├── .gitignore ├── LICENSE.md ├── README.md ├── datasets ├── PowerShell │ ├── generic.yml │ ├── git-leaks.yml │ ├── high-confidence.yml │ ├── leakin-regexes.yml │ ├── nuclei-generic-1.yml │ ├── nuclei-regexes.yml │ └── trufflehog-v3.yml ├── Resources.md ├── cabinjs_sensitive-fields.json ├── datumbrain_aws-macie-pii-confidential-regexes_regex_list.csv ├── generic.yml ├── git-leaks.yml ├── high-confidence.yml ├── leakin-regexes.yml ├── nuclei-generic-1.yml ├── nuclei-regexes.yml ├── sample-test-1.txt └── trufflehog-v3.yml ├── db ├── pii-stable.yml ├── rules-stable.yml ├── sensitive-fields-full.yml └── sensitive-fields-simple.yml └── scripts ├── Invoke-StaticCodeScan.ps1 ├── bcheck-template-generator.py ├── ci-tests-golang.go ├── ci.py ├── convert-rules.py ├── db-confidence-check.py ├── rate-confidence.py ├── redact-data.py ├── regexexplpit.sh ├── safe-regex-check.js ├── sort-fields.py └── update-findings.py /.gitignore: -------------------------------------------------------------------------------- 1 | package-lock.json 2 | node_modules/ 3 | package.json 4 | internal-tests/ -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Attribution-ShareAlike 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More_considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution-ShareAlike 4.0 International Public 58 | License 59 | 60 | By exercising the Licensed Rights (defined below), You accept and agree 61 | to be bound by the terms and conditions of this Creative Commons 62 | Attribution-ShareAlike 4.0 International Public License ("Public 63 | License"). To the extent this Public License may be interpreted as a 64 | contract, You are granted the Licensed Rights in consideration of Your 65 | acceptance of these terms and conditions, and the Licensor grants You 66 | such rights in consideration of benefits the Licensor receives from 67 | making the Licensed Material available under these terms and 68 | conditions. 69 | 70 | 71 | Section 1 -- Definitions. 72 | 73 | a. Adapted Material means material subject to Copyright and Similar 74 | Rights that is derived from or based upon the Licensed Material 75 | and in which the Licensed Material is translated, altered, 76 | arranged, transformed, or otherwise modified in a manner requiring 77 | permission under the Copyright and Similar Rights held by the 78 | Licensor. For purposes of this Public License, where the Licensed 79 | Material is a musical work, performance, or sound recording, 80 | Adapted Material is always produced where the Licensed Material is 81 | synched in timed relation with a moving image. 82 | 83 | b. Adapter's License means the license You apply to Your Copyright 84 | and Similar Rights in Your contributions to Adapted Material in 85 | accordance with the terms and conditions of this Public License. 86 | 87 | c. BY-SA Compatible License means a license listed at 88 | creativecommons.org/compatiblelicenses, approved by Creative 89 | Commons as essentially the equivalent of this Public License. 90 | 91 | d. Copyright and Similar Rights means copyright and/or similar rights 92 | closely related to copyright including, without limitation, 93 | performance, broadcast, sound recording, and Sui Generis Database 94 | Rights, without regard to how the rights are labeled or 95 | categorized. For purposes of this Public License, the rights 96 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 97 | Rights. 98 | 99 | e. Effective Technological Measures means those measures that, in the 100 | absence of proper authority, may not be circumvented under laws 101 | fulfilling obligations under Article 11 of the WIPO Copyright 102 | Treaty adopted on December 20, 1996, and/or similar international 103 | agreements. 104 | 105 | f. Exceptions and Limitations means fair use, fair dealing, and/or 106 | any other exception or limitation to Copyright and Similar Rights 107 | that applies to Your use of the Licensed Material. 108 | 109 | g. License Elements means the license attributes listed in the name 110 | of a Creative Commons Public License. The License Elements of this 111 | Public License are Attribution and ShareAlike. 112 | 113 | h. Licensed Material means the artistic or literary work, database, 114 | or other material to which the Licensor applied this Public 115 | License. 116 | 117 | i. Licensed Rights means the rights granted to You subject to the 118 | terms and conditions of this Public License, which are limited to 119 | all Copyright and Similar Rights that apply to Your use of the 120 | Licensed Material and that the Licensor has authority to license. 121 | 122 | j. Licensor means the individual(s) or entity(ies) granting rights 123 | under this Public License. 124 | 125 | k. Share means to provide material to the public by any means or 126 | process that requires permission under the Licensed Rights, such 127 | as reproduction, public display, public performance, distribution, 128 | dissemination, communication, or importation, and to make material 129 | available to the public including in ways that members of the 130 | public may access the material from a place and at a time 131 | individually chosen by them. 132 | 133 | l. Sui Generis Database Rights means rights other than copyright 134 | resulting from Directive 96/9/EC of the European Parliament and of 135 | the Council of 11 March 1996 on the legal protection of databases, 136 | as amended and/or succeeded, as well as other essentially 137 | equivalent rights anywhere in the world. 138 | 139 | m. You means the individual or entity exercising the Licensed Rights 140 | under this Public License. Your has a corresponding meaning. 141 | 142 | 143 | Section 2 -- Scope. 144 | 145 | a. License grant. 146 | 147 | 1. Subject to the terms and conditions of this Public License, 148 | the Licensor hereby grants You a worldwide, royalty-free, 149 | non-sublicensable, non-exclusive, irrevocable license to 150 | exercise the Licensed Rights in the Licensed Material to: 151 | 152 | a. reproduce and Share the Licensed Material, in whole or 153 | in part; and 154 | 155 | b. produce, reproduce, and Share Adapted Material. 156 | 157 | 2. Exceptions and Limitations. For the avoidance of doubt, where 158 | Exceptions and Limitations apply to Your use, this Public 159 | License does not apply, and You do not need to comply with 160 | its terms and conditions. 161 | 162 | 3. Term. The term of this Public License is specified in Section 163 | 6(a). 164 | 165 | 4. Media and formats; technical modifications allowed. The 166 | Licensor authorizes You to exercise the Licensed Rights in 167 | all media and formats whether now known or hereafter created, 168 | and to make technical modifications necessary to do so. The 169 | Licensor waives and/or agrees not to assert any right or 170 | authority to forbid You from making technical modifications 171 | necessary to exercise the Licensed Rights, including 172 | technical modifications necessary to circumvent Effective 173 | Technological Measures. For purposes of this Public License, 174 | simply making modifications authorized by this Section 2(a) 175 | (4) never produces Adapted Material. 176 | 177 | 5. Downstream recipients. 178 | 179 | a. Offer from the Licensor -- Licensed Material. Every 180 | recipient of the Licensed Material automatically 181 | receives an offer from the Licensor to exercise the 182 | Licensed Rights under the terms and conditions of this 183 | Public License. 184 | 185 | b. Additional offer from the Licensor -- Adapted Material. 186 | Every recipient of Adapted Material from You 187 | automatically receives an offer from the Licensor to 188 | exercise the Licensed Rights in the Adapted Material 189 | under the conditions of the Adapter's License You apply. 190 | 191 | c. No downstream restrictions. You may not offer or impose 192 | any additional or different terms or conditions on, or 193 | apply any Effective Technological Measures to, the 194 | Licensed Material if doing so restricts exercise of the 195 | Licensed Rights by any recipient of the Licensed 196 | Material. 197 | 198 | 6. No endorsement. Nothing in this Public License constitutes or 199 | may be construed as permission to assert or imply that You 200 | are, or that Your use of the Licensed Material is, connected 201 | with, or sponsored, endorsed, or granted official status by, 202 | the Licensor or others designated to receive attribution as 203 | provided in Section 3(a)(1)(A)(i). 204 | 205 | b. Other rights. 206 | 207 | 1. Moral rights, such as the right of integrity, are not 208 | licensed under this Public License, nor are publicity, 209 | privacy, and/or other similar personality rights; however, to 210 | the extent possible, the Licensor waives and/or agrees not to 211 | assert any such rights held by the Licensor to the limited 212 | extent necessary to allow You to exercise the Licensed 213 | Rights, but not otherwise. 214 | 215 | 2. Patent and trademark rights are not licensed under this 216 | Public License. 217 | 218 | 3. To the extent possible, the Licensor waives any right to 219 | collect royalties from You for the exercise of the Licensed 220 | Rights, whether directly or through a collecting society 221 | under any voluntary or waivable statutory or compulsory 222 | licensing scheme. In all other cases the Licensor expressly 223 | reserves any right to collect such royalties. 224 | 225 | 226 | Section 3 -- License Conditions. 227 | 228 | Your exercise of the Licensed Rights is expressly made subject to the 229 | following conditions. 230 | 231 | a. Attribution. 232 | 233 | 1. If You Share the Licensed Material (including in modified 234 | form), You must: 235 | 236 | a. retain the following if it is supplied by the Licensor 237 | with the Licensed Material: 238 | 239 | i. identification of the creator(s) of the Licensed 240 | Material and any others designated to receive 241 | attribution, in any reasonable manner requested by 242 | the Licensor (including by pseudonym if 243 | designated); 244 | 245 | ii. a copyright notice; 246 | 247 | iii. a notice that refers to this Public License; 248 | 249 | iv. a notice that refers to the disclaimer of 250 | warranties; 251 | 252 | v. a URI or hyperlink to the Licensed Material to the 253 | extent reasonably practicable; 254 | 255 | b. indicate if You modified the Licensed Material and 256 | retain an indication of any previous modifications; and 257 | 258 | c. indicate the Licensed Material is licensed under this 259 | Public License, and include the text of, or the URI or 260 | hyperlink to, this Public License. 261 | 262 | 2. You may satisfy the conditions in Section 3(a)(1) in any 263 | reasonable manner based on the medium, means, and context in 264 | which You Share the Licensed Material. For example, it may be 265 | reasonable to satisfy the conditions by providing a URI or 266 | hyperlink to a resource that includes the required 267 | information. 268 | 269 | 3. If requested by the Licensor, You must remove any of the 270 | information required by Section 3(a)(1)(A) to the extent 271 | reasonably practicable. 272 | 273 | b. ShareAlike. 274 | 275 | In addition to the conditions in Section 3(a), if You Share 276 | Adapted Material You produce, the following conditions also apply. 277 | 278 | 1. The Adapter's License You apply must be a Creative Commons 279 | license with the same License Elements, this version or 280 | later, or a BY-SA Compatible License. 281 | 282 | 2. You must include the text of, or the URI or hyperlink to, the 283 | Adapter's License You apply. You may satisfy this condition 284 | in any reasonable manner based on the medium, means, and 285 | context in which You Share Adapted Material. 286 | 287 | 3. You may not offer or impose any additional or different terms 288 | or conditions on, or apply any Effective Technological 289 | Measures to, Adapted Material that restrict exercise of the 290 | rights granted under the Adapter's License You apply. 291 | 292 | 293 | Section 4 -- Sui Generis Database Rights. 294 | 295 | Where the Licensed Rights include Sui Generis Database Rights that 296 | apply to Your use of the Licensed Material: 297 | 298 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 299 | to extract, reuse, reproduce, and Share all or a substantial 300 | portion of the contents of the database; 301 | 302 | b. if You include all or a substantial portion of the database 303 | contents in a database in which You have Sui Generis Database 304 | Rights, then the database in which You have Sui Generis Database 305 | Rights (but not its individual contents) is Adapted Material, 306 | 307 | including for purposes of Section 3(b); and 308 | c. You must comply with the conditions in Section 3(a) if You Share 309 | all or a substantial portion of the contents of the database. 310 | 311 | For the avoidance of doubt, this Section 4 supplements and does not 312 | replace Your obligations under this Public License where the Licensed 313 | Rights include other Copyright and Similar Rights. 314 | 315 | 316 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 317 | 318 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 319 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 320 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 321 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 322 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 323 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 324 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 325 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 326 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 327 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 328 | 329 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 330 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 331 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 332 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 333 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 334 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 335 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 336 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 337 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 338 | 339 | c. The disclaimer of warranties and limitation of liability provided 340 | above shall be interpreted in a manner that, to the extent 341 | possible, most closely approximates an absolute disclaimer and 342 | waiver of all liability. 343 | 344 | 345 | Section 6 -- Term and Termination. 346 | 347 | a. This Public License applies for the term of the Copyright and 348 | Similar Rights licensed here. However, if You fail to comply with 349 | this Public License, then Your rights under this Public License 350 | terminate automatically. 351 | 352 | b. Where Your right to use the Licensed Material has terminated under 353 | Section 6(a), it reinstates: 354 | 355 | 1. automatically as of the date the violation is cured, provided 356 | it is cured within 30 days of Your discovery of the 357 | violation; or 358 | 359 | 2. upon express reinstatement by the Licensor. 360 | 361 | For the avoidance of doubt, this Section 6(b) does not affect any 362 | right the Licensor may have to seek remedies for Your violations 363 | of this Public License. 364 | 365 | c. For the avoidance of doubt, the Licensor may also offer the 366 | Licensed Material under separate terms or conditions or stop 367 | distributing the Licensed Material at any time; however, doing so 368 | will not terminate this Public License. 369 | 370 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 371 | License. 372 | 373 | 374 | Section 7 -- Other Terms and Conditions. 375 | 376 | a. The Licensor shall not be bound by any additional or different 377 | terms or conditions communicated by You unless expressly agreed. 378 | 379 | b. Any arrangements, understandings, or agreements regarding the 380 | Licensed Material not stated herein are separate from and 381 | independent of the terms and conditions of this Public License. 382 | 383 | 384 | Section 8 -- Interpretation. 385 | 386 | a. For the avoidance of doubt, this Public License does not, and 387 | shall not be interpreted to, reduce, limit, restrict, or impose 388 | conditions on any use of the Licensed Material that could lawfully 389 | be made without permission under this Public License. 390 | 391 | b. To the extent possible, if any provision of this Public License is 392 | deemed unenforceable, it shall be automatically reformed to the 393 | minimum extent necessary to make it enforceable. If the provision 394 | cannot be reformed, it shall be severed from this Public License 395 | without affecting the enforceability of the remaining terms and 396 | conditions. 397 | 398 | c. No term or condition of this Public License will be waived and no 399 | failure to comply consented to unless expressly agreed to by the 400 | Licensor. 401 | 402 | d. Nothing in this Public License constitutes or may be interpreted 403 | as a limitation upon, or waiver of, any privileges and immunities 404 | that apply to the Licensor or You, including from the legal 405 | processes of any jurisdiction or authority. 406 | 407 | 408 | ======================================================================= 409 | 410 | Creative Commons is not a party to its public 411 | licenses. Notwithstanding, Creative Commons may elect to apply one of 412 | its public licenses to material it publishes and in those instances 413 | will be considered the “Licensor.” The text of the Creative Commons 414 | public licenses is dedicated to the public domain under the CC0 Public 415 | Domain Dedication. Except for the limited purpose of indicating that 416 | material is shared under a Creative Commons public license or as 417 | otherwise permitted by the Creative Commons policies published at 418 | creativecommons.org/policies, Creative Commons does not authorize the 419 | use of the trademark "Creative Commons" or any other trademark or logo 420 | of Creative Commons without its prior written consent including, 421 | without limitation, in connection with any unauthorized modifications 422 | to any of its public licenses or any other arrangements, 423 | understandings, or agreements concerning use of licensed material. For 424 | the avoidance of doubt, this paragraph does not form part of the 425 | public licenses. 426 | 427 | Creative Commons may be contacted at creativecommons.org. 428 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🗄️ Secrets Patterns Database 🗄️ 2 | 3 | The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets. 4 | 5 | --- 6 | 7 | # 🚀 Features 8 | 9 | - Over 1600 regular expressions for detecting secrets, passwords, API keys, tokens, and more. 10 | - Format agnostic. A Single format that supports secret detection tools, including Trufflehog and Gitleaks. 11 | - Tested and reviewed Regular expressions. 12 | - Categorized by confidence levels of each pattern. 13 | - All regular expressions are tested against ReDos attacks. 14 | 15 | # ❔ Why? 16 | 17 | There are limited resources online for Regular Expressions patterns for secrets. TruffleHog offers ~700 as built-in rules. GitLeaks offers ~60 rules. While it's a good start, it's not enough. There's a lot of work that needs to be done for maintenance and keeping up with new secrets patterns. 18 | 19 | I have collected and curated Regular Expressions Patterns for Secrets, API Tokens, Keys, and Passwords. I'm open-sourcing the database I built (Secrets-Patterns-DB), and hope that security teams contribute to it! 20 | 21 | The Secrets-Patterns-DB contains over 1600 Regular Expressions. I have also written scripts to validate Regexes against ReDoS attacks, and CI jobs to load and validate Regexes, and I also manually cleaned-up invalid ones. 22 | 23 | It's in Beta. There’s a lot of room for improvement on the project. I'm looking forward to your Pull Requests and Issues on Github to enhance Secrets-Patterns-DB for everyone. 24 | 25 | Are you planning to enhance your secrets detection in your AppSec program? Please take some time to contribute to the project! :pray: 26 | 27 | --- 28 | 29 | # 💻 Contribution 30 | 31 | Contribution is always welcome! Please feel free to report issues on Github and create Pull Requestss for new features. 32 | 33 | ## 📌 Ideas to Start on 34 | 35 | # Using 36 | 37 | For Trufflehog v2 38 | ```shell 39 | ./scripts/convert-rules.py --db ./db/rules-stable.yml --type trufflehogv2 40 | ``` 41 | 42 | For Trufflehog v3 43 | ```shell 44 | ./scripts/convert-rules.py --db ./db/rules-stable.yml --type trufflehogv3 45 | ``` 46 | 47 | For Gitleaks 48 | ```shell 49 | ./scripts/convert-rules.py --db ./db/rules-stable.yml --type gitleaks 50 | ``` 51 | 52 | 53 | **Optional**: 54 | --export - Set filename, extension will be added by type (gitleaks = toml, trufflehogV2 = json, trufflehogV3 = yaml) 55 | 56 | Would like to contribute to secrets-patterns-db? Here are some ideas that you may start with: 57 | 58 | - Support severity 59 | - Categorize patterns by type? 60 | - Categorize patterns by tags? 61 | - Support more tools? 62 | 63 | --- 64 | 65 | # 📄 License 66 | 67 | This work is licensed under a Creative Commons Attribution 4.0 International License. 68 | 69 | Trufflehog data is licensed under the AGPL. 70 | 71 | # 💚 Author 72 | 73 | **Mazin Ahmed** 74 | 75 | - **Website**: [https://mazinahmed.net](https://mazinahmed.net) 76 | - **Email**: `mazin [at] mazinahmed [dot] net` 77 | - **Twitter**: [https://twitter.com/mazen160](https://twitter.com/mazen160) 78 | - **Linkedin**: [http://linkedin.com/in/infosecmazinahmed](http://linkedin.com/in/infosecmazinahmed) 79 | -------------------------------------------------------------------------------- /datasets/PowerShell/generic.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: Slack Token 4 | regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 5 | confidence: high 6 | - pattern: 7 | name: test 8 | regex: "test" 9 | confidence: low 10 | - pattern: 11 | name: generic password 12 | regex: "password.+" 13 | confidence: low 14 | - pattern: 15 | name: Generic secret 16 | regex: "secret.+" 17 | confidence: low 18 | - pattern: 19 | name: Generic token 20 | regex: "token.+" 21 | confidence: low 22 | - pattern: 23 | name: Generic key 24 | regex: "(private|public|api|secret|password|pass|passphrase|access).+(key|token|secret).+" 25 | confidence: low 26 | - pattern: 27 | name: Generic webhook secret 28 | regex: "(webhook).+(secret|token|key).+" 29 | confidence: low 30 | - pattern: 31 | name: ADMIN_PASSWORD 32 | regex: "(admin).+(secret|token|key).+" 33 | confidence: low 34 | - pattern: 35 | name: Bearer token 36 | regex: "(bearer).+" 37 | confidence: low 38 | - pattern: 39 | name: Basic token 40 | regex: "basic [a-zA-Z0-9_\\-:\\.=]+" 41 | confidence: low 42 | - pattern: 43 | name: REDIS_URL 44 | regex: "(REDIS_URL).+" 45 | confidence: low 46 | - pattern: 47 | name: master_password 48 | regex: "(master_password).+" 49 | confidence: low 50 | - pattern: 51 | name: generic credit card 52 | regex: "^(?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})" 53 | confidence: low 54 | - pattern: 55 | name: AWS client ID 56 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 57 | confidence: low 58 | - pattern: 59 | name: AWS MWS ID 60 | regex: "mzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 61 | confidence: low 62 | - pattern: 63 | name: aws_secret_key 64 | regex: "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]" 65 | confidence: low 66 | - pattern: 67 | name: basic_auth_credentials 68 | regex: "([a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+)" 69 | confidence: low 70 | - pattern: 71 | name: facebook_client_id 72 | regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}" 73 | confidence: low 74 | - pattern: 75 | name: facebook_oauth 76 | regex: "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" 77 | confidence: low 78 | - pattern: 79 | name: facebook_secret_key 80 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}" 81 | confidence: low 82 | - pattern: 83 | name: google_cloud_platform_api_key 84 | regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]" 85 | confidence: low 86 | - pattern: 87 | name: google_cloud_platform_api_key 88 | regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]" 89 | confidence: low 90 | - pattern: 91 | name: Vault Token 92 | regex: "([sb]\\.[a-zA-Z0-9]{24})" 93 | confidence: low 94 | - pattern: 95 | name: Instagram oauth 96 | regex: "[0-9a-fA-F]{7}.[0-9a-fA-F]{32}" 97 | confidence: low 98 | - pattern: 99 | name: mfa_token 100 | regex: "(?:token=[A-Za-z0-9\\s_]*[A-Za-z0-9][A-Za-z0-9\\s_])" 101 | confidence: low 102 | - pattern: 103 | name: google_cloud_platform_api_key 104 | regex: "^(v[0-9]\\.)?[0-9a-f]{40}$" 105 | confidence: low 106 | -------------------------------------------------------------------------------- /datasets/PowerShell/git-leaks.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: AWS Access Key 4 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 5 | confidence: high 6 | - pattern: 7 | name: AWS Secret Key 8 | regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]" 9 | confidence: high 10 | - pattern: 11 | name: AWS MWS key 12 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 13 | confidence: high 14 | - pattern: 15 | name: Facebook Secret Key 16 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]" 17 | confidence: high 18 | - pattern: 19 | name: Facebook Client ID 20 | regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]" 21 | confidence: high 22 | - pattern: 23 | name: Twitter Secret Key 24 | regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" 25 | confidence: high 26 | - pattern: 27 | name: Twitter Client ID 28 | regex: "(?i)twitter(.{0,20})?[0-9a-z]{18,25}" 29 | confidence: high 30 | - pattern: 31 | name: Github Personal Access Token 32 | regex: "ghp_[0-9a-zA-Z]{36}" 33 | confidence: high 34 | - pattern: 35 | name: Github OAuth Access Token 36 | regex: "gho_[0-9a-zA-Z]{36}" 37 | confidence: high 38 | - pattern: 39 | name: Github App Token 40 | regex: "(ghu|ghs)_[0-9a-zA-Z]{36}" 41 | confidence: high 42 | - pattern: 43 | name: Github Refresh Token 44 | regex: "ghr_[0-9a-zA-Z]{76}" 45 | confidence: high 46 | - pattern: 47 | name: LinkedIn Client ID 48 | regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" 49 | confidence: high 50 | - pattern: 51 | name: LinkedIn Secret Key 52 | regex: "(?i)linkedin(.{0,20})?[0-9a-z]{16}" 53 | confidence: high 54 | - pattern: 55 | name: Slack 56 | regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?" 57 | confidence: high 58 | - pattern: 59 | name: Asymmetric Private Key 60 | regex: "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----" 61 | confidence: high 62 | - pattern: 63 | name: Google API key 64 | regex: "AIza[0-9A-Za-z\\\\-_]{35}" 65 | confidence: high 66 | - pattern: 67 | name: Google (GCP) Service Account 68 | regex: "\"type\": \"service_account\"" 69 | confidence: high 70 | - pattern: 71 | name: Heroku API key 72 | regex: "(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 73 | confidence: high 74 | - pattern: 75 | name: MailChimp API key 76 | regex: "(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}" 77 | confidence: high 78 | - pattern: 79 | name: Mailgun API key 80 | regex: "((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}" 81 | confidence: high 82 | - pattern: 83 | name: PayPal Braintree access token 84 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 85 | confidence: high 86 | - pattern: 87 | name: Picatic API key 88 | regex: "sk_live_[0-9a-z]{32}" 89 | confidence: high 90 | - pattern: 91 | name: SendGrid API Key 92 | regex: "SG\\.[\\w_]{16,32}\\.[\\w_]{16,64}" 93 | confidence: high 94 | - pattern: 95 | name: Slack Webhook 96 | regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}" 97 | confidence: high 98 | - pattern: 99 | name: Stripe API key 100 | regex: "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" 101 | confidence: high 102 | - pattern: 103 | name: Square access token 104 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 105 | confidence: high 106 | - pattern: 107 | name: Square OAuth secret 108 | regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}" 109 | confidence: high 110 | - pattern: 111 | name: Twilio API key 112 | regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" 113 | confidence: high 114 | - pattern: 115 | name: Dynatrace ttoken 116 | regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" 117 | confidence: high 118 | - pattern: 119 | name: Shopify shared secret 120 | regex: "shpss_[a-fA-F0-9]{32}" 121 | confidence: high 122 | - pattern: 123 | name: Shopify access token 124 | regex: "shpat_[a-fA-F0-9]{32}" 125 | confidence: high 126 | - pattern: 127 | name: Shopify custom app access token 128 | regex: "shpca_[a-fA-F0-9]{32}" 129 | confidence: high 130 | - pattern: 131 | name: Shopify private app access token 132 | regex: "shppa_[a-fA-F0-9]{32}" 133 | confidence: high 134 | - pattern: 135 | name: PyPI upload token 136 | regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}" 137 | confidence: high 138 | - pattern: 139 | name: AWS Access Key 140 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 141 | confidence: high 142 | - pattern: 143 | name: AWS cred file info 144 | regex: "(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\\/+]{20,40}" 145 | confidence: high 146 | - pattern: 147 | name: AWS Secret Key 148 | regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]" 149 | confidence: high 150 | - pattern: 151 | name: AWS MWS key 152 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 153 | confidence: high 154 | - pattern: 155 | name: Facebook Secret Key 156 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]" 157 | confidence: high 158 | - pattern: 159 | name: Facebook Client ID 160 | regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]" 161 | confidence: high 162 | - pattern: 163 | name: Twitter Secret Key 164 | regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{35,44}['\\\"]" 165 | confidence: high 166 | - pattern: 167 | name: Twitter Client ID 168 | regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{18,25}['\\\"]" 169 | confidence: high 170 | - pattern: 171 | name: Github 172 | regex: "(?i)github(.{0,20})?(?-i)['\\\"][0-9a-zA-Z]{35,40}['\\\"]" 173 | confidence: high 174 | - pattern: 175 | name: LinkedIn Client ID 176 | regex: "(?i)linkedin(.{0,20})?(?-i)['\\\"][0-9a-z]{12}['\\\"]" 177 | confidence: high 178 | - pattern: 179 | name: LinkedIn Secret Key 180 | regex: "(?i)linkedin(.{0,20})?['\\\"][0-9a-z]{16}['\\\"]" 181 | confidence: high 182 | - pattern: 183 | name: Slack 184 | regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?" 185 | confidence: high 186 | - pattern: 187 | name: EC 188 | regex: "-----BEGIN EC PRIVATE KEY-----" 189 | confidence: high 190 | - pattern: 191 | name: Google API key 192 | regex: "AIza[0-9A-Za-z\\\\-_]{35}" 193 | confidence: high 194 | - pattern: 195 | name: Heroku API key 196 | regex: "(?i)heroku(.{0,20})?['\"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['\"]" 197 | confidence: high 198 | - pattern: 199 | name: MailChimp API key 200 | regex: "(?i)(mailchimp|mc)(.{0,20})?['\"][0-9a-f]{32}-us[0-9]{1,2}['\"]" 201 | confidence: high 202 | - pattern: 203 | name: Mailgun API key 204 | regex: "(?i)(mailgun|mg)(.{0,20})?['\"][0-9a-z]{32}['\"]" 205 | confidence: high 206 | - pattern: 207 | name: PayPal Braintree access token 208 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 209 | confidence: high 210 | - pattern: 211 | name: Picatic API key 212 | regex: "sk_live_[0-9a-z]{32}" 213 | confidence: high 214 | - pattern: 215 | name: Slack Webhook 216 | regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 217 | confidence: high 218 | - pattern: 219 | name: Stripe API key 220 | regex: "(?i)stripe(.{0,20})?['\\\"][sk|rk]_live_[0-9a-zA-Z]{24}" 221 | confidence: high 222 | - pattern: 223 | name: Square access token 224 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 225 | confidence: high 226 | - pattern: 227 | name: Square OAuth secret 228 | regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}" 229 | confidence: high 230 | - pattern: 231 | name: Twilio API key 232 | regex: "(?i)twilio(.{0,20})?['\\\"][0-9a-f]{32}['\\\"]" 233 | confidence: high 234 | - pattern: 235 | name: Env Var 236 | regex: "(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}" 237 | confidence: high 238 | - pattern: 239 | name: Generic Credential 240 | regex: "(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|\"]([0-9a-zA-Z-_\\/+!{}/=]{4,120})['|\"]" 241 | confidence: high 242 | - pattern: 243 | name: WP-Config 244 | regex: "define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|\"].{10,120}['|\"]" 245 | confidence: high 246 | -------------------------------------------------------------------------------- /datasets/PowerShell/high-confidence.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: Slack Token 4 | regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 5 | confidence: high 6 | - pattern: 7 | name: RSA private key 8 | regex: "-----BEGIN RSA PRIVATE KEY-----" 9 | confidence: high 10 | - pattern: 11 | name: SSH (DSA) private key 12 | regex: "-----BEGIN DSA PRIVATE KEY-----" 13 | confidence: high 14 | - pattern: 15 | name: SSH (EC) private key 16 | regex: "-----BEGIN EC PRIVATE KEY-----" 17 | confidence: high 18 | - pattern: 19 | name: PGP private key block 20 | regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----" 21 | confidence: high 22 | - pattern: 23 | name: AWS API Key 24 | regex: "AKIA[0-9A-Z]{16}" 25 | confidence: high 26 | - pattern: 27 | name: Amazon MWS Auth Token 28 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 29 | confidence: high 30 | - pattern: 31 | name: AWS AppSync GraphQL Key 32 | regex: "da2-[a-z0-9]{26}" 33 | confidence: high 34 | - pattern: 35 | name: Facebook Access Token 36 | regex: "EAACEdEose0cBA[0-9A-Za-z]+" 37 | confidence: high 38 | - pattern: 39 | name: Facebook OAuth 40 | regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[''|"][0-9a-f]{32}[''|"]' 41 | confidence: high 42 | - pattern: 43 | name: GitHub 44 | regex: '[gG][iI][tT][hH][uU][bB].*[''|"][0-9a-zA-Z]{35,40}[''|"]' 45 | confidence: high 46 | - pattern: 47 | name: Generic API Key 48 | regex: '[aA][pP][iI]_?[kK][eE][yY].*[''|"][0-9a-zA-Z]{32,45}[''|"]' 49 | confidence: high 50 | - pattern: 51 | name: Generic Secret 52 | regex: '[sS][eE][cC][rR][eE][tT].*[''|"][0-9a-zA-Z]{32,45}[''|"]' 53 | confidence: high 54 | - pattern: 55 | name: Google API Key 56 | regex: "AIza[0-9A-Za-z\\-_]{35}" 57 | confidence: high 58 | - pattern: 59 | name: Google Cloud Platform API Key 60 | regex: "AIza[0-9A-Za-z\\-_]{35}" 61 | confidence: high 62 | - pattern: 63 | name: Google Cloud Platform OAuth 64 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 65 | confidence: high 66 | - pattern: 67 | name: Google Drive API Key 68 | regex: "AIza[0-9A-Za-z\\-_]{35}" 69 | confidence: high 70 | - pattern: 71 | name: Google Drive OAuth 72 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 73 | confidence: high 74 | - pattern: 75 | name: Google (GCP) Service-account 76 | regex: '"type": "service_account"' 77 | confidence: high 78 | - pattern: 79 | name: Google Gmail API Key 80 | regex: "AIza[0-9A-Za-z\\-_]{35}" 81 | confidence: high 82 | - pattern: 83 | name: Google Gmail OAuth 84 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 85 | confidence: high 86 | - pattern: 87 | name: Google OAuth Access Token 88 | regex: "ya29\\.[0-9A-Za-z\\-_]+" 89 | confidence: high 90 | - pattern: 91 | name: Google YouTube API Key 92 | regex: "AIza[0-9A-Za-z\\-_]{35}" 93 | confidence: high 94 | - pattern: 95 | name: Google YouTube OAuth 96 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 97 | confidence: high 98 | - pattern: 99 | name: Heroku API Key 100 | regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}" 101 | confidence: high 102 | - pattern: 103 | name: MailChimp API Key 104 | regex: "[0-9a-f]{32}-us[0-9]{1,2}" 105 | confidence: high 106 | - pattern: 107 | name: Mailgun API Key 108 | regex: "key-[0-9a-zA-Z]{32}" 109 | confidence: high 110 | - pattern: 111 | name: Password in URL 112 | regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" 113 | confidence: high 114 | - pattern: 115 | name: PayPal Braintree Access Token 116 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 117 | confidence: high 118 | - pattern: 119 | name: Picatic API Key 120 | regex: "sk_live_[0-9a-z]{32}" 121 | confidence: high 122 | - pattern: 123 | name: Slack Webhook 124 | regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 125 | confidence: high 126 | - pattern: 127 | name: Stripe API Key 128 | regex: "sk_live_[0-9a-zA-Z]{24}" 129 | confidence: high 130 | - pattern: 131 | name: Stripe Restricted API Key 132 | regex: "rk_live_[0-9a-zA-Z]{24}" 133 | confidence: high 134 | - pattern: 135 | name: Square Access Token 136 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 137 | confidence: high 138 | - pattern: 139 | name: Square OAuth Secret 140 | regex: "sq0csp-[0-9A-Za-z\\-_]{43}" 141 | confidence: high 142 | - pattern: 143 | name: Telegram Bot API Key 144 | regex: "[0-9]+:AA[0-9A-Za-z\\-_]{33}" 145 | confidence: high 146 | - pattern: 147 | name: Twilio API Key 148 | regex: "SK[0-9a-fA-F]{32}" 149 | confidence: high 150 | - pattern: 151 | name: Twitter Access Token 152 | regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" 153 | confidence: high 154 | - pattern: 155 | name: Twitter OAuth 156 | regex: '[tT][wW][iI][tT][tT][eE][rR].*[''|"][0-9a-zA-Z]{35,44}[''|"]' 157 | confidence: high 158 | -------------------------------------------------------------------------------- /datasets/PowerShell/nuclei-regexes.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: Amazon MWS Auth Token 4 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 5 | confidence: low 6 | - pattern: 7 | name: Amazon MWS Auth Token 8 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 9 | confidence: low 10 | - pattern: 11 | name: Amazon SNS Topic Disclosure 12 | regex: "arn:aws:sns:[a-z0-9\\-]+:[0-9]+:[A-Za-z0-9\\-_]+" 13 | confidence: low 14 | - pattern: 15 | name: AWS Access Key ID Value 16 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 17 | confidence: low 18 | - pattern: 19 | name: Artifactory Password Disclosure 20 | regex: '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}' 21 | confidence: low 22 | - pattern: 23 | name: Artifactory API Token Disclosure 24 | regex: '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}' 25 | confidence: low 26 | - pattern: 27 | name: Bitly Secret Key Disclosure 28 | regex: 'R_[0-9a-f]{32}' 29 | confidence: low 30 | - pattern: 31 | name: Cloudinary Credentials Disclosure 32 | regex: 'cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+' 33 | confidence: low 34 | - pattern: 35 | name: Cloudinary Credentials Disclosure 36 | regex: "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" 37 | confidence: low 38 | - pattern: 39 | name: Discord Webhook Disclosure 40 | regex: 'https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+' 41 | confidence: low 42 | - pattern: 43 | name: JDBC Connection String Disclosure 44 | regex: 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+' 45 | confidence: low 46 | - pattern: 47 | name: JWT Token 48 | regex: 'eyJ[a-zA-Z0-9]{10,}\.eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_\-]{10,}' 49 | confidence: low 50 | - pattern: 51 | name: Shoppable Service Auth 52 | regex: 'data-shoppable-auth-token.+' 53 | confidence: low 54 | - pattern: 55 | name: FCM Server Key 56 | regex: "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" 57 | confidence: low 58 | - pattern: 59 | name: Google Calendar URI 60 | regex: 'https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+' 61 | confidence: low 62 | - pattern: 63 | name: Google OAuth Access Key 64 | regex: 'ya29\.[0-9A-Za-z\-_]+' 65 | confidence: low 66 | - pattern: 67 | name: Mailchimp API 68 | regex: "[0-9a-f]{32}-us[0-9]{1,2}" 69 | confidence: low 70 | - pattern: 71 | name: Microsoft Teams Webhook 72 | regex: 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+' 73 | confidence: low 74 | - pattern: 75 | name: Newrelic Admin API Key 76 | regex: '(?i)NRAA-[a-f0-9]{27}' 77 | confidence: low 78 | - pattern: 79 | name: Newrelic Insights API Key 80 | regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}' 81 | confidence: low 82 | - pattern: 83 | name: Newrelic Insights API Key 84 | regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}' 85 | confidence: low 86 | - pattern: 87 | name: Newrelic REST API Key 88 | regex: '(?i)NRRA-[a-f0-9]{42}' 89 | confidence: low 90 | - pattern: 91 | name: Newrelic Synthetics Location Key 92 | regex: '(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}' 93 | confidence: low 94 | - pattern: 95 | name: PayPal Braintree Access Token 96 | regex: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}' 97 | confidence: low 98 | - pattern: 99 | name: Picatic API Key Disclosure 100 | regex: 'sk_live_[0-9a-z]{32}' 101 | confidence: low 102 | - pattern: 103 | name: Sendgrid API Key 104 | regex: 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}' 105 | confidence: low 106 | - pattern: 107 | name: Slack access token 108 | regex: "xoxb-[0-9A-Za-z\\-]{51}" 109 | confidence: low 110 | - pattern: 111 | name: Slack User token disclosure 112 | regex: "xoxp-[0-9A-Za-z\\-]{72}" 113 | confidence: low 114 | - pattern: 115 | name: Slack Webhook 116 | regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 117 | confidence: low 118 | - pattern: 119 | name: SonarQube Token 120 | regex: "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" 121 | confidence: low 122 | - pattern: 123 | name: Stripe Restriced Key 124 | regex: 'rk_(?:live|test)_[0-9a-zA-Z]{24}' 125 | confidence: low 126 | - pattern: 127 | name: Stripe Secret Key 128 | regex: 'sk_(?:live|test)_[0-9a-zA-Z]{24}' 129 | confidence: low 130 | - pattern: 131 | name: Zapier Webhook 132 | regex: 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/' 133 | confidence: low 134 | - pattern: 135 | name: Zoho Webhook 136 | regex: 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+' 137 | confidence: low 138 | - pattern: 139 | name: Amazon MWS Auth Token 140 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 141 | confidence: low 142 | - pattern: 143 | name: AWS Access Key ID 144 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 145 | confidence: low 146 | - pattern: 147 | name: AWS Cognito Pool ID 148 | regex: ":[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" 149 | confidence: low 150 | - pattern: 151 | name: Basic Auth Credentials 152 | regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" 153 | confidence: low 154 | - pattern: 155 | name: Dynatrace Token 156 | regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" 157 | confidence: low 158 | - pattern: 159 | name: Facebook Client ID 160 | regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" 161 | confidence: low 162 | - pattern: 163 | name: Facebook Secret Key 164 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" 165 | confidence: low 166 | - pattern: 167 | name: Firebase Database Detect 168 | regex: "[a-z0-9.-]+\\.firebaseio\\.com" 169 | confidence: low 170 | - pattern: 171 | name: Firebase Database Detect 172 | regex: "[a-z0-9.-]+\\.firebaseapp\\.com" 173 | confidence: low 174 | - pattern: 175 | name: Google (GCP) Service-account 176 | regex: "\"type\": \"service_account\"" 177 | confidence: low 178 | - pattern: 179 | name: Google API key 180 | regex: "AIza[0-9A-Za-z\\-_]{35}" 181 | confidence: low 182 | - pattern: 183 | name: Linkedin Client ID 184 | regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" 185 | confidence: low 186 | - pattern: 187 | name: Mailchimp API Key 188 | regex: "[0-9a-f]{32}-us[0-9]{1,2}" 189 | confidence: low 190 | - pattern: 191 | name: Mailgun API Key 192 | regex: "key-[0-9a-zA-Z]{32}" 193 | confidence: low 194 | - pattern: 195 | name: Paypal Braintree Access Token 196 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 197 | confidence: low 198 | - pattern: 199 | name: Pictatic API Key 200 | regex: "sk_live_[0-9a-z]{32}" 201 | confidence: low 202 | - pattern: 203 | name: Pictatic API Key 204 | regex: "sk_live_[0-9a-z]{32}" 205 | confidence: low 206 | - pattern: 207 | name: Sendgrid API Key 208 | regex: "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" 209 | confidence: low 210 | - pattern: 211 | name: Shopify Custom App Access Token 212 | regex: "shpca_[a-fA-F0-9]{32}" 213 | confidence: low 214 | - pattern: 215 | name: Shopify Private App Access Token 216 | regex: "shppa_[a-fA-F0-9]{32}" 217 | confidence: low 218 | - pattern: 219 | name: Shopify Shared Secret 220 | regex: "shpss_[a-fA-F0-9]{32}" 221 | confidence: low 222 | - pattern: 223 | name: Shopify Access Token 224 | regex: "shpat_[a-fA-F0-9]{32}" 225 | confidence: low 226 | - pattern: 227 | name: Slack API Key 228 | regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?" 229 | confidence: low 230 | - pattern: 231 | name: Slack Webhook 232 | regex: "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}" 233 | confidence: low 234 | - pattern: 235 | name: Square Accesss Token 236 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 237 | confidence: low 238 | - pattern: 239 | name: Square Accesss Token 240 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 241 | confidence: low 242 | - pattern: 243 | name: Square OAuth Secret 244 | regex: "sq0csp-[0-9A-Za-z\\-_]{43}" 245 | confidence: low 246 | - pattern: 247 | name: Twilio API Key 248 | regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" 249 | confidence: low 250 | - pattern: 251 | name: Twitter Secret 252 | regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" 253 | confidence: low 254 | -------------------------------------------------------------------------------- /datasets/Resources.md: -------------------------------------------------------------------------------- 1 | # pii-sample-data 2 | https://github.com/vaibhav276/pii-sample-data/tree/main 3 | 4 | # datumbrain/aws-macie-pii-confidential-regexes -> regex_list.csv 5 | https://github.com/datumbrain/aws-macie-pii-confidential-regexes/blob/master/regex_list.csv 6 | 7 | # cabinjs_sensitive-fields.json 8 | https://github.com/cabinjs/sensitive-fields/blob/master/index.json 9 | -------------------------------------------------------------------------------- /datasets/datumbrain_aws-macie-pii-confidential-regexes_regex_list.csv: -------------------------------------------------------------------------------- 1 | Name,Description,Regex,Risk,Category 2 | Arista network configuration,Arista network configuration,"via\ \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3},\ \d{2}:\d{2}:\d{2}",7,Confidential 3 | BBVA Compass Routing Number - California,BBVA Compass Routing Number - California,^321170538$,1,PII 4 | Bank of America Routing Numbers - California,Bank of America Routing Numbers - California,^(?:121|026)00(?:0|9)(?:358|593)$,1,PII 5 | Box Links,Box Links,https://app.box.com/[s|l]/\S+,3,Confidential 6 | CVE Number,CVE Number,"CVE-\d{4}-\d{4,7}",3,PII 7 | California Drivers License,California Drivers License,^[A-Z]{1}\d{7}$,1,PII 8 | Chase Routing Numbers - California,Chase Routing Numbers - California,^322271627$,1,PII 9 | Cisco Router Config,Cisco Router Config,"service\ timestamps\ [a-z]{3,5}\ datetime\ msec|boot-[a-z]{3,5}-marker|interface\ [A-Za-z0-9]{0,10}[E,e]thernet",9,Confidential 10 | Citibank Routing Numbers - California,Citibank Routing Numbers - California,^32(?:11|22)71(?:18|72)4$,1,PII 11 | DSA Private Key,DSA Private Key,"-----BEGIN DSA PRIVATE KEY-----(?:[a-zA-Z0-9\+\=\/""']|\s)+?-----END DSA PRIVATE KEY-----",8,Confidential 12 | Dropbox Links,Dropbox Links,https://www.dropbox.com/(?:s|l)/\S+,3,PII 13 | EC Private Key,EC Private Key,"-----BEGIN (?:EC|ECDSA) PRIVATE KEY-----(?:[a-zA-Z0-9\+\=\/""']|\s)+?-----END (?:EC|ECDSA) PRIVATE KEY-----",8,Confidential 14 | Encrypted DSA Private Key,Encrypted DSA Private Key,"-----BEGIN DSA PRIVATE KEY-----\s.*,ENCRYPTED(?:.|\s)+?-----END DSA PRIVATE KEY-----",3,Confidential 15 | Encrypted EC Private Key,Encrypted EC Private Key,"-----BEGIN (?:EC|ECDSA) PRIVATE KEY-----\s.*,ENCRYPTED(?:.|\s)+?-----END (?:EC|ECDSA) PRIVATE KEY-----",3,Confidential 16 | Encrypted Private Key,Encrypted Private Key,-----BEGIN ENCRYPTED PRIVATE KEY-----(?:.|\s)+?-----END ENCRYPTED PRIVATE KEY-----,3,Confidential 17 | Encrypted PuTTY SSH DSA Key,Encrypted PuTTY SSH DSA Key,PuTTY-User-Key-File-2: ssh-dss\s*Encryption: aes(?:.|\s?)*?Private-MAC:,3,Confidential 18 | Encrypted RSA Private Key,Encrypted RSA Private Key,"-----BEGIN RSA PRIVATE KEY-----\s.*,ENCRYPTED(?:.|\s)+?-----END RSA PRIVATE KEY-----",3,Confidential 19 | Google Application Identifier,Google Application Identifier,[0-9]+-\w+.apps.googleusercontent.com,2,Confidential 20 | HIPAA PHI National Drug Code,HIPAA PHI National Drug Code,"^\d{4,5}-\d{3,4}-\d{1,2}$",2,Confidential 21 | Huawei config file,Huawei config file,sysname\ HUAWEI|set\ authentication\ password\ simple\ huawei,8,Confidential 22 | Individual Taxpayer Identification Numbers (ITIN),Individual Taxpayer Identification Numbers (ITIN),"^9\d{2}(?:[ \-]?)[7,8]\d(?:[ \-]?)\d{4}$",4,Confidential 23 | John the Ripper,John the Ripper,"[J,j]ohn\ [T,t]he\ [R,r]ipper|john-[1-9].[1-9].[1-9]|Many\ salts:|Only\ one\ salt:|openwall.com/john/|List.External:[0-9a-zA-Z]*|Loaded\ [0-9]*\ password hash|guesses:\ \d*\ \ time:\ \d*:\d{2}:\d{2}:\d{2}|john\.pot",1,Confidential 24 | KeePass 1.x CSV Passwords,KeePass 1.x CSV Passwords,"""Account"",""Login Name"",""Password"",""Web Site"",""Comments""",8,Confidential 25 | KeePass 1.x XML Passwords,KeePass 1.x XML Passwords,\s*?[\S\s]*?[\S\s]*?<\/pwentry>\s*?<\/pwlist>,8,Confidential 26 | Large number of US Phone Numbers,Large number of US Phone Numbers,\d{3}-\d{3}-\d{4}|\(\d{3}\)\ ?\d{3}-?\d{4},1,Confidential 27 | Large number of US Zip Codes,Large number of US Zip Codes,^(\d{5}-\d{4}|\d{5})$,3,Confidential 28 | Lightweight Directory Access Protocol,Lightweight Directory Access Protocol,"(?:dn|cn|dc|sn):\s*[a-zA-Z0-9=, ]*",2,Confidential 29 | Metasploit Module,Metasploit Module,require\ 'msf/core'|class\ Metasploit|include\ Msf::Exploit::\w+::\w+,6,Confidential 30 | MySQL database dump,MySQL database dump,"DROP DATABASE IF EXISTS(?:.|\n){5,300}CREATE DATABASE(?:.|\n){5,300}DROP TABLE IF EXISTS(?:.|\n){5,300}CREATE TABLE",7,Confidential 31 | MySQLite database dump,MySQLite database dump,DROP\ TABLE\ IF\ EXISTS\ \[[a-zA-Z]*\];|CREATE\ TABLE\ \[[a-zA-Z]*\];,7,Confidential 32 | Network Proxy Auto-Config,Network Proxy Auto-Config,"proxy\.pac|function\ FindProxyForURL\(\w+,\ \w+\)",3,Confidential 33 | Nmap Scan Report,Nmap Scan Report,Nmap\ scan\ report\ for\ [a-zA-Z0-9.]+,7,Confidential 34 | PGP Header,PGP Header,-{5}(?:BEGIN|END)\ PGP\ MESSAGE-{5},5,Confidential 35 | PGP Private Key Block,PGP Private Key Block,-----BEGIN PGP PRIVATE KEY BLOCK-----(?:.|\s)+?-----END PGP PRIVATE KEY BLOCK-----,8,Confidential 36 | PKCS7 Encrypted Data,PKCS7 Encrypted Data,(?:Signer|Recipient)Info(?:s)?\ ::=\ \w+|[D|d]igest(?:Encryption)?Algorithm|EncryptedKey\ ::= \w+,5,Confidential 37 | Password etc passwd,Password etc passwd,"[a-zA-Z0-9\-]+:[x|\*]:\d+:\d+:[a-zA-Z0-9/\- ""]*:/[a-zA-Z0-9/\-]*:/[a-zA-Z0-9/\-]+",8,Confidential 38 | Password etc shadow,Password etc shadow,[a-zA-Z0-9\-]+:(?:(?:!!?)|(?:\*LOCK\*?)|\*|(?:\*LCK\*?)|(?:\$.*\$.*\$.*?)?):\d*:\d*:\d*:\d*:\d*:\d*:,8,Confidential 39 | PlainText Private Key,PlainText Private Key,-----BEGIN PRIVATE KEY-----(?:.|\s)+?-----END PRIVATE KEY-----,8,Confidential 40 | PuTTY SSH DSA Key,PuTTY SSH DSA Key,PuTTY-User-Key-File-2: ssh-dss\s*Encryption: none(?:.|\s?)*?Private-MAC:,8,Confidential 41 | PuTTY SSH RSA Key,PuTTY SSH RSA Key,PuTTY-User-Key-File-2: ssh-rsa\s*Encryption: none(?:.|\s?)*?Private-MAC:,8,Confidential 42 | Public Key Cryptography System (PKCS),Public Key Cryptography System (PKCS),"protocol=""application/x-pkcs[0-9]{0,2}-signature""",3,Confidential 43 | Public encrypted key,Public encrypted key,-----BEGIN PUBLIC KEY-----(?:.|\s)+?-----END PUBLIC KEY-----,1,Confidential 44 | RSA Private Key,RSA Private Key,"-----BEGIN RSA PRIVATE KEY-----(?:[a-zA-Z0-9\+\=\/""']|\s)+?-----END RSA PRIVATE KEY-----",8,Confidential 45 | SSL Certificate,SSL Certificate,-----BEGIN CERTIFICATE-----(?:.|\n)+?\s-----END CERTIFICATE-----,3,Confidential 46 | SWIFT Codes,SWIFT Codes,"[A-Za-z]{4}(?:GB|US|DE|RU|CA|JP|CN)[0-9a-zA-Z]{2,5}$",4,PII 47 | Samba Password config file,Samba Password config file,[a-z]*:\d{3}:[0-9a-zA-Z]*:[0-9a-zA-Z]*:\[U\ \]:.*,7,Confidential 48 | Simple Network Management Protocol Object Identifier,Simple Network Management Protocol Object Identifier,(?:\d\.\d\.\d\.\d\.\d\.\d{3}\.\d\.\d\.\d\.\d\.\d\.\d\.\d\.\d\.\d{4}\.\d)|[a-zA-Z]+[)(0-9]+\.[a-zA-Z]+[)(0-9]+\.[a-zA-Z]+[)(0-9]+\.[a-zA-Z]+[)(0-9]+\.[a-zA-Z]+[)(0-9]+\.[a-zA-Z]+[)(0-9]+\.[a-zA-Z0-9)(]+\.[a-zA-Z0-9)(]+\.[a-zA-Z0-9)(]+\.[a-zA-Z0-9)(]+,5,Confidential 49 | Slack 2FA Backup Codes,Slack 2FA Backup Codes,Two-Factor\s*\S*Authentication\s*\S*Backup\s*\S*Codes(?:.|\n)*[Ss]lack(?:.|\n)*\d{9},8,Confidential 50 | UK Drivers License Numbers,UK Drivers License Numbers,[A-Z]{5}\d{6}[A-Z]{2}\d{1}[A-Z]{2},4,PII 51 | UK Passport Number,UK Passport Number,\d{10}GB[RP]\d{7}[UMF]{1}\d{9},1,PII 52 | USBank Routing Numbers - California,USBank Routing Numbers - California,^12(?:1122676|2235821)$,1,PII 53 | United Bank Routing Number - California,United Bank Routing Number - California,^122243350$,1,PII 54 | Wells Fargo Routing Numbers - California,Wells Fargo Routing Numbers - California,^121042882$,1,PII 55 | aws_access_key,aws_access_key,"((access[-_]?key[-_]?id)|(ACCESS[-_]?KEY[-_]?ID)|([Aa]ccessKeyId)|(access[_-]?id)).{0,20}AKIA[a-zA-Z0-9+/]{16}[^a-zA-Z0-9+/]",3,Confidential 56 | aws_credentials_context,aws_credentials_context,access_key_id|secret_access_key|AssetSync.configure,3,Confidential 57 | aws_secret_key,aws_secret_key,"((secret[-_]?access[-_]?key)|(SECRET[-_]?ACCESS[-_]?KEY|(private[-_]?key))|([Ss]ecretAccessKey)).{0,20}[^a-zA-Z0-9+/][a-zA-Z0-9+/]{40}\b",10,Confidential 58 | facebook_secret,facebook_secret,"(facebook_secret|FACEBOOK_SECRET|facebook_app_secret|FACEBOOK_APP_SECRET)[a-z_ =\s""'\:]{0,5}[^a-zA-Z0-9][a-f0-9]{32}[^a-zA-Z0-9]",8,Confidential 59 | github_key,github_key,"(GITHUB_SECRET|GITHUB_KEY|github_secret|github_key|github_token|GITHUB_TOKEN|github_api_key|GITHUB_API_KEY)[a-z_ =\s""'\:]{0,10}[^a-zA-Z0-9][a-zA-Z0-9]{40}[^a-zA-Z0-9]",8,Confidential 60 | google_two_factor_backup,google_two_factor_backup,"(?:BACKUP VERIFICATION CODES|SAVE YOUR BACKUP CODES)[\s\S]{0,300}@",8,Confidential 61 | heroku_key,heroku_key,"(heroku_api_key|HEROKU_API_KEY|heroku_secret|HEROKU_SECRET)[a-z_ =\s""'\:]{0,10}[^a-zA-Z0-9-]\w{8}(?:-\w{4}){3}-\w{12}[^a-zA-Z0-9\-]",7,Confidential 62 | microsoft_office_365_oauth_context,microsoft_office_365_oauth_context,https://login.microsoftonline.com/common/oauth2/v2.0/token|https://login.windows.net/common/oauth2/token,1,Confidential 63 | pgSQL Connection Information,pgSQL Connection Information,(?:postgres|pgsql)\:\/\/,2,Confidential 64 | slack_api_key,slack_api_key,"(slack_api_key|SLACK_API_KEY|slack_key|SLACK_KEY)[a-z_ =\s""'\:]{0,10}[^a-f0-9][a-f0-9]{32}[^a-f0-9]",7,Confidential 65 | slack_api_token,slack_api_token,"(xox[pb](?:-[a-zA-Z0-9]+){4,})",8,Confidential 66 | ssh_dss_public,ssh_dss_public,ssh-dss [0-9A-Za-z+/]+[=]{2},1,Confidential 67 | ssh_rsa_public,ssh_rsa_public,"ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} [^@]+@[^@]+",1,Confidential -------------------------------------------------------------------------------- /datasets/generic.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: Slack Token 4 | regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 5 | confidence: high 6 | - pattern: 7 | name: test 8 | regex: "test" 9 | confidence: low 10 | - pattern: 11 | name: generic password 12 | regex: "password.+" 13 | confidence: low 14 | - pattern: 15 | name: Generic secret 16 | regex: "secret.+" 17 | confidence: low 18 | - pattern: 19 | name: Generic token 20 | regex: "token.+" 21 | confidence: low 22 | - pattern: 23 | name: Generic key 24 | regex: "(private|public|api|secret|password|pass|passphrase|access).+(key|token|secret).+" 25 | confidence: low 26 | - pattern: 27 | name: Generic webhook secret 28 | regex: "(webhook).+(secret|token|key).+" 29 | confidence: low 30 | - pattern: 31 | name: ADMIN_PASSWORD 32 | regex: "(admin).+(secret|token|key).+" 33 | confidence: low 34 | - pattern: 35 | name: Bearer token 36 | regex: "(bearer).+" 37 | confidence: low 38 | - pattern: 39 | name: Basic token 40 | regex: "basic [a-zA-Z0-9_\\-:\\.=]+" 41 | confidence: low 42 | - pattern: 43 | name: REDIS_URL 44 | regex: "(REDIS_URL).+" 45 | confidence: low 46 | - pattern: 47 | name: master_password 48 | regex: "(master_password).+" 49 | confidence: low 50 | - pattern: 51 | name: generic credit card 52 | regex: "^(?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})" 53 | confidence: low 54 | - pattern: 55 | name: AWS client ID 56 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 57 | confidence: low 58 | - pattern: 59 | name: AWS MWS ID 60 | regex: "mzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 61 | confidence: low 62 | - pattern: 63 | name: aws_secret_key 64 | regex: "(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]" 65 | confidence: low 66 | - pattern: 67 | name: basic_auth_credentials 68 | regex: "([a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\\.[a-zA-Z]+)" 69 | confidence: low 70 | - pattern: 71 | name: facebook_client_id 72 | regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}" 73 | confidence: low 74 | - pattern: 75 | name: facebook_oauth 76 | regex: "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" 77 | confidence: low 78 | - pattern: 79 | name: facebook_secret_key 80 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}" 81 | confidence: low 82 | - pattern: 83 | name: google_cloud_platform_api_key 84 | regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]" 85 | confidence: low 86 | - pattern: 87 | name: google_cloud_platform_api_key 88 | regex: "(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"]AIza[0-9a-z\\-_]{35}['\"]" 89 | confidence: low 90 | - pattern: 91 | name: Vault Token 92 | regex: "([sb]\\.[a-zA-Z0-9]{24})" 93 | confidence: low 94 | - pattern: 95 | name: Instagram oauth 96 | regex: "[0-9a-fA-F]{7}.[0-9a-fA-F]{32}" 97 | confidence: low 98 | - pattern: 99 | name: mfa_token 100 | regex: "(?:token=[A-Za-z0-9\\s_]*[A-Za-z0-9][A-Za-z0-9\\s_])" 101 | confidence: low 102 | - pattern: 103 | name: google_cloud_platform_api_key 104 | regex: "^(v[0-9]\\.)?[0-9a-f]{40}$" 105 | confidence: low 106 | -------------------------------------------------------------------------------- /datasets/git-leaks.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: AWS Access Key 4 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 5 | confidence: high 6 | - pattern: 7 | name: AWS Secret Key 8 | regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]" 9 | confidence: high 10 | - pattern: 11 | name: AWS MWS key 12 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 13 | confidence: high 14 | - pattern: 15 | name: Facebook Secret Key 16 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]" 17 | confidence: high 18 | - pattern: 19 | name: Facebook Client ID 20 | regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]" 21 | confidence: high 22 | - pattern: 23 | name: Twitter Secret Key 24 | regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" 25 | confidence: high 26 | - pattern: 27 | name: Twitter Client ID 28 | regex: "(?i)twitter(.{0,20})?[0-9a-z]{18,25}" 29 | confidence: high 30 | - pattern: 31 | name: Github Personal Access Token 32 | regex: "ghp_[0-9a-zA-Z]{36}" 33 | confidence: high 34 | - pattern: 35 | name: Github OAuth Access Token 36 | regex: "gho_[0-9a-zA-Z]{36}" 37 | confidence: high 38 | - pattern: 39 | name: Github App Token 40 | regex: "(ghu|ghs)_[0-9a-zA-Z]{36}" 41 | confidence: high 42 | - pattern: 43 | name: Github Refresh Token 44 | regex: "ghr_[0-9a-zA-Z]{76}" 45 | confidence: high 46 | - pattern: 47 | name: LinkedIn Client ID 48 | regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" 49 | confidence: high 50 | - pattern: 51 | name: LinkedIn Secret Key 52 | regex: "(?i)linkedin(.{0,20})?[0-9a-z]{16}" 53 | confidence: high 54 | - pattern: 55 | name: Slack 56 | regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?" 57 | confidence: high 58 | - pattern: 59 | name: Asymmetric Private Key 60 | regex: "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----" 61 | confidence: high 62 | - pattern: 63 | name: Google API key 64 | regex: "AIza[0-9A-Za-z\\\\-_]{35}" 65 | confidence: high 66 | - pattern: 67 | name: Google (GCP) Service Account 68 | regex: "\"type\": \"service_account\"" 69 | confidence: high 70 | - pattern: 71 | name: Heroku API key 72 | regex: "(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 73 | confidence: high 74 | - pattern: 75 | name: MailChimp API key 76 | regex: "(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}" 77 | confidence: high 78 | - pattern: 79 | name: Mailgun API key 80 | regex: "((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}" 81 | confidence: high 82 | - pattern: 83 | name: PayPal Braintree access token 84 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 85 | confidence: high 86 | - pattern: 87 | name: Picatic API key 88 | regex: "sk_live_[0-9a-z]{32}" 89 | confidence: high 90 | - pattern: 91 | name: SendGrid API Key 92 | regex: "SG\\.[\\w_]{16,32}\\.[\\w_]{16,64}" 93 | confidence: high 94 | - pattern: 95 | name: Slack Webhook 96 | regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}" 97 | confidence: high 98 | - pattern: 99 | name: Stripe API key 100 | regex: "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" 101 | confidence: high 102 | - pattern: 103 | name: Square access token 104 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 105 | confidence: high 106 | - pattern: 107 | name: Square OAuth secret 108 | regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}" 109 | confidence: high 110 | - pattern: 111 | name: Twilio API key 112 | regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" 113 | confidence: high 114 | - pattern: 115 | name: Dynatrace ttoken 116 | regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" 117 | confidence: high 118 | - pattern: 119 | name: Shopify shared secret 120 | regex: "shpss_[a-fA-F0-9]{32}" 121 | confidence: high 122 | - pattern: 123 | name: Shopify access token 124 | regex: "shpat_[a-fA-F0-9]{32}" 125 | confidence: high 126 | - pattern: 127 | name: Shopify custom app access token 128 | regex: "shpca_[a-fA-F0-9]{32}" 129 | confidence: high 130 | - pattern: 131 | name: Shopify private app access token 132 | regex: "shppa_[a-fA-F0-9]{32}" 133 | confidence: high 134 | - pattern: 135 | name: PyPI upload token 136 | regex: "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}" 137 | confidence: high 138 | - pattern: 139 | name: AWS Access Key 140 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 141 | confidence: high 142 | - pattern: 143 | name: AWS cred file info 144 | regex: "(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\\/+]{20,40}" 145 | confidence: high 146 | - pattern: 147 | name: AWS Secret Key 148 | regex: "(?i)aws(.{0,20})?(?-i)['\\\"][0-9a-zA-Z\\/+]{40}['\\\"]" 149 | confidence: high 150 | - pattern: 151 | name: AWS MWS key 152 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 153 | confidence: high 154 | - pattern: 155 | name: Facebook Secret Key 156 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\\\"][0-9a-f]{32}['\\\"]" 157 | confidence: high 158 | - pattern: 159 | name: Facebook Client ID 160 | regex: "(?i)(facebook|fb)(.{0,20})?['\\\"][0-9]{13,17}['\\\"]" 161 | confidence: high 162 | - pattern: 163 | name: Twitter Secret Key 164 | regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{35,44}['\\\"]" 165 | confidence: high 166 | - pattern: 167 | name: Twitter Client ID 168 | regex: "(?i)twitter(.{0,20})?['\\\"][0-9a-z]{18,25}['\\\"]" 169 | confidence: high 170 | - pattern: 171 | name: Github 172 | regex: "(?i)github(.{0,20})?(?-i)['\\\"][0-9a-zA-Z]{35,40}['\\\"]" 173 | confidence: high 174 | - pattern: 175 | name: LinkedIn Client ID 176 | regex: "(?i)linkedin(.{0,20})?(?-i)['\\\"][0-9a-z]{12}['\\\"]" 177 | confidence: high 178 | - pattern: 179 | name: LinkedIn Secret Key 180 | regex: "(?i)linkedin(.{0,20})?['\\\"][0-9a-z]{16}['\\\"]" 181 | confidence: high 182 | - pattern: 183 | name: Slack 184 | regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?" 185 | confidence: high 186 | - pattern: 187 | name: EC 188 | regex: "-----BEGIN EC PRIVATE KEY-----" 189 | confidence: high 190 | - pattern: 191 | name: Google API key 192 | regex: "AIza[0-9A-Za-z\\\\-_]{35}" 193 | confidence: high 194 | - pattern: 195 | name: Heroku API key 196 | regex: "(?i)heroku(.{0,20})?['\"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['\"]" 197 | confidence: high 198 | - pattern: 199 | name: MailChimp API key 200 | regex: "(?i)(mailchimp|mc)(.{0,20})?['\"][0-9a-f]{32}-us[0-9]{1,2}['\"]" 201 | confidence: high 202 | - pattern: 203 | name: Mailgun API key 204 | regex: "(?i)(mailgun|mg)(.{0,20})?['\"][0-9a-z]{32}['\"]" 205 | confidence: high 206 | - pattern: 207 | name: PayPal Braintree access token 208 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 209 | confidence: high 210 | - pattern: 211 | name: Picatic API key 212 | regex: "sk_live_[0-9a-z]{32}" 213 | confidence: high 214 | - pattern: 215 | name: Slack Webhook 216 | regex: "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 217 | confidence: high 218 | - pattern: 219 | name: Stripe API key 220 | regex: "(?i)stripe(.{0,20})?['\\\"][sk|rk]_live_[0-9a-zA-Z]{24}" 221 | confidence: high 222 | - pattern: 223 | name: Square access token 224 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 225 | confidence: high 226 | - pattern: 227 | name: Square OAuth secret 228 | regex: "sq0csp-[0-9A-Za-z\\\\-_]{43}" 229 | confidence: high 230 | - pattern: 231 | name: Twilio API key 232 | regex: "(?i)twilio(.{0,20})?['\\\"][0-9a-f]{32}['\\\"]" 233 | confidence: high 234 | - pattern: 235 | name: Env Var 236 | regex: "(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}" 237 | confidence: high 238 | - pattern: 239 | name: Generic Credential 240 | regex: "(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|\"]([0-9a-zA-Z-_\\/+!{}/=]{4,120})['|\"]" 241 | confidence: high 242 | - pattern: 243 | name: WP-Config 244 | regex: "define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|\"].{10,120}['|\"]" 245 | confidence: high 246 | -------------------------------------------------------------------------------- /datasets/high-confidence.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: Slack Token 4 | regex: "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 5 | confidence: high 6 | - pattern: 7 | name: RSA private key 8 | regex: "-----BEGIN RSA PRIVATE KEY-----" 9 | confidence: high 10 | - pattern: 11 | name: SSH (DSA) private key 12 | regex: "-----BEGIN DSA PRIVATE KEY-----" 13 | confidence: high 14 | - pattern: 15 | name: SSH (EC) private key 16 | regex: "-----BEGIN EC PRIVATE KEY-----" 17 | confidence: high 18 | - pattern: 19 | name: PGP private key block 20 | regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----" 21 | confidence: high 22 | - pattern: 23 | name: AWS API Key 24 | regex: "AKIA[0-9A-Z]{16}" 25 | confidence: high 26 | - pattern: 27 | name: Amazon MWS Auth Token 28 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 29 | confidence: high 30 | - pattern: 31 | name: AWS AppSync GraphQL Key 32 | regex: "da2-[a-z0-9]{26}" 33 | confidence: high 34 | - pattern: 35 | name: Facebook Access Token 36 | regex: "EAACEdEose0cBA[0-9A-Za-z]+" 37 | confidence: high 38 | - pattern: 39 | name: Facebook OAuth 40 | regex: '[fF][aA][cC][eE][bB][oO][oO][kK].*[''|"][0-9a-f]{32}[''|"]' 41 | confidence: high 42 | - pattern: 43 | name: GitHub 44 | regex: '[gG][iI][tT][hH][uU][bB].*[''|"][0-9a-zA-Z]{35,40}[''|"]' 45 | confidence: high 46 | - pattern: 47 | name: Generic API Key 48 | regex: '[aA][pP][iI]_?[kK][eE][yY].*[''|"][0-9a-zA-Z]{32,45}[''|"]' 49 | confidence: high 50 | - pattern: 51 | name: Generic Secret 52 | regex: '[sS][eE][cC][rR][eE][tT].*[''|"][0-9a-zA-Z]{32,45}[''|"]' 53 | confidence: high 54 | - pattern: 55 | name: Google API Key 56 | regex: "AIza[0-9A-Za-z\\-_]{35}" 57 | confidence: high 58 | - pattern: 59 | name: Google Cloud Platform API Key 60 | regex: "AIza[0-9A-Za-z\\-_]{35}" 61 | confidence: high 62 | - pattern: 63 | name: Google Cloud Platform OAuth 64 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 65 | confidence: high 66 | - pattern: 67 | name: Google Drive API Key 68 | regex: "AIza[0-9A-Za-z\\-_]{35}" 69 | confidence: high 70 | - pattern: 71 | name: Google Drive OAuth 72 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 73 | confidence: high 74 | - pattern: 75 | name: Google (GCP) Service-account 76 | regex: '"type": "service_account"' 77 | confidence: high 78 | - pattern: 79 | name: Google Gmail API Key 80 | regex: "AIza[0-9A-Za-z\\-_]{35}" 81 | confidence: high 82 | - pattern: 83 | name: Google Gmail OAuth 84 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 85 | confidence: high 86 | - pattern: 87 | name: Google OAuth Access Token 88 | regex: "ya29\\.[0-9A-Za-z\\-_]+" 89 | confidence: high 90 | - pattern: 91 | name: Google YouTube API Key 92 | regex: "AIza[0-9A-Za-z\\-_]{35}" 93 | confidence: high 94 | - pattern: 95 | name: Google YouTube OAuth 96 | regex: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 97 | confidence: high 98 | - pattern: 99 | name: Heroku API Key 100 | regex: "[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}" 101 | confidence: high 102 | - pattern: 103 | name: MailChimp API Key 104 | regex: "[0-9a-f]{32}-us[0-9]{1,2}" 105 | confidence: high 106 | - pattern: 107 | name: Mailgun API Key 108 | regex: "key-[0-9a-zA-Z]{32}" 109 | confidence: high 110 | - pattern: 111 | name: Password in URL 112 | regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" 113 | confidence: high 114 | - pattern: 115 | name: PayPal Braintree Access Token 116 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 117 | confidence: high 118 | - pattern: 119 | name: Picatic API Key 120 | regex: "sk_live_[0-9a-z]{32}" 121 | confidence: high 122 | - pattern: 123 | name: Slack Webhook 124 | regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 125 | confidence: high 126 | - pattern: 127 | name: Stripe API Key 128 | regex: "sk_live_[0-9a-zA-Z]{24}" 129 | confidence: high 130 | - pattern: 131 | name: Stripe Restricted API Key 132 | regex: "rk_live_[0-9a-zA-Z]{24}" 133 | confidence: high 134 | - pattern: 135 | name: Square Access Token 136 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 137 | confidence: high 138 | - pattern: 139 | name: Square OAuth Secret 140 | regex: "sq0csp-[0-9A-Za-z\\-_]{43}" 141 | confidence: high 142 | - pattern: 143 | name: Telegram Bot API Key 144 | regex: "[0-9]+:AA[0-9A-Za-z\\-_]{33}" 145 | confidence: high 146 | - pattern: 147 | name: Twilio API Key 148 | regex: "SK[0-9a-fA-F]{32}" 149 | confidence: high 150 | - pattern: 151 | name: Twitter Access Token 152 | regex: "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" 153 | confidence: high 154 | - pattern: 155 | name: Twitter OAuth 156 | regex: '[tT][wW][iI][tT][tT][eE][rR].*[''|"][0-9a-zA-Z]{35,44}[''|"]' 157 | confidence: high 158 | -------------------------------------------------------------------------------- /datasets/nuclei-regexes.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: Amazon MWS Auth Token 4 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 5 | confidence: low 6 | - pattern: 7 | name: Amazon MWS Auth Token 8 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 9 | confidence: low 10 | - pattern: 11 | name: Amazon SNS Topic Disclosure 12 | regex: "arn:aws:sns:[a-z0-9\\-]+:[0-9]+:[A-Za-z0-9\\-_]+" 13 | confidence: low 14 | - pattern: 15 | name: AWS Access Key ID Value 16 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 17 | confidence: low 18 | - pattern: 19 | name: Artifactory Password Disclosure 20 | regex: '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}' 21 | confidence: low 22 | - pattern: 23 | name: Artifactory API Token Disclosure 24 | regex: '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}' 25 | confidence: low 26 | - pattern: 27 | name: Bitly Secret Key Disclosure 28 | regex: 'R_[0-9a-f]{32}' 29 | confidence: low 30 | - pattern: 31 | name: Cloudinary Credentials Disclosure 32 | regex: 'cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+' 33 | confidence: low 34 | - pattern: 35 | name: Cloudinary Credentials Disclosure 36 | regex: "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" 37 | confidence: low 38 | - pattern: 39 | name: Discord Webhook Disclosure 40 | regex: 'https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+' 41 | confidence: low 42 | - pattern: 43 | name: JDBC Connection String Disclosure 44 | regex: 'jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+' 45 | confidence: low 46 | - pattern: 47 | name: JWT Token 48 | regex: 'eyJ[a-zA-Z0-9]{10,}\.eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_\-]{10,}' 49 | confidence: low 50 | - pattern: 51 | name: Shoppable Service Auth 52 | regex: 'data-shoppable-auth-token.+' 53 | confidence: low 54 | - pattern: 55 | name: FCM Server Key 56 | regex: "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" 57 | confidence: low 58 | - pattern: 59 | name: Google Calendar URI 60 | regex: 'https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+' 61 | confidence: low 62 | - pattern: 63 | name: Google OAuth Access Key 64 | regex: 'ya29\.[0-9A-Za-z\-_]+' 65 | confidence: low 66 | - pattern: 67 | name: Mailchimp API 68 | regex: "[0-9a-f]{32}-us[0-9]{1,2}" 69 | confidence: low 70 | - pattern: 71 | name: Microsoft Teams Webhook 72 | regex: 'https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+' 73 | confidence: low 74 | - pattern: 75 | name: Newrelic Admin API Key 76 | regex: '(?i)NRAA-[a-f0-9]{27}' 77 | confidence: low 78 | - pattern: 79 | name: Newrelic Insights API Key 80 | regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}' 81 | confidence: low 82 | - pattern: 83 | name: Newrelic Insights API Key 84 | regex: '(?i)NRI(?:I|Q)-[A-Za-z0-9\-_]{32}' 85 | confidence: low 86 | - pattern: 87 | name: Newrelic REST API Key 88 | regex: '(?i)NRRA-[a-f0-9]{42}' 89 | confidence: low 90 | - pattern: 91 | name: Newrelic Synthetics Location Key 92 | regex: '(?i)NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}' 93 | confidence: low 94 | - pattern: 95 | name: PayPal Braintree Access Token 96 | regex: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}' 97 | confidence: low 98 | - pattern: 99 | name: Picatic API Key Disclosure 100 | regex: 'sk_live_[0-9a-z]{32}' 101 | confidence: low 102 | - pattern: 103 | name: Sendgrid API Key 104 | regex: 'SG\.[a-zA-Z0-9-_]{22}\.[a-zA-Z0-9_-]{43}' 105 | confidence: low 106 | - pattern: 107 | name: Slack access token 108 | regex: "xoxb-[0-9A-Za-z\\-]{51}" 109 | confidence: low 110 | - pattern: 111 | name: Slack User token disclosure 112 | regex: "xoxp-[0-9A-Za-z\\-]{72}" 113 | confidence: low 114 | - pattern: 115 | name: Slack Webhook 116 | regex: "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 117 | confidence: low 118 | - pattern: 119 | name: SonarQube Token 120 | regex: "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" 121 | confidence: low 122 | - pattern: 123 | name: Stripe Restriced Key 124 | regex: 'rk_(?:live|test)_[0-9a-zA-Z]{24}' 125 | confidence: low 126 | - pattern: 127 | name: Stripe Secret Key 128 | regex: 'sk_(?:live|test)_[0-9a-zA-Z]{24}' 129 | confidence: low 130 | - pattern: 131 | name: Zapier Webhook 132 | regex: 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/' 133 | confidence: low 134 | - pattern: 135 | name: Zoho Webhook 136 | regex: 'https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+' 137 | confidence: low 138 | - pattern: 139 | name: Amazon MWS Auth Token 140 | regex: "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" 141 | confidence: low 142 | - pattern: 143 | name: AWS Access Key ID 144 | regex: "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" 145 | confidence: low 146 | - pattern: 147 | name: AWS Cognito Pool ID 148 | regex: ":[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" 149 | confidence: low 150 | - pattern: 151 | name: Basic Auth Credentials 152 | regex: "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" 153 | confidence: low 154 | - pattern: 155 | name: Dynatrace Token 156 | regex: "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" 157 | confidence: low 158 | - pattern: 159 | name: Facebook Client ID 160 | regex: "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" 161 | confidence: low 162 | - pattern: 163 | name: Facebook Secret Key 164 | regex: "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" 165 | confidence: low 166 | - pattern: 167 | name: Firebase Database Detect 168 | regex: "[a-z0-9.-]+\\.firebaseio\\.com" 169 | confidence: low 170 | - pattern: 171 | name: Firebase Database Detect 172 | regex: "[a-z0-9.-]+\\.firebaseapp\\.com" 173 | confidence: low 174 | - pattern: 175 | name: Google (GCP) Service-account 176 | regex: "\"type\": \"service_account\"" 177 | confidence: low 178 | - pattern: 179 | name: Google API key 180 | regex: "AIza[0-9A-Za-z\\-_]{35}" 181 | confidence: low 182 | - pattern: 183 | name: Linkedin Client ID 184 | regex: "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" 185 | confidence: low 186 | - pattern: 187 | name: Mailchimp API Key 188 | regex: "[0-9a-f]{32}-us[0-9]{1,2}" 189 | confidence: low 190 | - pattern: 191 | name: Mailgun API Key 192 | regex: "key-[0-9a-zA-Z]{32}" 193 | confidence: low 194 | - pattern: 195 | name: Paypal Braintree Access Token 196 | regex: "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 197 | confidence: low 198 | - pattern: 199 | name: Pictatic API Key 200 | regex: "sk_live_[0-9a-z]{32}" 201 | confidence: low 202 | - pattern: 203 | name: Pictatic API Key 204 | regex: "sk_live_[0-9a-z]{32}" 205 | confidence: low 206 | - pattern: 207 | name: Sendgrid API Key 208 | regex: "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" 209 | confidence: low 210 | - pattern: 211 | name: Shopify Custom App Access Token 212 | regex: "shpca_[a-fA-F0-9]{32}" 213 | confidence: low 214 | - pattern: 215 | name: Shopify Private App Access Token 216 | regex: "shppa_[a-fA-F0-9]{32}" 217 | confidence: low 218 | - pattern: 219 | name: Shopify Shared Secret 220 | regex: "shpss_[a-fA-F0-9]{32}" 221 | confidence: low 222 | - pattern: 223 | name: Shopify Access Token 224 | regex: "shpat_[a-fA-F0-9]{32}" 225 | confidence: low 226 | - pattern: 227 | name: Slack API Key 228 | regex: "xox[baprs]-([0-9a-zA-Z]{10,48})?" 229 | confidence: low 230 | - pattern: 231 | name: Slack Webhook 232 | regex: "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{10}/B[0-9A-Za-z\\-_]{10}/[0-9A-Za-z\\-_]{23}" 233 | confidence: low 234 | - pattern: 235 | name: Square Accesss Token 236 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 237 | confidence: low 238 | - pattern: 239 | name: Square Accesss Token 240 | regex: "sq0atp-[0-9A-Za-z\\-_]{22}" 241 | confidence: low 242 | - pattern: 243 | name: Square OAuth Secret 244 | regex: "sq0csp-[0-9A-Za-z\\-_]{43}" 245 | confidence: low 246 | - pattern: 247 | name: Twilio API Key 248 | regex: "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" 249 | confidence: low 250 | - pattern: 251 | name: Twitter Secret 252 | regex: "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" 253 | confidence: low 254 | -------------------------------------------------------------------------------- /datasets/sample-test-1.txt: -------------------------------------------------------------------------------- 1 | From: https://huggingface.co/spaces/presidio/presidio_demo 2 | 3 | Here are a few example sentences we currently support: 4 | 5 | Hello, my name is David Johnson and I live in Maine. 6 | My credit card number is 4095-2609-9393-4932 and my crypto wallet id is 16Yeky6GMjeNkAiNcBY7ZhrLoMSgg1BoyZ. 7 | 8 | On September 18 I visited microsoft.com and sent an email to test@presidio.site, from the IP 192.168.0.1. 9 | 10 | My passport: 191280342 and my phone number: (212) 555-1234. 11 | 12 | This is a valid International Bank Account Number: IL150120690000003111111 . Can you please check the status on bank account 954567876544? 13 | 14 | Kate's social security number is 078-05-1126. Her driver license? it is 1234567A. 15 | -------------------------------------------------------------------------------- /db/pii-stable.yml: -------------------------------------------------------------------------------- 1 | patterns: 2 | - pattern: 3 | name: times 4 | regex: \d{1,2}:\d{2} ?(?:[ap]\.?m\.?)?|\d[ap]\.?m\.? 5 | confidence: high 6 | - pattern: 7 | name: phones 8 | regex: ((?:(?\\s*?[\\S\\s]*?[\\S\\s]*?<\\/pwentry>\\s*?<\\/pwlist>" 389 | confidence: high 390 | - pattern: 391 | name: Large number of US Phone Numbers 392 | regex: "\\d{3}-\\d{3}-\\d{4}|\\(\\d{3}\\)\\ ?\\d{3}-?\\d{4}" 393 | confidence: high 394 | - pattern: 395 | name: Large number of US Zip Codes 396 | regex: "^(\\d{5}-\\d{4}|\\d{5})$" 397 | confidence: high 398 | - pattern: 399 | name: Lightweight Directory Access Protocol 400 | regex: "(?:dn|cn|dc|sn):\\s*[a-zA-Z0-9=, ]*" 401 | confidence: high 402 | - pattern: 403 | name: Metasploit Module 404 | regex: "require\\ 'msf/core'|class\\ Metasploit|include\\ Msf::Exploit::\\w+::\\w+" 405 | confidence: high 406 | - pattern: 407 | name: MySQL database dump 408 | regex: "DROP DATABASE IF EXISTS(?:.|\\n){5,300}CREATE DATABASE(?:.|\\n){5,300}DROP TABLE IF EXISTS(?:.|\\n){5,300}CREATE TABLE" 409 | confidence: high 410 | - pattern: 411 | name: MySQLite database dump 412 | regex: "DROP\\ TABLE\\ IF\\ EXISTS\\ \\[[a-zA-Z]*\\];|CREATE\\ TABLE\\ \\[[a-zA-Z]*\\];" 413 | confidence: high 414 | - pattern: 415 | name: Network Proxy Auto-Config 416 | regex: "proxy\\.pac|function\\ FindProxyForURL\\(\\w+,\\ \\w+\\)" 417 | confidence: high 418 | - pattern: 419 | name: Nmap Scan Report 420 | regex: "Nmap\\ scan\\ report\\ for\\ [a-zA-Z0-9.]+" 421 | confidence: high 422 | - pattern: 423 | name: PGP Header 424 | regex: "-{5}(?:BEGIN|END)\\ PGP\\ MESSAGE-{5}" 425 | confidence: high 426 | - pattern: 427 | name: PGP Private Key Block 428 | regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----(?:.|\\s)+?-----END PGP PRIVATE KEY BLOCK-----" 429 | confidence: high 430 | - pattern: 431 | name: PKCS7 Encrypted Data 432 | regex: "(?:Signer|Recipient)Info(?:s)?\\ ::=\\ \\w+|[D|d]igest(?:Encryption)?Algorithm|EncryptedKey\\ ::= \\w+" 433 | confidence: high 434 | - pattern: 435 | name: Password etc passwd 436 | regex: "[a-zA-Z0-9\\-]+:[x|\\*]:\\d+:\\d+:[a-zA-Z0-9/\\- \"]*:/[a-zA-Z0-9/\\-]*:/[a-zA-Z0-9/\\-]+" 437 | confidence: high 438 | - pattern: 439 | name: Password etc shadow 440 | regex: "[a-zA-Z0-9\\-]+:(?:(?:!!?)|(?:\\*LOCK\\*?)|\\*|(?:\\*LCK\\*?)|(?:\\$.*\\$.*\\$.*?)?):\\d*:\\d*:\\d*:\\d*:\\d*:\\d*:" 441 | confidence: high 442 | - pattern: 443 | name: PlainText Private Key 444 | regex: "-----BEGIN PRIVATE KEY-----(?:.|\\s)+?-----END PRIVATE KEY-----" 445 | confidence: high 446 | - pattern: 447 | name: PuTTY SSH DSA Key 448 | regex: "PuTTY-User-Key-File-2: ssh-dss\\s*Encryption: none(?:.|\\s?)*?Private-MAC:" 449 | confidence: high 450 | - pattern: 451 | name: PuTTY SSH RSA Key 452 | regex: "PuTTY-User-Key-File-2: ssh-rsa\\s*Encryption: none(?:.|\\s?)*?Private-MAC:" 453 | confidence: high 454 | - pattern: 455 | name: Public Key Cryptography System (PKCS) 456 | regex: "protocol=\"application/x-pkcs[0-9]{0,2}-signature\"" 457 | confidence: high 458 | - pattern: 459 | name: Public encrypted key 460 | regex: "-----BEGIN PUBLIC KEY-----(?:.|\\s)+?-----END PUBLIC KEY-----" 461 | confidence: high 462 | - pattern: 463 | name: RSA Private Key 464 | regex: "-----BEGIN RSA PRIVATE KEY-----(?:[a-zA-Z0-9\\+\\=\\/\"']|\\s)+?-----END RSA PRIVATE KEY-----" 465 | confidence: high 466 | - pattern: 467 | name: SSL Certificate 468 | regex: "-----BEGIN CERTIFICATE-----(?:.|\\n)+?\\s-----END CERTIFICATE-----" 469 | confidence: high 470 | - pattern: 471 | name: SWIFT Codes 472 | regex: "[A-Za-z]{4}(?:GB|US|DE|RU|CA|JP|CN)[0-9a-zA-Z]{2,5}$" 473 | confidence: high 474 | - pattern: 475 | name: Samba Password config file 476 | regex: "[a-z]*:\\d{3}:[0-9a-zA-Z]*:[0-9a-zA-Z]*:\\[U\\ \\]:.*" 477 | confidence: high 478 | - pattern: 479 | name: Slack 2FA Backup Codes 480 | regex: "Two-Factor\\s*\\S*Authentication\\s*\\S*Backup\\s*\\S*Codes(?:.|\\n)*[Ss]lack(?:.|\\n)*\\d{9}" 481 | confidence: high 482 | - pattern: 483 | name: UK Drivers License Numbers 484 | regex: "[A-Z]{5}\\d{6}[A-Z]{2}\\d{1}[A-Z]{2}" 485 | confidence: high 486 | - pattern: 487 | name: UK Passport Number 488 | regex: "\\d{10}GB[RP]\\d{7}[UMF]{1}\\d{9}" 489 | confidence: high 490 | - pattern: 491 | name: USBank Routing Numbers - California 492 | regex: "^12(?:1122676|2235821)$" 493 | confidence: high 494 | - pattern: 495 | name: United Bank Routing Number - California 496 | regex: "^122243350$" 497 | confidence: high 498 | - pattern: 499 | name: Wells Fargo Routing Numbers - California 500 | regex: "^121042882$" 501 | confidence: high 502 | - pattern: 503 | name: aws_access_key 504 | regex: "((access[-_]?key[-_]?id)|(ACCESS[-_]?KEY[-_]?ID)|([Aa]ccessKeyId)|(access[_-]?id)).{0,20}AKIA[a-zA-Z0-9+/]{16}[^a-zA-Z0-9+/]" 505 | confidence: high 506 | - pattern: 507 | name: aws_credentials_context 508 | regex: "access_key_id|secret_access_key|AssetSync.configure" 509 | confidence: high 510 | - pattern: 511 | name: aws_secret_key 512 | regex: "((secret[-_]?access[-_]?key)|(SECRET[-_]?ACCESS[-_]?KEY|(private[-_]?key))|([Ss]ecretAccessKey)).{0,20}[^a-zA-Z0-9+/][a-zA-Z0-9+/]{40}\\b" 513 | confidence: high 514 | - pattern: 515 | name: facebook_secret 516 | regex: "(facebook_secret|FACEBOOK_SECRET|facebook_app_secret|FACEBOOK_APP_SECRET)[a-z_ =\\s\"'\\:]{0,5}[^a-zA-Z0-9][a-f0-9]{32}[^a-zA-Z0-9]" 517 | confidence: high 518 | - pattern: 519 | name: github_key 520 | regex: "(GITHUB_SECRET|GITHUB_KEY|github_secret|github_key|github_token|GITHUB_TOKEN|github_api_key|GITHUB_API_KEY)[a-z_ =\\s\"'\\:]{0,10}[^a-zA-Z0-9][a-zA-Z0-9]{40}[^a-zA-Z0-9]" 521 | confidence: high 522 | - pattern: 523 | name: google_two_factor_backup 524 | regex: "(?:BACKUP VERIFICATION CODES|SAVE YOUR BACKUP CODES)[\\s\\S]{0,300}@" 525 | confidence: high 526 | - pattern: 527 | name: heroku_key 528 | regex: "(heroku_api_key|HEROKU_API_KEY|heroku_secret|HEROKU_SECRET)[a-z_ =\\s\"'\\:]{0,10}[^a-zA-Z0-9-]\\w{8}(?:-\\w{4}){3}-\\w{12}[^a-zA-Z0-9\\-]" 529 | confidence: high 530 | - pattern: 531 | name: microsoft_office_365_oauth_context 532 | regex: "https://login.microsoftonline.com/common/oauth2/v2.0/token|https://login.windows.net/common/oauth2/token" 533 | confidence: high 534 | - pattern: 535 | name: pgSQL Connection Information 536 | regex: "(?:postgres|pgsql)\\:\\/\\/" 537 | confidence: high 538 | - pattern: 539 | name: slack_api_key 540 | regex: "(slack_api_key|SLACK_API_KEY|slack_key|SLACK_KEY)[a-z_ =\\s\"'\\:]{0,10}[^a-f0-9][a-f0-9]{32}[^a-f0-9]" 541 | confidence: high 542 | - pattern: 543 | name: slack_api_token 544 | regex: "(xox[pb](?:-[a-zA-Z0-9]+){4,})" 545 | confidence: high 546 | - pattern: 547 | name: ssh_dss_public 548 | regex: "ssh-dss [0-9A-Za-z+/]+[=]{2}" 549 | confidence: high 550 | - pattern: 551 | name: ssh_rsa_public 552 | regex: "ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} [^@]+@[^@]+" 553 | confidence: high 554 | - pattern: 555 | name: IBAN 556 | regex: '[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}' 557 | confidence: high 558 | - pattern: 559 | name: GPS Data 560 | regex: '^([-+]?)([\d]{1,2})(((\.)(\d+)(,)))(\s*)(([-+]?)([\d]{1,3})((\.)(\d+))?)' 561 | confidence: high 562 | - pattern: 563 | name: Blood Type 564 | regex: '^(A|B|AB|O)[-+]$' 565 | confidence: high 566 | - pattern: 567 | name: Date of Birth - 2 568 | regex: '^([1-9]|[12][0-9]|3[01])(\/?\.\-?\-?\s?)(0[1-9]|1[12])(\/?\.?\-?\s?)(19[0-9][0-9]|20[0][0-9]|20[1][0-8])$' 569 | confidence: high 570 | - pattern: 571 | name: Tax Number 572 | regex: '^[0-9]{10}$' 573 | confidence: high 574 | - pattern: 575 | name: Bitcoin Address 576 | regex: '^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$' 577 | confidence: high 578 | -------------------------------------------------------------------------------- /db/sensitive-fields-full.yml: -------------------------------------------------------------------------------- 1 | fields: 2 | - input stripe token 3 | - credentialsinput 4 | - context 5 | - totp_code_field 6 | - field totp code 7 | - bank-account[routing-number]-input 8 | - security_token_input 9 | - last four ssn 10 | - authtokenfield 11 | - receiverstatecode 12 | - address2 13 | - otp 14 | - 2fa_pin_field 15 | - cc-num 16 | - totp-pin-field 17 | - input 18 | - security_pin_input 19 | - fieldpassword1 20 | - input bank account[routing number] 21 | - raw-input 22 | - api_key_field 23 | - ' csrf input' 24 | - house number 25 | - salt_input 26 | - referraltoken 27 | - newpasswordinput 28 | - field password confirm 29 | - input routing acc number 30 | - referrer 31 | - input_card[cvv] 32 | - fieldssn 33 | - card_number_last_four 34 | - credentials-input 35 | - input password confirm 36 | - referrerslastname 37 | - field-csrf 38 | - input-account-number 39 | - credit_card_num 40 | - bank_account_number 41 | - account bank number input 42 | - token 43 | - routingnumberinput 44 | - bankacc[routingnum]field 45 | - bankacc[routingnum] 46 | - -csrf-token 47 | - field-password1 48 | - repeat 49 | - field-auth-token 50 | - certinput 51 | - totp-pin 52 | - fieldcert 53 | - account_routing_number 54 | - input_social_security_num 55 | - field_password2 56 | - authenticity-token 57 | - cc_number_input 58 | - input-ssn 59 | - client secret 60 | - input card num 61 | - field two factor token 62 | - access token input 63 | - country code 64 | - phone 65 | - field-creds 66 | - totp-pin-input 67 | - input-cert 68 | - card number last4 69 | - inputroutingaccountnumber 70 | - routing_acc 71 | - avatar 72 | - json 73 | - funding-source-id 74 | - field-routing-number 75 | - passwd-confirm-field 76 | - card_cvv 77 | - input totp token 78 | - secretfield 79 | - 2fa_token_input 80 | - input two factor token 81 | - inputcardnum 82 | - sender_id 83 | - input_mysql_pwd 84 | - field-bank-account[routing-number] 85 | - input_creds 86 | - routingaccinput 87 | - input cc num 88 | - emaildomain 89 | - acc[routing 90 | - credit_card_number_field 91 | - totp_token_input 92 | - field_two_factor_code 93 | - input_confirm_password 94 | - memberquestionredacted 95 | - field-certificate 96 | - fieldbankacc[routingnumber] 97 | - expiration 98 | - ssn 99 | - issuer-certificate 100 | - input bank acc num 101 | - field__csrf 102 | - field-passwd-confirm 103 | - social-security-num 104 | - 2fa_token_field 105 | - sender_address 106 | - sender-address 107 | - routing-acc-num-input 108 | - bankaccnumberfield 109 | - otp input 110 | - fieldcardnumber 111 | - pin-code 112 | - twofactorcodefield 113 | - acc-number 114 | - stripe_token_field 115 | - security code field 116 | - phone_number 117 | - bank account number input 118 | - field_otp 119 | - totptoken 120 | - pwdinput 121 | - issuer_certificate_input 122 | - privatekey 123 | - social-security-number-input 124 | - cc_num_field 125 | - input_bank_acc[routing_number] 126 | - cvc-number 127 | - field-totp-token 128 | - input_totp_pin 129 | - receiverdevicecontactname 130 | - two_factor_pin 131 | - issuercertificatefield 132 | - api-token-field 133 | - compensation 134 | - csrfinput 135 | - field card cvv 136 | - inputaccnumber 137 | - field-cc-number 138 | - oldpassword 139 | - fieldotpcode 140 | - input cc number 141 | - input-api-token 142 | - debit_card 143 | - input-routing-account-number 144 | - inputraw 145 | - otp_pin_input 146 | - bank acc 147 | - api-token-input 148 | - input-access-token 149 | - card-num 150 | - field_credentials 151 | - field two factor pin 152 | - account-number-input 153 | - cardnuminput 154 | - two_factor_code_input 155 | - input_cc_num 156 | - field account routing number 157 | - middlename 158 | - bankaccountnumfield 159 | - credit-card-num-field 160 | - 2fa token field 161 | - line2 162 | - cc-num-input 163 | - type 164 | - fieldtotptoken 165 | - credit 166 | - credit card field 167 | - input two factor code 168 | - fieldtwofactorcode 169 | - newpasswordfield 170 | - cc_num 171 | - bankaccfield 172 | - bank account[routing number] field 173 | - resetpasswordtoken 174 | - user token 175 | - account bank number field 176 | - bankaccnumber 177 | - input-otp-token 178 | - field-bank-acc-number 179 | - matches_ssn_digest 180 | - member_question 181 | - field_totp_pin 182 | - referral url 183 | - idtoken 184 | - input_two_factor_pin 185 | - field_otp_token 186 | - expiry_date 187 | - client 188 | - input card[num] 189 | - routing-acc 190 | - stripe 191 | - contract 192 | - auth_token_input 193 | - link 194 | - response 195 | - resetpassword 196 | - input2fa 197 | - inputbankacc[routingnumber] 198 | - 2fapininput 199 | - api secret 200 | - input_card_num 201 | - cc number input 202 | - otp_token_input 203 | - fieldrepeatpassword 204 | - country 205 | - rate 206 | - cvv_number 207 | - contract id 208 | - input token 209 | - field_bank_acc[routing_num] 210 | - email domain 211 | - confirm passwd field 212 | - field_confirm_password 213 | - input-bank-acc-num 214 | - acc_number_field 215 | - password1 216 | - inputcardcvv 217 | - field_credit_card_number 218 | - salt-field 219 | - confirm-password 220 | - stripe token 221 | - passwdconfirminput 222 | - creditcardnumber 223 | - input_security_code 224 | - pwd input 225 | - value 226 | - input_credit_card_number 227 | - field 2fa pin 228 | - templatelink 229 | - inputsocialsecuritynum 230 | - fieldotptoken 231 | - key 232 | - city 233 | - otp pin field 234 | - email 235 | - format 236 | - set-cookie 237 | - inputcvv 238 | - sender-zip-code 239 | - field_card_number 240 | - cc-number-input 241 | - password_confirm 242 | - input_password 243 | - input bank acc[routing number] 244 | - field stripe token 245 | - rawfield 246 | - csrf field 247 | - acc number 248 | - routing_acc_input 249 | - pay 250 | - authenticity_token 251 | - card-cvv 252 | - input security pin 253 | - security_pin_field 254 | - routingnumber 255 | - field2fa 256 | - input-pwd 257 | - input bank account num 258 | - passwordconfirmfield 259 | - bin 260 | - sender ip address 261 | - input-totp-pin 262 | - api 263 | - 2fa_field 264 | - ' csrf' 265 | - api_key_input 266 | - private-key 267 | - fieldcard[num] 268 | - fieldbankaccountnumber 269 | - account-bank-number-input 270 | - version 271 | - api-key 272 | - field-card[num] 273 | - key input 274 | - confirmpasswordinput 275 | - passcode 276 | - card last 4 277 | - cc number field 278 | - field_bank_account_num 279 | - given 280 | - field routing acc 281 | - field-password2 282 | - repeatpasswordfield 283 | - referral_token 284 | - input_key 285 | - account_number 286 | - otp pin 287 | - routing-acc-number-field 288 | - receiver-identifier 289 | - card[cvv]input 290 | - 2fatokeninput 291 | - otp-code 292 | - field_card_cvv 293 | - debit-card 294 | - referrersavatarurl 295 | - card_number_input 296 | - groupid 297 | - otptokeninput 298 | - input_passwd_confirm 299 | - response json 300 | - bankaccountnumberinput 301 | - raw field 302 | - passw 303 | - secretinput 304 | - totp field 305 | - input_access_token 306 | - authenticitytoken 307 | - encrypted-password 308 | - bank-acc-number-input 309 | - bank-account[routing-number] 310 | - apitokenfield 311 | - cc 312 | - field bank acc number 313 | - field-card[number] 314 | - bank_acc_field 315 | - template_link 316 | - input-passwd-confirm 317 | - input-old-password 318 | - webhook 319 | - ccnuminput 320 | - bankacc[routingnum]input 321 | - pwd-input 322 | - first name 323 | - response array 324 | - encrypted 325 | - totp token input 326 | - 2fa pin input 327 | - field-bank-acc[routing-number] 328 | - security-pin 329 | - twofactorpinfield 330 | - input-bank-acc-number 331 | - line1 332 | - inputpassword2 333 | - contacts 334 | - fieldbankaccnum 335 | - cvcnumber 336 | - inputtotptoken 337 | - account bank number 338 | - csrf-field 339 | - stripe-token 340 | - passwdconfirmfield 341 | - field bank acc[routing number] 342 | - mysql-pwd-field 343 | - private_key 344 | - fieldcard[number] 345 | - feature_store 346 | - social security number 347 | - segment 348 | - password2-input 349 | - field-card-number 350 | - ' key' 351 | - repeatpassword 352 | - inputcardnumber 353 | - input 2fa pin 354 | - field_2fa_code 355 | - routingaccountnumberinput 356 | - input password1 357 | - account number 358 | - input_2fa_code 359 | - merchant 360 | - input-password1 361 | - auth token field 362 | - pan-bin 363 | - raw_webhook_response 364 | - two-factor-code-input 365 | - otp-token 366 | - referrers-avatar-url 367 | - 2fa_pin_input 368 | - credit_card_num_input 369 | - inputrepeatpassword 370 | - field secret 371 | - bank_account[routing_number]_field 372 | - postal 373 | - confirm_passwd 374 | - field_security_code 375 | - bankacc[routingnumber]field 376 | - country-code 377 | - field_card[cvv] 378 | - private-key-field 379 | - postal_code 380 | - bank_acc[routing_num]_field 381 | - field routing acc num 382 | - bank-acc-input 383 | - fieldccnum 384 | - account_number_field 385 | - stated_income 386 | - cvv input 387 | - date_of_birth 388 | - login 389 | - inputpasswdconfirm 390 | - state-code 391 | - passwd confirm field 392 | - field otp code 393 | - inputcreditcardnum 394 | - input password 395 | - totp-token-field 396 | - gross pay amount 397 | - card number 398 | - bank account number field 399 | - old 400 | - code 401 | - creds_input 402 | - rawwebhookresponse 403 | - api key input 404 | - totppinfield 405 | - category 406 | - otptoken 407 | - ssn input 408 | - rule_format 409 | - input passwd confirm 410 | - passwd_input 411 | - receiver address 412 | - routing_number_field 413 | - input_bank_acc_num 414 | - access-token 415 | - private 416 | - question 417 | - input-security-token 418 | - field cert 419 | - receiver zip code 420 | - account number input 421 | - 2fapinfield 422 | - last-4-ssn 423 | - accnumberfield 424 | - field-passwd 425 | - input_2fa_token 426 | - input totp code 427 | - inputoldpassword 428 | - field_auth_token 429 | - credit-card-number-field 430 | - field confirm passwd 431 | - expiration_date 432 | - field_2fa 433 | - repeat-password-input 434 | - inputroutingacc 435 | - otp-input 436 | - social_security_number 437 | - inputapikey 438 | - debit 439 | - house 440 | - old password input 441 | - responsejson 442 | - mysql 443 | - field_bank_acc_number 444 | - field_csrf 445 | - field auth token 446 | - apitokeninput 447 | - passwd-field 448 | - last 4 ssn 449 | - totp_token_field 450 | - security 451 | - card[number]_field 452 | - field_salt 453 | - otp-token-input 454 | - fieldoldpassword 455 | - input routing account number 456 | - last 457 | - mobile 458 | - routing_account_number_input 459 | - device_id 460 | - compensation_amount 461 | - full-name 462 | - receiver_state_code 463 | - challenge 464 | - x client data 465 | - pin_input 466 | - security-code-field 467 | - access token 468 | - input two factor pin 469 | - mysqlpwdfield 470 | - new password 471 | - private key input 472 | - membername 473 | - social security num field 474 | - input-social-security-num 475 | - totp-token-input 476 | - bank account field 477 | - salt 478 | - authtoken 479 | - last4ssn 480 | - fieldtwofactortoken 481 | - group-id 482 | - field credit card 483 | - routing-number-input 484 | - field-access-token 485 | - key-field 486 | - input-auth-token 487 | - password_input 488 | - security-token 489 | - bank-account-input 490 | - pin-input 491 | - two factor token input 492 | - key_field 493 | - uuid 494 | - bank acc[routing num] input 495 | - new-password-input 496 | - field-security-token 497 | - acc number field 498 | - member_question_redacted 499 | - two factor code field 500 | - field_ssn 501 | - fieldcreds 502 | - primary_account_number 503 | - inputotpcode 504 | - field_pwd 505 | - keyinput 506 | - new_password 507 | - fundingsourceid 508 | - inputtotppin 509 | - password1-field 510 | - card_last_4 511 | - contractid 512 | - input mysql pwd 513 | - setcookie 514 | - input_pwd 515 | - pin 516 | - property_id 517 | - zip-code 518 | - cc_num_input 519 | - input-otp-code 520 | - accountbanknumberinput 521 | - totp_code 522 | - field repeat password 523 | - house details 524 | - routing number input 525 | - two-factor-token 526 | - field_bank_acc[routing_number] 527 | - member question redacted 528 | - input_card[number] 529 | - receiver state code 530 | - statecode 531 | - input-2fa-pin 532 | - referrers-first-name 533 | - totp-code-input 534 | - receiver_ip_address 535 | - csrf-input 536 | - bankaccountinput 537 | - pininput 538 | - fieldaccountroutingnumber 539 | - password_confirm_field 540 | - routing_acc_number 541 | - facetid 542 | - card_num_input 543 | - account_bank_number_field 544 | - last_four 545 | - password2_input 546 | - cert 547 | - mysql-pwd 548 | - otp code field 549 | - cert-field 550 | - bank_account_field 551 | - ccnumber 552 | - 2fa pin field 553 | - bank-acc-number-field 554 | - confirm 555 | - repeat password field 556 | - bank account 557 | - two_factor_code_field 558 | - field_bank_account 559 | - reset-password 560 | - input-csrf 561 | - stripe-token-input 562 | - input-routing-acc 563 | - bank_acc[routing_num]_input 564 | - password_confirm_input 565 | - otppinfield 566 | - rawinput 567 | - field token 568 | - field 569 | - totp-input 570 | - bank_acc_number 571 | - confirmpasswdinput 572 | - check-amount 573 | - mysql pwd 574 | - raw input 575 | - field passwd 576 | - field-security-code 577 | - socialsecuritynumberinput 578 | - card[number] field 579 | - details 580 | - totpcodefield 581 | - social_security_number_field 582 | - security token 583 | - otp-pin-field 584 | - input_ssn 585 | - social-security-number 586 | - inputcard[number] 587 | - url 588 | - expiry 589 | - creds_field 590 | - stated income 591 | - routingaccnumberfield 592 | - phone-number 593 | - 2fa_token 594 | - password 595 | - id-token 596 | - passwordfield 597 | - 2fa_code 598 | - input-totp-token 599 | - field 2fa 600 | - feedback 601 | - sender-id 602 | - field-credit-card 603 | - fieldroutingaccountnumber 604 | - identifier 605 | - twofactortoken 606 | - security pin 607 | - middle 608 | - mysql_pwd_input 609 | - account_bank_number_input 610 | - crypt 611 | - field bank account[routing number] 612 | - input2fatoken 613 | - pan bin 614 | - field-card-cvv 615 | - creds-field 616 | - cardexpiration 617 | - field-mysql-pwd 618 | - fieldsocialsecuritynumber 619 | - csrf input 620 | - sender-device-id 621 | - access_token_input 622 | - debit card 623 | - contact 624 | - private_key_input 625 | - input_otp_token 626 | - bank_acc_num_input 627 | - account routing number 628 | - field otp 629 | - 2fa input 630 | - token-input 631 | - matches 632 | - id 633 | - input_routing_account_number 634 | - field salt 635 | - lastfourssn 636 | - field pwd 637 | - inputaccountroutingnumber 638 | - field_certificate 639 | - input social security num 640 | - inputcard[cvv] 641 | - array 642 | - confirm_password_input 643 | - authorization 644 | - input account number 645 | - cert input 646 | - field_old_password 647 | - routingaccountnumberfield 648 | - creditcard 649 | - input otp pin 650 | - field-otp-token 651 | - auth-token-field 652 | - password-confirm 653 | - secret-input 654 | - input-password2 655 | - field2facode 656 | - cvvfield 657 | - account[routing 658 | - credit-card-input 659 | - routing 660 | - field-totp-code 661 | - password2_field 662 | - set 663 | - cardnumberfield 664 | - certificateinput 665 | - receiver-state-code 666 | - certificate 667 | - '4' 668 | - stripetoken 669 | - field api key 670 | - input2facode 671 | - cvc_number 672 | - csrf_input 673 | - inputprivatekey 674 | - otp-code-input 675 | - sendername 676 | - primaryaccountnumber 677 | - expiration-date 678 | - bank-account-num-field 679 | - input_routing_acc 680 | - input-2fa-token 681 | - input-card[cvv] 682 | - password1 field 683 | - field new password 684 | - bank acc number field 685 | - otp pin input 686 | - input-raw 687 | - pin-field 688 | - bankaccountfield 689 | - ssnfield 690 | - input-account-bank-number 691 | - -key 692 | - passwordconfirm 693 | - field-two-factor-code 694 | - two factor code 695 | - fieldcard[cvv] 696 | - bank acc[routing number] field 697 | - field social security number 698 | - secret_input 699 | - totpfield 700 | - routing acc number input 701 | - password2 702 | - password1_input 703 | - bank-acc[routing-number] 704 | - 2fa_code_field 705 | - field-token 706 | - input credit card num 707 | - bank_account[routing_number]_input 708 | - field-api-token 709 | - input-2fa-code 710 | - field passwd confirm 711 | - credit-card-field 712 | - inputcreditcard 713 | - input credentials 714 | - sender-name 715 | - date ofbirth 716 | - input_api_token 717 | - pan_last_4 718 | - field-routing-acc-number 719 | - field-cvv 720 | - inputbankaccountnum 721 | - field_cc_number 722 | - confirm password input 723 | - input_cvv 724 | - user_ip 725 | - pay friend id 726 | - routingaccnum 727 | - input_cert 728 | - bank acc[routing num] 729 | - email address 730 | - routingaccnumber 731 | - input-card[num] 732 | - input_bank_acc 733 | - user_ip_address 734 | - field_totp_token 735 | - passwd input 736 | - creditcardnumberinput 737 | - mfa 738 | - lname 739 | - input-credit-card-number 740 | - issuer_certificate 741 | - ' csrf field' 742 | - bank account[routing number] 743 | - field_passwd 744 | - field-old-password 745 | - fieldroutingacc 746 | - securitycodefield 747 | - employername 748 | - inputcert 749 | - two factor token 750 | - cvv-input 751 | - property name 752 | - password-confirm-field 753 | - inputkey 754 | - input-bank-acc[routing-num] 755 | - card-num-input 756 | - field account bank number 757 | - issuer 758 | - fieldcreditcardnumber 759 | - input 2fa 760 | - device id 761 | - totp-code 762 | - creditcardnuminput 763 | - field-pwd 764 | - old_password 765 | - state_code 766 | - otp-code-field 767 | - referrers last name 768 | - credit_card_field 769 | - old-password-input 770 | - fieldroutingnumber 771 | - routingacc 772 | - -csrf-input 773 | - input social security number 774 | - routing acc num input 775 | - credit card number input 776 | - token field 777 | - referrers-last-name 778 | - field-bank-acc-num 779 | - input_security_token 780 | - creditcardnum 781 | - card num 782 | - merchant_name 783 | - bank-acc 784 | - employer name 785 | - input cvv 786 | - sender_device_id 787 | - field_routing_acc 788 | - routing acc num 789 | - routing acc number field 790 | - ofbirth 791 | - totp token field 792 | - bankaccount 793 | - inputsalt 794 | - bankaccnum 795 | - comments 796 | - credit card number field 797 | - security-token-input 798 | - bankaccountnum 799 | - password1 input 800 | - privatekeyinput 801 | - routing_acc_number_input 802 | - cvv number 803 | - certificate-field 804 | - stated 805 | - fieldtotpcode 806 | - field card[number] 807 | - pwd_field 808 | - agent email 809 | - field_cvv 810 | - pan-last-4 811 | - code_verifier 812 | - sender id 813 | - housedetails 814 | - key-input 815 | - input-cc-num 816 | - 2fa-code-field 817 | - field-acc-number 818 | - input_routing_acc_num 819 | - card cvv field 820 | - field-two-factor-token 821 | - reset password token 822 | - private key 823 | - member name 824 | - referrers first name 825 | - bankaccountnumberfield 826 | - first 827 | - input csrf 828 | - input ssn 829 | - totp-field 830 | - otp field 831 | - firstname 832 | - mysql pwd field 833 | - auth token input 834 | - inputtwofactortoken 835 | - security_token 836 | - accountnumber 837 | - state code 838 | - field_account_routing_number 839 | - confirm_passwd_field 840 | - input-otp-pin 841 | - receiver-zip-code 842 | - field bank account number 843 | - input-mysql-pwd 844 | - field routing account number 845 | - acc_number_input 846 | - code-verifier 847 | - totppin 848 | - card[number]-field 849 | - field_private_key 850 | - last-four-ssn 851 | - insurer_name 852 | - routing-acc-num-field 853 | - useripaddress 854 | - xclientdata 855 | - repeat-password-field 856 | - receiver device contact name 857 | - social-security-number-field 858 | - receiver_device_contact_name 859 | - num] 860 | - credit-card-number 861 | - mobile phone 862 | - senderzipcode 863 | - input card[cvv] 864 | - credit_card_num_field 865 | - device 866 | - template link 867 | - input_totp_token 868 | - matchesssndigest 869 | - acc_number 870 | - bank-acc[routing-num]-field 871 | - input-bank-acc[routing-number] 872 | - inputbankaccount[routingnumber] 873 | - secret input 874 | - fieldconfirmpassword 875 | - api key field 876 | - authenticity 877 | - routing acc 878 | - input_stripe_token 879 | - otp_input 880 | - 2fa code input 881 | - cardnum 882 | - accountbanknumber 883 | - fieldroutingaccnumber 884 | - authenticity token 885 | - password-field 886 | - field_stripe_token 887 | - input_acc_number 888 | - postalcode 889 | - bankaccnumberinput 890 | - middle-name 891 | - cardsecuritycode 892 | - 2fa-pin-field 893 | - card_number 894 | - credentials field 895 | - bank_account[routing_number] 896 | - 2fa_pin 897 | - field_issuer_certificate 898 | - verifier 899 | - security_code 900 | - creds-input 901 | - pwd-field 902 | - bank acc field 903 | - social_security_num_input 904 | - member question 905 | - group 906 | - saltinput 907 | - bank-acc-field 908 | - inputpasswd 909 | - dob 910 | - input passwd 911 | - field-confirm-passwd 912 | - input-card-num 913 | - routingaccnuminput 914 | - ccnumberinput 915 | - input confirm passwd 916 | - created_date 917 | - issuer certificate 918 | - field_creds 919 | - input_salt 920 | - bank acc[routing number] 921 | - salt_field 922 | - two_factor_pin_field 923 | - reset 924 | - fieldmysqlpwd 925 | - apikeyfield 926 | - input-two-factor-token 927 | - bankacc[routingnumber] 928 | - property-version 929 | - inputotppin 930 | - response_json 931 | - password-confirm-input 932 | - password1input 933 | - code verifier 934 | - bank_acc_num 935 | - tokenfield 936 | - inputtoken 937 | - field creds 938 | - cardcvv 939 | - mysql pwd input 940 | - auth-token-input 941 | - fieldaccountbanknumber 942 | - input otp token 943 | - responsearray 944 | - fieldcardcvv 945 | - input_2fa_pin 946 | - appid 947 | - field credentials 948 | - routing_number_input 949 | - client id 950 | - confirm-password-field 951 | - debitcard 952 | - field_access_token 953 | - 2fa-pin-input 954 | - credentialsfield 955 | - two factor code input 956 | - inputotp 957 | - account-routing-number 958 | - 2fa_input 959 | - full name 960 | - password2-field 961 | - issuer-certificate-input 962 | - inputroutingaccnum 963 | - group_id 964 | - senderdeviceid 965 | - ssn field 966 | - card-expiration 967 | - field card[cvv] 968 | - input-security-pin 969 | - card cvv input 970 | - field_key 971 | - bank_account_num 972 | - otp_pin 973 | - friend 974 | - cc-num-field 975 | - accountroutingnumberinput 976 | - x_client_data 977 | - credsinput 978 | - last-name 979 | - funding source id 980 | - routing-acc-number-input 981 | - input-private-key 982 | - fieldapikey 983 | - bank-account 984 | - field_card[number] 985 | - bank acc[routing number] input 986 | - otpcodefield 987 | - otp token field 988 | - bank_acc[routing_number]_field 989 | - bankaccount[routingnumber]input 990 | - credit_card 991 | - inputaccountbanknumber 992 | - bank-account-number-input 993 | - inputauthtoken 994 | - totp_code_input 995 | - bank-account-num-input 996 | - field_bank_account_number 997 | - inputcredentials 998 | - bank-acc-num 999 | - segment device id 1000 | - field_card_num 1001 | - accountid 1002 | - field_token 1003 | - input-key 1004 | - ssn-input 1005 | - fieldsocialsecuritynum 1006 | - segment_device_id 1007 | - fieldpasswd 1008 | - assertion 1009 | - password1_field 1010 | - bank account num field 1011 | - created date 1012 | - ruleformat 1013 | - field-otp-code 1014 | - routing number field 1015 | - certificate_field 1016 | - field_otp_code 1017 | - sender name 1018 | - cvv 1019 | - totpcodeinput 1020 | - inputsecret 1021 | - field card number 1022 | - input_pin 1023 | - input_bank_account_num 1024 | - routing-account-number 1025 | - sender address 1026 | - field_cc_num 1027 | - raw_field 1028 | - referral token 1029 | - tax_id 1030 | - net pay amount 1031 | - field two factor code 1032 | - card-cvv-field 1033 | - inputtotpcode 1034 | - zip code 1035 | - lastfour 1036 | - input-social-security-number 1037 | - input_credit_card 1038 | - account_id 1039 | - cc_number_field 1040 | - fieldconfirmpasswd 1041 | - field-card-num 1042 | - property-id 1043 | - card[number]_input 1044 | - employer-name 1045 | - input_otp_code 1046 | - bank_account_number_field 1047 | - sender device id 1048 | - cc_number 1049 | - access-token-field 1050 | - field pin 1051 | - input bank account number 1052 | - field_password1 1053 | - certfield 1054 | - receiverzipcode 1055 | - input-routing-acc-num 1056 | - otp-pin-input 1057 | - num 1058 | - account routing number input 1059 | - input salt 1060 | - referrer-token 1061 | - 2fa-input 1062 | - csrffield 1063 | - routingnumberfield 1064 | - inputcreds 1065 | - authentication_token 1066 | - name 1067 | - routing acc input 1068 | - input credit card number 1069 | - input bank acc 1070 | - input_account_number 1071 | - confirm_passwd_input 1072 | - account id 1073 | - insurer-name 1074 | - cc-number 1075 | - template-link 1076 | - fieldnewpassword 1077 | - merchantname 1078 | - creds field 1079 | - input_secret 1080 | - bank 1081 | - propertyname 1082 | - inputconfirmpassword 1083 | - field cvv 1084 | - member 1085 | - panbin 1086 | - fieldbankacc[routingnum] 1087 | - security_code_field 1088 | - field-routing-acc-num 1089 | - inputbankacc[routingnum] 1090 | - deviceid 1091 | - fieldaccesstoken 1092 | - inputcard[num] 1093 | - input-issuer-certificate 1094 | - access-token-input 1095 | - field-credit-card-num 1096 | - device-id 1097 | - account-bank-number 1098 | - field-2fa 1099 | - insurer 1100 | - totptokeninput 1101 | - security-token-field 1102 | - security code input 1103 | - year 1104 | - creditcardnumberfield 1105 | - pin_code 1106 | - issuer-certificate-field 1107 | - cardcvvfield 1108 | - secret_field 1109 | - password confirm input 1110 | - routing-account-number-input 1111 | - new_password_field 1112 | - netpayamount 1113 | - input 2fa token 1114 | - last name 1115 | - field-card[cvv] 1116 | - last_four_ssn 1117 | - field-cert 1118 | - routing_acc_num 1119 | - field bank acc[routing num] 1120 | - password-input 1121 | - input-certificate 1122 | - field access token 1123 | - field_cert 1124 | - primary 1125 | - csrf 1126 | - input-card-number 1127 | - fieldtoken 1128 | - issuer_certificate_field 1129 | - x-client-data 1130 | - zip_code 1131 | - private-key-input 1132 | - pincode 1133 | - payfriendid 1134 | - accountroutingnumberfield 1135 | - inputbankaccnumber 1136 | - inputaccountnumber 1137 | - certificate input 1138 | - referrers avatar url 1139 | - field_confirm_passwd 1140 | - acc-number-field 1141 | - card[cvv] input 1142 | - sender_state_code 1143 | - input api token 1144 | - card[number] 1145 | - inputtotp 1146 | - field_two_factor_token 1147 | - account-number 1148 | - mobile-phone 1149 | - gross_pay_amount 1150 | - two-factor-code-field 1151 | - senderid 1152 | - input-bank-account[routing-number] 1153 | - field social security num 1154 | - merchant-name 1155 | - 2facode 1156 | - securitytokeninput 1157 | - card_num_field 1158 | - accountnumberinput 1159 | - bank_acc_input 1160 | - otp_field 1161 | - field-new-password 1162 | - fieldapitoken 1163 | - referrers_first_name 1164 | - last_4 1165 | - referral 1166 | - input-api-key 1167 | - input-new-password 1168 | - store 1169 | - routing acc number 1170 | - input-bank-account 1171 | - field-totp 1172 | - credentials_input 1173 | - bank account num input 1174 | - 2fa token input 1175 | - card number input 1176 | - agentemail 1177 | - input_csrf 1178 | - credit_card_input 1179 | - input-salt 1180 | - gross 1181 | - mysql-pwd-input 1182 | - receiveripaddress 1183 | - otpcodeinput 1184 | - input_otp_pin 1185 | - field_account_bank_number 1186 | - input otp code 1187 | - creditcardinput 1188 | - field_security_pin 1189 | - date-ofbirth 1190 | - fieldbankaccountnum 1191 | - ccnum 1192 | - bank-account-field 1193 | - passwd_confirm 1194 | - otp-pin 1195 | - otptokenfield 1196 | - credit-card-number-input 1197 | - fcparams 1198 | - fieldsecuritypin 1199 | - segment-device-id 1200 | - cc num 1201 | - bank_account_input 1202 | - field cc num 1203 | - inputccnum 1204 | - 2fa-token-input 1205 | - fieldcreditcard 1206 | - pay-friend-id 1207 | - authentication token 1208 | - field-2fa-code 1209 | - postal code 1210 | - passwd-confirm 1211 | - referrers_last_name 1212 | - email_domain 1213 | - apitranskey 1214 | - access token field 1215 | - input raw 1216 | - routing-acc-num 1217 | - employer_name 1218 | - routing-acc-input 1219 | - field totp 1220 | - twofactorpininput 1221 | - check_amount 1222 | - two_factor_token 1223 | - memberquestion 1224 | - card[number] input 1225 | - card[number]input 1226 | - password2field 1227 | - first_name 1228 | - fieldcreditcardnum 1229 | - account_routing_number_input 1230 | - fieldcvv 1231 | - bankacc[routingnumber]input 1232 | - fieldpassword2 1233 | - confirm_password 1234 | - field mysql pwd 1235 | - bank_acc[routing_num] 1236 | - referrers 1237 | - field-social-security-num 1238 | - otpinput 1239 | - card[num]-input 1240 | - stripetokeninput 1241 | - passwd_confirm_field 1242 | - fieldpasswdconfirm 1243 | - routing_acc_num_input 1244 | - routing acc field 1245 | - field_totp 1246 | - house-number 1247 | - field-credit-card-number 1248 | - source 1249 | - response-json 1250 | - template 1251 | - creds input 1252 | - property-name 1253 | - 2fa field 1254 | - primary_phone 1255 | - input-totp-code 1256 | - funding_source_id 1257 | - old-password-field 1258 | - stripetokenfield 1259 | - fieldsalt 1260 | - rule-format 1261 | - otp_code 1262 | - clientsecret 1263 | - securitypininput 1264 | - response_array 1265 | - field_routing_number 1266 | - two-factor-pin-input 1267 | - input_confirm_passwd 1268 | - zip 1269 | - api-key-field 1270 | - inputpwd 1271 | - fieldissuercertificate 1272 | - account_number_input 1273 | - bank account[routing number] input 1274 | - accountnumberfield 1275 | - primary phone 1276 | - inputsocialsecuritynumber 1277 | - inputccnumber 1278 | - acc 1279 | - repeat_password_input 1280 | - routing_acc_field 1281 | - certificate field 1282 | - created 1283 | - totp pin field 1284 | - totp token 1285 | - totp 1286 | - input-password-confirm 1287 | - socialsecuritynumberfield 1288 | - account-routing-number-field 1289 | - totp-token 1290 | - user ip address 1291 | - countrycode 1292 | - compensation-amount 1293 | - 2fa code field 1294 | - state 1295 | - pwd field 1296 | - input_2fa 1297 | - field_repeat_password 1298 | - _key 1299 | - input_security_pin 1300 | - creditcardnumfield 1301 | - given_name 1302 | - two factor pin 1303 | - bank_account_num_input 1304 | - confirm password field 1305 | - issuercertificate 1306 | - raw_input 1307 | - card cvv 1308 | - country_code 1309 | - field issuer certificate 1310 | - email_address 1311 | - security_token_field 1312 | - 2facodefield 1313 | - otp_token 1314 | - authenticationtoken 1315 | - input bank acc number 1316 | - twofactortokenfield 1317 | - secret field 1318 | - 2fa-code-input 1319 | - fieldbankaccnumber 1320 | - field2fapin 1321 | - inputotptoken 1322 | - bank-acc[routing-num]-input 1323 | - employer 1324 | - input_totp_code 1325 | - field_social_security_number 1326 | - inputbankacc 1327 | - raw-webhook-response 1328 | - field routing number 1329 | - security code 1330 | - field ssn 1331 | - authentication-token 1332 | - secret-field 1333 | - field-raw 1334 | - inputaccesstoken 1335 | - 2fa-code 1336 | - field-api-key 1337 | - card-number-last-four 1338 | - cvv_field 1339 | - bank_acc_number_field 1340 | - totp_pin_field 1341 | - card[num]input 1342 | - tax id 1343 | - field-account-bank-number 1344 | - field-two-factor-pin 1345 | - input_card_number 1346 | - field-bank-acc[routing-num] 1347 | - security-code-input 1348 | - auth_token_field 1349 | - sender 1350 | - givenname 1351 | - input_private_key 1352 | - member-question-redacted 1353 | - routing number 1354 | - password1field 1355 | - input-confirm-passwd 1356 | - stated-income 1357 | - receiver-ip-address 1358 | - net-pay-amount 1359 | - number 1360 | - field-totp-pin 1361 | - api token 1362 | - fieldsecuritycode 1363 | - api token input 1364 | - card[cvv] 1365 | - field old password 1366 | - user-token 1367 | - repeat_password 1368 | - inputpasswordconfirm 1369 | - bank account input 1370 | - field-salt 1371 | - otp_code_field 1372 | - tax 1373 | - gender 1374 | - bankaccnumfield 1375 | - bank_account_num_field 1376 | - inputpassword 1377 | - input pwd 1378 | - repeat password 1379 | - input_routing_number 1380 | - security_code_input 1381 | - api_token_input 1382 | - auth token 1383 | - field csrf 1384 | - input_raw 1385 | - passwd_field 1386 | - input-routing-number 1387 | - card_cvv_field 1388 | - field-stripe-token 1389 | - input card cvv 1390 | - input_issuer_certificate 1391 | - fullname 1392 | - securitypin 1393 | - credit-card 1394 | - receiver-device-contact-name 1395 | - credentials_field 1396 | - input new password 1397 | - createddate 1398 | - totp code field 1399 | - date 1400 | - routing_account_number_field 1401 | - house_details 1402 | - first-name 1403 | - property version 1404 | - account 1405 | - confirm_password_field 1406 | - input-two-factor-pin 1407 | - encrypted password 1408 | - field-2fa-token 1409 | - pin_field 1410 | - fieldpin 1411 | - _csrf_input 1412 | - input old password 1413 | - _csrf_token 1414 | - field-issuer-certificate 1415 | - net_pay_amount 1416 | - input issuer certificate 1417 | - api-key-input 1418 | - memo 1419 | - field-bank-acc 1420 | - field_account_number 1421 | - senderipaddress 1422 | - fieldotp 1423 | - email-address 1424 | - field_api_token 1425 | - grosspayamount 1426 | - credit card num input 1427 | - routing-number-field 1428 | - bank-acc-num-input 1429 | - acc number input 1430 | - card-number 1431 | - referral-token 1432 | - input_account_bank_number 1433 | - access_token_field 1434 | - inputstripetoken 1435 | - card number last 4 1436 | - input_old_password 1437 | - last-4 1438 | - -csrf-field 1439 | - otp_token_field 1440 | - apitoken 1441 | - field bank acc 1442 | - field cc number 1443 | - old password field 1444 | - field card num 1445 | - field-account-routing-number 1446 | - password field 1447 | - new password input 1448 | - input security code 1449 | - field bank acc num 1450 | - receiver_zip_code 1451 | - field credit card number 1452 | - field-security-pin 1453 | - field_bank_account[routing_number] 1454 | - two_factor_token_input 1455 | - card expiration 1456 | - two-factor-token-input 1457 | - referrer token 1458 | - input access token 1459 | - card_number_last4 1460 | - income 1461 | - two 1462 | - 2fa token 1463 | - totp_field 1464 | - receiveridentifier 1465 | - tokeninput 1466 | - given-name 1467 | - feature 1468 | - ccnumfield 1469 | - sender_zip_code 1470 | - credit card input 1471 | - input-token 1472 | - inputcsrf 1473 | - card[num] input 1474 | - referralurl 1475 | - credit-card-num-input 1476 | - cc number 1477 | - 2fafield 1478 | - passwd 1479 | - pwd 1480 | - auth_token 1481 | - cvv-number 1482 | - confirm-passwd-field 1483 | - propertyid 1484 | - fieldpassword 1485 | - confirm-password-input 1486 | - field_2fa_pin 1487 | - matches ssn digest 1488 | - input-credentials 1489 | - cardnumberinput 1490 | - input totp pin 1491 | - input-passwd 1492 | - card[cvv]_field 1493 | - cardcvvinput 1494 | - field-cc-num 1495 | - bank acc num input 1496 | - input card number 1497 | - bankaccountnuminput 1498 | - date-of-birth 1499 | - last_name 1500 | - fieldpasswordconfirm 1501 | - card number last four 1502 | - account-bank-number-field 1503 | - passwd-confirm-input 1504 | - totppininput 1505 | - creds 1506 | - inputbankaccnum 1507 | - totp_pin_input 1508 | - accesstokeninput 1509 | - input-account-routing-number 1510 | - inputssn 1511 | - panlast4 1512 | - member-name 1513 | - property id 1514 | - repeat password input 1515 | - field_credit_card 1516 | - routing_acc_num_field 1517 | - ssninput 1518 | - input_token 1519 | - totp-code-field 1520 | - field 2fa code 1521 | - inputcertificate 1522 | - repeatpasswordinput 1523 | - fieldsecuritytoken 1524 | - feature-store 1525 | - two-factor-pin-field 1526 | - otp token 1527 | - referrer_token 1528 | - otp-field 1529 | - card num field 1530 | - postal-code 1531 | - field_card[num] 1532 | - field raw 1533 | - input-password 1534 | - cvv-field 1535 | - routing acc num field 1536 | - lastname 1537 | - mysql_pwd 1538 | - stripe token input 1539 | - oldpasswordfield 1540 | - address 1541 | - fname 1542 | - passwdconfirm 1543 | - bank-acc[routing-number]-input 1544 | - input api key 1545 | - credit card number 1546 | - checkamount 1547 | - input-cc-number 1548 | - pan last 4 1549 | - keyfield 1550 | - socialsecuritynumber 1551 | - bank-account-number-field 1552 | - input-bank-acc 1553 | - card[number]field 1554 | - expiry-date 1555 | - routing_account_number 1556 | - input_auth_token 1557 | - token_field 1558 | - mobilephone 1559 | - confirm passwd 1560 | - input-routing-acc-number 1561 | - last four 1562 | - contract-id 1563 | - input_certificate 1564 | - expiry date 1565 | - cvv field 1566 | - field-otp-pin 1567 | - field password 1568 | - social-security-num-field 1569 | - 2fa 1570 | - field-routing-account-number 1571 | - security pin field 1572 | - input_password2 1573 | - card[cvv]field 1574 | - inputnewpassword 1575 | - input private key 1576 | - raw webhook response 1577 | - pwdfield 1578 | - referral_url 1579 | - zipcode 1580 | - fieldaccnumber 1581 | - input-credit-card-num 1582 | - cvvnumber 1583 | - otppininput 1584 | - rule 1585 | - field-routing-acc 1586 | - raw 1587 | - old_password_input 1588 | - card-number-last4 1589 | - matches-ssn-digest 1590 | - card[num] field 1591 | - 2fa_code_input 1592 | - pin input 1593 | - pinfield 1594 | - input routing acc num 1595 | - card-number-input 1596 | - input otp 1597 | - cvvinput 1598 | - routingaccountnumber 1599 | - referrersfirstname 1600 | - field_security_token 1601 | - body 1602 | - cert field 1603 | - field_new_password 1604 | - confirmpasswordfield 1605 | - field api token 1606 | - field bank account 1607 | - receiver-address 1608 | - card-num-field 1609 | - input_password1 1610 | - input acc number 1611 | - password input 1612 | - input-confirm-password 1613 | - card[number]-input 1614 | - property 1615 | - salt input 1616 | - two factor pin input 1617 | - fieldcredentials 1618 | - input-card[number] 1619 | - inputsecuritypin 1620 | - totp_token 1621 | - issuer certificate field 1622 | - sender state code 1623 | - 2fa code 1624 | - input_cc_number 1625 | - securitypinfield 1626 | - compensation amount 1627 | - 2fatokenfield 1628 | - api key 1629 | - field password2 1630 | - user ip 1631 | - fieldcsrf 1632 | - field_api_key 1633 | - card[cvv]_input 1634 | - card_num 1635 | - accnumber 1636 | - securitycode 1637 | - account_bank_number 1638 | - old_password_field 1639 | - sender zip code 1640 | - two-factor-token-field 1641 | - passwd_confirm_input 1642 | - field_bank_acc_num 1643 | - input__csrf 1644 | - contract_id 1645 | - field_routing_acc_number 1646 | - routingaccnumfield 1647 | - two_factor_token_field 1648 | - card[cvv]-input 1649 | - bank-account[routing-number]-field 1650 | - ip 1651 | - encrypted_password 1652 | - routing account number field 1653 | - clientid 1654 | - usertoken 1655 | - receiver ip address 1656 | - sender-ip-address 1657 | - input csrf 1658 | - cvv_input 1659 | - cc num field 1660 | - input_new_password 1661 | - raw-field 1662 | - routing-account-number-field 1663 | - bank-acc[routing-num] 1664 | - funding 1665 | - account-id 1666 | - two factor token field 1667 | - field_2fa_token 1668 | - fieldraw 1669 | - securitytokenfield 1670 | - password2 field 1671 | - 2fa pin 1672 | - client-id 1673 | - fieldtwofactorpin 1674 | - cc-number-field 1675 | - salt-input 1676 | - field security code 1677 | - totp code input 1678 | - social 1679 | - bank acc num 1680 | - routing-acc-field 1681 | - inputroutingaccnumber 1682 | - two-factor-code 1683 | - inputconfirmpasswd 1684 | - confirm-passwd-input 1685 | - emailaddress 1686 | - token input 1687 | - primary-account-number 1688 | - input_otp 1689 | - card[cvv]-field 1690 | - totp pin input 1691 | - twofactorcode 1692 | - last_4_ssn 1693 | - serverdata 1694 | - referrers_avatar_url 1695 | - cert-input 1696 | - card_expiration 1697 | - cookie 1698 | - new-password 1699 | - input-two-factor-code 1700 | - apisecret 1701 | - member-question 1702 | - client-secret 1703 | - field-password 1704 | - expirydate 1705 | - input_two_factor_code 1706 | - confirmpasswd 1707 | - stripe_token 1708 | - compensationamount 1709 | - field_two_factor_pin 1710 | - bearer 1711 | - bank-acc-num-field 1712 | - input totp 1713 | - two_factor_pin_input 1714 | - routingaccnumberinput 1715 | - bank acc number 1716 | - field bank account num 1717 | - input routing number 1718 | - input2fapin 1719 | - last 4 1720 | - cardnumber 1721 | - input-repeat-password 1722 | - field-key 1723 | - user 1724 | - mysql_pwd_field 1725 | - field-social-security-number 1726 | - card-number-field 1727 | - fieldaccountnumber 1728 | - cardlast4 1729 | - encryptedpassword 1730 | - card[num] 1731 | - pan_bin 1732 | - card[num]_input 1733 | - input auth token 1734 | - fieldsecret 1735 | - passwordinput 1736 | - reset password 1737 | - bankacc 1738 | - password2input 1739 | - message 1740 | - input account routing number 1741 | - two-factor-pin 1742 | - input pin 1743 | - fieldcardnum 1744 | - receiveraddress 1745 | - primaryphone 1746 | - field_password 1747 | - date_ofbirth 1748 | - field-bank-account-num 1749 | - social security num 1750 | - user-ip 1751 | - account_routing_number_field 1752 | - otp token input 1753 | - passwdfield 1754 | - field-bank-account 1755 | - bankaccount[routingnumber] 1756 | - input bank account 1757 | - field-password-confirm 1758 | - field_raw 1759 | - input creds 1760 | - social_security_num 1761 | - 2fainput 1762 | - taxid 1763 | - cc num input 1764 | - accountroutingnumber 1765 | - accesstokenfield 1766 | - field totp pin 1767 | - rule format 1768 | - house_number 1769 | - propertyversion 1770 | - accesstoken 1771 | - totp_input 1772 | - credit-card-num 1773 | - totp input 1774 | - input_bank_acc_number 1775 | - api token field 1776 | - bank-acc[routing-number]-field 1777 | - input_api_key 1778 | - stripe_token_input 1779 | - totpcode 1780 | - card[cvv] field 1781 | - certificatefield 1782 | - bank_acc_number_input 1783 | - inputbankaccount 1784 | - certificate-input 1785 | - social security number input 1786 | - client_secret 1787 | - username 1788 | - fieldcertificate 1789 | - inputsecuritytoken 1790 | - csrftoken 1791 | - accnumberinput 1792 | - referral-url 1793 | - userip 1794 | - fieldauthtoken 1795 | - card-number-last-4 1796 | - credit card num 1797 | - bank_account 1798 | - factor 1799 | - two factor pin field 1800 | - input-security-code 1801 | - input-credit-card 1802 | - mysqlpwdinput 1803 | - input cert 1804 | - certificate_input 1805 | - bank-acc-number 1806 | - card-last-4 1807 | - field-otp 1808 | - inputissuercertificate 1809 | - receiver 1810 | - field-account-number 1811 | - fieldotppin 1812 | - birth 1813 | - input repeat password 1814 | - token-field 1815 | - totpinput 1816 | - field_otp_pin 1817 | - passwdinput 1818 | - phonenumber 1819 | - two_factor_code 1820 | - senderstatecode 1821 | - cert_field 1822 | - field-ssn 1823 | - fieldtotppin 1824 | - ssn_field 1825 | - insurername 1826 | - card num input 1827 | - created-date 1828 | - input-2fa 1829 | - input_credentials 1830 | - pan 1831 | - input certificate 1832 | - field-credentials 1833 | - input_bank_account_number 1834 | - field routing acc number 1835 | - 2facodeinput 1836 | - primary account number 1837 | - privatekeyfield 1838 | - socialsecuritynumfield 1839 | - field password1 1840 | - last-four 1841 | - domain 1842 | - middle_name 1843 | - card-cvv-input 1844 | - account number field 1845 | - sender-state-code 1846 | - input--csrf 1847 | - agent 1848 | - fieldstripetoken 1849 | - cardnumberlast4 1850 | - field-secret 1851 | - reset-password-token 1852 | - cvc 1853 | - newpassword 1854 | - salt field 1855 | - otp_pin_field 1856 | - accountbanknumberfield 1857 | - api-secret 1858 | - phone number 1859 | - cvc number 1860 | - field otp pin 1861 | - field card[num] 1862 | - security_pin 1863 | - input_repeat_password 1864 | - reset_password 1865 | - inputtwofactorpin 1866 | - confirm-passwd 1867 | - mysqlpwd 1868 | - passwd confirm input 1869 | - field_routing_account_number 1870 | - field otp token 1871 | - inputtwofactorcode 1872 | - month 1873 | - receiver_identifier 1874 | - -csrf 1875 | - user_token 1876 | - api_secret 1877 | - fieldpwd 1878 | - oldpasswordinput 1879 | - reset_password_token 1880 | - fieldkey 1881 | - socialsecuritynuminput 1882 | - input_routing_acc_number 1883 | - check amount 1884 | - secret 1885 | - inputapitoken 1886 | - field security token 1887 | - totp_pin 1888 | - input card[number] 1889 | - id token 1890 | - expirationdate 1891 | - input-creds 1892 | - totp pin 1893 | - group id 1894 | - field key 1895 | - field csrf 1896 | - social security num input 1897 | - field-2fa-pin 1898 | - card_number_last_4 1899 | - totp code 1900 | - receiver_address 1901 | - field_bank_acc 1902 | - 2fa-token 1903 | - bank_acc[routing_number] 1904 | - gross-pay-amount 1905 | - card 1906 | - field-pin 1907 | - cardnumfield 1908 | - amount 1909 | - security token field 1910 | - fieldbankaccount 1911 | - expiration date 1912 | - creditcardfield 1913 | - samlrequest 1914 | - new-password-field 1915 | - id_token 1916 | - input secret 1917 | - field acc number 1918 | - twofactorcodeinput 1919 | - social_security_number_input 1920 | - new 1921 | - input_bank_account 1922 | - card_cvv_input 1923 | - inputpin 1924 | - tax-id 1925 | - security-code 1926 | - pwd_input 1927 | - access 1928 | - input_card_cvv 1929 | - input-totp 1930 | - cardnumberlastfour 1931 | - bankaccnuminput 1932 | - field_pin 1933 | - referrertoken 1934 | - account-number-field 1935 | - otpfield 1936 | - card_number_field 1937 | - _csrf_field 1938 | - 2fatoken 1939 | - digest 1940 | - last4 1941 | - bankaccinput 1942 | - otp-token-field 1943 | - bank_acc[routing_number]_input 1944 | - repeat_password_field 1945 | - input routing acc 1946 | - routing account number 1947 | - statedincome 1948 | - input_two_factor_token 1949 | - routing-acc-number 1950 | - routing account number input 1951 | - password_field 1952 | - key field 1953 | - apikeyinput 1954 | - authtokeninput 1955 | - feature store 1956 | - response-array 1957 | - bank account num 1958 | - inputcreditcardnumber 1959 | - bank_acc 1960 | - pin field 1961 | - input 2fa code 1962 | - security-pin-field 1963 | - field-bank-account-number 1964 | - account routing number field 1965 | - 2fapin 1966 | - card number field 1967 | - repeat-password 1968 | - otppin 1969 | - field_secret 1970 | - routing_number 1971 | - passwd confirm 1972 | - number] 1973 | - field_routing_acc_num 1974 | - input_bank_account[routing_number] 1975 | - security pin input 1976 | - inputbankaccountnumber 1977 | - input-stripe-token 1978 | - bank-account-num 1979 | - routing_acc_number_field 1980 | - field_password_confirm 1981 | - bank_account_number_input 1982 | - codeverifier 1983 | - old-password 1984 | - sender_name 1985 | - senderaddress 1986 | - full 1987 | - ' csrf token' 1988 | - fieldccnumber 1989 | - field confirm password 1990 | - house-details 1991 | - socialsecuritynum 1992 | - prn 1993 | - full_name 1994 | - otp code 1995 | - ssn-field 1996 | - member_name 1997 | - access_token 1998 | - ssn_input 1999 | - date of birth 2000 | - input-pin 2001 | - bankaccountnumber 2002 | - key_input 2003 | - given name 2004 | - credentials-field 2005 | - field credit card num 2006 | - inputmysqlpwd 2007 | - social security number field 2008 | - input-secret 2009 | - confirmpasswdfield 2010 | - securitycodeinput 2011 | - passwordconfirminput 2012 | - field 2fa token 2013 | - field2fatoken 2014 | - saltfield 2015 | - input credit card 2016 | - api_key 2017 | - input confirm password 2018 | - net 2019 | - input account bank number 2020 | - housenumber 2021 | - insurer name 2022 | - field certificate 2023 | - field security pin 2024 | - _csrf 2025 | - agent-email 2026 | - api-token 2027 | - credentials input 2028 | - ccnumberfield 2029 | - middle name 2030 | - field_credit_card_num 2031 | - credentials 2032 | - input-bank-account-num 2033 | - twofactorpin 2034 | - sender_ip_address 2035 | - user-ip-address 2036 | - confirmpassword 2037 | - receiver identifier 2038 | - input_card[num] 2039 | - fieldprivatekey 2040 | - passwd-input 2041 | - credit card num field 2042 | - inputpassword1 2043 | - card[num]_field 2044 | - input_account_routing_number 2045 | - fieldroutingaccnum 2046 | - api_token_field 2047 | - field_totp_code 2048 | - dateofbirth 2049 | - input_password_confirm 2050 | - token_input 2051 | - email-domain 2052 | - apikey 2053 | - bank acc input 2054 | - password1-input 2055 | - input_totp 2056 | - region 2057 | - input-card-cvv 2058 | - otp code input 2059 | - new password field 2060 | - field-private-key 2061 | - credit_card_number_input 2062 | - account-routing-number-input 2063 | - input-cvv 2064 | - new_password_input 2065 | - check 2066 | - social_security_num_field 2067 | - input_bank_acc[routing_num] 2068 | - issuercertificateinput 2069 | - card[num]field 2070 | - acc-number-input 2071 | - input-acc-number 2072 | - input-otp 2073 | - field--csrf 2074 | - otp_code_input 2075 | - securitytoken 2076 | - field account number 2077 | - card[num]-field 2078 | - merchant name 2079 | - of 2080 | - old password 2081 | - bank acc num field 2082 | - input security token 2083 | - security token input 2084 | - csrf_field 2085 | - pay_friend_id 2086 | - social-security-num-input 2087 | - auth 2088 | - credit card 2089 | - bankaccount[routingnumber]field 2090 | - credit_card_number 2091 | - inputroutingnumber 2092 | - routingaccfield 2093 | - field-repeat-password 2094 | - input-bank-account-number 2095 | - credsfield 2096 | - private key field 2097 | - pin code 2098 | - bank acc[routing num] field 2099 | - 2fa-field 2100 | - password confirm 2101 | - bank-account-number 2102 | - bank acc number input 2103 | - agent_email 2104 | - password2 input 2105 | - field totp token 2106 | - fieldbankacc 2107 | - property_name 2108 | - input_social_security_number 2109 | - 2fa-pin 2110 | - routing-number 2111 | - issuer certificate input 2112 | - 2fa-token-field 2113 | - stripe token field 2114 | - primary-phone 2115 | - client_id 2116 | - cert_input 2117 | - segmentdeviceid 2118 | - auth-token 2119 | - field-confirm-password 2120 | - property_version 2121 | - password confirm field 2122 | - otpcode 2123 | - set_cookie 2124 | - api_token 2125 | - bank account number 2126 | - fieldtotp 2127 | - four 2128 | - field_mysql_pwd 2129 | - totptokenfield 2130 | - private_key_field 2131 | - samlresponse 2132 | - featurestore 2133 | - field private key 2134 | - twofactortokeninput 2135 | - passwd field 2136 | - security-pin-input 2137 | - inputsecuritycode 2138 | - set cookie 2139 | - field_acc_number 2140 | - confirm passwd input 2141 | - mobile_phone 2142 | - fieldbankaccount[routingnumber] 2143 | - field_social_security_num 2144 | - bank_acc_num_field 2145 | - input_credit_card_num 2146 | - stripe-token-field 2147 | - input password2 2148 | - input key 2149 | - authentication 2150 | - field_passwd_confirm 2151 | - confirm password 2152 | - input_passwd 2153 | - input bank acc[routing num] 2154 | -------------------------------------------------------------------------------- /db/sensitive-fields-simple.yml: -------------------------------------------------------------------------------- 1 | fields: 2 | - debitcard 3 | - format 4 | - pay-friend-id 5 | - referral url 6 | - sender id 7 | - credit-card 8 | - encrypted-password 9 | - gross pay amount 10 | - primary_phone 11 | - net-pay-amount 12 | - prn 13 | - last-4-ssn 14 | - raw webhook response 15 | - sender address 16 | - phone_number 17 | - referrers-avatar-url 18 | - referrers last name 19 | - last-4 20 | - cvc 21 | - authentication token 22 | - expiration 23 | - sender name 24 | - encrypted_password 25 | - response_array 26 | - contract-id 27 | - primary account number 28 | - bin 29 | - referrers_avatar_url 30 | - authentication-token 31 | - ip 32 | - number 33 | - expiry-date 34 | - context 35 | - zipcode 36 | - merchant-name 37 | - receiver ip address 38 | - property name 39 | - message 40 | - sender-state-code 41 | - user token 42 | - memo 43 | - merchantname 44 | - details 45 | - group_id 46 | - last_four 47 | - debit_card 48 | - sender-name 49 | - primary-account-number 50 | - panlast4 51 | - receiver-device-contact-name 52 | - input 53 | - creditcard 54 | - employer 55 | - contract 56 | - zip 57 | - created-date 58 | - receiverdevicecontactname 59 | - state code 60 | - country_code 61 | - country code 62 | - expiration-date 63 | - codeverifier 64 | - postal code 65 | - check-amount 66 | - lastname 67 | - ofbirth 68 | - mfa 69 | - feature-store 70 | - login 71 | - userip 72 | - merchant name 73 | - client-id 74 | - cardsecuritycode 75 | - client id 76 | - card-number-last-4 77 | - totp 78 | - last4ssn 79 | - rate 80 | - useripaddress 81 | - card_number_last_four 82 | - cookie 83 | - access-token 84 | - city 85 | - authorization 86 | - stated_income 87 | - cvv 88 | - usertoken 89 | - pin_code 90 | - auth 91 | - contract id 92 | - middle-name 93 | - last_four_ssn 94 | - emailaddress 95 | - last_name 96 | - given_name 97 | - user_ip 98 | - referral-url 99 | - socialsecuritynumber 100 | - id-token 101 | - set cookie 102 | - primary phone 103 | - set_cookie 104 | - merchant_name 105 | - security 106 | - segment device id 107 | - agentemail 108 | - house_details 109 | - pay_friend_id 110 | - type 111 | - expirationdate 112 | - first 113 | - senderstatecode 114 | - social security number 115 | - referrer token 116 | - receiver zip code 117 | - apitranskey 118 | - pin-code 119 | - stated-income 120 | - feature store 121 | - referral_token 122 | - accesstoken 123 | - referrers_last_name 124 | - referrer-token 125 | - sender state code 126 | - code_verifier 127 | - pan_bin 128 | - receiver-ip-address 129 | - appid 130 | - sender_name 131 | - created 132 | - social 133 | - cvv number 134 | - template link 135 | - middle_name 136 | - referrertoken 137 | - phone 138 | - receiveripaddress 139 | - response_json 140 | - idtoken 141 | - contacts 142 | - country-code 143 | - postal_code 144 | - authenticationtoken 145 | - lname 146 | - property-name 147 | - cvc number 148 | - client_secret 149 | - referrers-last-name 150 | - middle name 151 | - apisecret 152 | - property-version 153 | - insurername 154 | - _key 155 | - receiver state code 156 | - security code 157 | - matches-ssn-digest 158 | - createddate 159 | - challenge 160 | - sendername 161 | - cardnumberlastfour 162 | - net pay amount 163 | - device id 164 | - last-name 165 | - member question 166 | - property_version 167 | - responsearray 168 | - receiver-identifier 169 | - response json 170 | - first-name 171 | - account id 172 | - card_last_4 173 | - property version 174 | - ruleformat 175 | - lastfour 176 | - client-secret 177 | - lastfourssn 178 | - funding source id 179 | - full 180 | - cvc_number 181 | - response array 182 | - segment-device-id 183 | - pan-bin 184 | - middlename 185 | - zip-code 186 | - template_link 187 | - employer-name 188 | - referrersavatarurl 189 | - reset password token 190 | - primaryphone 191 | - social_security_number 192 | - referrers first name 193 | - receiverstatecode 194 | - insurer_name 195 | - encrypted password 196 | - mobile phone 197 | - link 198 | - house-details 199 | - firstname 200 | - funding-source-id 201 | - funding_source_id 202 | - cvv-number 203 | - panbin 204 | - full name 205 | - receiver_identifier 206 | - card expiration 207 | - client secret 208 | - fname 209 | - senderaddress 210 | - full-name 211 | - credit_card 212 | - pay friend id 213 | - last name 214 | - state_code 215 | - reset_password_token 216 | - webhook 217 | - cardlast4 218 | - pin 219 | - house 220 | - stated income 221 | - property 222 | - code verifier 223 | - matchesssndigest 224 | - authentication_token 225 | - featurestore 226 | - employer name 227 | - house-number 228 | - created date 229 | - expirydate 230 | - response 231 | - gross-pay-amount 232 | - house number 233 | - birth 234 | - country 235 | - sender_state_code 236 | - auth_token 237 | - user_ip_address 238 | - authenticity-token 239 | - given name 240 | - username 241 | - postal-code 242 | - tax-id 243 | - set-cookie 244 | - raw_webhook_response 245 | - receiver_device_contact_name 246 | - agent_email 247 | - compensation-amount 248 | - responsejson 249 | - user ip 250 | - email 251 | - primary 252 | - card_number_last_4 253 | - checkamount 254 | - last 4 255 | - mobilephone 256 | - given 257 | - expiry date 258 | - referral token 259 | - card_expiration 260 | - date_of_birth 261 | - insurer name 262 | - api-secret 263 | - cvcnumber 264 | - of 265 | - crypt 266 | - deviceid 267 | - cvv_number 268 | - groupid 269 | - code 270 | - authenticity token 271 | - dob 272 | - receiver_ip_address 273 | - receiver_address 274 | - last4 275 | - email-address 276 | - year 277 | - netpayamount 278 | - code-verifier 279 | - expiration date 280 | - reset_password 281 | - address2 282 | - name 283 | - house details 284 | - segmentdeviceid 285 | - certificate 286 | - mobile-phone 287 | - employername 288 | - debit 289 | - social-security-number 290 | - housenumber 291 | - template 292 | - bearer 293 | - resetpasswordtoken 294 | - line1 295 | - compensation_amount 296 | - card number last4 297 | - last_4 298 | - passcode 299 | - state 300 | - compensation amount 301 | - user-ip 302 | - tax id 303 | - referrer 304 | - sender-id 305 | - state-code 306 | - accountnumber 307 | - sender_id 308 | - account number 309 | - net_pay_amount 310 | - clientsecret 311 | - check amount 312 | - card-expiration 313 | - template-link 314 | - access_token 315 | - receiver-state-code 316 | - access token 317 | - email_domain 318 | - receiver_state_code 319 | - card_number_last4 320 | - member_question 321 | - debit-card 322 | - receiveraddress 323 | - zip_code 324 | - pan last 4 325 | - segment_device_id 326 | - agent-email 327 | - cardnumberlast4 328 | - client_id 329 | - date ofbirth 330 | - version 331 | - category 332 | - last-four 333 | - house_number 334 | - _csrf_token 335 | - sender_device_id 336 | - credit 337 | - receiver device contact name 338 | - accountid 339 | - authtoken 340 | - insurer-name 341 | - user-token 342 | - feature_store 343 | - credit card 344 | - account_number 345 | - compensationamount 346 | - property-id 347 | - referrers_first_name 348 | - rule_format 349 | - salt 350 | - taxid 351 | - fundingsourceid 352 | - receiver-zip-code 353 | - address 354 | - region 355 | - facetid 356 | - user_token 357 | - debit card 358 | - countrycode 359 | - card number last four 360 | - emaildomain 361 | - sender_address 362 | - member-question 363 | - referraltoken 364 | - group-id 365 | - date of birth 366 | - pan_last_4 367 | - month 368 | - date_ofbirth 369 | - email domain 370 | - sender-address 371 | - sender-zip-code 372 | - matches_ssn_digest 373 | - pan 374 | - member_name 375 | - givenname 376 | - card-number-last-four 377 | - device_id 378 | - referral_url 379 | - primary-phone 380 | - sender ip address 381 | - first_name 382 | - expiration_date 383 | - id token 384 | - property_id 385 | - card last 4 386 | - secret 387 | - encryptedpassword 388 | - check_amount 389 | - api secret 390 | - serverdata 391 | - expiry_date 392 | - otp 393 | - fcparams 394 | - group 395 | - propertyid 396 | - sender_zip_code 397 | - rule-format 398 | - security-code 399 | - id_token 400 | - postalcode 401 | - referrer_token 402 | - -key 403 | - referrers-first-name 404 | - reset-password-token 405 | - passw 406 | - date 407 | - senderid 408 | - user ip address 409 | - receiver_zip_code 410 | - account 411 | - last four 412 | - rule 413 | - card-last-4 414 | - sender_ip_address 415 | - -csrf-token 416 | - phone-number 417 | - membername 418 | - account-id 419 | - response-json 420 | - middle 421 | - ssn 422 | - zip code 423 | - device-id 424 | - housedetails 425 | - templatelink 426 | - property_name 427 | - statecode 428 | - resetpassword 429 | - date-ofbirth 430 | - mobile_phone 431 | - amount 432 | - pan-last-4 433 | - authenticitytoken 434 | - tax 435 | - receiver identifier 436 | - given-name 437 | - cvc-number 438 | - full_name 439 | - employer_name 440 | - propertyname 441 | - email address 442 | - line2 443 | - primaryaccountnumber 444 | - payfriendid 445 | - key 446 | - card 447 | - sender-device-id 448 | - setcookie 449 | - receiver-address 450 | - account-number 451 | - last_4_ssn 452 | - date-of-birth 453 | - dateofbirth 454 | - reset-password 455 | - auth-token 456 | - member-name 457 | - sender-ip-address 458 | - value 459 | - card-number-last4 460 | - gross_pay_amount 461 | - primary_account_number 462 | - sender zip code 463 | - tax_id 464 | - agent email 465 | - csrftoken 466 | - group id 467 | - securitycode 468 | - phonenumber 469 | - senderipaddress 470 | - raw-webhook-response 471 | - referralurl 472 | - account_id 473 | - reset password 474 | - pan bin 475 | - matches ssn digest 476 | - body 477 | - last 4 ssn 478 | - member name 479 | - email-domain 480 | - gender 481 | - rule format 482 | - rawwebhookresponse 483 | - contractid 484 | - api_secret 485 | - senderzipcode 486 | - email_address 487 | - referrers avatar url 488 | - sender device id 489 | - card number last 4 490 | - comments 491 | - contract_id 492 | - referrersfirstname 493 | - phone number 494 | - fullname 495 | - cvvnumber 496 | - senderdeviceid 497 | - authenticity_token 498 | - grosspayamount 499 | - last-four-ssn 500 | - last 501 | - receiveridentifier 502 | - referrerslastname 503 | - uuid 504 | - token 505 | - assertion 506 | - cardexpiration 507 | - receiverzipcode 508 | - statedincome 509 | - last four ssn 510 | - first name 511 | - created_date 512 | - password 513 | - security_code 514 | - response-array 515 | - property id 516 | - ' key' 517 | - pincode 518 | - user-ip-address 519 | - clientid 520 | - pin code 521 | - referral-token 522 | - propertyversion 523 | - samlrequest 524 | - receiver address 525 | - auth token 526 | - feedback 527 | - ' csrf token' 528 | - memberquestion 529 | - id 530 | - samlresponse 531 | -------------------------------------------------------------------------------- /scripts/Invoke-StaticCodeScan.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .SYNOPSIS 3 | This function scans the provided files against regular expressions defined in a set of YAML files. 4 | It captures and stores any matches, and produces an output report in a specified format: JSON, CSV, or HTML. 5 | 6 | .DESCRIPTION 7 | The Invoke-StaticCodeScan function takes as input the paths of files to scan, the directory of regex definition files in YAML format, 8 | the desired output format, and the path to store the output file. 9 | 10 | .PARAMETER pathsToScan 11 | The file paths that will be scanned. 12 | 13 | .PARAMETER regexYamlDirectory 14 | The directory where the YAML files containing regex patterns are stored. Make sure to use the Powershell folder within this repo for the yaml files. 15 | 16 | .PARAMETER outputFormat 17 | The format of the output file. Valid options are 'JSON', 'CSV', and 'HTML'. 18 | 19 | .PARAMETER outputFilePath 20 | The path where the output file will be stored. 21 | 22 | .EXAMPLE 23 | Get-ChildItem -Path "C:\scripts" -Filter "*.ps1" | Invoke-StaticCodeScan -regexYamlDirectory "C:\regexDefinitions" -outputFormat 'CSV' -outputFilePath "C:\Results\output.csv" 24 | 25 | .NOTES 26 | Dependencies: 27 | This function requires the powershell-yaml module from Powershell Gallery. 28 | #> 29 | 30 | function Invoke-StaticCodeScan { 31 | [CmdletBinding()] 32 | param ( 33 | [Parameter(ValueFromPipeline=$true)] 34 | [System.IO.FileInfo]$fileInfo, 35 | 36 | [Parameter(Mandatory=$true)] 37 | [string]$regexYamlDirectory, 38 | 39 | [Parameter(Mandatory=$true)] 40 | [ValidateSet('JSON', 'CSV', 'HTML')] 41 | [string]$outputFormat, 42 | 43 | [Parameter(Mandatory=$true)] 44 | [string]$outputFilePath 45 | ) 46 | 47 | begin { 48 | Import-Module powershell-yaml 49 | # Create an array to store the results 50 | $results = @() 51 | $exceptions = @() 52 | 53 | # Get all YAML files in the directory 54 | $regexYamlFiles = Get-ChildItem -Path $regexYamlDirectory -Filter "*.yml" 55 | 56 | # Initialize an array to store regex definitions 57 | $regexDefs = @() 58 | 59 | # Loop through each YAML file and load the regex definitions 60 | foreach ($regexYamlFile in $regexYamlFiles) { 61 | $regexYamlContent = ConvertFrom-Yaml (Get-Content -Raw -Path $regexYamlFile.FullName) 62 | $regexDefs += $regexYamlContent.patterns 63 | } 64 | 65 | } 66 | 67 | process { 68 | # Read the file content 69 | $fileContent = Get-Content -Path $fileInfo.FullName 70 | 71 | # Loop through each pattern in the regex definitions 72 | foreach ($pattern in $regexDefs) { 73 | $regex = [Regex]::new($pattern.Values.regex) # Create a [regex] object 74 | 75 | # Loop through each line in the file content 76 | for ($i = 0; $i -lt $fileContent.Count; $i++) { 77 | try { 78 | # Get all matches in the line 79 | $matched = $regex.Matches($fileContent[$i]) 80 | 81 | # Loop through each match 82 | foreach ($match in $matched) { 83 | # Add the result to the array 84 | $results += New-Object PSObject -Property @{ 85 | FilePath = $fileInfo.FullName 86 | LineNumber = $i + 1 87 | PatternName = $pattern.Values.name 88 | Regex = $pattern.Values.regex 89 | MatchedLine = $fileContent[$i] 90 | Confidence = $pattern.Values.confidence 91 | MatchedValue = $match.Value 92 | } 93 | } 94 | } 95 | catch { 96 | # If an exception is encountered, add it to the exceptions list 97 | $exceptions += $_.Exception.Message 98 | } 99 | } 100 | } 101 | } 102 | 103 | end { 104 | # If exceptions occurred during the scanning process, write them out and exit the function 105 | if ($exceptions.Count -gt 0) { 106 | foreach ($exception in $exceptions) { 107 | Write-Error $exception 108 | } 109 | exit(1) 110 | } 111 | 112 | # Ensure the output directory exists 113 | $outputDirectory = Split-Path -Path $outputFilePath -Parent 114 | if (!(Test-Path $outputDirectory)) { 115 | New-Item -ItemType Directory -Path $outputDirectory | Out-Null 116 | } 117 | 118 | # Sort the results by FilePath, PatternName, and LineNumber 119 | $sortedResults = $results | Sort-Object FilePath, PatternName, LineNumber 120 | 121 | # Output the sorted results based on the chosen output format 122 | switch ($outputFormat) { 123 | 'JSON' { 124 | $sortedResults | ConvertTo-Json | Out-File $outputFilePath 125 | } 126 | 'CSV' { 127 | $sortedResults | Export-Csv -NoTypeInformation -path $outputFilePath 128 | } 129 | 'HTML' { 130 | $html = $sortedResults | ConvertTo-Html -Property FilePath, LineNumber, PatternName, MatchedLine, Confidence 131 | $html = $html -replace "", "
" 132 | $html = $html -replace "
", "" 133 | $html = $html -replace "", "" 134 | $html | Out-File $outputFilePath 135 | } 136 | } 137 | } 138 | } 139 | -------------------------------------------------------------------------------- /scripts/bcheck-template-generator.py: -------------------------------------------------------------------------------- 1 | import yaml 2 | import requests 3 | import os 4 | 5 | bcheck_templates = {} 6 | 7 | def download_rules(url): 8 | response = requests.get(url) 9 | if response.status_code == 200: 10 | return yaml.safe_load(response.text) 11 | else: 12 | raise Exception("Failed to download rules") 13 | 14 | def create_bcheck_template(name, regex, confidence): 15 | bcheck_templates[str(confidence)] = f"""metadata: 16 | language: v2-beta 17 | name: "Information Disclosure Secret Finder - {confidence}" 18 | description: "Detects secret patterns in responses." 19 | author: "bugswagger, xelkomy, juba0x00, xhzeem" 20 | tags: "secret, bugswagger" 21 | 22 | given response then 23 | """ 24 | 25 | def append_condition(name: str, confidence: str, regex: str)-> None: 26 | value = f""" 27 | if {{latest.response}} matches "{regex}" then 28 | report issue and continue: 29 | severity: medium 30 | confidence: {confidence} 31 | detail: "{name} secret pattern detected in the response." 32 | remediation: "Review and remove unnecessary exposure of secrets." 33 | end if 34 | """ 35 | bcheck_templates[confidence] += value 36 | 37 | def save_bcheck_file(name, content): 38 | filename = f"{name.replace(' ', '_').lower()}.bcheck" 39 | with open(filename, 'w') as file: 40 | file.write(content) 41 | 42 | def main(): 43 | url = "https://raw.githubusercontent.com/mazen160/secrets-patterns-db/master/db/rules-stable.yml" 44 | rules = download_rules(url) 45 | 46 | if not os.path.exists('bcheckskeys'): 47 | os.makedirs('bcheckskeys') 48 | os.chdir('bcheckskeys') 49 | 50 | patterns = rules['patterns'] 51 | for pattern in patterns: 52 | regex = pattern['pattern']['regex'].replace(r'\"','"').replace('"', r'\"') 53 | name = pattern['pattern']['name'] 54 | confidence = pattern['pattern']['confidence'].lower() 55 | 56 | # Replace confidence levels 57 | if confidence == 'high': 58 | confidence = 'certain' 59 | elif confidence == 'medium': 60 | confidence = 'firm' 61 | elif confidence == 'low': 62 | confidence = 'tentative' 63 | 64 | if name and regex and confidence: 65 | if confidence in bcheck_templates.keys(): 66 | append_condition(name, confidence, regex) 67 | else: 68 | create_bcheck_template(name, regex, confidence) 69 | 70 | for key, value in bcheck_templates.items(): 71 | print(f'saving {key}.bcheck') 72 | save_bcheck_file(key, value) 73 | 74 | if __name__ == "__main__": 75 | main() 76 | -------------------------------------------------------------------------------- /scripts/ci-tests-golang.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "regexp" 7 | "strings" 8 | 9 | "gopkg.in/yaml.v2" 10 | ) 11 | 12 | type Pattern struct { 13 | Name string `yaml:"name"` 14 | Regex string `yaml:"regex"` 15 | Confidence string `yaml:"confidence"` 16 | } 17 | 18 | type PatternWrapper struct { 19 | Pattern Pattern `yaml:"pattern"` 20 | } 21 | 22 | type Config struct { 23 | Patterns []PatternWrapper `yaml:"patterns"` 24 | } 25 | 26 | func main() { 27 | if len(os.Args) < 2 { 28 | fmt.Printf("\nUsage:\n\t%s [regex-db.yml]\n", os.Args[0]) 29 | os.Exit(1) 30 | } 31 | 32 | // Read YAML file 33 | data, err := os.ReadFile(os.Args[1]) 34 | if err != nil { 35 | fmt.Printf("Error reading file: %v\n", err) 36 | os.Exit(1) 37 | } 38 | 39 | // Parse YAML 40 | var config Config 41 | err = yaml.Unmarshal(data, &config) 42 | if err != nil { 43 | fmt.Printf("Error parsing YAML: %v\n", err) 44 | os.Exit(1) 45 | } 46 | 47 | allRegexes := make(map[string]bool) 48 | allNames := make(map[string]bool) 49 | 50 | for _, item := range config.Patterns { 51 | fmt.Println(item) 52 | 53 | pattern := item.Pattern 54 | 55 | // Validate confidence level 56 | if pattern.Confidence != "low" && pattern.Confidence != "high" { 57 | fmt.Printf("Error: confidence must be 'low' or 'high', got '%s'\n", pattern.Confidence) 58 | os.Exit(1) 59 | } 60 | 61 | // Check for valid regex 62 | _, err := regexp.Compile(pattern.Regex) 63 | if err != nil { 64 | fmt.Printf("Error: invalid regex '%s': %v\n", pattern.Regex, err) 65 | os.Exit(1) 66 | } 67 | 68 | // Check for duplicated regexes 69 | if allRegexes[pattern.Regex] { 70 | fmt.Printf("Error: Repeated regex '%s'\n", pattern.Regex) 71 | os.Exit(1) 72 | } 73 | allRegexes[pattern.Regex] = true 74 | 75 | // Check for duplicated names (case insensitive) 76 | nameLower := strings.ToLower(pattern.Name) 77 | if allNames[nameLower] { 78 | fmt.Printf("Error: Duplicated name '%s'\n", pattern.Name) 79 | os.Exit(1) 80 | } 81 | allNames[nameLower] = true 82 | } 83 | 84 | fmt.Println("\n✅ CI Passed!") 85 | } 86 | -------------------------------------------------------------------------------- /scripts/ci.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import yaml 3 | import sys 4 | import re 5 | 6 | if len(sys.argv) < 2: 7 | print(f"\nUsage:\n\t{sys.argv[0]} [regex-db.yml]") 8 | exit(1) 9 | with open(sys.argv[1], 'r') as stream: 10 | y = yaml.safe_load(stream) 11 | 12 | 13 | assert type(y) == dict 14 | assert "patterns" in y 15 | 16 | all_regexes = [] 17 | all_names = [] 18 | for i in y["patterns"]: 19 | print(i) 20 | assert "pattern" in i 21 | assert type(i["pattern"]) == dict 22 | assert "name" in i["pattern"] 23 | assert "regex" in i["pattern"] 24 | assert "confidence" in i["pattern"] 25 | assert i["pattern"]["confidence"] in ("low", "high") 26 | 27 | r = i["pattern"]["regex"] 28 | name = i["pattern"]["name"] 29 | 30 | # check for invalid regex 31 | re.compile(r) 32 | 33 | # check for duplicated regexes 34 | if r in all_regexes: 35 | raise ValueError("Repeated regex") 36 | all_regexes.append(r) 37 | 38 | # check for duplicated names 39 | if name.lower() in all_names: 40 | raise ValueError("Duplicated name") 41 | all_names.append(name.lower()) 42 | 43 | print("\n✅ CI Passed!") 44 | -------------------------------------------------------------------------------- /scripts/convert-rules.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | import sys 3 | import json 4 | import yaml 5 | import argparse 6 | import re 7 | 8 | 9 | def trufflehogv2_output(y): 10 | output = {} 11 | for i in y["patterns"]: 12 | if i["pattern"]["confidence"] != "high": 13 | continue 14 | output.update({i["pattern"]["name"]: i["pattern"]["regex"]}) 15 | 16 | return json.dumps(output, indent=4, sort_keys=True) 17 | 18 | 19 | def trufflehogv3_output(y): 20 | output = [] 21 | for i in y["patterns"]: 22 | each_name = i["pattern"]["name"] 23 | each_regex = i["pattern"]["regex"] 24 | # each_confidence = i["pattern"]["confidence"] 25 | 26 | keywords_list = re.sub(r'[.,;:?!_\-]', ' ', each_name).split() 27 | output.append({'name': each_name, 'keywords': list(keywords_list), 28 | 'regex': {each_name: each_regex}}) 29 | 30 | return output 31 | 32 | 33 | def gitleaks_output(y): 34 | s = 'title = "gitleaks config"' 35 | 36 | for i in y["patterns"]: 37 | if i["pattern"]["confidence"] != "high": 38 | continue 39 | s += f""" 40 | [[rules]] 41 | id = '''{i["pattern"]["name"]}''' 42 | description = '''{i["pattern"]["name"]}''' 43 | regex = '''{i["pattern"]["regex"]}''' 44 | keywords = ["secret"] 45 | """ 46 | return s 47 | 48 | 49 | def main(arg): 50 | f = open(arg.database_file, "r") 51 | y = yaml.safe_load(f.read()) 52 | f.close() 53 | 54 | output_string = "" 55 | ext_string = "" 56 | if arg.output_type == "trufflehogv2": 57 | output_string = trufflehogv2_output(y) 58 | ext_string = "json" 59 | elif arg.output_type == "gitleaks": 60 | output_string = gitleaks_output(y) 61 | ext_string = "toml" 62 | elif arg.output_type == "trufflehogv3": 63 | output_string = yaml.dump(trufflehogv3_output(y), sort_keys=False) 64 | ext_string = "yml" 65 | 66 | if arg.export_filename is not None: 67 | f = open(f"{arg.export_filename}.{ext_string}", "w") 68 | if arg.output_type == "trufflehogv3" : 69 | f.write('detectors:\n') 70 | f.write(output_string) 71 | f.close() 72 | else: 73 | print(output_string) 74 | 75 | 76 | if __name__ == "__main__": 77 | parser = argparse.ArgumentParser(description='Convert yaml database file to rules for trufflehogv2, trufflehogv3 or gitleaks') 78 | parser.add_argument("--db", dest = "database_file", required = True, help = "The yaml database file") 79 | parser.add_argument("--type", dest= "output_type", required = True, choices=['trufflehogv2', 'trufflehogv3', 'gitleaks'], help = "Supported output types: trufflehog, gitleaks") 80 | parser.add_argument('--export', dest="export_filename", help = "Give filename, extension toml/json/yaml will be added") 81 | args = parser.parse_args() 82 | 83 | main(args) 84 | -------------------------------------------------------------------------------- /scripts/db-confidence-check.py: -------------------------------------------------------------------------------- 1 | import re 2 | import os 3 | import yaml 4 | 5 | with open(os.getenv("FILE"), "r") as f: 6 | FILE = f.read() 7 | print("File loaded") 8 | 9 | with open("../db/pii-stable.yml", "r") as f: 10 | RULES = yaml.safe_load(f.read()) 11 | 12 | 13 | rules_count = 0 14 | for i in RULES["patterns"]: 15 | times_repeated = 0 16 | rules_count += 1 17 | print(f"Rule number: {rules_count}") 18 | 19 | pattern = i["pattern"] 20 | if pattern["confidence"] != "high": 21 | continue 22 | r = re.compile(pattern["regex"]) 23 | data = r.findall(FILE) 24 | for j in data: 25 | print(j) 26 | with open("results.txt", "a") as f: 27 | f.write(f"{j}\n\n") 28 | times_repeated+= 1 29 | if times_repeated > 0: 30 | with open("log.txt", "a") as f: 31 | f.write(f"{pattern['name']}\t{pattern['confidence']}\t{times_repeated}\n") 32 | print(f"Rule with above threshold matches: {pattern['name']} - {pattern['confidence']}\n") 33 | -------------------------------------------------------------------------------- /scripts/rate-confidence.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # By https://github.com/TheTechromancer 3 | # Read more: https://github.com/mazen160/secrets-patterns-db/pull/4 4 | # Dataset: secrets-patterns-db_top-1m-alexa-domains.csv: 5 | # https://drive.google.com/file/d/1Xbteik3MMtO-0WN_dLV7u6WFSCXaEws6/view?usp=sharing 6 | # This script runs every rule against top websites and files from top github repos 7 | # Rules with higher hit rates are assigned lower confidence scores 8 | # Final YAML with confidence scores is printed at the end. 9 | 10 | import re 11 | import sys 12 | import yaml 13 | import random 14 | import subprocess 15 | from math import ceil 16 | from hashlib import md5 17 | from pathlib import Path 18 | from contextlib import suppress 19 | from concurrent.futures import ThreadPoolExecutor, ProcessPoolExecutor, as_completed 20 | 21 | # how many of the top websites to visit 22 | num_websites = 2000 23 | # how many files to check in a single batch 24 | batch_size = 100 25 | # skip these files 26 | file_ext_blacklist = (".png", ".jpg", ".bmp", ".ico", ".jpeg", ".gif", ".svg", ".css", ".woff", ".woff2", ".ttf", ".mp3", ".m4a", ".wav", ".flac", ".mp4", ".mkv", ".avi", ".wmv", ".mov", ".flv", ".webm") 27 | 28 | project_root = Path(__file__).resolve().parent.parent 29 | temp_dir = Path.home() / ".cache" / "secret-patterns-db" 30 | temp_dir.mkdir(exist_ok=True) 31 | 32 | files = [] 33 | 34 | def errprint(*args, **kwargs): 35 | kwargs["file"] = sys.stderr 36 | kwargs["flush"] = True 37 | print(*args, **kwargs) 38 | 39 | 40 | def hash_file(file): 41 | with open(file, 'rb') as f: 42 | content = f.read() 43 | return md5(content).digest() 44 | 45 | 46 | ### PARSE TEMPLATES ### 47 | 48 | errprint(f"Parsing templates") 49 | rules = {} 50 | template_file = Path(__file__).resolve().parent.parent / "db" / "rules-stable.yml" 51 | with open(template_file) as f: 52 | rules_yaml = yaml.safe_load(f).get("patterns", []) 53 | for r in rules_yaml: 54 | r = r.get("pattern", {}) 55 | if not r: 56 | continue 57 | name = r.get("name", "") 58 | if name: 59 | regex = r.get("regex", "") 60 | try: 61 | compiled_regex = re.compile(regex) 62 | r["compiled_regex"] = compiled_regex 63 | rules[name] = r 64 | except Exception: 65 | pass 66 | 67 | ### VISIT WEBSITES ### 68 | 69 | errprint(f"Visiting websites") 70 | top_domains_file = project_root / "datasets" / "top-1m-alexa-domains.csv" 71 | with open(top_domains_file) as f: 72 | top_domains = [l.split(",")[-1] for l in f.read().splitlines()[:num_websites]] 73 | websites_dir = temp_dir / "websites" 74 | websites_dir.mkdir(exist_ok=True) 75 | 76 | def get_webpage(url): 77 | command = ["wget", "-q", "--convert-links", "--adjust-extension", "--page-requisites", "--no-parent", "--header=User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36", url] 78 | with suppress(subprocess.TimeoutExpired): 79 | subprocess.run(command, cwd=websites_dir, timeout=10) 80 | 81 | # with ThreadPoolExecutor(max_workers=25) as e: 82 | # for domain in top_domains[:num_websites]: 83 | # e.submit(get_webpage, f"https://{domain}") 84 | 85 | # get all files 86 | files = list(websites_dir.glob("**/*")) 87 | # filter out unwanted ones 88 | files = [f for f in files if f.is_file() and f.suffix.lower() not in file_ext_blacklist] 89 | # dedupe 90 | files_before = len(files) 91 | errprint(f"Deduplicating {len(files):,} files") 92 | file_hashes = {hash_file(f): f for f in files} 93 | files = list(file_hashes.values()) 94 | files_after = len(files) 95 | errprint(f"Deduplicated {files_before:,} --> {files_after:,}") 96 | # shuffle 97 | random.shuffle(files) 98 | if not files: 99 | errprint(f"No websites loaded") 100 | exit(1) 101 | 102 | def split(list_a, chunk_size): 103 | for i in range(0, len(list_a), chunk_size): 104 | yield list_a[i:i + chunk_size] 105 | 106 | def test_batch(regex, *files): 107 | matches = 0 108 | for file in files: 109 | with open(file, errors='ignore') as f: 110 | content = f.read() 111 | if not content: 112 | continue 113 | if regex.search(content): 114 | matches += 1 115 | return matches 116 | 117 | ### BEGIN TESTING RULES ### 118 | 119 | errprint(f"Testing {len(rules):,} rules against {len(files):,} files") 120 | futures = dict() 121 | total_checks = max(1, len(files) * len(rules)) 122 | batch_size = min(len(files), batch_size) 123 | with ProcessPoolExecutor() as e: 124 | for file_batch in split(files, batch_size): 125 | for name, r in rules.items(): 126 | # print(len(file_batch)) 127 | regex = r["compiled_regex"] 128 | future = e.submit(test_batch, regex, *file_batch) 129 | futures[future] = name 130 | 131 | signatures = dict() 132 | 133 | try: 134 | for i, f in enumerate(as_completed(futures)): 135 | completed = i*batch_size 136 | percent = completed / total_checks * 100 137 | errprint(f"\rCompleted {completed:,} rule checks ({percent:.1f}%)", end="") 138 | name = futures[f] 139 | result = f.result() 140 | try: 141 | signatures[name] += result 142 | except KeyError: 143 | signatures[name] = result 144 | except KeyboardInterrupt: 145 | e.shutdown(cancel_futures=True) 146 | pass 147 | 148 | new_rules_yaml = {"patterns": []} 149 | bad_sigs = {k:v for k,v in signatures.items() if v > 0} 150 | avg_badness = sum(bad_sigs.values()) / max(1, len(bad_sigs)) 151 | for name, hits in sorted(signatures.items(), key=lambda x: x[-1], reverse=True): 152 | if hits > 0: 153 | confidence = min(100, max(0, 100 - ceil(hits / avg_badness * 100))) 154 | else: 155 | confidence = 100 156 | rule = rules[name] 157 | yaml_rule = { 158 | "pattern": { 159 | "name": name, 160 | "regex": rule["regex"], 161 | "confidence": confidence 162 | } 163 | } 164 | new_rules_yaml["patterns"].append(yaml_rule) 165 | 166 | new_rules_yaml["patterns"].sort(key=lambda x: x["pattern"]["name"]) 167 | 168 | # print final YAML 169 | print(yaml.safe_dump(new_rules_yaml)) 170 | -------------------------------------------------------------------------------- /scripts/redact-data.py: -------------------------------------------------------------------------------- 1 | import yaml 2 | import sys 3 | import re 4 | import time 5 | REDACTION = "[REDACTED - ({name})]" 6 | 7 | with open(sys.argv[1], "r") as f: 8 | RULES = yaml.safe_load(f) 9 | with open(sys.argv[2], "rb", ) as f: 10 | DATA = f.read().decode("utf-8", "ignore") 11 | 12 | for i in RULES["patterns"]: 13 | pattern = i["pattern"] 14 | name = pattern.get('name') 15 | regex = pattern.get('regex') 16 | confidence = pattern.get('confidence') 17 | if confidence != "high": 18 | continue 19 | start_time = time.time() 20 | 21 | result_string = DATA 22 | try: 23 | result_string = re.sub(regex, REDACTION.replace("{name}", name), DATA) 24 | except Exception as e: 25 | print(e) 26 | print(f"EXCEPTION: *** Name: {name}") 27 | 28 | if result_string != DATA: 29 | print(f"*** Data updated. Rule: {name}") 30 | DATA = result_string 31 | 32 | end_time = time.time() 33 | 34 | execution_time = end_time - start_time 35 | print(f"Name: {name}\t Confidence: {confidence}\t Regex: {regex}\n\n") 36 | print(f"Execution time: {execution_time} seconds") 37 | print("*" * 50) 38 | 39 | 40 | # print(f"# NEW DATA:\n\n\n{DATA}") 41 | 42 | with open("redacted-output.txt", "w") as f: 43 | f.write(DATA) 44 | -------------------------------------------------------------------------------- /scripts/regexexplpit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | <"$1" regexploit 4 | -------------------------------------------------------------------------------- /scripts/safe-regex-check.js: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | var safe = require('safe-regex'); 3 | const fs = require('fs'); 4 | 5 | var argv = process.argv.slice(2); 6 | 7 | if (argv.length < 1) { 8 | console.log("\nUsage:\n\tsafe-regex-check.js [regex-db.yml]") 9 | process.exit(1) 10 | } 11 | 12 | var data = fs.readFileSync(argv[0], 13 | {encoding:'utf8', flag:'r'}).split("\n"); 14 | 15 | 16 | data.forEach(element => { 17 | if (safe(element) == false) { 18 | console.log(element) 19 | } 20 | }); 21 | -------------------------------------------------------------------------------- /scripts/sort-fields.py: -------------------------------------------------------------------------------- 1 | import yaml, sys 2 | 3 | with open(sys.argv[1], "r") as f: 4 | data = f.read() 5 | data = yaml.safe_load(data) 6 | 7 | new_data = [] 8 | 9 | output = [] 10 | for i in data["fields"]: 11 | i = i.lower() 12 | if " " in i: 13 | output.append(i.replace(" ", "-")) 14 | output.append(i.replace(" ", "_")) 15 | output.append(i.replace(" ", "")) 16 | if "-" in i: 17 | output.append(i.replace("-", " ")) 18 | output.append(i.replace("-", "_")) 19 | output.append(i.replace("-", "")) 20 | if "_" in i: 21 | output.append(i.replace("_", " ")) 22 | output.append(i.replace("_", "-")) 23 | output.append(i.replace("_", "")) 24 | 25 | if " " in i: 26 | new_data.extend(i.split(" ")) 27 | output.append(i) 28 | 29 | output.extend(new_data) 30 | output = list(set(output)) 31 | 32 | 33 | class MyDumper(yaml.Dumper): 34 | def increase_indent(self, flow=False, indentless=False): 35 | return super(MyDumper, self).increase_indent(flow, False) 36 | 37 | yaml.dump({"fields": output}, sys.stdout, 38 | Dumper=MyDumper, 39 | default_flow_style=False, sort_keys=True) 40 | -------------------------------------------------------------------------------- /scripts/update-findings.py: -------------------------------------------------------------------------------- 1 | # A script to remove invalid Regex and repeated values 2 | import yaml 3 | import sys 4 | import re 5 | 6 | if len(sys.argv) < 2: 7 | print(f"\nUsage:\n\t{sys.argv[0]} [regex-db.yml]") 8 | exit(1) 9 | 10 | with open(sys.argv[1], 'r') as stream: 11 | y = yaml.safe_load(stream) 12 | 13 | 14 | output = [] 15 | all_regexes = [] 16 | all_names = [] 17 | for i in y["patterns"]: 18 | r = i["pattern"]["regex"] 19 | name = i["pattern"]["name"] 20 | try: 21 | re.compile(r) 22 | except re.error: 23 | continue 24 | 25 | # check for duplicated regexes 26 | if r in all_regexes: 27 | # print(f"DUP-REGEX: {r}") 28 | continue 29 | all_regexes.append(r) 30 | 31 | # check for duplicated names 32 | # if name.lower() in all_names: 33 | # print(f"DUP: {name}") 34 | 35 | all_names.append(name.lower()) 36 | 37 | output.append(i) 38 | 39 | 40 | # print regexes 41 | # for a in output: 42 | # print(a["pattern"]["regex"]) 43 | 44 | 45 | # Sort output 46 | output = sorted(output, key=lambda i: i['pattern']['name']) 47 | 48 | 49 | newData = {"patterns": output} 50 | 51 | # Print YAML 52 | # class MyDumper(yaml.Dumper): 53 | # def increase_indent(self, flow=False, indentless=False): 54 | # return super(MyDumper, self).increase_indent(flow, False) 55 | 56 | # yaml.dump(newData, sys.stdout, 57 | # default_flow_style=False, Dumper=MyDumper, sort_keys=False) 58 | 59 | 60 | # Save into JSON export 61 | # a = json.dumps(newData) 62 | # f = open("exported.json", "w") 63 | # f.write(a) 64 | # f.close() 65 | --------------------------------------------------------------------------------