy/wRGcoT//bkcWXNrtV2f1ecUHp5Pnh0/xykn6DJDDq7pa7Ln
37 | H+SW1V0sgy3GkhAAAAJ2dlZWttYXNoZXJAZ2Vla21hc2hlci1tYWNib29rLXByby5sb2Nh
38 | bAECAw==
39 | -----END OPENSSH PRIVATE KEY-----
40 | 


--------------------------------------------------------------------------------
/pii/iban.txt:
--------------------------------------------------------------------------------
  1 | // From https://www.iban.com/calculate-iban, not common test IBANs
  2 | 
  3 | GB46BUKB20041538290008
  4 | GB46-BUKB-2004-1538-2900-08
  5 | GB46 BUKB 2004 1538 2900 08
  6 | FR3330002005500000157841Z25
  7 | FR33-3000-2005-5000-0015-7841-Z25
  8 | FR33 3000 2005 5000 0015 7841 Z25
  9 | 
 10 | // FP, because it is embedded in more text (e.g. Base64), so just coincidence
 11 | AAAAAAAAAGB00FOOD12341234123412AAAAAAAAAAAAAAAAAAAA
 12 | 
 13 | // NOTE: *none* of the following should be alerted on
 14 | // because they are well known test IBANs, and we want to minimise non-actionable FPs
 15 | 
 16 | // https://stackoverflow.com/a/44657292
 17 | 
 18 | DE89 3704 0044 0532 0130 00     // ok
 19 | AT61 1904 3002 3457 3201        // ok
 20 | GB82-WEST-1234-5698-7654-32     // ok
 21 | NL20INGB0001234567              // ok
 22 | 
 23 | 
 24 | // https://www.iban.com/structure
 25 | AL35202111090000000001234567
 26 | AD1400080001001234567890
 27 | AT483200000012345864
 28 | AZ96AZEJ00000000001234567890
 29 | BH02CITI00001077181611
 30 | BY86AKBB10100000002966000000
 31 | BE71096123456769
 32 | BA393385804800211234
 33 | BR1500000000000010932840814P2
 34 | BG18RZBB91550123456789
 35 | CR23015108410026012345
 36 | HR1723600001101234565
 37 | CY21002001950000357001234567
 38 | CZ5508000000001234567899
 39 | DK9520000123456789
 40 | DO22ACAU00000000000123456789
 41 | EG800002000156789012345180002
 42 | SV43ACAT00000000000000123123
 43 | EE471000001020145685
 44 | FO9264600123456789
 45 | FI1410093000123458
 46 | FR7630006000011234567890189
 47 | GE60NB0000000123456789
 48 | DE75512108001245126199
 49 | GI04BARC000001234567890
 50 | GR9608100010000001234567890
 51 | GL8964710123456789
 52 | GT20AGRO00000000001234567890
 53 | VA22VA59001123000012345678
 54 | HU93116000060000000012345676
 55 | IS750001121234563108962099
 56 | IQ20CBIQ861800101010500
 57 | IE64IRCE92050112345678
 58 | IL170108000000012612345
 59 | IT60X0542811101000000123456
 60 | JO71CBJO0000000000001234567890
 61 | KZ563190000012344567
 62 | XK051212012345678906
 63 | KW81CBKU0000000000001234560101
 64 | LV97HABA0012345678910
 65 | LB92000700000000123123456123
 66 | LY38021001000000123456789
 67 | LI7408806123456789012
 68 | LT601010012345678901
 69 | LU120010001234567891
 70 | MT31MALT01100000000000000000123
 71 | MR1300020001010000123456753
 72 | MU43BOMM0101123456789101000MUR
 73 | MD21EX000000000001234567
 74 | MC5810096180790123456789085
 75 | ME25505000012345678951
 76 | NL02ABNA0123456789
 77 | MK07200002785123453
 78 | NO8330001234567
 79 | PK36SCBL0000001123456702
 80 | PS92PALS000000000400123456702
 81 | PL10105000997603123456789123
 82 | PT50002700000001234567833
 83 | QA54QNBA000000000000693123456
 84 | RO09BCYP0000001234567890
 85 | LC14BOSL123456789012345678901234
 86 | SM76P0854009812123456789123
 87 | ST23000200000289355710148
 88 | SA4420000001234567891234
 89 | RS35105008123123123173
 90 | SC52BAHL01031234567890123456USD
 91 | SK8975000000000012345671
 92 | SI56192001234567892
 93 | ES7921000813610123456789
 94 | SD8811123456789012
 95 | SE7280000810340009783242
 96 | CH5604835012345678009
 97 | TL380010012345678910106
 98 | TN5904018104004942712345
 99 | TR320010009999901234567890
100 | UA903052992990004149123456789
101 | AE460090000000123456789
102 | GB33BUKB20201555555555
103 | VG21PACG0000000123456789
104 | 
105 | 
106 | # ====================
107 | # False Positives
108 | # ====================
109 | 
110 | // wrong checksum
111 | FR14 2004 1010 0505 0001 3
112 | droid@i.ban' // This Is Not The IBAN You Are Looking For
113 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
 1 | # Contributor Covenant Code of Conduct
 2 | 
 3 | ## Our Pledge
 4 | 
 5 | In the interest of fostering an open and welcoming environment, we as
 6 | contributors and maintainers pledge to making participation in our project and
 7 | our community a harassment-free experience for everyone, regardless of age, body
 8 | size, disability, ethnicity, gender identity and expression, level of experience,
 9 | nationality, personal appearance, race, religion, or sexual identity and
10 | orientation.
11 | 
12 | ## Our Standards
13 | 
14 | Examples of behavior that contributes to creating a positive environment
15 | include:
16 | 
17 | * Using welcoming and inclusive language
18 | * Being respectful of differing viewpoints and experiences
19 | * Gracefully accepting constructive criticism
20 | * Focusing on what is best for the community
21 | * Showing empathy towards other community members
22 | 
23 | Examples of unacceptable behavior by participants include:
24 | 
25 | * The use of sexualized language or imagery and unwelcome sexual attention or
26 | advances
27 | * Trolling, insulting/derogatory comments, and personal or political attacks
28 | * Public or private harassment
29 | * Publishing others' private information, such as a physical or electronic
30 |   address, without explicit permission
31 | * Other conduct which could reasonably be considered inappropriate in a
32 |   professional setting
33 | 
34 | ## Our Responsibilities
35 | 
36 | Project maintainers are responsible for clarifying the standards of acceptable
37 | behavior and are expected to take appropriate and fair corrective action in
38 | response to any instances of unacceptable behavior.
39 | 
40 | Project maintainers have the right and responsibility to remove, edit, or
41 | reject comments, commits, code, wiki edits, issues, and other contributions
42 | that are not aligned to this Code of Conduct, or to ban temporarily or
43 | permanently any contributor for other behaviors that they deem inappropriate,
44 | threatening, offensive, or harmful.
45 | 
46 | ## Scope
47 | 
48 | This Code of Conduct applies both within project spaces and in public spaces
49 | when an individual is representing the project or its community. Examples of
50 | representing a project or community include using an official project e-mail
51 | address, posting via an official social media account, or acting as an appointed
52 | representative at an online or offline event. Representation of a project may be
53 | further defined and clarified by project maintainers.
54 | 
55 | ## Enforcement
56 | 
57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be
58 | reported by contacting the project team at opensource@github.com. All
59 | complaints will be reviewed and investigated and will result in a response that
60 | is deemed necessary and appropriate to the circumstances. The project team is
61 | obligated to maintain confidentiality with regard to the reporter of an incident.
62 | Further details of specific enforcement policies may be posted separately.
63 | 
64 | Project maintainers who do not follow or enforce the Code of Conduct in good
65 | faith may face temporary or permanent repercussions as determined by other
66 | members of the project's leadership.
67 | 
68 | ## Attribution
69 | 
70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71 | available at [http://contributor-covenant.org/version/1/4][version]
72 | 
73 | [homepage]: http://contributor-covenant.org
74 | [version]: http://contributor-covenant.org/version/1/4/


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # custom-pattern-secrets
  2 | 
  3 | Custom Secret Scanning Patterns repository.
  4 | 
  5 | ## Patterns
  6 | 
  7 | 
  8 | 
  9 | ### [Commonly Used Secrets / Passwords](./common)
 10 | 
 11 | 
 12 | 
 13 | - Common Passwords Shortlist
 14 |   
 15 | 
 16 | ### [Configuration Secrets](./configs)
 17 | 
 18 | 
 19 | 
 20 | - Hardcoded Database Passwords
 21 | 
 22 | - Hardcoded Spring SQL passwords
 23 | 
 24 | - Django Secret Key
 25 | 
 26 | - GitHub Actions SHA Checker
 27 | 
 28 | - .NET Configuration file
 29 | 
 30 | - .NET MachineKey
 31 |   
 32 | 
 33 | ### [Database passwords](./database)
 34 | 
 35 | 
 36 | 
 37 | - Database Connection String (full string)
 38 | 
 39 | - Database Connection String (1)
 40 | 
 41 | - Database Connection String (2)
 42 | 
 43 | - Database Connection String (3)
 44 | 
 45 | - TSQL CREATE LOGIN/USER
 46 | 
 47 | - SQLAlchemy Database Connection String
 48 | 
 49 | - MongoDB connection string
 50 | 
 51 | - JDBC Database Connection String
 52 |   
 53 | 
 54 | ### [Generic Secrets / Passwords](./generic)
 55 | 
 56 | 
 57 | 
 58 | - Generic Passwords (fewer FPs)
 59 | 
 60 | - Generic Password with hex encoded secrets
 61 | 
 62 | - Generic Password with Base64 encoded secrets
 63 | 
 64 | - Generic Password with URI-safe Base64 encoded secrets
 65 | 
 66 | - UUIDs
 67 | 
 68 | - Bearer Tokens
 69 | 
 70 | - OAuth client secret and ID pair
 71 |   
 72 | 
 73 | ### [JWT](./jwt)
 74 | 
 75 | 
 76 | 
 77 | - JWT
 78 |   
 79 | 
 80 | ### [Password stores](./password_store)
 81 | 
 82 | 
 83 | 
 84 | - Arc
 85 |   
 86 | 
 87 | ### [Personally identifiable information (PII)](./pii)
 88 | 
 89 | 
 90 | 
 91 | - Credit Cards
 92 | 
 93 | - Credit Cards - Visa
 94 | 
 95 | - Credit Cards - MasterCard
 96 | 
 97 | - Credit Cards - American Express
 98 | 
 99 | - Credit Cards - Discover
100 | 
101 | - IBAN
102 | 
103 | - Norwegian national identity number/D number
104 | 
105 | - US Social Security number
106 | 
107 | - US Individual Taxpayer Identification Number (ITIN)
108 | 
109 | - UK National Insurance Number
110 |   
111 | 
112 | ### [RSA Keys](./rsa)
113 | 
114 | 
115 | 
116 | - Generic RSA keys
117 | 
118 | - SSH Private Keys
119 | 
120 | - GPG Private Key
121 |   
122 | 
123 | ### [URI / URL Custom Patterns](./uri)
124 | 
125 | 
126 | 
127 | - Hardcoded Internal Emails
128 | 
129 | - Hardcoded Internal URLs
130 | 
131 | - Hardcoded URI Passwords
132 | 
133 | - Routable IPv4 Addresses
134 | 
135 | - GitHub Container Registry typos
136 |   
137 | 
138 | ### [Vendors](./vendors)
139 | 
140 | 
141 | 
142 | - Azure SQL Connection String
143 | 
144 | - Grafana API token
145 | 
146 | - SendGrid (deprecated)
147 | 
148 | - Sentry Auth Token
149 | 
150 | - Sentry API Key
151 | 
152 | - Sentry DSN secret
153 | 
154 | - Sentry webpack plugin token
155 | 
156 | - Sentry Terraform provider token
157 | 
158 | - Okta token
159 | 
160 | - Okta API key (precise)
161 | 
162 | - DataDog API key
163 | 
164 | - DataDog APP key
165 | 
166 | - Microsoft Teams incoming webhook
167 | 
168 | - LaunchDarkly API key
169 | 
170 | - PagerDuty API/Service key
171 | 
172 | - Flickr OAuth token
173 | 
174 | - Flickr API key
175 | 
176 | - BrowserStack access key
177 | 
178 | - BrowserStack access key (imprecise)
179 | 
180 | - BrowserStack token (URL)
181 | 
182 | - Vercel Access Token (imprecise)
183 | 
184 | - Vercel Access Token
185 | 
186 | - Vercel CLI token
187 | 
188 | - Vercel OAuth client secrets
189 | 
190 | - UUIDv4 Bearer token (maybe Heroku)
191 | 
192 | - Azure client secret
193 | 
194 | - Google private key id (or older API key)
195 | 
196 | - OpenStack password/API key
197 | 
198 | - AlienVault OTX API key
199 | 
200 | - Apollo.io API key
201 | 
202 | - ClickUp API key
203 | 
204 | - Amazon MWS Auth Token
205 | 
206 | - Jenkins API token
207 | 
208 | - AWS S3 presigned URL
209 | 
210 | - Azure Access Key (legacy format)
211 | 
212 | - Azure Shared Access Signature (SAS) Token
213 | 
214 | - CircleCI API token
215 | 
216 | - AWS Key ID (standalone)
217 | 
218 | - Azure generic key
219 | 
220 | - Azure generic key (legacy)
221 | 
222 | - AWS Bedrock API Key
223 | 
224 | - AWS Bedrock API Key (2)
225 |   


--------------------------------------------------------------------------------
/jwt/generate_jwt.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | 
  3 | from base64 import urlsafe_b64encode as b64encode
  4 | import re
  5 | from random import randbytes
  6 | from typing import Generator, Optional
  7 | from enum import Enum
  8 | from argparse import ArgumentParser
  9 | import logging
 10 | 
 11 | 
 12 | LOG = logging.getLogger(__name__)
 13 | PADDING_CHARS = ('', "\t", "\n", ' ')
 14 | 
 15 | 
 16 | class JSONTypes(Enum):
 17 |     STRING = 1
 18 |     NUMBER = 2
 19 |     OBJECT = 3
 20 |     ARRAY = 4
 21 |     BOOL = 5
 22 |     NULL = 6
 23 | 
 24 | 
 25 | def leading_json_as_base64() -> Generator:
 26 |     for c in range(0x01, 0xf4):
 27 |         for d in range(0x01, 0xf4):
 28 |             for e in PADDING_CHARS:
 29 |                 for f in PADDING_CHARS:
 30 |                     for g in PADDING_CHARS:
 31 |                         for h in PADDING_CHARS:
 32 |                             padding = e + f + g + h
 33 |                             yield b64('{' + padding + '"' + chr(c) + chr(d))
 34 | 
 35 | 
 36 | def trailing_json_as_base64() -> Generator:
 37 |         for json_type in JSONTypes:
 38 |             if json_type == JSONTypes.STRING:
 39 |                 for c in range(0x01, 0xf4):
 40 |                     for d in range(0x01, 0xf4):
 41 |                         for output in output_trailing_json(chr(c) + chr(d) + '"'):
 42 |                             yield output
 43 |             elif json_type == JSONTypes.NUMBER:
 44 |                 for c in ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'e', '.', '-', ' ', "\t", ':']:
 45 |                     for d in ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'e', '.', '-', ' ', "\t", ':']:
 46 |                         for e in ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0']:
 47 |                             for output in output_trailing_json(c + d + e):
 48 |                                 yield output
 49 |             elif json_type == JSONTypes.OBJECT:
 50 |                 for c in range(0x01, 0xf4):
 51 |                     for d in range(0x01, 0xf4):
 52 |                         for output in output_trailing_json(chr(c) + chr(d) + '}'):
 53 |                             yield output
 54 |             elif json_type == JSONTypes.ARRAY:
 55 |                 for c in range(0x01, 0xf4):
 56 |                     for d in range(0x01, 0xf4):
 57 |                         for output in output_trailing_json(chr(c) + chr(d) + ']'):
 58 |                             yield output
 59 |             elif json_type == JSONTypes.BOOL:
 60 |                 for c in PADDING_CHARS:
 61 |                     for b in ["true", "false"]:
 62 |                         for output in output_trailing_json(c + b):
 63 |                             yield output
 64 |             elif json_type == JSONTypes.NULL:
 65 |                 for c in PADDING_CHARS:
 66 |                     for output in output_trailing_json(c + "null"):
 67 |                         yield output
 68 | 
 69 | 
 70 | def output_trailing_json(obj: str) -> Generator:
 71 |     for slide in range(0, 3):
 72 |         for e in PADDING_CHARS:
 73 |             for f in PADDING_CHARS:
 74 |                 for g in PADDING_CHARS:
 75 |                     for h in PADDING_CHARS:
 76 |                         padding = e + f + g + h
 77 |                         plain = ('A' * slide) + obj + padding + '}'
 78 |                         LOG.debug(plain)
 79 |                         yield b64(plain)
 80 | 
 81 | 
 82 | def b64(text: str) -> str:
 83 |     return b64encode(text.encode('utf-8')).decode('utf-8')
 84 | 
 85 | 
 86 | def main() -> None:
 87 |     parser = ArgumentParser(description="Generate JWT base64 strings")
 88 |     add_args(parser)
 89 |     args = parser.parse_args()
 90 | 
 91 |     logging.basicConfig()
 92 | 
 93 |     if args.debug:
 94 |         LOG.setLevel(logging.DEBUG)
 95 | 
 96 |     if args.leading:
 97 |         for token in leading_json_as_base64():
 98 |             print(token)
 99 |         return
100 | 
101 |     if args.trailing:
102 |         for token in trailing_json_as_base64():
103 |             print(token.rstrip('='))
104 |         return
105 | 
106 | 
107 | def add_args(parser: ArgumentParser) -> None:
108 |     parser.add_argument('--leading', action='store_true')
109 |     parser.add_argument('--trailing', action='store_true')
110 |     parser.add_argument('--debug', '-d', action='store_true')
111 | 
112 | 
113 | if __name__ == '__main__':
114 |         main()
115 | 
116 | 


--------------------------------------------------------------------------------
/pii/generate_iban/extract_patterns_and_make_regex.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | 
  3 | from argparse import ArgumentParser
  4 | from bs4 import BeautifulSoup
  5 | import yaml
  6 | import logging
  7 | 
  8 | 
  9 | LOG = logging.getLogger(__name__)
 10 | 
 11 | 
 12 | IBAN_HEADINGS = ['Country', 'Code', 'SEPA',	'Length', 'Account Check', 'Branch', 'IBAN Example']
 13 | 
 14 | 
 15 | def add_args(parser: ArgumentParser) -> None:
 16 |     """Add command-line arguments."""
 17 |     parser.add_argument("html_file", help="HTML from iban.com/structure")
 18 |     parser.add_argument("--debug", "-d", action="store_true", help="Debug output")
 19 |     parser.add_argument("--add-test-data", "-t", action="store_true", help="Add test data to patterns")
 20 | 
 21 | 
 22 | def main() -> None:
 23 |     """Run the app."""
 24 |     parser = ArgumentParser(description="Parse official IBAN structure and create regex")
 25 |     add_args(parser)
 26 |     args = parser.parse_args()
 27 | 
 28 |     logging.basicConfig()
 29 |     if args.debug:
 30 |         LOG.setLevel(logging.DEBUG)
 31 | 
 32 |     with open(args.html_file) as hf:
 33 |         html_doc = hf.read()
 34 |         soup = BeautifulSoup(html_doc, 'html.parser')
 35 | 
 36 |         countries = []
 37 | 
 38 |         # read all of the tr entries in the table rows
 39 |         for tr in soup.find_all("tr"):
 40 |             country = {}
 41 |             for i, td in enumerate(tr.find_all("td")):
 42 |                 contents = ''.join(td.contents[0].stripped_strings) if td.contents else None 
 43 |                 label = IBAN_HEADINGS[i]
 44 | 
 45 |                 # a little normalisation
 46 |                 if contents:
 47 |                     if 'tick' in contents:
 48 |                         contents = 'Y'
 49 |                     elif contents == "No":
 50 |                         contents = 'N'
 51 |                     elif contents == 'Yes':
 52 |                         contents = 'Y'
 53 |                 else:
 54 |                     contents = 'N'
 55 | 
 56 |                 country[label] = contents
 57 | 
 58 |             countries.append(country)
 59 | 
 60 |         LOG.debug(countries)
 61 | 
 62 |         # make some regex
 63 |         patterns = []
 64 | 
 65 |         for country in countries:
 66 |             pattern = {}
 67 | 
 68 |             try:
 69 |                 pattern['name'] = f"IBAN for {country['Country']}"
 70 |                 pattern['type'] = f"iban_{str(country['Code']).lower()}"
 71 | 
 72 |                 # sometimes patterns end in letters, so allow the final 3 to be A-Z instead of numbers
 73 |                 # also allows for a checksum followed by a 4-character bank code, which is used by some countries
 74 |                 # we could account for knowledge of which countries use a code, etc., but we don't
 75 |                 regex = (f"{country['Code']}"               # country code
 76 |                        + "(?:[0-9][ -]?){2}"                # possible checksum
 77 |                        + "(?:[0-9A-Z][ -]?){4}"             # possible 4-character bank code
 78 |                        + "(?:[0-9][ -]?)"                   # standard numeric part
 79 |                        + "{" + str(int(country['Length']) - 2 - 2 - 4 - 3) + '}'    
 80 |                        + '(?:[0-9A-Z][ -]?){3}')            # possible alphabetic ending
 81 | 
 82 |                 pattern["regex"] = {}
 83 |                 pattern["regex"]["pattern"] = regex
 84 |                 pattern["regex"]["start"] = r"\A|[^A-Za-z0-9-]"
 85 |                 pattern["regex"]["end"] = r"\z|[^A-Za-z0-9-]"
 86 | 
 87 |                 data = country['IBAN Example']
 88 | 
 89 |                 if args.add_test_data:
 90 |                     pattern["test"] = {
 91 |                         "data": data,
 92 |                         "start_offset": 0,
 93 |                         "end_offset": len(data)
 94 |                     }
 95 |             except KeyError as err:
 96 |                 LOG.debug("Missing key: %s", err)
 97 |                 continue
 98 |             except ValueError as err:
 99 |                 LOG.debug("Wrong value: %s", err)
100 |                 continue
101 | 
102 |             patterns.append(pattern)
103 |       
104 |         LOG.debug(patterns)
105 | 
106 |         output = { 'name': 'IBANs', 'patterns': patterns }
107 | 
108 |         # write to YAML, avoiding line wrapping
109 |         print(yaml.safe_dump(output, width=float("inf")))
110 | 
111 | 
112 | if __name__ == "__main__":
113 |     main()
114 | 
115 | 


--------------------------------------------------------------------------------
/uri/README.md:
--------------------------------------------------------------------------------
  1 | <!-- WARNING: This README is generated automatically
  2 | -->
  3 | 
  4 | <!-- markdownlint-disable no-inline-html -->
  5 | 
  6 | # URI / URL Custom Patterns
  7 | 
  8 | ## Hardcoded Internal Emails
  9 | 
 10 | 
 11 | 
 12 | _version: v0.1_
 13 | 
 14 | 
 15 | 
 16 | <details>
 17 | <summary>Pattern Format</summary>
 18 | 
 19 | ```regex
 20 | [^:@\r\n \t"'/\p{Cc}]+@(internal\.)?example\.com
 21 | ```
 22 | 
 23 | </details>
 24 | 
 25 | <details>
 26 | <summary>Start Pattern</summary>
 27 | 
 28 | ```regex
 29 | \A|[\s"'`,;=]
 30 | ```
 31 | 
 32 | </details><details>
 33 | <summary>End Pattern</summary>
 34 | 
 35 | ```regex
 36 | \z|[^a-zA-Z._0-9-]
 37 | ```
 38 | 
 39 | </details>
 40 | 
 41 | ## Hardcoded Internal URLs
 42 | 
 43 | 
 44 | 
 45 | _version: v0.1_
 46 | 
 47 | 
 48 | 
 49 | <details>
 50 | <summary>Pattern Format</summary>
 51 | 
 52 | ```regex
 53 | [A-Za-z][A-Za-z0-9+_-]*://([^/?#\s\p{Cc}]*[.@])?(example\.com|internal\.example\.com)[/?#]?[^\s"']*
 54 | ```
 55 | 
 56 | </details>
 57 | 
 58 | <details>
 59 | <summary>Start Pattern</summary>
 60 | 
 61 | ```regex
 62 | \A|[^A-Za-z0-9+_-]
 63 | ```
 64 | 
 65 | </details><details>
 66 | <summary>End Pattern</summary>
 67 | 
 68 | ```regex
 69 | \z|[\s'"]
 70 | ```
 71 | 
 72 | </details>
 73 | 
 74 | ## Hardcoded URI Passwords
 75 | 
 76 | 
 77 | 
 78 | _version: v0.1_
 79 | 
 80 | 
 81 | 
 82 | <details>
 83 | <summary>Pattern Format</summary>
 84 | 
 85 | ```regex
 86 | [^$/?#@\s][^/?#@\s\x00-\x08]*
 87 | ```
 88 | 
 89 | </details>
 90 | 
 91 | <details>
 92 | <summary>Start Pattern</summary>
 93 | 
 94 | ```regex
 95 | (\b|\A)[A-Za-z][A-Za-z0-9+_-]*://[^/?#:@\s\x00-\x08]*:
 96 | ```
 97 | 
 98 | </details><details>
 99 | <summary>End Pattern</summary>
100 | 
101 | ```regex
102 | @[\p{L}\p{N}\.-]*(?:\:[0-9]{1,5})?([/?#\s"'`]|\z)
103 | ```
104 | 
105 | </details>
106 | 
107 | <details>
108 | <summary>Additional Matches</summary>
109 | 
110 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
111 | 
112 | 
113 | - Not Match:
114 | 
115 |   ```regex
116 |   (?i)^[[{(<]?(?:password|passwd|secret)[\]})>]?$
117 |   ```
118 | - Not Match:
119 | 
120 |   ```regex
121 |   ^\$?\{[^}+]\}i\}$
122 |   ```
123 | - Not Match:
124 | 
125 |   ```regex
126 |   ^%(?:\.\*)?s$
127 |   ```
128 | 
129 | </details>
130 | 
131 | ## Routable IPv4 Addresses
132 | 
133 | 
134 | 
135 | _version: v0.1_
136 | 
137 | **Comments / Notes:**
138 | 
139 | 
140 | - False Positives with build versions, but won't match if prefixed with v or ends with -
141 | 
142 | - Use a custom IPv4 pattern if possible, tailored for the ranges you use
143 | 
144 | - Doesn't include test, localhost or non-routable IPs
145 | 
146 | - Does include local ranges such as 192.168.0.0/24
147 |   
148 | 
149 | <details>
150 | <summary>Pattern Format</summary>
151 | 
152 | ```regex
153 | (?:(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])\.){3}(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])
154 | ```
155 | 
156 | </details>
157 | 
158 | <details>
159 | <summary>Start Pattern</summary>
160 | 
161 | ```regex
162 | \A|[^v.0-9]
163 | ```
164 | 
165 | </details><details>
166 | <summary>End Pattern</summary>
167 | 
168 | ```regex
169 | \z|[^.0-9-]
170 | ```
171 | 
172 | </details>
173 | 
174 | <details>
175 | <summary>Additional Matches</summary>
176 | 
177 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
178 | 
179 | 
180 | - Not Match:
181 | 
182 |   ```regex
183 |   ^(?:0\.0\.0\.0|255\.255\.255\.255)$
184 |   ```
185 | - Not Match:
186 | 
187 |   ```regex
188 |   ^(?:127|169\.254|224\.0\.0)\..*
189 |   ```
190 | - Not Match:
191 | 
192 |   ```regex
193 |   ^(?:192\.0.2|198\.51\.100|203\.0\.113|233\.252\.0)\..*
194 |   ```
195 | 
196 | </details>
197 | 
198 | ## GitHub Container Registry typos
199 | 
200 | 
201 | 
202 | _version: v0.1_
203 | 
204 | 
205 | 
206 | <details>
207 | <summary>Pattern Format</summary>
208 | 
209 | ```regex
210 | (?:ghrc|gchr|hgcr|ghr|ghc)\.io
211 | ```
212 | 
213 | </details>
214 | 
215 | <details>
216 | <summary>Start Pattern</summary>
217 | 
218 | ```regex
219 | \A|[^0-9A-Za-z-]
220 | ```
221 | 
222 | </details><details>
223 | <summary>End Pattern</summary>
224 | 
225 | ```regex
226 | \z|[^0-9A-Za-z.-]
227 | ```
228 | 
229 | </details>


--------------------------------------------------------------------------------
/uri/patterns.yml:
--------------------------------------------------------------------------------
  1 | name: URI / URL Custom Patterns
  2 | 
  3 | patterns:
  4 |   - name: Hardcoded Internal Emails
  5 |     type: hardcoded_internal_emails
  6 |     regex:
  7 |       pattern: |
  8 |         [^:@\r\n \t"'/\p{Cc}]+@(internal\.)?example\.com
  9 |       start: |
 10 |         \A|[\s"'`,;=]
 11 |       end: |
 12 |         \z|[^a-zA-Z._0-9-]
 13 |     test:
 14 |       data: foo@internal.example.com
 15 |     expected:
 16 |       - name: email.js
 17 |         start_offset: 75
 18 |         end_offset: 95
 19 |       - name: email.js
 20 |         start_offset: 130
 21 |         end_offset: 152
 22 | 
 23 | 
 24 |   - name: Hardcoded Internal URLs
 25 |     type: hardcoded_internal_urls
 26 |     regex:
 27 |       pattern: |
 28 |         [A-Za-z][A-Za-z0-9+_-]*://([^/?#\s\p{Cc}]*[.@])?(example\.com|internal\.example\.com)[/?#]?[^\s"']*
 29 |       start: |
 30 |         \A|[^A-Za-z0-9+_-]
 31 |       end: |
 32 |         \z|[\s'"]
 33 |     test:
 34 |       data: https://something_internal.example.com/a/path/
 35 |     expected:
 36 |       - name: email.js
 37 |         start_offset: 169
 38 |         end_offset: 188
 39 |       - name: email.js
 40 |         start_offset: 211
 41 |         end_offset: 239
 42 |       - name: email.js
 43 |         start_offset: 266
 44 |         end_offset: 299
 45 |       - name: database.txt
 46 |         start_offset: 72
 47 |         end_offset: 129
 48 |       - name: database.txt
 49 |         start_offset: 147
 50 |         end_offset: 185
 51 |       - name: database.txt
 52 |         start_offset: 216
 53 |         end_offset: 256
 54 |       - name: database.txt
 55 |         start_offset: 565
 56 |         end_offset: 590
 57 | 
 58 | 
 59 |   - name: Hardcoded URI Passwords
 60 |     type: hardcoded_uri_passwords
 61 |     regex:
 62 |       pattern: |
 63 |         [^$/?#@\s][^/?#@\s\x00-\x08]*
 64 |       start: |
 65 |         (\b|\A)[A-Za-z][A-Za-z0-9+_-]*://[^/?#:@\s\x00-\x08]*:
 66 |       end: |
 67 |         @[\p{L}\p{N}\.-]*(?:\:[0-9]{1,5})?([/?#\s"'`]|\z)
 68 |       additional_not_match:
 69 |         # placeholders
 70 |         - (?i)^[[{(<]?(?:password|passwd|secret)[\]})>]?$
 71 |         # variable substitution
 72 |         - ^\$?\{[^}+]\}i\}$
 73 |         # format string
 74 |         - ^%(?:\.\*)?s$
 75 |     test:
 76 |       data: https://user:foo@example.invalid/
 77 |       start_offset: 13
 78 |       end_offset: 16
 79 |     expected:
 80 |       - name: app.py
 81 |         start_offset: 160
 82 |         end_offset: 179
 83 |       - name: database.txt
 84 |         start_offset: 23
 85 |         end_offset: 29
 86 |       - name: database.txt
 87 |         start_offset: 100
 88 |         end_offset: 108
 89 |       - name: database.txt
 90 |         start_offset: 158
 91 |         end_offset: 170
 92 |       - name: database.txt
 93 |         start_offset: 227
 94 |         end_offset: 241
 95 |       - name: non-english.txt
 96 |         start_offset: 19
 97 |         end_offset: 25
 98 | 
 99 |   - name: Routable IPv4 Addresses
100 |     type: any_ipv4_addresses
101 |     regex:
102 |       pattern: |
103 |         (?:(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])\.){3}(?:25[0-5]|(?:2[0-4]|1[0-9]|[1-9]|)[0-9])
104 |       start: |
105 |         \A|[^v.0-9]
106 |       end: |
107 |         \z|[^.0-9-]
108 |       additional_not_match:
109 |         # listening to everything, or broadcast address
110 |         - ^(?:0\.0\.0\.0|255\.255\.255\.255)$
111 |         # localhost, link local or multicast
112 |         - ^(?:127|169\.254|224\.0\.0)\..*
113 |         # example IP ranges - TEST-NET-1, etc.
114 |         - ^(?:192\.0.2|198\.51\.100|203\.0\.113|233\.252\.0)\..*
115 |     comments:
116 |       - False Positives with build versions, but won't match if prefixed with v or ends with -
117 |       - Use a custom IPv4 pattern if possible, tailored for the ranges you use
118 |       - Doesn't include test, localhost or non-routable IPs
119 |       - Does include local ranges such as 192.168.0.0/24
120 |     test:
121 |       data: 192.168.1.100
122 |     expected:
123 |       - name: ipv4.txt
124 |         start_offset: 0
125 |         end_offset: 7
126 |       - name: ipv4.txt
127 |         start_offset: 53
128 |         end_offset: 64
129 |       - name: ipv4_private.txt
130 |         start_offset: 81
131 |         end_offset: 92
132 |       - name: ipv4_private.txt
133 |         start_offset: 93
134 |         end_offset: 101
135 |       - name: ipv4_random.txt
136 |         start_offset: 76
137 |         end_offset: 83
138 |       - name: ipv4_random.txt
139 |         start_offset: 84
140 |         end_offset: 91
141 |       - name: ipv4_random.txt
142 |         start_offset: 121
143 |         end_offset: 133
144 | 
145 | 
146 |   - name: GitHub Container Registry typos
147 |     type: ghcr_typos
148 |     regex:
149 |       pattern: |
150 |         (?:ghrc|gchr|hgcr|ghr|ghc)\.io
151 |       start: |
152 |         \A|[^0-9A-Za-z-]
153 |       end: |
154 |         \z|[^0-9A-Za-z.-]
155 |     test:
156 |       data: ghrc.io
157 |     expected:
158 |       - name: wrong_docker.sh
159 |         start_offset: 32
160 |         end_offset: 39
161 |  
162 | 


--------------------------------------------------------------------------------
/common/patterns.yml:
--------------------------------------------------------------------------------
  1 | name: Commonly Used Secrets / Passwords
  2 | 
  3 | patterns:
  4 |   - name: Common Passwords Shortlist
  5 |     type: common_passwords_shortlist
  6 |     regex:
  7 |       version: 0.1
  8 |       pattern: |
  9 |         (?i)[!?%$@.*+_#-]*(1234?)?(p[@a][s5]{2}w[o0]rd|[a3@]dm[i1!]n|t[e3]mp(ora(ry|l))|[a4@]m[e3]r[i1!l]c[a4@]|[i1!]nd[i1!][a4@]|mumb[a4@][i1!]|123456(7|78|789|7890|78910)|((?-i)((abcd?e?f?|123|456|xyz|321|654|1?[qg]az|2?wsx|3?edc|4?rfv|5?tgb|6?yhn|za[qg]1?|xsw2?|cde3?|vfr4?|bgt5?|nhy6?|[qg]wer?|asdf?|zxcv?|1[qg]2w|3e4r|dog|ca[tr]|red|lol|azer?|qqq|www|zzz|xxx|yyy)[!?%$@.*+_#'-]?)+)|([qg][uw]|az)erty(uiop)?|m[o0]nk[e3][yi]|l[e3]tm[e3][i1!]n|dr[a4@]g[o0]n|0{6}|1{6}|2{6}|3{6}|4{6}|5{6}|6{6}|7{6}|8{6}|9{6}|b[a4@][s5$]k?[e3]t?b[a4@][l1!]{1,2}|[s5][o0]cc[e3@]r|[i1!]?l[o0]v[e3](y[o0]u|u|m[e3])?|tru[s5$]tn[o0](1|!|one)|[s5$]un[s5$]h[i1!]n[e3]|m[a4@][s5$]t[e3]r|w[e3][l1!]c[o0]m[e3]|[s5$]h[a4@]d[o0]w|[a4@][s5$]hl[e3]y|f[o0]{1,2}tb[a4@]l{1,2}|j[e3][s5$]u[s5$]|m[i1!]ch[a4@][e@]l|n[i1!]nj[a4@]|mu[s5$]t[a@]ng|chrys[l1!][e3@]r|t[o0]y[o0]t[a4@]|w[i1!]nt[e3]r|spr[i1!]ng|summ[e3]r|f[a4@]ll|[a4@]utumn)[!?%$@.*+_#-]*\d*[!?%$]*
 10 |       start: |
 11 |         (\b|\A)[a-zA-z][a-zA-Z0-9_-]+[A-Za-z][\t ]*(={1,3}|:)[\t ]*(b?["'])?
 12 |       end: |
 13 |         \z|[\r\n'"]
 14 |       additional_not_match:
 15 |         # very common FP 
 16 |         - ^red'?$
 17 |         # some really common FPs in code
 18 |         - ^(master|shadow|password|\$PASSWORD|MASTER|www\.)$
 19 |         # web colours
 20 |         - ^\#[0-9]+$
 21 |         # long strings, unlikely to be a weak password
 22 |         - ^.{20,}
 23 |     test:
 24 |       data: some_variable="p@55w0rd123"
 25 |       start_offset: 15
 26 |       end_offset: 26
 27 |     comments:
 28 |       - ⚠️  prone to high numbers of false positives, use with caution ⚠️ 
 29 |       - very small common password shortlist from SecLists
 30 |       - allows for numbers and common punctuation at the end
 31 |       - case insensitive
 32 |       - adds some l33tsp3@k variations
 33 | 
 34 |     expected:
 35 |     - name: top-passwords-shortlist.txt
 36 |       start_offset: 9
 37 |       end_offset: 17
 38 |     - name: top-passwords-shortlist.txt
 39 |       start_offset: 27
 40 |       end_offset: 32
 41 |     - name: top-passwords-shortlist.txt
 42 |       start_offset: 42
 43 |       end_offset: 51
 44 |     - name: top-passwords-shortlist.txt
 45 |       start_offset: 61
 46 |       end_offset: 68
 47 |     - name: top-passwords-shortlist.txt
 48 |       start_offset: 78
 49 |       end_offset: 83
 50 |     - name: top-passwords-shortlist.txt
 51 |       start_offset: 93
 52 |       end_offset: 99
 53 |     - name: top-passwords-shortlist.txt
 54 |       start_offset: 109
 55 |       end_offset: 116
 56 |     - name: top-passwords-shortlist.txt
 57 |       start_offset: 126
 58 |       end_offset: 132
 59 |     - name: top-passwords-shortlist.txt
 60 |       start_offset: 142
 61 |       end_offset: 145
 62 |     - name: top-passwords-shortlist.txt
 63 |       start_offset: 155
 64 |       end_offset: 159
 65 |     - name: top-passwords-shortlist.txt
 66 |       start_offset: 169
 67 |       end_offset: 175
 68 |     - name: top-passwords-shortlist.txt
 69 |       start_offset: 185
 70 |       end_offset: 191
 71 |     - name: top-passwords-shortlist.txt
 72 |       start_offset: 201
 73 |       end_offset: 208
 74 |     - name: top-passwords-shortlist.txt
 75 |       start_offset: 218
 76 |       end_offset: 224
 77 |     - name: top-passwords-shortlist.txt
 78 |       start_offset: 234
 79 |       end_offset: 241
 80 |     - name: top-passwords-shortlist.txt
 81 |       start_offset: 251
 82 |       end_offset: 261
 83 |     - name: top-passwords-shortlist.txt
 84 |       start_offset: 271
 85 |       end_offset: 277
 86 |     - name: top-passwords-shortlist.txt
 87 |       start_offset: 287
 88 |       end_offset: 295
 89 |     - name: top-passwords-shortlist.txt
 90 |       start_offset: 305
 91 |       end_offset: 313
 92 |     - name: top-passwords-shortlist.txt
 93 |       start_offset: 323
 94 |       end_offset: 331
 95 |     - name: top-passwords-shortlist.txt
 96 |       start_offset: 341
 97 |       end_offset: 347
 98 |     - name: top-passwords-shortlist.txt
 99 |       start_offset: 357
100 |       end_offset: 364
101 |     - name: top-passwords-shortlist.txt
102 |       start_offset: 374
103 |       end_offset: 380
104 |     - name: top-passwords-shortlist.txt
105 |       start_offset: 390
106 |       end_offset: 396
107 |     - name: top-passwords-shortlist.txt
108 |       start_offset: 406
109 |       end_offset: 413
110 |     - name: top-passwords-shortlist.txt
111 |       start_offset: 423
112 |       end_offset: 428
113 |     - name: top-passwords-shortlist.txt
114 |       start_offset: 438
115 |       end_offset: 445
116 |     - name: top-passwords-shortlist.txt
117 |       start_offset: 455
118 |       end_offset: 460
119 |     - name: top-passwords-shortlist.txt
120 |       start_offset: 470
121 |       end_offset: 477
122 |     - name: top-passwords-shortlist.txt
123 |       start_offset: 487
124 |       end_offset: 495
125 |     - name: top-passwords-shortlist.txt
126 |       start_offset: 505
127 |       end_offset: 511
128 |     - name: top-passwords-shortlist.txt
129 |       start_offset: 521
130 |       end_offset: 527
131 |     - name: top-passwords-shortlist.txt
132 |       start_offset: 537
133 |       end_offset: 543
134 |     - name: top-passwords-shortlist.txt
135 |       start_offset: 553
136 |       end_offset: 559
137 |     - name: top-passwords-shortlist.txt
138 |       start_offset: 569
139 |       end_offset: 573
140 |     - name: top-passwords-shortlist.txt
141 |       start_offset: 583
142 |       end_offset: 589
143 | 


--------------------------------------------------------------------------------
/generic/__snapshots__/generic_passwords.csv:
--------------------------------------------------------------------------------
 1 | secret_type,secret_type_display_name,secret,path,start_line,end_line,start_column,end_column
 2 | "generic_passwords","Generic Passwords","7c7853e3659d1c01e65f3cb460ac07d079288bfa5bc21aae3d31fe01a0814278","configs/application.properties","31","31","28","34",
 3 | "generic_passwords","Generic Passwords","dbfdae0d66bb259d57896c533fa8d1d2bb5f3e685c3d1a32fbddc0109ebb13f8","common/top-passwords-shortlist.txt","24","24","10","16",
 4 | "generic_passwords","Generic Passwords","8799e334b94c1c08dbc46b3887d86c1fb12a0080634d8ee72084ca536cb2342c","common/top-passwords-shortlist.txt","19","19","10","18",
 5 | "generic_passwords","Generic Passwords","d90886c29bdf153471809be45596c83863e30586f10b7f38f157b965f8904981","common/top-passwords-shortlist.txt","23","23","10","16",
 6 | "generic_passwords","Generic Passwords","9e6bbe76d8fafd22ff9293a04934361d2fcd709081272a005ab83ca5e66d6d16","database/tsql_create_user.sql","1","1","36","46",
 7 | "generic_passwords","Generic Passwords","067d2f107733c6928d1699ae06855f1895747e6c0709cbc9807ecfe6c0c1c2dd","common/top-passwords-shortlist.txt","31","31","10","16",
 8 | "generic_passwords","Generic Passwords","49924b9a100a8aa9dab6014398ed23d567f59036f14de87175387fbc02dba7cc","database/docker_sqlserver.yml","14","14","122","133",
 9 | "generic_passwords","Generic Passwords","3820fe31b7bd9e2090f4a1f49c66f36006f8eedfb6552af35fe627bc070f27ae","configs/application.properties","29","29","28","35",
10 | "generic_passwords","Generic Passwords","66483b17db44f612efcb123bd998ed1f091b778aeb072f89f4b49bad370a7809","common/top-passwords-shortlist.txt","27","27","10","17",
11 | "generic_passwords","Generic Passwords","8d67877bcf2b6cba2f619aae5a3c6eff8210b74a26fa0466147622fc65237e2b","configs/application.properties","43","43","28","35",
12 | "generic_passwords","Generic Passwords","2eca97ad9e30f2ed064b3e6ecb2cd2e0ab8a05b5bbd54842df31abaa7477e989","configs/mysql/run-mysql.sh","5","5","28","42",
13 | "generic_passwords","Generic Passwords","2eca97ad9e30f2ed064b3e6ecb2cd2e0ab8a05b5bbd54842df31abaa7477e989","docker/mysql/run-mysql.sh","5","5","28","42",
14 | "generic_passwords","Generic Passwords","ffd0f84644936fceee82fffb1bb6056922126e05be040c84007c37a26fe6d9f2","common/top-passwords-shortlist.txt","4","4","10","17",
15 | "generic_passwords","Generic Passwords","5f07dd6c436eefbd1ee0a62f2353dab5523c2a6a7e007dd4dc04ad3cb225348e","configs/application.properties","50","50","28","35",
16 | "generic_passwords","Generic Passwords","90ff950e50d23ac032cf5705fc9b783fcf9c9a3d324b0c5e845a79da54d42ead","configs/application.properties","12","12","28","45",
17 | "generic_passwords","Generic Passwords","4813494d137e1631bba301d5acab6e7bb7aa74ce1185d456565ef51d737677b2","configs/application.properties","10","10","30","34",
18 | "generic_passwords","Generic Passwords","81ea24e895ec1e9ec08a8763a773b4253e1bc682bea01cb2a4e99b81e866c97d","common/top-passwords-shortlist.txt","14","14","10","16",
19 | "generic_passwords","Generic Passwords","544e62cee8033709e389e5b2755343d0d0fa8c4850215cfb6331717e80d1aea3","jwt/owasp-juice-shop.ts","207","207","20","52",
20 | "generic_passwords","Generic Passwords","9584c5ca00f5e717366a1c441d851c3daf00e4dd190b85e1cb0cb0d36af688de","configs/application.properties","36","36","28","35",
21 | "generic_passwords","Generic Passwords","24795a7bb3efee18ee90ad0dfbf6cf7f444de648e49a39b2657ab36dd2a8cbc4","common/top-passwords-shortlist.txt","32","32","10","16",
22 | "generic_passwords","Generic Passwords","066b91577bc547e21aa329c74d74b0e53e29534d4cc0ad455abba050121a9557","common/top-passwords-shortlist.txt","22","22","10","17",
23 | "generic_passwords","Generic Passwords","6ab5c67640a9b1f875050b158cdbb1d081ee76ff8e703279062ce8652a372332","configs/postgres/docker-compose.yml","12","12","95","102",
24 | "generic_passwords","Generic Passwords","b34e5475b55d84c7de90e07142d9427477c757a46a8e8712f7bc2f92dd6c6473","jwt/owasp-juice-shop.ts","43","43","20","29",
25 | "generic_passwords","Generic Passwords","e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae","common/top-passwords-shortlist.txt","18","18","10","18",
26 | "generic_passwords","Generic Passwords","9f214b49fafc432e116884a5244442203267f200e72c6ad3ad4dbfd7b0f089c3","jwt/owasp-juice-shop.ts","146","146","22","37",
27 | "generic_passwords","Generic Passwords","1e744b6a3177a1165c1d67ccfe8989267e8364189d9124aa87a756aa219db83c","configs/example.yml","5","5","15","38",
28 | "generic_passwords","Generic Passwords","fc93cb07e1ad92898527100e58a1cf1d1e7f65e9a266a6f87f3c84feb541c7b3","jwt/example.txt","2","2","12","15",
29 | "generic_passwords","Generic Passwords","e864c10ad586803d73b4e7a684ec1c8e2c2c9cd0a8718d2924bb50afe77c8d4b","common/top-passwords-shortlist.txt","28","28","10","15",
30 | "generic_passwords","Generic Passwords","b4b215eb04965939aab0e90f828c2e00cb17f147926b3f3de28901e3e02013ef","common/top-passwords-shortlist.txt","21","21","10","16",
31 | "generic_passwords","Generic Passwords","bdc7f0fb11236645c4c4d7aba2afab3649d5df400779061f1d034803a811c622","common/top-passwords-shortlist.txt","16","16","10","20",
32 | "generic_passwords","Generic Passwords","50b15954a84bfb3594a8ef96c10dd2fe25c27341db7c443ac1220ecb00f3f16a","common/top-passwords-shortlist.txt","36","36","10","16",
33 | "generic_passwords","Generic Passwords","20fdf64da3cd2c78ec3c033d2ac628bacf701711fa99435ee37bef0304800dc5","common/top-passwords-shortlist.txt","15","15","10","17",
34 | "generic_passwords","Generic Passwords","e2587f6c678061df35dbff7fee253348085045f1a4d68549f0e4261330af080c","configs/mysql/docker-compose.yml","8","8","28","51",
35 | "generic_passwords","Generic Passwords","e2587f6c678061df35dbff7fee253348085045f1a4d68549f0e4261330af080c","docker/mysql/docker-compose.yml","8","8","28","51",
36 | "generic_passwords","Generic Passwords","592c75c07fbc94b2eb5301bf67264dbd659a0f9c519b100d1f61db03e24dce77","common/top-passwords-shortlist.txt","2","2","10","15",
37 | "generic_passwords","Generic Passwords","406c0a9e14e3d00a364c559acde4192c6059163f7ef33e0820207e369338fa7b","common/top-passwords-shortlist.txt","29","29","10","17",
38 | "generic_passwords","Generic Passwords","1c20528f953116dfa0b8755308b7ee5ab14e5a2efdef2f90e65ce33526757351","common/top-passwords-shortlist.txt","6","6","10","16",
39 | "generic_passwords","Generic Passwords","1c8bfe8f801d79745c4631d09fff36c82aa37fc4cce4fc946683d7b336b63032","common/top-passwords-shortlist.txt","13","13","10","17",
40 | "generic_passwords","Generic Passwords","09d73fcb2ef34f11781d8f35d88428b9b90c3431dc82417ad161655cf1c465ed","common/top-passwords-shortlist.txt","17","17","10","16",
41 | "generic_passwords","Generic Passwords","2b08a09b43e6d9e6a51a2ad5fcdfc6532e95da6d72cd0ef5f65d8e6ae86ca3e5","common/top-passwords-shortlist.txt","34","34","10","16",
42 | "generic_passwords","Generic Passwords","ddd9a2b20bba26222d4d886042639f855ddce06f41a8c5df391b79fd15367ccc","common/top-passwords-shortlist.txt","33","33","10","16",
43 | "generic_passwords","Generic Passwords","8bb0cf6eb9b17d0f7d22b456f121257dc1254e1f01665370476383ea776df414","common/top-passwords-shortlist.txt","7","7","10","17",
44 | "generic_passwords","Generic Passwords","cb1b7759c2c93af5a9359769ec4fa443112b4b7c145e99767c16620aaa3c2c6c","configs/mysql/docker-compose.yml","11","11","23","36",
45 | "generic_passwords","Generic Passwords","cb1b7759c2c93af5a9359769ec4fa443112b4b7c145e99767c16620aaa3c2c6c","docker/mysql/docker-compose.yml","11","11","23","36",
46 | "generic_passwords","Generic Passwords","181b99e27e562b1237d009179d010d5774a853606551d7ac983b8c3daa9c5163","generic/passwords.js","3","3","13","34",
47 | "generic_passwords","Generic Passwords","ae9216f925f35e1784e790ba36020358acd29bbc0a8087ce5caf72d31560372f","common/top-passwords-shortlist.txt","26","26","10","15",
48 | "generic_passwords","Generic Passwords","b45f549d9212dac4edc9a16b6d18246fb5dae1c9c0d1d830a75b54573c06ee12","common/top-passwords-shortlist.txt","12","12","10","16",
49 | "generic_passwords","Generic Passwords","bef57ec7f53a6d40beb640a780a639c83bc29ac8a9816f1fc6c5c6dcd93c4721","common/top-passwords-shortlist.txt","8","8","10","16",
50 | "generic_passwords","Generic Passwords","f081f7b8d4310e67a7572f60b6070a3034d5f1ae1465b3fe4f8dafca9213a0e3","common/top-passwords-shortlist.txt","30","30","10","18",
51 | "generic_passwords","Generic Passwords","04d116726bdc3b35faf64ccd34af64c5308b3433e35b33db06219f071275fde8","common/top-passwords-shortlist.txt","20","20","10","18",
52 | "generic_passwords","Generic Passwords","1fb8edf1e0156e7eb349146b4c1f91ea88821c269bb290afeb21b90ef1bb379c","generic/passwords.js","1","1","15","26",
53 | "generic_passwords","Generic Passwords","d451823f5c7ea01b991edb52a7890624607a24f1b8e00f2e89f6807433f079ec","configs/application.properties","14","14","29","49",
54 | "generic_passwords","Generic Passwords","65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5","common/top-passwords-shortlist.txt","11","11","10","16",
55 | "generic_passwords","Generic Passwords","0fb769916f2a1adbca016f75e580284fd7bc26ab6e91e094d1096681445f62d3","generic/passwords.js","7","7","16","31",
56 | "generic_passwords","Generic Passwords","464c7a646393b68d1a42076c010b5aae418d8d322f233ca0b8cd8e2c6bcd9676","common/top-passwords-shortlist.txt","10","10","10","14",
57 | "generic_passwords","Generic Passwords","c471039f93e753cbc8c09509e9f937af8633c7a595267536714db11916779c81","common/top-passwords-shortlist.txt","3","3","10","19",
58 | 


--------------------------------------------------------------------------------
/database/patterns.yml:
--------------------------------------------------------------------------------
  1 | name: Database passwords
  2 | 
  3 | # We have two Database Connection String patterns: one with Password= before any other keyword, and one with Password= after any other keyword
  4 | 
  5 | # we define the pattern by what we don't want it to match
  6 | # - ; or ", since those are the end of the password/secret field and the end of the connection string respectively
  7 | # - control characters, \x00-\x08, since those are not valid in ASCII or UTF-8, or other common character sets we'll come across
  8 | # We don't account for connection strings encoded in UTF-16, but that will be a rare case, if it happens at all
  9 | 
 10 | patterns:
 11 |   - name: Database Connection String (full string)
 12 |     type: database_connection_string_full
 13 |     description: "Database connection strings are used to connect to databases, often with embedded credentials."
 14 |     regex:
 15 |       pattern: |
 16 |         [^"'`\x00-\x08\r\n|]*([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=[^"'`\x00-\x08\r\n|]*
 17 |       start: |
 18 |         \A|["'`]|&quot;|[\r\n]|[=:-] 
 19 |       end: |
 20 |         \z|["'`]|&quot;|[\r\n]
 21 |       additional_match:
 22 |         - (^|;)([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
 23 |       additional_not_match:
 24 |         # placeholders, variable substitutions, etc.
 25 |         - (^|;)([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=(%s\b|\{\{[^}]+\}\}|\{[0-9]+\}|\$?\{[^}]+\}|\[[A-Z_]+\]|['"`]|$)
 26 |     test:
 27 |       data: connection_string = "Data Source=eee,1433;Initial Catalog=bbb;Integrated Security=False;User ID=ccc@aaa;Password=ddd;"
 28 |       start_offset: 21
 29 |       end_offset: 117
 30 | 
 31 | 
 32 |   - name: Database Connection String (1)
 33 |     type: database_connection_string_1
 34 |     description: "Database connection strings are used to connect to databases, often with embedded credentials."
 35 |     regex:
 36 |       pattern: |
 37 |         [^;"\x00-\x08]+
 38 |       start: |
 39 |         ("|&quot;)(([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=[^"]+;) ?([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
 40 |       end: |
 41 |         (;|"|&quot;)
 42 |       additional_not_match:
 43 |         # placeholders, variable substitutions and regex matches
 44 |         - ^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\{[a-zA-Z_]*\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*|\[\^])$
 45 |         # parameterized query
 46 |         - parameters\('[^']+'\)
 47 |     expected:
 48 |       - name: connection_strings.txt
 49 |         start_offset: 126
 50 |         end_offset: 129
 51 |       - name: connection_strings.txt
 52 |         start_offset: 172
 53 |         end_offset: 225
 54 |     test:
 55 |       data: |
 56 |         connection_string = "Data Source=eee,1433;Initial Catalog=bbb;Integrated Security=False;User ID=ccc@aaa;Password=ddd;"
 57 |       start_offset: 113
 58 |       end_offset: 116
 59 |     comments:
 60 |       - This will spot connection strings for many databases, including MySQL, PostgreSQL, Oracle, SQL Server
 61 |       - To cut FPs, we require the start of the string to be a database-specific keyword
 62 | 
 63 |   - name: Database Connection String (2)
 64 |     type: database_connection_string_2
 65 |     description: "Database connection strings are used to connect to databases, often with embedded credentials."
 66 |     regex:
 67 |       pattern: |
 68 |         [^;"\x00-\x08]+
 69 |       start: |
 70 |         (?i)("|&quot;)([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
 71 |       end: |
 72 |         ;[^";]* ?([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=
 73 |       additional_not_match:
 74 |         # placeholders
 75 |         - ^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\{[a-zA-Z_]+\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*)$
 76 |         # parameterized query
 77 |         - parameters\('[^']+'\)
 78 | 
 79 |     test:
 80 |       data: |
 81 |         connection_string = "Password=ddd;Data Source=eee,1433;Initial Catalog=bbb;Integrated Security=False;User ID=ccc@aaa;"
 82 |       start_offset: 30
 83 |       end_offset: 33
 84 |     comments:
 85 |       - This will spot connection strings for many databases, including MySQL, PostgreSQL, Oracle, SQL Server
 86 |       - To cut FPs, we require part of the string after the password to be a database-specific keyword
 87 | 
 88 |   - name: Database Connection String (3)
 89 |     type: database_connection_string_3
 90 |     description: "Database connection strings are used to connect to databases, often with embedded credentials."
 91 |     regex:
 92 |       pattern: |
 93 |         [^;\r\n"'\x00-\x08]+
 94 |       start: |
 95 |         (\A|\b)ConnectionStrings__Default=[^\r\n]*([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
 96 |       end: |
 97 |         ([;\n]|\z)
 98 |       additional_not_match:
 99 |         # placeholders
100 |         - ^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\$?\{[a-zA-Z_]+\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*)$
101 | 
102 |     test:
103 |       data: |
104 |         ConnectionStrings__Default="Data Source=eee,1433;Initial Catalog=bbb;Integrated Security=False;User ID=ccc@aaa;Password=ddd;"
105 |       start_offset: 120
106 |       end_offset: 123
107 |     comments:
108 |       - This will spot the ConnectionStrings__Default env var being set with a Password
109 |     expected:
110 |       - name: docker_sqlserver.yml
111 |         start_offset: 394
112 |         end_offset: 405
113 | 
114 |   - name: TSQL CREATE LOGIN/USER
115 |     type: tsql_create_login_or_user
116 |     description: "A TSQL CREATE LOGIN or USER command using a password"
117 |     regex:
118 |       pattern: |
119 |         [^'\x00-\x08]{8,128}
120 |       start: |
121 |         (\A|\b)CREATE\s+(LOGIN|USER)\s+[^\s\x00-\x08]+\s+WITH\s+PASSWORD\s+=\s+N?'
122 |       end: |
123 |         \'
124 |     test:
125 |       data: |
126 |         CREATE USER phony WITH PASSWORD = 'mynewcreds';
127 |       start_offset: 35
128 |       end_offset: 45
129 |     expected:
130 |       - name: tsql_create_user.sql
131 |         start_offset: 35
132 |         end_offset: 45
133 | 
134 |     comments:
135 |       - This is specific to Microsoft SQL Server TSQL syntax
136 | 
137 |   - name: SQLAlchemy Database Connection String
138 |     type: sqlalchemy_connection_string
139 |     description: SQLAlchemy connection strings are used to connect to databases, often with embedded credentials.
140 |     regex:
141 |       pattern: |
142 |         [^$/?#@\s][^/?#@\s\x00-\x08]*
143 |       start: |
144 |         (\A|\b)mysql\+[a-z]+://[^/?#:@\s\x00-\x08]*:
145 |       end: |
146 |         @
147 |       additional_not_match:
148 |         - (?i)^[[{(<]?(?:password|passwd|secret)[\]})>]?$
149 |         - ^\$?\{[^}+]\}i\}$
150 |         - ^%(?:\.\*)?s$
151 |     test:
152 |       data: |
153 |         engine = create_engine('mysql+mysqlconnector://scott:tiger@localhost/foo')
154 |       start_offset: 53
155 |       end_offset: 58
156 | 
157 |   - name: MongoDB connection string
158 |     type: mongodb_connection_string
159 |     regex:
160 |       version: 0.2
161 |       pattern: |
162 |         mongodb(\+[a-z]+)?://[^'"`<>/:@\s\x00-\x08]+:[^'"`<>/@\s\x00-\x08]+@[^?'"`\s\x00-\x08]+
163 |       start: |
164 |         \A|\b
165 |       end: |
166 |         \z|\s|['"`?]
167 |       additional_not_match:
168 |         - (?i):(test|a|my)?[_-]?pass(word)?@
169 |         - :%(?:\.\*)?[sv]@
170 |         - :\$?\{[^}+]\}@
171 |         - ^mongodb\+srv://b\*b%40f3tt%3D:%244to%40L8%3DMC@test3.test.build.10gen.cc/mydb%3F\?replicaSet=repl0
172 |     test:
173 |       data: mongodb+srv://foo:bar@mongodb.example.invalid/
174 | 
175 |   - name: JDBC Database Connection String
176 |     type: jdbc_connection_string
177 |     regex:
178 |       version: 0.1
179 |       pattern: |
180 |         jdbc:[^:\x00-\x08]+:\/\/[^\/\x00-\x08]+\/[^?\x00-\x08]+\?user=[^&\x00-\x08]+&password=[^\s'"`<{$%*\x00-\x08]+
181 |       start: |
182 |         \A|\b
183 |       end: |
184 |         \z|\s|['"`<]
185 |     test:
186 |       data: |
187 |         jdbc:mysql://localhost:3306/mydb?user=root&password=toor
188 |       start_offset: 0
189 |       end_offset: 56
190 | 


--------------------------------------------------------------------------------
/jwt/owasp-juice-shop.ts:
--------------------------------------------------------------------------------
  1 | // https://github.com/juice-shop/juice-shop/blob/master/test/api/userApiSpec.ts
  2 | 
  3 | /*
  4 |  * Copyright (c) 2014-2021 Bjoern Kimminich & the OWASP Juice Shop contributors.
  5 |  * SPDX-License-Identifier: MIT
  6 |  */
  7 | 
  8 | import frisby = require('frisby')
  9 | const Joi = frisby.Joi
 10 | const utils = require('../../lib/utils')
 11 | const security = require('../../lib/insecurity')
 12 | 
 13 | const API_URL = 'http://localhost:3000/api'
 14 | const REST_URL = 'http://localhost:3000/rest'
 15 | 
 16 | const authHeader = { Authorization: `Bearer ${security.authorize()}`, 'content-type': 'application/json' }
 17 | const jsonHeader = { 'content-type': 'application/json' }
 18 | 
 19 | describe('/api/Users', () => {
 20 |   it('GET all users is forbidden via public API', () => {
 21 |     return frisby.get(`${API_URL}/Users`)
 22 |       .expect('status', 401)
 23 |   })
 24 | 
 25 |   it('GET all users', () => {
 26 |     return frisby.get(`${API_URL}/Users`, { headers: authHeader })
 27 |       .expect('status', 200)
 28 |   })
 29 | 
 30 |   it('GET all users doesnt include passwords', () => {
 31 |     return frisby.get(`${API_URL}/Users`, { headers: authHeader })
 32 |       .expect('status', 200)
 33 |       .expect('jsonTypes', 'data.*', {
 34 |         password: Joi.any().forbidden()
 35 |       })
 36 |   })
 37 | 
 38 |   it('POST new user', () => {
 39 |     return frisby.post(`${API_URL}/Users`, {
 40 |       headers: jsonHeader,
 41 |       body: {
 42 |         email: 'horst@horstma.nn',
 43 |         password: 'hooooorst'
 44 |       }
 45 |     })
 46 |       .expect('status', 201)
 47 |       .expect('header', 'content-type', /application\/json/)
 48 |       .expect('jsonTypes', 'data', {
 49 |         id: Joi.number(),
 50 |         createdAt: Joi.string(),
 51 |         updatedAt: Joi.string(),
 52 |         password: Joi.any().forbidden()
 53 |       })
 54 |   })
 55 | 
 56 |   it('POST new admin', () => {
 57 |     return frisby.post(`${API_URL}/Users`, {
 58 |       headers: jsonHeader,
 59 |       body: {
 60 |         email: 'horst2@horstma.nn',
 61 |         password: 'hooooorst',
 62 |         role: 'admin'
 63 |       }
 64 |     })
 65 |       .expect('status', 201)
 66 |       .expect('header', 'content-type', /application\/json/)
 67 |       .expect('jsonTypes', 'data', {
 68 |         id: Joi.number(),
 69 |         createdAt: Joi.string(),
 70 |         updatedAt: Joi.string(),
 71 |         password: Joi.any().forbidden()
 72 |       })
 73 |       .expect('json', 'data', {
 74 |         role: 'admin'
 75 |       })
 76 |   })
 77 | 
 78 |   it('POST new deluxe user', () => {
 79 |     return frisby.post(`${API_URL}/Users`, {
 80 |       headers: jsonHeader,
 81 |       body: {
 82 |         email: 'horst3@horstma.nn',
 83 |         password: 'hooooorst',
 84 |         role: 'deluxe'
 85 |       }
 86 |     })
 87 |       .expect('status', 201)
 88 |       .expect('header', 'content-type', /application\/json/)
 89 |       .expect('jsonTypes', 'data', {
 90 |         id: Joi.number(),
 91 |         createdAt: Joi.string(),
 92 |         updatedAt: Joi.string(),
 93 |         password: Joi.any().forbidden()
 94 |       })
 95 |       .expect('json', 'data', {
 96 |         role: 'deluxe'
 97 |       })
 98 |   })
 99 | 
100 |   it('POST new accounting user', () => {
101 |     return frisby.post(`${API_URL}/Users`, {
102 |       headers: jsonHeader,
103 |       body: {
104 |         email: 'horst4@horstma.nn',
105 |         password: 'hooooorst',
106 |         role: 'accounting'
107 |       }
108 |     })
109 |       .expect('status', 201)
110 |       .expect('header', 'content-type', /application\/json/)
111 |       .expect('jsonTypes', 'data', {
112 |         id: Joi.number(),
113 |         createdAt: Joi.string(),
114 |         updatedAt: Joi.string(),
115 |         password: Joi.any().forbidden()
116 |       })
117 |       .expect('json', 'data', {
118 |         role: 'accounting'
119 |       })
120 |   })
121 | 
122 |   it('POST user not belonging to customer, deluxe, accounting, admin is forbidden', () => {
123 |     return frisby.post(`${API_URL}/Users`, {
124 |       headers: jsonHeader,
125 |       body: {
126 |         email: 'horst5@horstma.nn',
127 |         password: 'hooooorst',
128 |         role: 'accountinguser'
129 |       }
130 |     })
131 |       .expect('status', 400)
132 |       .expect('header', 'content-type', /application\/json/)
133 |       .then(({ json }) => {
134 |         expect(json.message).toBe('Validation error: Validation isIn on role failed')
135 |         expect(json.errors[0].field).toBe('role')
136 |         expect(json.errors[0].message).toBe('Validation isIn on role failed')
137 |       })
138 |   })
139 | 
140 |   if (!utils.disableOnContainerEnv()) {
141 |     it('POST new user with XSS attack in email address', () => {
142 |       return frisby.post(`${API_URL}/Users`, {
143 |         headers: jsonHeader,
144 |         body: {
145 |           email: '<iframe src="javascript:alert(`xss`)">',
146 |           password: 'does.not.matter'
147 |         }
148 |       })
149 |         .expect('status', 201)
150 |         .expect('header', 'content-type', /application\/json/)
151 |         .expect('json', 'data', { email: '<iframe src="javascript:alert(`xss`)">' })
152 |     })
153 |   }
154 | })
155 | 
156 | describe('/api/Users/:id', () => {
157 |   it('GET existing user by id is forbidden via public API', () => {
158 |     return frisby.get(`${API_URL}/Users/1`)
159 |       .expect('status', 401)
160 |   })
161 | 
162 |   it('PUT update existing user is forbidden via public API', () => {
163 |     return frisby.put(`${API_URL}/Users/1`, {
164 |       header: jsonHeader,
165 |       body: { email: 'administr@t.or' }
166 |     })
167 |       .expect('status', 401)
168 |   })
169 | 
170 |   it('DELETE existing user is forbidden via public API', () => {
171 |     return frisby.del(`${API_URL}/Users/1`)
172 |       .expect('status', 401)
173 |   })
174 | 
175 |   it('GET existing user by id', () => {
176 |     return frisby.get(`${API_URL}/Users/1`, { headers: authHeader })
177 |       .expect('status', 200)
178 |   })
179 | 
180 |   it('PUT update existing user is forbidden via API even when authenticated', () => {
181 |     return frisby.put(`${API_URL}/Users/1`, {
182 |       headers: authHeader,
183 |       body: { email: 'horst.horstmann@horstma.nn' }
184 |     })
185 |       .expect('status', 401)
186 |   })
187 | 
188 |   it('DELETE existing user is forbidden via API even when authenticated', () => {
189 |     return frisby.del(`${API_URL}/Users/1`, { headers: authHeader })
190 |       .expect('status', 401)
191 |   })
192 | })
193 | 
194 | describe('/rest/user/authentication-details', () => {
195 |   it('GET all users decorated with attribute for authentication token', () => {
196 |     return frisby.get(`${REST_URL}/user/authentication-details`, { headers: authHeader })
197 |       .expect('status', 200)
198 |       .expect('jsonTypes', 'data.?', {
199 |         token: Joi.string()
200 |       })
201 |   })
202 | 
203 |   it('GET all users with password replaced by asterisks', () => {
204 |     return frisby.get(`${REST_URL}/user/authentication-details`, { headers: authHeader })
205 |       .expect('status', 200)
206 |       .expect('json', 'data.?', {
207 |         password: '********************************'
208 |       })
209 |   })
210 | })
211 | 
212 | describe('/rest/user/whoami', () => {
213 |   it('GET own user id and email on who-am-i request', () => {
214 |     return frisby.post(`${REST_URL}/user/login`, {
215 |       headers: jsonHeader,
216 |       body: {
217 |         email: 'bjoern.kimminich@gmail.com',
218 |         password: 'bW9jLmxpYW1nQGhjaW5pbW1pay5ucmVvamI='
219 |       }
220 |     })
221 |       .expect('status', 200)
222 |       .then(({ json }) => {
223 |         return frisby.get(`${REST_URL}/user/whoami`, { headers: { Cookie: `token=${json.authentication.token}` } })
224 |           .expect('status', 200)
225 |           .expect('header', 'content-type', /application\/json/)
226 |           .expect('jsonTypes', 'user', {
227 |             id: Joi.number(),
228 |             email: Joi.string()
229 |           })
230 |           .expect('json', 'user', {
231 |             email: 'bjoern.kimminich@gmail.com'
232 |           })
233 |       })
234 |   })
235 | 
236 |   it('GET who-am-i request returns nothing on missing auth token', () => {
237 |     return frisby.get(`${REST_URL}/user/whoami`)
238 |       .expect('status', 200)
239 |       .expect('header', 'content-type', /application\/json/)
240 |       .expect('json', {
241 |         user: {}
242 |       })
243 |   })
244 | 
245 |   it('GET who-am-i request returns nothing on invalid auth token', () => {
246 |     return frisby.get(`${REST_URL}/user/whoami`, { headers: { Authorization: 'Bearer InvalidAuthToken' } })
247 |       .expect('status', 200)
248 |       .expect('header', 'content-type', /application\/json/)
249 |       .expect('json', {
250 |         user: {}
251 |       })
252 |   })
253 | 
254 |   it('GET who-am-i request returns nothing on broken auth token', () => {
255 |     return frisby.get(`${REST_URL}/user/whoami`, { headers: { Authorization: 'BoarBeatsBear' } })
256 |       .expect('status', 200)
257 |       .expect('header', 'content-type', /application\/json/)
258 |       .expect('json', {
259 |         user: {}
260 |       })
261 |   })
262 | 
263 |   it('GET who-am-i request returns nothing on expired auth token', () => {
264 |     return frisby.get(`${REST_URL}/user/whoami`, { headers: { Authorization: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGF0dXMiOiJzdWNjZXNzIiwiZGF0YSI6eyJpZCI6MSwidXNlcm5hbWUiOiIiLCJlbWFpbCI6ImFkbWluQGp1aWNlLXNoLm9wIiwicGFzc3dvcmQiOiIwMTkyMDIzYTdiYmQ3MzI1MDUxNmYwNjlkZjE4YjUwMCIsInJvbGUiOiJhZG1pbiIsImxhc3RMb2dpbklwIjoiMC4wLjAuMCIsInByb2ZpbGVJbWFnZSI6ImRlZmF1bHQuc3ZnIiwidG90cFNlY3JldCI6IiIsImlzQWN0aXZlIjp0cnVlLCJjcmVhdGVkQXQiOiIyMDE5LTA4LTE5IDE1OjU2OjE1LjYyOSArMDA6MDAiLCJ1cGRhdGVkQXQiOiIyMDE5LTA4LTE5IDE1OjU2OjE1LjYyOSArMDA6MDAiLCJkZWxldGVkQXQiOm51bGx9LCJpYXQiOjE1NjYyMzAyMjQsImV4cCI6MTU2NjI0ODIyNH0.FL0kkcInY5sDMGKeLHfEOYDTQd3BjR6_mK7Tcm_RH6iCLotTSRRoRxHpLkbtIQKqBFIt14J4BpLapkzG7ppRWcEley5nego-4iFOmXQvCBz5ISS3HdtM0saJnOe0agyVUen3huFp4F2UCth_y2ScjMn_4AgW66cz8NSFPRVpC8g' } })
265 |       .expect('status', 200)
266 |       .expect('header', 'content-type', /application\/json/)
267 |       .expect('json', {
268 |         user: {}
269 |       })
270 |   })
271 | })
272 | 


--------------------------------------------------------------------------------
/rsa/GeekMasher GPG.asc:
--------------------------------------------------------------------------------
  1 | -----BEGIN PGP PRIVATE KEY BLOCK-----
  2 | 
  3 | lQcYBGC/ePcBEADs638nM5YymIHeNBFayjO6kAACNMiAiQj8nMYvLSCzyGM4qRWW
  4 | DF8diTnaJs+8FJvTQv7ERQViDizcpXlecaI/EVfns+tOuYCeFGdGoRz47NO6TsGF
  5 | ULSDhRcx17PJXQxQMyURVSb2+09rE05Yp6e89cYjlbo5ytdi4fqvrEeXY4cIM1us
  6 | 5RwLCubBUEH+tReR8sXkLEB68eu9Ym/qNp9+L4esoVjBSaqDYGyXuf34fG4cbAOi
  7 | 0AeYUzBjq9qW37GDtAbgrNZsXee87rep1gJ1Mod5TkRdDIfG8ZCdXBSwVCRfh1H2
  8 | gpKFemIXwkk0fa9mYxoXqW0SBRb9p6YrcQk5k+1qxWronV1I9gXGYjkq0Cx6quOa
  9 | 41BE9ueu29vIu9u82vxjqkFw6iTNwgT5+lFwvPQdBVrjBp/1Yv5MAzSnEoEDeW5J
 10 | niUZYLhSPHMOPKnxLpXJjMKa9SLcQcpfR1boTvwGxEBC2Mpc9lZTI4ISI2Xz282l
 11 | G0fe43HG+vEVpHwR9+413R6oVo3nSncl0DHw0+ZE1ioyqD8HNDZZgSH72oasMULB
 12 | sTYThHXoyegtEa/26Iv/qLZ17BOhmBi14sfOMjKqUSsWvh1wc1ewwbb4epKpHnKE
 13 | xa1ISjmh7Xl0UUim7vU/hw0+FxjRRvTpiolzEKWpdC1WR12yxEbescVQyQARAQAB
 14 | AA/6AqFiN+WUGjN0hKqsEyeZz61T3LJok/nBhGl6r1EnUuurg1hoPZJdV3r7rhL+
 15 | fTJ24O92W+g+xS4OXDRHns9w61WWVeOa3hTD621jUKbPByn8901yy1fAK1Il1ec0
 16 | zyxl67mHpLO+8yDK6s/L78LLw1awuJor10Kr5cSHx53IbTM9D2+fidHA4BQCyBxr
 17 | oSfyTyvke9IsdJj9QqzmPHHXDzv4nAduEHZQivUd+4jEe7bo846U80CvRucMi1y/
 18 | +GsbIdDUvzeYCVu5DBFT73IpdJLnK2b9rhFKrCAoOIEKV0NV5IwgcjXUqd/4GRau
 19 | gKNRGFhLFL5sMDYngVE0UHjoruof1rmyVQ+NU3Rcg54FDdNnVOhAfPqRAIG41EFy
 20 | MFgsjP5lBol95AbjfMVoK0/rKU3VTAtFoE29LWM2HCvMnYzACjDcKQQBfZM6cFqo
 21 | 7Bj9Fl9W/siW1g1/XqT6T4L0Go5o92P6oPLXnXB08Qh8C5/3XoiK2PA+odxIQGzp
 22 | BHqoaRV51n7GQ4JvM+Y060JAO3npDYnwMJdWGu6qc21pXDPRROKhVIFr0Wb32bUN
 23 | 5kK4+SgqKqzTUGJJ1Ejc1TrQbK/dxPf3VlxXnmAl8Qfwsd+8r1wDgdmCBztlqj+c
 24 | W4zSCU748SyA7CofRFUTn4Z1/ob48E/pJOvWygE/6ylQuVEIAPDLTlni+08/yAsF
 25 | yEiczf+wKfnVJNWTblKPklco/QSso+4nFcFRTz8365FIyc68atMzMAbk5QTIZQhh
 26 | PLSBrttMse6PNjRGgCuCjjuYrMi+GA01mmSwCe4tJY5tGaeCdgvMPTONJKAv6zOC
 27 | 2pH2PHapW40NmgpBSUrUATTjYc8h6QLfiRCle2nzwbbMBtQ1TgfBYgY3N/cNFWcl
 28 | ijx5NqD4ky8AlZWV6xq8VLXPcYGQg7RCvhuq6+jsBhETRgWENof6+52YXtY2Oqv3
 29 | 6zjL0OaERJ7ERFsM1gR1ASpXVwohxpRMkyWJV+kE2C3X2fCNpfc438rhWoxp1Ekw
 30 | BCShdRkIAPvhjyXkdJ/S00/l67R8y9TfPvBVq2FvlgviQaCk+OLNwekWl7564LNo
 31 | ftXwqmZvV82o3l5oEX5DtPvAl4qV0iImqXJ4vLeT5Of6f1FeZvACD/QUipo+Oz1B
 32 | vzK+EqXnAHwWTk/pi4/3cr9OQ1YadotyZyunM7bjc85+pokpwX45qaKJbgBotyrj
 33 | plWXKrX51E+slAFuxNpgxnmA1aZHXIl5cb/RoITifvNKEx9ckab/WBCX8kKXzSz9
 34 | zVTun54Oa/rNRKFCH1MWJYtzlkFfrPIbHMmcnsoafaUxsBoKtICDfn+ZzROB0SR4
 35 | hjyet+De0sjHrfa29GRI2Ms+0VJK/zEH/iRqSB7FALB2O25X8C1RJIZb3a9n+hvr
 36 | oFSZvkZPnGZ2BmcfM2gJZ6P4/2b5XvB7z/IvJRfQD74FvtcMbLRibeZ0ITlS0pz9
 37 | DaBYnbkEZN7zfwR2NFJHN8CRdizfi/7xoR8V8IiE8yqYlq5CBYxDVMYl4oNEP2CK
 38 | TnCjOC1+iDdr1oWgRjLeBMFyfRpS0FGS14ITBgIw8e/nbvwv/87QI6SfgOVyzBex
 39 | X45WkiooQlahwkZyb6Vuf8aM/sycesEAyRc5GWp5s2H3JoD0jCW/OjhM8onQPWFl
 40 | 54kOCfPx7ju53sQkCShcrV2AIKssCsuIKw4FoSvSkil0L7VcaLqA4pSE07QmR2Vl
 41 | a01hc2hlciBHUEcgPGdlZWttYXNoZXJAZ2l0aHViLmNvbT6JAlQEEwEIAD4WIQR9
 42 | AcDLuW/RkW3OJlG3jxV3vYfODwUCYL949wIbAwUJB4YfTAULCQgHAgYVCgkICwIE
 43 | FgIDAQIeAQIXgAAKCRC3jxV3vYfODxYjEACaXYslJh3gIa7uMupUAfc82wwEBz58
 44 | C4HTin+vM3cpZnM2mWOq9WYRIUMZGaQm6OeoXmFlreyttSW4r22wQ20HbAzsWcus
 45 | 3U2c0or8QiFotfJk5PkNC49CNOtSlYKJ+qbJcYNwf3IkpdrkJl+nQsMasXqK4MX2
 46 | TBzGhfl70HawyySbogai4o+w2DKdeXpp79+DrbRcsrae4MxEJWhMY05dBqUqAcNk
 47 | a0V46jfQpxvy9+4enAIoBfBafgYrftPO6Qe9ZC0MuD1rSQ1GcOOTUcmpb2SBKTkl
 48 | b1/euGdl7fPAgK7dtjh53bhqEDRjBGSo4GwVA67OTR1bXqSgj+08zJfm+emd7toK
 49 | QRwpM6OiZDY5pWSC2PESZcDY0xvvBGfgQbLj0VqY+MIeSlmU9Ac+cXMeZFYJ2DQi
 50 | ZSm8GLz9ysBHTXjfEFuoise2RdAeI0UiTBy83NGoueuqYse3EkAlCCl4bZtiDe4i
 51 | T47v9q49NB8yaTj/U4sBzGK3WLTZX6+isxq4BIeFuVutcWIdcRf2fRJ+/jdBlLV2
 52 | sVIzeSV/08Ux5YoP2dsGlNu2cmqPR0Vcork13KsX2g8dOp5Muj8aZBzgdMZooXuN
 53 | Na9UhCJTC6Ve8gG4u4k9RmPy28REJXImnE8b6nb8oIeG8st8gDSSMx45INDsa0qR
 54 | dbWq88eOl+Kmgp0HGARgv3j3ARAAzx+db8dunsds2tPw6g2ckdBtWipyEbxMptK5
 55 | iS83RSfalQ27EBgER2YLwrKyfEG7G/G/GZ2splX9dHPptSVXbnwq2N+7d794PegK
 56 | CBUOE6t7MdZ3PW+feHXfAZ2pjdOvmqGXY9sTpkPhlURNxVwj4pSjRoxx49wNMhlV
 57 | YEnhu0EH7QQiCbbs5DcFI42NezGgf542DUBX/TXSPXsnJBUaegtciGfa8UpxFtUG
 58 | y5q74tijUou/Mkg0U5l8/UjKdESLOtYX3nhQhQhv+pDKcCJLOtaiSaPHNA4MWD+L
 59 | s0iTNBZz2eQCfLqbRQ0ivO7Cb/aJjiv0VWEngpSss2IG/S/N+0ENoXEzYxwSR+e2
 60 | L1HuPIaQNpwat3KkuR8mEK8JNNTxyLbtie+hGeqzRaWrue9oaOcCTVuCuEEpLfz7
 61 | GK7MzF8JFGeL3Xp9eNLnPuJS+EFFcYoKE2IpPAfzax00ML4BUHc6aCMaN+thytg/
 62 | MNvMnm71UKhYlre0s2Wu/yMm+Qrz04/UnCqhuxBxuKCQ3OzF5GkFyztnMUSxqxaW
 63 | jXAnP/LmvOQFJYgrjKK+mR12h2WW+B8/ppLVYkAdckfHnIxio+AYd17KPQ28QmvC
 64 | q8OlWTtlLjSvZRO3qMke9RbpTvf/PD9Xpnlg8qNxSPmJtHWXFFtQK08uiOi9uB/7
 65 | HoWSQdUAEQEAAQAP/Rqgod4rnBkQN6UE95qKGBrW2iLBWjDVgwqKBLg84woiTtji
 66 | ua3JU04qhvsyJf1mJeaNyaztYbNwp/OUrfL6ffxXki/syMO4UH5aRQ/iRREE9q2N
 67 | jil5Ht30VAXNKG3HTR1qsMpxm7EVq6aY8AvzWy8B6jZjpTCkquhJ7CPuMPWggqMB
 68 | 6QOpX1hnimLrtnNOtKeIxhd7XNR8sC6fP9pFAZu3DN+sb6/y4LRiu/Y+SkamOzjy
 69 | 0P28h/LyGejQttZZCYfi25Ffk6/Gnz7DO9ihUAfxwqNc9CXJDeU6e3yXqUpaU0KB
 70 | LEtaDM7FGuDXK8ALyIYH4z18DqxG7ieRmVHAwjt+S2Wqr50OVWox4/9v+BW37n84
 71 | is342TG8XuYOvJavDea+Q9ghUDSSP4KjgLg53Uz3g1/iicKcDfkW4HLDcLblBSY5
 72 | +v1sr/yg8/9dYm1/sSPK3TdDFhWasgt7P2pTQewlLRWGbb6m5GcXxgoFam033sKv
 73 | 4dCW1ArLWbguA+MQcD3IFoXqWmpOgpuwgH6DlvuxP1LEFR9BsqpPI22/2GSqWJ8Z
 74 | XJtZVhMGmIOwuPZYiNoc2TkAKwUeDKQK/lMT/JmdNeUqR+2MFZ6Piz7rND+fXM0l
 75 | lqVp83jyZylFi+4mx8ckRhajeHoxgg4Z+7bjz1mg314/WPe+aJ73zeUrwWfxCADb
 76 | K/bWR8y1RUyLFkTz+2Xm+7cL/2OaDnV7CFkZYI6478ljfmFLto56+F13kEZbsASY
 77 | RJlirf8scXJuQhXMw+HPBL+NcJPlKIthUybv2UubEbo6w8WpvksKBJeIIGqdbk8t
 78 | PjSAGTgoO7KCGuPnHO1u1cvr+J4wCZ8u89/x967Qn6HSggIqhAtPH0GDyfUMiEtV
 79 | FTI6PM1BWTYpolwWPxRhJnei5wZ51ms85NRQTT9SskscU2sZ0N3Ia76w6f67M16D
 80 | VvjzRG7h24knf+IT6BcYqelBhNGwGmyuQD80JCqBDaXf61+YizfiJFbXalgN6pJl
 81 | dZ9gSYLTpJHFMUKTTN4TCADx7WAzc8yWxhQi3i8JfnmbCT3CR+/KRVKAkS+InUMb
 82 | bD+Ilt6WnilSMZ9y/5ZCKYn1rwPi0rP2MaQn5Skrvk1HqOrGiuCqRkMuOi+lSNmY
 83 | L3pWfuqTl1zk6B3DLHq7m+U9toTMbhuI4TQfdKny+J2GbGo9weAz6MVk+xsRYVS1
 84 | 9FBwLVmZXZh5BQTkvgXaUh6FFNDPA6PbQrOA5OR65nQBAB192u35/g6927mVEmEv
 85 | zZ/qJjC8L+h2BSza5UqdYO5ysCnIlnYYqNt27Y4jq+n95H7umDvITUvOs+X+Up9B
 86 | 5PhUuxESC1FclA6770lMI15shpcnWkuUqWoUOsdv8b13B/45sU2QQPxc3LvsVhb6
 87 | 5YZMyQH9FSAqx1LSoeIlMlB7VmUMV71l7Un1QqTgsi0orBQNiFwF5iFU3tDqE7mJ
 88 | 92y6SKmCu0Dp7uIDDvoMh3Xo7q9fg9U6mjTqXq4QlhrhUcItd3JQYph3T2wf51L4
 89 | yN5sPQ9M8hYmX4JjcDOMWh3tbC23KGZNnTzqXvckBNnT86ZwGNltI4aeaPEXpCkE
 90 | R7WOGqu8tYr9ntzbOKWckl/G4ORaN3ze5zRzIz2JPBkwRyymgCeYtk6P0CPKujZS
 91 | AGDw7Y4yUUyrXkUmZAmBUwrboWiAHwyKlIImCRRlkdZ5KO/HG18YylFTh+MyqUCR
 92 | xap8gbSJAjwEGAEIACYWIQR9AcDLuW/RkW3OJlG3jxV3vYfODwUCYL949wIbDAUJ
 93 | B4YfTAAKCRC3jxV3vYfOD1IDEADdkzpy9c8OmuccJBtO6qa6uLGP2Gu+BkbAGQSN
 94 | yDf07l1XckB8gVxyt8WAY7YPSnAhgeWEGpSe9xeX54HZFjMK4fX5CLQ/KI710GN3
 95 | QIHZuJulANfiF4llfY6TBUeQF407PxMGN2zhux4buio4xxcQted6nY8obRENprCp
 96 | ezVSl0pG0haQqw350ewDroRtplFy045XHa2O09XOLorYcRor54sZxkCO/x13M5Uu
 97 | QUFwYV+MnLLt53oUkCXcKUIKFZKdpxuGH6JvIy+rfqeMWycLGnQvN7AKRcYbGg4B
 98 | 5C1U6NZAGJzNmgIWmpbAZszXoFKPgwe9mtdREHDmsQi5DBGVwnNa/jCCWihkRpMd
 99 | VF7wAxxsZyp1vzqrvhEBgnk6R5SSDG628CC3x7jX80srhzWXYlBTdoSVLCytQ95s
100 | r2OkkTEtnKaiRz+FNlQ6B8gR6TBJJ0KsPE7PO4V/tNc8glI9mhkUYLZH1gZGyLy2
101 | Cx1HBoPmUJuKtLmwxJyQH2vB/ugHxHoJPUfqObVh5yBab43D7cl8ZrbcY0JOM+bG
102 | n7fBvVZvDHSFFIrEKhA/TTvJIQ8vFxoSoUGJme5YhTbvM4fRNx1xpcv1xj4c6HXu
103 | fQgRJM5lbkEDKvZDrRqklFcgihYGmzCvtkgAZ3m70OW7Wv1eP5KeDKXywx+B9OLz
104 | zxMnuw==
105 | =VazJ
106 | -----END PGP PRIVATE KEY BLOCK-----
107 | -----BEGIN PGP PUBLIC KEY BLOCK-----
108 | 
109 | mQINBGC/ePcBEADs638nM5YymIHeNBFayjO6kAACNMiAiQj8nMYvLSCzyGM4qRWW
110 | DF8diTnaJs+8FJvTQv7ERQViDizcpXlecaI/EVfns+tOuYCeFGdGoRz47NO6TsGF
111 | ULSDhRcx17PJXQxQMyURVSb2+09rE05Yp6e89cYjlbo5ytdi4fqvrEeXY4cIM1us
112 | 5RwLCubBUEH+tReR8sXkLEB68eu9Ym/qNp9+L4esoVjBSaqDYGyXuf34fG4cbAOi
113 | 0AeYUzBjq9qW37GDtAbgrNZsXee87rep1gJ1Mod5TkRdDIfG8ZCdXBSwVCRfh1H2
114 | gpKFemIXwkk0fa9mYxoXqW0SBRb9p6YrcQk5k+1qxWronV1I9gXGYjkq0Cx6quOa
115 | 41BE9ueu29vIu9u82vxjqkFw6iTNwgT5+lFwvPQdBVrjBp/1Yv5MAzSnEoEDeW5J
116 | niUZYLhSPHMOPKnxLpXJjMKa9SLcQcpfR1boTvwGxEBC2Mpc9lZTI4ISI2Xz282l
117 | G0fe43HG+vEVpHwR9+413R6oVo3nSncl0DHw0+ZE1ioyqD8HNDZZgSH72oasMULB
118 | sTYThHXoyegtEa/26Iv/qLZ17BOhmBi14sfOMjKqUSsWvh1wc1ewwbb4epKpHnKE
119 | xa1ISjmh7Xl0UUim7vU/hw0+FxjRRvTpiolzEKWpdC1WR12yxEbescVQyQARAQAB
120 | tCZHZWVrTWFzaGVyIEdQRyA8Z2Vla21hc2hlckBnaXRodWIuY29tPokCVAQTAQgA
121 | PhYhBH0BwMu5b9GRbc4mUbePFXe9h84PBQJgv3j3AhsDBQkHhh9MBQsJCAcCBhUK
122 | CQgLAgQWAgMBAh4BAheAAAoJELePFXe9h84PFiMQAJpdiyUmHeAhru4y6lQB9zzb
123 | DAQHPnwLgdOKf68zdylmczaZY6r1ZhEhQxkZpCbo56heYWWt7K21JbivbbBDbQds
124 | DOxZy6zdTZzSivxCIWi18mTk+Q0Lj0I061KVgon6pslxg3B/ciSl2uQmX6dCwxqx
125 | eorgxfZMHMaF+XvQdrDLJJuiBqLij7DYMp15emnv34OttFyytp7gzEQlaExjTl0G
126 | pSoBw2RrRXjqN9CnG/L37h6cAigF8Fp+Bit+087pB71kLQy4PWtJDUZw45NRyalv
127 | ZIEpOSVvX964Z2Xt88CArt22OHnduGoQNGMEZKjgbBUDrs5NHVtepKCP7TzMl+b5
128 | 6Z3u2gpBHCkzo6JkNjmlZILY8RJlwNjTG+8EZ+BBsuPRWpj4wh5KWZT0Bz5xcx5k
129 | VgnYNCJlKbwYvP3KwEdNeN8QW6iKx7ZF0B4jRSJMHLzc0ai566pix7cSQCUIKXht
130 | m2IN7iJPju/2rj00HzJpOP9TiwHMYrdYtNlfr6KzGrgEh4W5W61xYh1xF/Z9En7+
131 | N0GUtXaxUjN5JX/TxTHlig/Z2waU27Zyao9HRVyiuTXcqxfaDx06nky6PxpkHOB0
132 | xmihe401r1SEIlMLpV7yAbi7iT1GY/LbxEQlciacTxvqdvygh4byy3yANJIzHjkg
133 | 0OxrSpF1tarzx46X4qaCuQINBGC/ePcBEADPH51vx26ex2za0/DqDZyR0G1aKnIR
134 | vEym0rmJLzdFJ9qVDbsQGARHZgvCsrJ8Qbsb8b8ZnaymVf10c+m1JVdufCrY37t3
135 | v3g96AoIFQ4Tq3sx1nc9b594dd8BnamN06+aoZdj2xOmQ+GVRE3FXCPilKNGjHHj
136 | 3A0yGVVgSeG7QQftBCIJtuzkNwUjjY17MaB/njYNQFf9NdI9eyckFRp6C1yIZ9rx
137 | SnEW1QbLmrvi2KNSi78ySDRTmXz9SMp0RIs61hfeeFCFCG/6kMpwIks61qJJo8c0
138 | DgxYP4uzSJM0FnPZ5AJ8uptFDSK87sJv9omOK/RVYSeClKyzYgb9L837QQ2hcTNj
139 | HBJH57YvUe48hpA2nBq3cqS5HyYQrwk01PHItu2J76EZ6rNFpau572ho5wJNW4K4
140 | QSkt/PsYrszMXwkUZ4vden140uc+4lL4QUVxigoTYik8B/NrHTQwvgFQdzpoIxo3
141 | 62HK2D8w28yebvVQqFiWt7SzZa7/Iyb5CvPTj9ScKqG7EHG4oJDc7MXkaQXLO2cx
142 | RLGrFpaNcCc/8ua85AUliCuMor6ZHXaHZZb4Hz+mktViQB1yR8ecjGKj4Bh3Xso9
143 | DbxCa8Krw6VZO2UuNK9lE7eoyR71FulO9/88P1emeWDyo3FI+Ym0dZcUW1ArTy6I
144 | 6L24H/sehZJB1QARAQABiQI8BBgBCAAmFiEEfQHAy7lv0ZFtziZRt48Vd72Hzg8F
145 | AmC/ePcCGwwFCQeGH0wACgkQt48Vd72Hzg9SAxAA3ZM6cvXPDprnHCQbTuqmurix
146 | j9hrvgZGwBkEjcg39O5dV3JAfIFccrfFgGO2D0pwIYHlhBqUnvcXl+eB2RYzCuH1
147 | +Qi0PyiO9dBjd0CB2bibpQDX4heJZX2OkwVHkBeNOz8TBjds4bseG7oqOMcXELXn
148 | ep2PKG0RDaawqXs1UpdKRtIWkKsN+dHsA66EbaZRctOOVx2tjtPVzi6K2HEaK+eL
149 | GcZAjv8ddzOVLkFBcGFfjJyy7ed6FJAl3ClCChWSnacbhh+ibyMvq36njFsnCxp0
150 | LzewCkXGGxoOAeQtVOjWQBiczZoCFpqWwGbM16BSj4MHvZrXURBw5rEIuQwRlcJz
151 | Wv4wglooZEaTHVRe8AMcbGcqdb86q74RAYJ5OkeUkgxutvAgt8e41/NLK4c1l2JQ
152 | U3aElSwsrUPebK9jpJExLZymokc/hTZUOgfIEekwSSdCrDxOzzuFf7TXPIJSPZoZ
153 | FGC2R9YGRsi8tgsdRwaD5lCbirS5sMSckB9rwf7oB8R6CT1H6jm1YecgWm+Nw+3J
154 | fGa23GNCTjPmxp+3wb1Wbwx0hRSKxCoQP007ySEPLxcaEqFBiZnuWIU27zOH0Tcd
155 | caXL9cY+HOh17n0IESTOZW5BAyr2Q60apJRXIIoWBpswr7ZIAGd5u9Dlu1r9Xj+S
156 | ngyl8sMfgfTi888TJ7s=
157 | =xXe3
158 | -----END PGP PUBLIC KEY BLOCK-----
159 | 


--------------------------------------------------------------------------------
/rsa/GeekMasher_GPG_with_headers.asc:
--------------------------------------------------------------------------------
  1 | -----BEGIN PGP PRIVATE KEY BLOCK-----
  2 | Version: GnuPG v0.9.7 (GNU/Linux)
  3 | Comment: For info see http://www.gnupg.org
  4 | 
  5 | lQcYBGC/ePcBEADs638nM5YymIHeNBFayjO6kAACNMiAiQj8nMYvLSCzyGM4qRWW
  6 | DF8diTnaJs+8FJvTQv7ERQViDizcpXlecaI/EVfns+tOuYCeFGdGoRz47NO6TsGF
  7 | ULSDhRcx17PJXQxQMyURVSb2+09rE05Yp6e89cYjlbo5ytdi4fqvrEeXY4cIM1us
  8 | 5RwLCubBUEH+tReR8sXkLEB68eu9Ym/qNp9+L4esoVjBSaqDYGyXuf34fG4cbAOi
  9 | 0AeYUzBjq9qW37GDtAbgrNZsXee87rep1gJ1Mod5TkRdDIfG8ZCdXBSwVCRfh1H2
 10 | gpKFemIXwkk0fa9mYxoXqW0SBRb9p6YrcQk5k+1qxWronV1I9gXGYjkq0Cx6quOa
 11 | 41BE9ueu29vIu9u82vxjqkFw6iTNwgT5+lFwvPQdBVrjBp/1Yv5MAzSnEoEDeW5J
 12 | niUZYLhSPHMOPKnxLpXJjMKa9SLcQcpfR1boTvwGxEBC2Mpc9lZTI4ISI2Xz282l
 13 | G0fe43HG+vEVpHwR9+413R6oVo3nSncl0DHw0+ZE1ioyqD8HNDZZgSH72oasMULB
 14 | sTYThHXoyegtEa/26Iv/qLZ17BOhmBi14sfOMjKqUSsWvh1wc1ewwbb4epKpHnKE
 15 | xa1ISjmh7Xl0UUim7vU/hw0+FxjRRvTpiolzEKWpdC1WR12yxEbescVQyQARAQAB
 16 | AA/6AqFiN+WUGjN0hKqsEyeZz61T3LJok/nBhGl6r1EnUuurg1hoPZJdV3r7rhL+
 17 | fTJ24O92W+g+xS4OXDRHns9w61WWVeOa3hTD621jUKbPByn8901yy1fAK1Il1ec0
 18 | zyxl67mHpLO+8yDK6s/L78LLw1awuJor10Kr5cSHx53IbTM9D2+fidHA4BQCyBxr
 19 | oSfyTyvke9IsdJj9QqzmPHHXDzv4nAduEHZQivUd+4jEe7bo846U80CvRucMi1y/
 20 | +GsbIdDUvzeYCVu5DBFT73IpdJLnK2b9rhFKrCAoOIEKV0NV5IwgcjXUqd/4GRau
 21 | gKNRGFhLFL5sMDYngVE0UHjoruof1rmyVQ+NU3Rcg54FDdNnVOhAfPqRAIG41EFy
 22 | MFgsjP5lBol95AbjfMVoK0/rKU3VTAtFoE29LWM2HCvMnYzACjDcKQQBfZM6cFqo
 23 | 7Bj9Fl9W/siW1g1/XqT6T4L0Go5o92P6oPLXnXB08Qh8C5/3XoiK2PA+odxIQGzp
 24 | BHqoaRV51n7GQ4JvM+Y060JAO3npDYnwMJdWGu6qc21pXDPRROKhVIFr0Wb32bUN
 25 | 5kK4+SgqKqzTUGJJ1Ejc1TrQbK/dxPf3VlxXnmAl8Qfwsd+8r1wDgdmCBztlqj+c
 26 | W4zSCU748SyA7CofRFUTn4Z1/ob48E/pJOvWygE/6ylQuVEIAPDLTlni+08/yAsF
 27 | yEiczf+wKfnVJNWTblKPklco/QSso+4nFcFRTz8365FIyc68atMzMAbk5QTIZQhh
 28 | PLSBrttMse6PNjRGgCuCjjuYrMi+GA01mmSwCe4tJY5tGaeCdgvMPTONJKAv6zOC
 29 | 2pH2PHapW40NmgpBSUrUATTjYc8h6QLfiRCle2nzwbbMBtQ1TgfBYgY3N/cNFWcl
 30 | ijx5NqD4ky8AlZWV6xq8VLXPcYGQg7RCvhuq6+jsBhETRgWENof6+52YXtY2Oqv3
 31 | 6zjL0OaERJ7ERFsM1gR1ASpXVwohxpRMkyWJV+kE2C3X2fCNpfc438rhWoxp1Ekw
 32 | BCShdRkIAPvhjyXkdJ/S00/l67R8y9TfPvBVq2FvlgviQaCk+OLNwekWl7564LNo
 33 | ftXwqmZvV82o3l5oEX5DtPvAl4qV0iImqXJ4vLeT5Of6f1FeZvACD/QUipo+Oz1B
 34 | vzK+EqXnAHwWTk/pi4/3cr9OQ1YadotyZyunM7bjc85+pokpwX45qaKJbgBotyrj
 35 | plWXKrX51E+slAFuxNpgxnmA1aZHXIl5cb/RoITifvNKEx9ckab/WBCX8kKXzSz9
 36 | zVTun54Oa/rNRKFCH1MWJYtzlkFfrPIbHMmcnsoafaUxsBoKtICDfn+ZzROB0SR4
 37 | hjyet+De0sjHrfa29GRI2Ms+0VJK/zEH/iRqSB7FALB2O25X8C1RJIZb3a9n+hvr
 38 | oFSZvkZPnGZ2BmcfM2gJZ6P4/2b5XvB7z/IvJRfQD74FvtcMbLRibeZ0ITlS0pz9
 39 | DaBYnbkEZN7zfwR2NFJHN8CRdizfi/7xoR8V8IiE8yqYlq5CBYxDVMYl4oNEP2CK
 40 | TnCjOC1+iDdr1oWgRjLeBMFyfRpS0FGS14ITBgIw8e/nbvwv/87QI6SfgOVyzBex
 41 | X45WkiooQlahwkZyb6Vuf8aM/sycesEAyRc5GWp5s2H3JoD0jCW/OjhM8onQPWFl
 42 | 54kOCfPx7ju53sQkCShcrV2AIKssCsuIKw4FoSvSkil0L7VcaLqA4pSE07QmR2Vl
 43 | a01hc2hlciBHUEcgPGdlZWttYXNoZXJAZ2l0aHViLmNvbT6JAlQEEwEIAD4WIQR9
 44 | AcDLuW/RkW3OJlG3jxV3vYfODwUCYL949wIbAwUJB4YfTAULCQgHAgYVCgkICwIE
 45 | FgIDAQIeAQIXgAAKCRC3jxV3vYfODxYjEACaXYslJh3gIa7uMupUAfc82wwEBz58
 46 | C4HTin+vM3cpZnM2mWOq9WYRIUMZGaQm6OeoXmFlreyttSW4r22wQ20HbAzsWcus
 47 | 3U2c0or8QiFotfJk5PkNC49CNOtSlYKJ+qbJcYNwf3IkpdrkJl+nQsMasXqK4MX2
 48 | TBzGhfl70HawyySbogai4o+w2DKdeXpp79+DrbRcsrae4MxEJWhMY05dBqUqAcNk
 49 | a0V46jfQpxvy9+4enAIoBfBafgYrftPO6Qe9ZC0MuD1rSQ1GcOOTUcmpb2SBKTkl
 50 | b1/euGdl7fPAgK7dtjh53bhqEDRjBGSo4GwVA67OTR1bXqSgj+08zJfm+emd7toK
 51 | QRwpM6OiZDY5pWSC2PESZcDY0xvvBGfgQbLj0VqY+MIeSlmU9Ac+cXMeZFYJ2DQi
 52 | ZSm8GLz9ysBHTXjfEFuoise2RdAeI0UiTBy83NGoueuqYse3EkAlCCl4bZtiDe4i
 53 | T47v9q49NB8yaTj/U4sBzGK3WLTZX6+isxq4BIeFuVutcWIdcRf2fRJ+/jdBlLV2
 54 | sVIzeSV/08Ux5YoP2dsGlNu2cmqPR0Vcork13KsX2g8dOp5Muj8aZBzgdMZooXuN
 55 | Na9UhCJTC6Ve8gG4u4k9RmPy28REJXImnE8b6nb8oIeG8st8gDSSMx45INDsa0qR
 56 | dbWq88eOl+Kmgp0HGARgv3j3ARAAzx+db8dunsds2tPw6g2ckdBtWipyEbxMptK5
 57 | iS83RSfalQ27EBgER2YLwrKyfEG7G/G/GZ2splX9dHPptSVXbnwq2N+7d794PegK
 58 | CBUOE6t7MdZ3PW+feHXfAZ2pjdOvmqGXY9sTpkPhlURNxVwj4pSjRoxx49wNMhlV
 59 | YEnhu0EH7QQiCbbs5DcFI42NezGgf542DUBX/TXSPXsnJBUaegtciGfa8UpxFtUG
 60 | y5q74tijUou/Mkg0U5l8/UjKdESLOtYX3nhQhQhv+pDKcCJLOtaiSaPHNA4MWD+L
 61 | s0iTNBZz2eQCfLqbRQ0ivO7Cb/aJjiv0VWEngpSss2IG/S/N+0ENoXEzYxwSR+e2
 62 | L1HuPIaQNpwat3KkuR8mEK8JNNTxyLbtie+hGeqzRaWrue9oaOcCTVuCuEEpLfz7
 63 | GK7MzF8JFGeL3Xp9eNLnPuJS+EFFcYoKE2IpPAfzax00ML4BUHc6aCMaN+thytg/
 64 | MNvMnm71UKhYlre0s2Wu/yMm+Qrz04/UnCqhuxBxuKCQ3OzF5GkFyztnMUSxqxaW
 65 | jXAnP/LmvOQFJYgrjKK+mR12h2WW+B8/ppLVYkAdckfHnIxio+AYd17KPQ28QmvC
 66 | q8OlWTtlLjSvZRO3qMke9RbpTvf/PD9Xpnlg8qNxSPmJtHWXFFtQK08uiOi9uB/7
 67 | HoWSQdUAEQEAAQAP/Rqgod4rnBkQN6UE95qKGBrW2iLBWjDVgwqKBLg84woiTtji
 68 | ua3JU04qhvsyJf1mJeaNyaztYbNwp/OUrfL6ffxXki/syMO4UH5aRQ/iRREE9q2N
 69 | jil5Ht30VAXNKG3HTR1qsMpxm7EVq6aY8AvzWy8B6jZjpTCkquhJ7CPuMPWggqMB
 70 | 6QOpX1hnimLrtnNOtKeIxhd7XNR8sC6fP9pFAZu3DN+sb6/y4LRiu/Y+SkamOzjy
 71 | 0P28h/LyGejQttZZCYfi25Ffk6/Gnz7DO9ihUAfxwqNc9CXJDeU6e3yXqUpaU0KB
 72 | LEtaDM7FGuDXK8ALyIYH4z18DqxG7ieRmVHAwjt+S2Wqr50OVWox4/9v+BW37n84
 73 | is342TG8XuYOvJavDea+Q9ghUDSSP4KjgLg53Uz3g1/iicKcDfkW4HLDcLblBSY5
 74 | +v1sr/yg8/9dYm1/sSPK3TdDFhWasgt7P2pTQewlLRWGbb6m5GcXxgoFam033sKv
 75 | 4dCW1ArLWbguA+MQcD3IFoXqWmpOgpuwgH6DlvuxP1LEFR9BsqpPI22/2GSqWJ8Z
 76 | XJtZVhMGmIOwuPZYiNoc2TkAKwUeDKQK/lMT/JmdNeUqR+2MFZ6Piz7rND+fXM0l
 77 | lqVp83jyZylFi+4mx8ckRhajeHoxgg4Z+7bjz1mg314/WPe+aJ73zeUrwWfxCADb
 78 | K/bWR8y1RUyLFkTz+2Xm+7cL/2OaDnV7CFkZYI6478ljfmFLto56+F13kEZbsASY
 79 | RJlirf8scXJuQhXMw+HPBL+NcJPlKIthUybv2UubEbo6w8WpvksKBJeIIGqdbk8t
 80 | PjSAGTgoO7KCGuPnHO1u1cvr+J4wCZ8u89/x967Qn6HSggIqhAtPH0GDyfUMiEtV
 81 | FTI6PM1BWTYpolwWPxRhJnei5wZ51ms85NRQTT9SskscU2sZ0N3Ia76w6f67M16D
 82 | VvjzRG7h24knf+IT6BcYqelBhNGwGmyuQD80JCqBDaXf61+YizfiJFbXalgN6pJl
 83 | dZ9gSYLTpJHFMUKTTN4TCADx7WAzc8yWxhQi3i8JfnmbCT3CR+/KRVKAkS+InUMb
 84 | bD+Ilt6WnilSMZ9y/5ZCKYn1rwPi0rP2MaQn5Skrvk1HqOrGiuCqRkMuOi+lSNmY
 85 | L3pWfuqTl1zk6B3DLHq7m+U9toTMbhuI4TQfdKny+J2GbGo9weAz6MVk+xsRYVS1
 86 | 9FBwLVmZXZh5BQTkvgXaUh6FFNDPA6PbQrOA5OR65nQBAB192u35/g6927mVEmEv
 87 | zZ/qJjC8L+h2BSza5UqdYO5ysCnIlnYYqNt27Y4jq+n95H7umDvITUvOs+X+Up9B
 88 | 5PhUuxESC1FclA6770lMI15shpcnWkuUqWoUOsdv8b13B/45sU2QQPxc3LvsVhb6
 89 | 5YZMyQH9FSAqx1LSoeIlMlB7VmUMV71l7Un1QqTgsi0orBQNiFwF5iFU3tDqE7mJ
 90 | 92y6SKmCu0Dp7uIDDvoMh3Xo7q9fg9U6mjTqXq4QlhrhUcItd3JQYph3T2wf51L4
 91 | yN5sPQ9M8hYmX4JjcDOMWh3tbC23KGZNnTzqXvckBNnT86ZwGNltI4aeaPEXpCkE
 92 | R7WOGqu8tYr9ntzbOKWckl/G4ORaN3ze5zRzIz2JPBkwRyymgCeYtk6P0CPKujZS
 93 | AGDw7Y4yUUyrXkUmZAmBUwrboWiAHwyKlIImCRRlkdZ5KO/HG18YylFTh+MyqUCR
 94 | xap8gbSJAjwEGAEIACYWIQR9AcDLuW/RkW3OJlG3jxV3vYfODwUCYL949wIbDAUJ
 95 | B4YfTAAKCRC3jxV3vYfOD1IDEADdkzpy9c8OmuccJBtO6qa6uLGP2Gu+BkbAGQSN
 96 | yDf07l1XckB8gVxyt8WAY7YPSnAhgeWEGpSe9xeX54HZFjMK4fX5CLQ/KI710GN3
 97 | QIHZuJulANfiF4llfY6TBUeQF407PxMGN2zhux4buio4xxcQted6nY8obRENprCp
 98 | ezVSl0pG0haQqw350ewDroRtplFy045XHa2O09XOLorYcRor54sZxkCO/x13M5Uu
 99 | QUFwYV+MnLLt53oUkCXcKUIKFZKdpxuGH6JvIy+rfqeMWycLGnQvN7AKRcYbGg4B
100 | 5C1U6NZAGJzNmgIWmpbAZszXoFKPgwe9mtdREHDmsQi5DBGVwnNa/jCCWihkRpMd
101 | VF7wAxxsZyp1vzqrvhEBgnk6R5SSDG628CC3x7jX80srhzWXYlBTdoSVLCytQ95s
102 | r2OkkTEtnKaiRz+FNlQ6B8gR6TBJJ0KsPE7PO4V/tNc8glI9mhkUYLZH1gZGyLy2
103 | Cx1HBoPmUJuKtLmwxJyQH2vB/ugHxHoJPUfqObVh5yBab43D7cl8ZrbcY0JOM+bG
104 | n7fBvVZvDHSFFIrEKhA/TTvJIQ8vFxoSoUGJme5YhTbvM4fRNx1xpcv1xj4c6HXu
105 | fQgRJM5lbkEDKvZDrRqklFcgihYGmzCvtkgAZ3m70OW7Wv1eP5KeDKXywx+B9OLz
106 | zxMnuw==
107 | =VazJ
108 | -----END PGP PRIVATE KEY BLOCK-----
109 | -----BEGIN PGP PUBLIC KEY BLOCK-----
110 | 
111 | mQINBGC/ePcBEADs638nM5YymIHeNBFayjO6kAACNMiAiQj8nMYvLSCzyGM4qRWW
112 | DF8diTnaJs+8FJvTQv7ERQViDizcpXlecaI/EVfns+tOuYCeFGdGoRz47NO6TsGF
113 | ULSDhRcx17PJXQxQMyURVSb2+09rE05Yp6e89cYjlbo5ytdi4fqvrEeXY4cIM1us
114 | 5RwLCubBUEH+tReR8sXkLEB68eu9Ym/qNp9+L4esoVjBSaqDYGyXuf34fG4cbAOi
115 | 0AeYUzBjq9qW37GDtAbgrNZsXee87rep1gJ1Mod5TkRdDIfG8ZCdXBSwVCRfh1H2
116 | gpKFemIXwkk0fa9mYxoXqW0SBRb9p6YrcQk5k+1qxWronV1I9gXGYjkq0Cx6quOa
117 | 41BE9ueu29vIu9u82vxjqkFw6iTNwgT5+lFwvPQdBVrjBp/1Yv5MAzSnEoEDeW5J
118 | niUZYLhSPHMOPKnxLpXJjMKa9SLcQcpfR1boTvwGxEBC2Mpc9lZTI4ISI2Xz282l
119 | G0fe43HG+vEVpHwR9+413R6oVo3nSncl0DHw0+ZE1ioyqD8HNDZZgSH72oasMULB
120 | sTYThHXoyegtEa/26Iv/qLZ17BOhmBi14sfOMjKqUSsWvh1wc1ewwbb4epKpHnKE
121 | xa1ISjmh7Xl0UUim7vU/hw0+FxjRRvTpiolzEKWpdC1WR12yxEbescVQyQARAQAB
122 | tCZHZWVrTWFzaGVyIEdQRyA8Z2Vla21hc2hlckBnaXRodWIuY29tPokCVAQTAQgA
123 | PhYhBH0BwMu5b9GRbc4mUbePFXe9h84PBQJgv3j3AhsDBQkHhh9MBQsJCAcCBhUK
124 | CQgLAgQWAgMBAh4BAheAAAoJELePFXe9h84PFiMQAJpdiyUmHeAhru4y6lQB9zzb
125 | DAQHPnwLgdOKf68zdylmczaZY6r1ZhEhQxkZpCbo56heYWWt7K21JbivbbBDbQds
126 | DOxZy6zdTZzSivxCIWi18mTk+Q0Lj0I061KVgon6pslxg3B/ciSl2uQmX6dCwxqx
127 | eorgxfZMHMaF+XvQdrDLJJuiBqLij7DYMp15emnv34OttFyytp7gzEQlaExjTl0G
128 | pSoBw2RrRXjqN9CnG/L37h6cAigF8Fp+Bit+087pB71kLQy4PWtJDUZw45NRyalv
129 | ZIEpOSVvX964Z2Xt88CArt22OHnduGoQNGMEZKjgbBUDrs5NHVtepKCP7TzMl+b5
130 | 6Z3u2gpBHCkzo6JkNjmlZILY8RJlwNjTG+8EZ+BBsuPRWpj4wh5KWZT0Bz5xcx5k
131 | VgnYNCJlKbwYvP3KwEdNeN8QW6iKx7ZF0B4jRSJMHLzc0ai566pix7cSQCUIKXht
132 | m2IN7iJPju/2rj00HzJpOP9TiwHMYrdYtNlfr6KzGrgEh4W5W61xYh1xF/Z9En7+
133 | N0GUtXaxUjN5JX/TxTHlig/Z2waU27Zyao9HRVyiuTXcqxfaDx06nky6PxpkHOB0
134 | xmihe401r1SEIlMLpV7yAbi7iT1GY/LbxEQlciacTxvqdvygh4byy3yANJIzHjkg
135 | 0OxrSpF1tarzx46X4qaCuQINBGC/ePcBEADPH51vx26ex2za0/DqDZyR0G1aKnIR
136 | vEym0rmJLzdFJ9qVDbsQGARHZgvCsrJ8Qbsb8b8ZnaymVf10c+m1JVdufCrY37t3
137 | v3g96AoIFQ4Tq3sx1nc9b594dd8BnamN06+aoZdj2xOmQ+GVRE3FXCPilKNGjHHj
138 | 3A0yGVVgSeG7QQftBCIJtuzkNwUjjY17MaB/njYNQFf9NdI9eyckFRp6C1yIZ9rx
139 | SnEW1QbLmrvi2KNSi78ySDRTmXz9SMp0RIs61hfeeFCFCG/6kMpwIks61qJJo8c0
140 | DgxYP4uzSJM0FnPZ5AJ8uptFDSK87sJv9omOK/RVYSeClKyzYgb9L837QQ2hcTNj
141 | HBJH57YvUe48hpA2nBq3cqS5HyYQrwk01PHItu2J76EZ6rNFpau572ho5wJNW4K4
142 | QSkt/PsYrszMXwkUZ4vden140uc+4lL4QUVxigoTYik8B/NrHTQwvgFQdzpoIxo3
143 | 62HK2D8w28yebvVQqFiWt7SzZa7/Iyb5CvPTj9ScKqG7EHG4oJDc7MXkaQXLO2cx
144 | RLGrFpaNcCc/8ua85AUliCuMor6ZHXaHZZb4Hz+mktViQB1yR8ecjGKj4Bh3Xso9
145 | DbxCa8Krw6VZO2UuNK9lE7eoyR71FulO9/88P1emeWDyo3FI+Ym0dZcUW1ArTy6I
146 | 6L24H/sehZJB1QARAQABiQI8BBgBCAAmFiEEfQHAy7lv0ZFtziZRt48Vd72Hzg8F
147 | AmC/ePcCGwwFCQeGH0wACgkQt48Vd72Hzg9SAxAA3ZM6cvXPDprnHCQbTuqmurix
148 | j9hrvgZGwBkEjcg39O5dV3JAfIFccrfFgGO2D0pwIYHlhBqUnvcXl+eB2RYzCuH1
149 | +Qi0PyiO9dBjd0CB2bibpQDX4heJZX2OkwVHkBeNOz8TBjds4bseG7oqOMcXELXn
150 | ep2PKG0RDaawqXs1UpdKRtIWkKsN+dHsA66EbaZRctOOVx2tjtPVzi6K2HEaK+eL
151 | GcZAjv8ddzOVLkFBcGFfjJyy7ed6FJAl3ClCChWSnacbhh+ibyMvq36njFsnCxp0
152 | LzewCkXGGxoOAeQtVOjWQBiczZoCFpqWwGbM16BSj4MHvZrXURBw5rEIuQwRlcJz
153 | Wv4wglooZEaTHVRe8AMcbGcqdb86q74RAYJ5OkeUkgxutvAgt8e41/NLK4c1l2JQ
154 | U3aElSwsrUPebK9jpJExLZymokc/hTZUOgfIEekwSSdCrDxOzzuFf7TXPIJSPZoZ
155 | FGC2R9YGRsi8tgsdRwaD5lCbirS5sMSckB9rwf7oB8R6CT1H6jm1YecgWm+Nw+3J
156 | fGa23GNCTjPmxp+3wb1Wbwx0hRSKxCoQP007ySEPLxcaEqFBiZnuWIU27zOH0Tcd
157 | caXL9cY+HOh17n0IESTOZW5BAyr2Q60apJRXIIoWBpswr7ZIAGd5u9Dlu1r9Xj+S
158 | ngyl8sMfgfTi888TJ7s=
159 | =xXe3
160 | -----END PGP PUBLIC KEY BLOCK-----
161 | 


--------------------------------------------------------------------------------
/database/README.md:
--------------------------------------------------------------------------------
  1 | <!-- WARNING: This README is generated automatically
  2 | -->
  3 | 
  4 | <!-- markdownlint-disable no-inline-html -->
  5 | 
  6 | # Database passwords
  7 | 
  8 | ## Database Connection String (full string)
  9 | 
 10 | 
 11 | Database connection strings are used to connect to databases, often with embedded credentials.
 12 | _version: v0.1_
 13 | 
 14 | 
 15 | 
 16 | <details>
 17 | <summary>Pattern Format</summary>
 18 | 
 19 | ```regex
 20 | [^"'`\x00-\x08\r\n|]*([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=[^"'`\x00-\x08\r\n|]*
 21 | ```
 22 | 
 23 | </details>
 24 | 
 25 | <details>
 26 | <summary>Start Pattern</summary>
 27 | 
 28 | ```regex
 29 | \A|["'`]|&quot;|[\r\n]|[=:-]
 30 | ```
 31 | 
 32 | </details><details>
 33 | <summary>End Pattern</summary>
 34 | 
 35 | ```regex
 36 | \z|["'`]|&quot;|[\r\n]
 37 | ```
 38 | 
 39 | </details>
 40 | 
 41 | <details>
 42 | <summary>Additional Matches</summary>
 43 | 
 44 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
 45 | 
 46 | 
 47 | 
 48 | - Match:
 49 | 
 50 |   ```regex
 51 |   (^|;)([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
 52 |   ```
 53 | - Not Match:
 54 | 
 55 |   ```regex
 56 |   (^|;)([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=(%s\b|\{\{[^}]+\}\}|\{[0-9]+\}|\$?\{[^}]+\}|\[[A-Z_]+\]|['"`]|$)
 57 |   ```
 58 | 
 59 | </details>
 60 | 
 61 | ## Database Connection String (1)
 62 | 
 63 | 
 64 | Database connection strings are used to connect to databases, often with embedded credentials.
 65 | _version: v0.1_
 66 | 
 67 | **Comments / Notes:**
 68 | 
 69 | 
 70 | - This will spot connection strings for many databases, including MySQL, PostgreSQL, Oracle, SQL Server
 71 | 
 72 | - To cut FPs, we require the start of the string to be a database-specific keyword
 73 |   
 74 | 
 75 | <details>
 76 | <summary>Pattern Format</summary>
 77 | 
 78 | ```regex
 79 | [^;"\x00-\x08]+
 80 | ```
 81 | 
 82 | </details>
 83 | 
 84 | <details>
 85 | <summary>Start Pattern</summary>
 86 | 
 87 | ```regex
 88 | ("|&quot;)(([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=[^"]+;) ?([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
 89 | ```
 90 | 
 91 | </details><details>
 92 | <summary>End Pattern</summary>
 93 | 
 94 | ```regex
 95 | (;|"|&quot;)
 96 | ```
 97 | 
 98 | </details>
 99 | 
100 | <details>
101 | <summary>Additional Matches</summary>
102 | 
103 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
104 | 
105 | 
106 | - Not Match:
107 | 
108 |   ```regex
109 |   ^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\{[a-zA-Z_]*\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*|\[\^])$
110 |   ```
111 | - Not Match:
112 | 
113 |   ```regex
114 |   parameters\('[^']+'\)
115 |   ```
116 | 
117 | </details>
118 | 
119 | ## Database Connection String (2)
120 | 
121 | 
122 | Database connection strings are used to connect to databases, often with embedded credentials.
123 | _version: v0.1_
124 | 
125 | **Comments / Notes:**
126 | 
127 | 
128 | - This will spot connection strings for many databases, including MySQL, PostgreSQL, Oracle, SQL Server
129 | 
130 | - To cut FPs, we require part of the string after the password to be a database-specific keyword
131 |   
132 | 
133 | <details>
134 | <summary>Pattern Format</summary>
135 | 
136 | ```regex
137 | [^;"\x00-\x08]+
138 | ```
139 | 
140 | </details>
141 | 
142 | <details>
143 | <summary>Start Pattern</summary>
144 | 
145 | ```regex
146 | (?i)("|&quot;)([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
147 | ```
148 | 
149 | </details><details>
150 | <summary>End Pattern</summary>
151 | 
152 | ```regex
153 | ;[^";]* ?([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=
154 | ```
155 | 
156 | </details>
157 | 
158 | <details>
159 | <summary>Additional Matches</summary>
160 | 
161 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
162 | 
163 | 
164 | - Not Match:
165 | 
166 |   ```regex
167 |   ^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\{[a-zA-Z_]+\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*)$
168 |   ```
169 | - Not Match:
170 | 
171 |   ```regex
172 |   parameters\('[^']+'\)
173 |   ```
174 | 
175 | </details>
176 | 
177 | ## Database Connection String (3)
178 | 
179 | 
180 | Database connection strings are used to connect to databases, often with embedded credentials.
181 | _version: v0.1_
182 | 
183 | **Comments / Notes:**
184 | 
185 | 
186 | - This will spot the ConnectionStrings__Default env var being set with a Password
187 |   
188 | 
189 | <details>
190 | <summary>Pattern Format</summary>
191 | 
192 | ```regex
193 | [^;\r\n"'\x00-\x08]+
194 | ```
195 | 
196 | </details>
197 | 
198 | <details>
199 | <summary>Start Pattern</summary>
200 | 
201 | ```regex
202 | (\A|\b)ConnectionStrings__Default=[^\r\n]*([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=
203 | ```
204 | 
205 | </details><details>
206 | <summary>End Pattern</summary>
207 | 
208 | ```regex
209 | ([;\n]|\z)
210 | ```
211 | 
212 | </details>
213 | 
214 | <details>
215 | <summary>Additional Matches</summary>
216 | 
217 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
218 | 
219 | 
220 | - Not Match:
221 | 
222 |   ```regex
223 |   ^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\$?\{[a-zA-Z_]+\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*)$
224 |   ```
225 | 
226 | </details>
227 | 
228 | ## TSQL CREATE LOGIN/USER
229 | 
230 | 
231 | A TSQL CREATE LOGIN or USER command using a password
232 | _version: v0.1_
233 | 
234 | **Comments / Notes:**
235 | 
236 | 
237 | - This is specific to Microsoft SQL Server TSQL syntax
238 |   
239 | 
240 | <details>
241 | <summary>Pattern Format</summary>
242 | 
243 | ```regex
244 | [^'\x00-\x08]{8,128}
245 | ```
246 | 
247 | </details>
248 | 
249 | <details>
250 | <summary>Start Pattern</summary>
251 | 
252 | ```regex
253 | (\A|\b)CREATE\s+(LOGIN|USER)\s+[^\s\x00-\x08]+\s+WITH\s+PASSWORD\s+=\s+N?'
254 | ```
255 | 
256 | </details><details>
257 | <summary>End Pattern</summary>
258 | 
259 | ```regex
260 | \'
261 | ```
262 | 
263 | </details>
264 | 
265 | ## SQLAlchemy Database Connection String
266 | 
267 | 
268 | SQLAlchemy connection strings are used to connect to databases, often with embedded credentials.
269 | _version: v0.1_
270 | 
271 | 
272 | 
273 | <details>
274 | <summary>Pattern Format</summary>
275 | 
276 | ```regex
277 | [^$/?#@\s][^/?#@\s\x00-\x08]*
278 | ```
279 | 
280 | </details>
281 | 
282 | <details>
283 | <summary>Start Pattern</summary>
284 | 
285 | ```regex
286 | (\A|\b)mysql\+[a-z]+://[^/?#:@\s\x00-\x08]*:
287 | ```
288 | 
289 | </details><details>
290 | <summary>End Pattern</summary>
291 | 
292 | ```regex
293 | @
294 | ```
295 | 
296 | </details>
297 | 
298 | <details>
299 | <summary>Additional Matches</summary>
300 | 
301 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
302 | 
303 | 
304 | - Not Match:
305 | 
306 |   ```regex
307 |   (?i)^[[{(<]?(?:password|passwd|secret)[\]})>]?$
308 |   ```
309 | - Not Match:
310 | 
311 |   ```regex
312 |   ^\$?\{[^}+]\}i\}$
313 |   ```
314 | - Not Match:
315 | 
316 |   ```regex
317 |   ^%(?:\.\*)?s$
318 |   ```
319 | 
320 | </details>
321 | 
322 | ## MongoDB connection string
323 | 
324 | 
325 | 
326 | _version: v0.2_
327 | 
328 | 
329 | 
330 | <details>
331 | <summary>Pattern Format</summary>
332 | 
333 | ```regex
334 | mongodb(\+[a-z]+)?://[^'"`<>/:@\s\x00-\x08]+:[^'"`<>/@\s\x00-\x08]+@[^?'"`\s\x00-\x08]+
335 | ```
336 | 
337 | </details>
338 | 
339 | <details>
340 | <summary>Start Pattern</summary>
341 | 
342 | ```regex
343 | \A|\b
344 | ```
345 | 
346 | </details><details>
347 | <summary>End Pattern</summary>
348 | 
349 | ```regex
350 | \z|\s|['"`?]
351 | ```
352 | 
353 | </details>
354 | 
355 | <details>
356 | <summary>Additional Matches</summary>
357 | 
358 | Add these additional matches to the [Secret Scanning Custom Pattern](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#example-of-a-custom-pattern-specified-using-additional-requirements).
359 | 
360 | 
361 | - Not Match:
362 | 
363 |   ```regex
364 |   (?i):(test|a|my)?[_-]?pass(word)?@
365 |   ```
366 | - Not Match:
367 | 
368 |   ```regex
369 |   :%(?:\.\*)?[sv]@
370 |   ```
371 | - Not Match:
372 | 
373 |   ```regex
374 |   :\$?\{[^}+]\}@
375 |   ```
376 | - Not Match:
377 | 
378 |   ```regex
379 |   ^mongodb\+srv://b\*b%40f3tt%3D:%244to%40L8%3DMC@test3.test.build.10gen.cc/mydb%3F\?replicaSet=repl0
380 |   ```
381 | 
382 | </details>
383 | 
384 | ## JDBC Database Connection String
385 | 
386 | 
387 | 
388 | _version: v0.1_
389 | 
390 | 
391 | 
392 | <details>
393 | <summary>Pattern Format</summary>
394 | 
395 | ```regex
396 | jdbc:[^:\x00-\x08]+:\/\/[^\/\x00-\x08]+\/[^?\x00-\x08]+\?user=[^&\x00-\x08]+&password=[^\s'"`<{$%*\x00-\x08]+
397 | ```
398 | 
399 | </details>
400 | 
401 | <details>
402 | <summary>Start Pattern</summary>
403 | 
404 | ```regex
405 | \A|\b
406 | ```
407 | 
408 | </details><details>
409 | <summary>End Pattern</summary>
410 | 
411 | ```regex
412 | \z|\s|['"`<]
413 | ```
414 | 
415 | </details>


--------------------------------------------------------------------------------