├── README.md ├── anthropic.json ├── asymmetric-keys_secrets.json ├── auth.json ├── aws-keys.json ├── aws-keys_secrets.json ├── aws-s3_secrets.json ├── badwords.json ├── base64.json ├── ccode.json ├── cohere.json ├── cors.json ├── crypto.json ├── debug-pages.json ├── debug_logic.json ├── execs.json ├── facebook-oauth_secrets.json ├── facebook-token_secrets.json ├── firebase.json ├── firebase_secrets.json ├── fw.json ├── gemini.json ├── github_secrets.json ├── go-functions.json ├── google-keys_secrets.json ├── google-oauth_secrets.json ├── google-service-account_secrets.json ├── google-token_secrets.json ├── groq.json ├── heroku-keys_secrets.json ├── http-auth.json ├── idor.json ├── img-traversal.json ├── interestingEXT.json ├── interestingparams.json ├── interestingsubs.json ├── ip.json ├── json-sec.json ├── jsvar.json ├── jwt.json ├── lfi.json ├── mailchimp-keys_secrets.json ├── mailgun-keys_secrets.json ├── meg-headers.json ├── openapi.json ├── parsers.json ├── paypal-token_secrets.json ├── php-curl.json ├── php-errors.json ├── php-serialized.json ├── php-sinks.json ├── php-sources.json ├── picatic-keys_secrets.json ├── rce.json ├── redirect.json ├── s3-buckets.json ├── sec.json ├── secrets.json ├── serial.json ├── servers.json ├── slack-token_secrets.json ├── slack-webhook_secrets.json ├── sqli.json ├── square-keys_secrets.json ├── ssrf.json ├── ssti.json ├── strings.json ├── stripe-keys_secrets.json ├── swearwords.json ├── takeovers.json ├── twilio-keys_secrets.json ├── twitter-oauth_secrets.json ├── twitter-token_secrets.json ├── typos.json ├── upload-fields.json ├── urls.json ├── xml.json └── xss.json /README.md: -------------------------------------------------------------------------------- 1 | # GF Pattern 2 | 3 | gf is a some tools for grep some some value made by [Tomnomnom](https://github.com/tomnomnom) 4 | -------------------------------------------------------------------------------- /anthropic.json: -------------------------------------------------------------------------------- 1 | { "flags": "-HanrE", "pattern": "([^A-Za-z0-9]|^)(sk-ant-[A-Za-z0-9]{30,})" } -------------------------------------------------------------------------------- /asymmetric-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "\\-\\-\\-\\-\\-BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?\\-\\-\\-\\-\\-" 4 | } -------------------------------------------------------------------------------- /auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(privilege|permissions|capability|role|rbac|policy|authorization|auth|claims|access|login|register|registration|logout)" 4 | } 5 | -------------------------------------------------------------------------------- /aws-keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrE", 3 | "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" 4 | } 5 | -------------------------------------------------------------------------------- /aws-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" 4 | } -------------------------------------------------------------------------------- /aws-s3_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", 5 | "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", 6 | "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", 7 | "//s3\\.amazonaws\\.com/[a-z0-9._-]+", 8 | "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" 9 | ] 10 | } -------------------------------------------------------------------------------- /badwords.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(TODO|FIXME|ISSUE|TEMPORARY FIX|TEMPORARY HACK|WORKAROUND|BE CAREFUL|SENSITIVE|LEGACY|RAW|DANGEROUS|INSECURE|UNSAFE)" 4 | } 5 | -------------------------------------------------------------------------------- /base64.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnroE", 3 | "pattern": "([^A-Za-z0-9+/]|^)(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[%a-zA-Z0-9+/]+={0,2}" 4 | } 5 | 6 | 7 | -------------------------------------------------------------------------------- /ccode.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(alloc|free|strcpy|gets|strncpy|strcat|sprintf|scanf)" 4 | } 5 | -------------------------------------------------------------------------------- /cohere.json: -------------------------------------------------------------------------------- 1 | { "flags": "-HanrE", "pattern": "([^A-Za-z0-9]|^)(co-[A-Za-z0-9]{24,})" } -------------------------------------------------------------------------------- /cors.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "Access-Control-Allow" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /crypto.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(aes|rsa|dsa|des|cbc|ecb|hmac|gcm|privatekey|publickey|md5|sha1|sha256|cipher|crypto|encrypt|decrypt|digest)" 4 | } 5 | -------------------------------------------------------------------------------- /debug-pages.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnraiE", 3 | "pattern": "(Application-Trace|Routing Error|DEBUG\"? ?[=:] ?True|Caused by:|stack trace:|Microsoft .NET Framework|Traceback|[0-9]:in `|#!/us|WebApplicationException|java\\.lang\\.|phpinfo|swaggerUi|on line [0-9]|SQLSTATE)" 4 | 5 | } 6 | -------------------------------------------------------------------------------- /debug_logic.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "access=", 6 | "admin=", 7 | "dbg=", 8 | "debug=", 9 | "edit=", 10 | "grant=", 11 | "test=", 12 | "alter=", 13 | "clone=", 14 | "create=", 15 | "delete=", 16 | "disable=", 17 | "enable=", 18 | "exec=", 19 | "execute=", 20 | "load=", 21 | "make=", 22 | "modify=", 23 | "rename=", 24 | "reset=", 25 | "shell=", 26 | "toggle=", 27 | "adm=", 28 | "root=", 29 | "cfg=", 30 | "config=" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /execs.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(eval|run|exec|process|system|popen|spawn|dup2)" 4 | } 5 | -------------------------------------------------------------------------------- /facebook-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "facebook.*['|\"][0-9a-f]{32}['|\"]" 4 | } -------------------------------------------------------------------------------- /facebook-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "EAACEdEose0cBA[0-9A-Za-z]+" 4 | } -------------------------------------------------------------------------------- /firebase.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Hnri", 3 | "pattern": "firebaseio.com" 4 | } 5 | -------------------------------------------------------------------------------- /firebase_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.firebaseio\\.com", 5 | "[a-z0-9.-]+\\.firebaseapp\\.com", 6 | "[a-z0-9.-]+\\.appspot\\.com" 7 | ] 8 | } -------------------------------------------------------------------------------- /fw.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "django", 5 | "laravel", 6 | "symfony", 7 | "graphite", 8 | "grafana", 9 | "X-Drupal-Cache", 10 | "struts", 11 | "code ?igniter", 12 | "cake ?php", 13 | "grails", 14 | "elastic ?search", 15 | "kibana", 16 | "log ?stash", 17 | "tomcat", 18 | "jenkins", 19 | "hudson", 20 | "com.atlassian.jira", 21 | "Apache Subversion", 22 | "Chef Server", 23 | "RabbitMQ Management", 24 | "Mongo", 25 | "Travis CI - Enterprise", 26 | "BMC Remedy", 27 | "artifactory" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /gemini.json: -------------------------------------------------------------------------------- 1 | { "flags": "-HanrE", "pattern": "([^A-Za-z0-9]|^)(AIza[A-Za-z0-9_-]{35})" } -------------------------------------------------------------------------------- /github_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "github.*['|\"][0-9a-zA-Z]{35,40}['|\"]" 4 | } -------------------------------------------------------------------------------- /go-functions.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "func [a-z0-9_]+\\(" 4 | } 5 | -------------------------------------------------------------------------------- /google-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "AIza[0-9A-Za-z\\-\\_]{35}" 4 | } -------------------------------------------------------------------------------- /google-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 4 | } -------------------------------------------------------------------------------- /google-service-account_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "\"type\": \"service_account\"" 4 | } -------------------------------------------------------------------------------- /google-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "ya29\\.[0-9A-Za-z\\-\\_]+" 4 | } -------------------------------------------------------------------------------- /groq.json: -------------------------------------------------------------------------------- 1 | { "flags": "-HanrE", "pattern": "([^A-Za-z0-9]|^)(gsk_[A-Za-z0-9]{32,})" } -------------------------------------------------------------------------------- /heroku-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "heroku.*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}" 4 | } -------------------------------------------------------------------------------- /http-auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hrioaE", 3 | "pattern": "[a-z0-9_/\\.:-]+@[a-z0-9-]+\\.[a-z0-9.-]+" 4 | } 5 | -------------------------------------------------------------------------------- /idor.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "id=", 6 | "user=", 7 | "account=", 8 | "number=", 9 | "order=", 10 | "no=", 11 | "doc=", 12 | "key=", 13 | "email=", 14 | "group=", 15 | "profile=", 16 | "edit=", 17 | "report=" 18 | 19 | ] 20 | } 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /img-traversal.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "=.*.jpg", 6 | "=.*.jpeg", 7 | "=.*.gif", 8 | "=.*.png" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /interestingEXT.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "\\.action", 6 | "\\.adr", 7 | "\\.ascx", 8 | "\\.asmx", 9 | "\\.axd", 10 | "\\.backup", 11 | "\\.bak", 12 | "\\.bkf", 13 | "\\.bkp", 14 | "\\.bok", 15 | "\\.achee", 16 | "\\.cfg", 17 | "\\.cfm", 18 | "\\.cgi", 19 | "\\.cnf", 20 | "\\.conf", 21 | "\\.config", 22 | "\\.crt", 23 | "\\.csr", 24 | "\\.csv", 25 | "\\.dat", 26 | "\\.doc", 27 | "\\.docx", 28 | "\\.eml", 29 | "\\.env", 30 | "\\.exe", 31 | "\\.gz", 32 | "\\.ica", 33 | "\\.inf", 34 | "\\.ini", 35 | "\\.java", 36 | "\\.json", 37 | "\\.key", 38 | "\\.log", 39 | "\\.lst", 40 | "\\.mai", 41 | "\\.mbox", 42 | "\\.mbx", 43 | "\\.md", 44 | "\\.mdb", 45 | "\\.nsf", 46 | "\\.old", 47 | "\\.ora", 48 | "\\.pac", 49 | "\\.passwd", 50 | "\\.pcf", 51 | "\\.pdf", 52 | "\\.pem", 53 | "\\.pgp", 54 | "\\.pl", 55 | " plist", 56 | "\\.pwd", 57 | "\\.rdp", 58 | "\\.reg", 59 | "\\.rtf", 60 | "\\.skr", 61 | "\\.sql", 62 | "\\.swf", 63 | "\\.tpl", 64 | "\\.txt", 65 | "\\.url", 66 | "\\.wml", 67 | "\\.xls", 68 | "\\.xlsx", 69 | "\\.xml", 70 | "\\.xsd", 71 | "\\.yml" 72 | ] 73 | } 74 | -------------------------------------------------------------------------------- /interestingparams.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "flags": "-iE", 4 | "patterns": [ 5 | 6 | "template=", 7 | "preview=", 8 | "id=", 9 | "view=", 10 | "activity=", 11 | "name=", 12 | "content=", 13 | "redirect=", 14 | "(&|[?])access(&|=)", 15 | "(&|[?])admin(&|=)", 16 | "(&|[?])dbg(&|=)", 17 | "(&|[?])debug(&|=)", 18 | "(&|[?])edit(&|=)", 19 | "(&|[?])grant(&|=)", 20 | "(&|[?])test(&|=)", 21 | "(&|[?])alter(&|=)", 22 | "(&|[?])clone(&|=)", 23 | "(&|[?])create(&|=)", 24 | "(&|[?])delete(&|=)", 25 | "(&|[?])disable(&|=)", 26 | "(&|[?])enable(&|=)", 27 | "(&|[?])exec(&|=)", 28 | "(&|[?])execute(&|=)", 29 | "(&|[?])load(&|=)", 30 | "(&|[?])make(&|=)", 31 | "(&|[?])modify(&|=)", 32 | "(&|[?])rename(&|=)", 33 | "(&|[?])reset(&|=)", 34 | "(&|[?])shell(&|=)", 35 | "(&|[?])toggle(&|=)", 36 | "(&|[?])adm(&|=)", 37 | "(&|[?])root(&|=)", 38 | "(&|[?])cfg(&|=)", 39 | "(&|[?])dest(&|=)", 40 | "(&|[?])redirect(&|=)", 41 | "(&|[?])uri(&|=)", 42 | "(&|[?])path(&|=)", 43 | "(&|[?])continue(&|=)", 44 | "(&|[?])url(&|=)", 45 | "(&|[?])window(&|=)", 46 | "(&|[?])next(&|=)", 47 | "(&|[?])data(&|=)", 48 | "(&|[?])reference(&|=)", 49 | "(&|[?])site(&|=)", 50 | "(&|[?])html(&|=)", 51 | "(&|[?])val(&|=)", 52 | "(&|[?])validate(&|=)", 53 | "(&|[?])domain(&|=)", 54 | "(&|[?])callback(&|=)", 55 | "(&|[?])return(&|=)", 56 | "(&|[?])feed(&|=)", 57 | "(&|[?])host(&|=)", 58 | "(&|[?])port(&|=)", 59 | "(&|[?])to(&|=)", 60 | "(&|[?])out(&|=)", 61 | "(&|[?])view(&|=)", 62 | "(&|[?])dir(&|=)", 63 | "(&|[?])show(&|=)", 64 | "(&|[?])navigation(&|=)", 65 | "(&|[?])open(&|=)", 66 | "(&|[?])file(&|=)", 67 | "(&|[?])document(&|=)", 68 | "(&|[?])folder(&|=)", 69 | "(&|[?])pg(&|=)", 70 | "(&|[?])php_path(&|=)", 71 | "(&|[?])style(&|=)", 72 | "(&|[?])doc(&|=)", 73 | "(&|[?])img(&|=)", 74 | "(&|[?])filename(&|=)", 75 | "id=", 76 | "select=", 77 | "report=", 78 | "role=", 79 | "update=", 80 | "query=", 81 | "user=", 82 | "name=", 83 | "sort=", 84 | "where=", 85 | "search=", 86 | "params=", 87 | "process=", 88 | "row=", 89 | "view=", 90 | "table=", 91 | "from=", 92 | "sel=", 93 | "results=", 94 | "sleep=", 95 | "fetch=", 96 | "order=", 97 | "keyword=", 98 | "column=", 99 | "field=", 100 | "delete=", 101 | "string=", 102 | "number=", 103 | "filter=", 104 | "(&|[?])callback=", 105 | "(&|[?])cgi-bin/redirect.cgi", 106 | "(&|[?])checkout=", 107 | "(&|[?])checkout_url=", 108 | "(&|[?])continue=", 109 | "(&|[?])data=", 110 | "(&|[?])dest=", 111 | "(&|[?])destination=", 112 | "(&|[?])dir=", 113 | "(&|[?])domain=", 114 | "(&|[?])feed=", 115 | "(&|[?])file=", 116 | "(&|[?])file_name=", 117 | "(&|[?])file_url=", 118 | "(&|[?])folder=", 119 | "(&|[?])folder_url=", 120 | "(&|[?])forward=", 121 | "(&|[?])from_url=", 122 | "(&|[?])go=", 123 | "(&|[?])goto=", 124 | "(&|[?])host=", 125 | "(&|[?])html=", 126 | "(&|[?])image_url=", 127 | "(&|[?])img_url=", 128 | "(&|[?])load_file=", 129 | "(&|[?])load_url=", 130 | "(&|[?])login_url=", 131 | "(&|[?])logout=", 132 | "(&|[?])navigation=", 133 | "(&|[?])next=", 134 | "(&|[?])next_page=", 135 | "(&|[?])Open=", 136 | "(&|[?])out=", 137 | "(&|[?])page_url=", 138 | "(&|[?])path=", 139 | "(&|[?])port=", 140 | "(&|[?])redir=", 141 | "(&|[?])redirect=", 142 | "(&|[?])redirect_to=", 143 | "(&|[?])redirect_uri=", 144 | "(&|[?])redirect_url=", 145 | "(&|[?])reference=", 146 | "(&|[?])return=", 147 | "(&|[?])return_path=", 148 | "(&|[?])return_to=", 149 | "(&|[?])returnTo=", 150 | "(&|[?])return_url=", 151 | "(&|[?])rt=", 152 | "(&|[?])rurl=", 153 | "(&|[?])show=", 154 | "(&|[?])site=", 155 | "(&|[?])target=", 156 | "(&|[?])to=", 157 | "(&|[?])uri=", 158 | "(&|[?])url=", 159 | "(&|[?])val=", 160 | "(&|[?])validate=", 161 | "(&|[?])view=", 162 | "(&|[?])window=", 163 | "daemon=", 164 | "upload=", 165 | "dir=", 166 | "execute=", 167 | "download=", 168 | "log=", 169 | "ip=", 170 | "cli=", 171 | "cmd=", 172 | "file=", 173 | "document=", 174 | "folder=", 175 | "root=", 176 | "path=", 177 | "pg=", 178 | "style=", 179 | "pdf=", 180 | "template=", 181 | "php_path=", 182 | "doc=", 183 | "page=", 184 | "name=", 185 | "id=", 186 | "user=", 187 | "account=", 188 | "number=", 189 | "order=", 190 | "no=", 191 | "doc=", 192 | "key=", 193 | "email=", 194 | "group=", 195 | "profile=", 196 | "edit=", 197 | "report=", 198 | "access=", 199 | "admin=", 200 | "dbg=", 201 | "debug=", 202 | "edit=", 203 | "grant=", 204 | "test=", 205 | "alter=", 206 | "clone=", 207 | "create=", 208 | "delete=", 209 | "disable=", 210 | "enable=", 211 | "exec=", 212 | "execute=", 213 | "load=", 214 | "make=", 215 | "modify=", 216 | "rename=", 217 | "reset=", 218 | "shell=", 219 | "toggle=", 220 | "adm=", 221 | "root=", 222 | "cfg=", 223 | "config=" 224 | ] 225 | } 226 | 227 | 228 | -------------------------------------------------------------------------------- /interestingsubs.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "admin", 5 | "jenkins", 6 | "test", 7 | "proxy", 8 | "stage", 9 | "test", 10 | "dev", 11 | "devops", 12 | "staff", 13 | "db", 14 | "qa", 15 | "internal" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /ip.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnroE", 3 | "pattern": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" 4 | } 5 | -------------------------------------------------------------------------------- /json-sec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-harioE", 3 | "pattern": "(\\\\?\"|"|%22)[a-z0-9_-]*(api[_-]?key|S3|aws_|secret|passw|auth)[a-z0-9_-]*(\\\\?\"|"|%22): ?(\\\\?\"|"|%22)[^\"&]+(\\\\?\"|"|%22)" 4 | } 5 | -------------------------------------------------------------------------------- /jsvar.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanroE", 3 | "pattern": "var [a-z0-9_]+\\=." 4 | } 5 | -------------------------------------------------------------------------------- /jwt.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(jwt|jks|jwk|jku)" 4 | } 5 | -------------------------------------------------------------------------------- /lfi.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "file=", 6 | "document=", 7 | "folder=", 8 | "root=", 9 | "path=", 10 | "pg=", 11 | "style=", 12 | "pdf=", 13 | "template=", 14 | "php_path=", 15 | "doc=", 16 | "page=", 17 | "name=", 18 | "cat=", 19 | "dir=", 20 | "action=", 21 | "board=", 22 | "date=", 23 | "detail=", 24 | "download=", 25 | "prefix=", 26 | "include=", 27 | "inc=", 28 | "locate=", 29 | "show=", 30 | "site=", 31 | "type=", 32 | "view=", 33 | "content=", 34 | "layout=", 35 | "mod=", 36 | "conf=" 37 | 38 | 39 | ] 40 | } 41 | -------------------------------------------------------------------------------- /mailchimp-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "[0-9a-f]{32}-us[0-9]{1,2}" 4 | } -------------------------------------------------------------------------------- /mailgun-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "key-[0-9a-zA-Z]{32}" 4 | } -------------------------------------------------------------------------------- /meg-headers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hroiE", 3 | "pattern": "^\u003c [a-z0-9_\\-]+: .*" 4 | } 5 | -------------------------------------------------------------------------------- /openapi.json: -------------------------------------------------------------------------------- 1 | { "flags": "-HanrE", "pattern": "([^A-Za-z0-9]|^)(sk-[A-Za-z0-9]{32,})" } 2 | -------------------------------------------------------------------------------- /parsers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(parse|open|request|validate|verify)" 4 | } 5 | -------------------------------------------------------------------------------- /paypal-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 4 | } -------------------------------------------------------------------------------- /php-curl.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnrE", 3 | "pattern": "CURLOPT_(HTTPHEADER|HEADER|COOKIE|RANGE|REFERER|USERAGENT|PROXYHEADER)" 4 | } 5 | -------------------------------------------------------------------------------- /php-errors.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "php warning", 5 | "php error", 6 | "fatal error", 7 | "uncaught exception", 8 | "include_path", 9 | "undefined index", 10 | "undefined variable", 11 | "\\?php", 12 | "<\\?[^x]", 13 | "stack trace\\:", 14 | "expects parameter [0-9]*", 15 | "Debug Trace" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /php-serialized.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnrE", 3 | "patterns": [ 4 | "a:[0-9]+:{", 5 | "O:[0-9]+:\"", 6 | "s:[0-9]+:\"" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /php-sinks.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "[^a-z0-9_](system|exec|popen|pcntl_exec|eval|create_function|unserialize|file_exists|md5_file|filemtime|filesize|assert) ?\\(" 4 | } 5 | -------------------------------------------------------------------------------- /php-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnrE", 3 | "patterns": [ 4 | "\\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)", 5 | "php://(input|stdin)" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /picatic-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "sk_live_[0-9a-z]{32}" 4 | } -------------------------------------------------------------------------------- /rce.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "daemon=", 6 | "upload=", 7 | "dir=", 8 | "download=", 9 | "log=", 10 | "ip=", 11 | "cli=", 12 | "cmd=", 13 | "exec=", 14 | "command=", 15 | "execute=", 16 | "ping=", 17 | "query=", 18 | "jump=", 19 | "code=", 20 | "reg=", 21 | "do=", 22 | "func=", 23 | "arg=", 24 | "option=", 25 | "load=", 26 | "process=", 27 | "step=", 28 | "read=", 29 | "function", 30 | "req=", 31 | "feature=", 32 | "exe=", 33 | "module=", 34 | "payload=", 35 | "run=", 36 | "print=" 37 | ] 38 | } 39 | -------------------------------------------------------------------------------- /redirect.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "(&|[?])callback=", 5 | "(&|[?])cgi-bin/redirect.cgi", 6 | "(&|[?])checkout=", 7 | "(&|[?])checkout_url=", 8 | "(&|[?])continue=", 9 | "(&|[?])data=", 10 | "(&|[?])dest=", 11 | "(&|[?])destination=", 12 | "(&|[?])dir=", 13 | "(&|[?])domain=", 14 | "(&|[?])feed=", 15 | "(&|[?])file=", 16 | "(&|[?])file_name=", 17 | "(&|[?])file_url=", 18 | "(&|[?])folder=", 19 | "(&|[?])folder_url=", 20 | "(&|[?])forward=", 21 | "(&|[?])from_url=", 22 | "(&|[?])go=", 23 | "(&|[?])goto=", 24 | "(&|[?])host=", 25 | "(&|[?])html=", 26 | "(&|[?])image_url=", 27 | "(&|[?])img_url=", 28 | "(&|[?])load_file=", 29 | "(&|[?])load_url=", 30 | "(&|[?])login_url=", 31 | "(&|[?])logout=", 32 | "(&|[?])navigation=", 33 | "(&|[?])next=", 34 | "(&|[?])next_page=", 35 | "(&|[?])Open=", 36 | "(&|[?])out=", 37 | "(&|[?])page_url=", 38 | "(&|[?])path=", 39 | "(&|[?])port=", 40 | "(&|[?])redir=", 41 | "(&|[?])redirect=", 42 | "(&|[?])redirect_to=", 43 | "(&|[?])redirect_uri=", 44 | "(&|[?])redirect_url=", 45 | "(&|[?])reference=", 46 | "(&|[?])return=", 47 | "(&|[?])return_path=", 48 | "(&|[?])return_to=", 49 | "(&|[?])returnTo=", 50 | "(&|[?])return_url=", 51 | "(&|[?])rt=", 52 | "(&|[?])rurl=", 53 | "(&|[?])show=", 54 | "(&|[?])site=", 55 | "(&|[?])target=", 56 | "(&|[?])to=", 57 | "(&|[?])uri=", 58 | "(&|[?])url=", 59 | "(&|[?])val=", 60 | "(&|[?])validate=", 61 | "(&|[?])view=", 62 | "(&|[?])window=" 63 | ] 64 | } 65 | -------------------------------------------------------------------------------- /s3-buckets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hrioaE", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", 5 | "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", 6 | "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", 7 | "//s3\\.amazonaws\\.com/[a-z0-9._-]+", 8 | "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /sec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(aws_access|aws_secret|api[_-]?key|ListBucketResult|S3_ACCESS_KEY|Authorization:|RSA PRIVATE|Index of|aws_|secret|ssh-rsa AA)" 4 | } 5 | -------------------------------------------------------------------------------- /secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(password|private|token|secret|key|authorization|bearer)" 4 | } 5 | -------------------------------------------------------------------------------- /serial.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(pickle|yaml|serialize|marshal|objectinput)" 4 | } 5 | -------------------------------------------------------------------------------- /servers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hri", 3 | "pattern": "server: " 4 | } 5 | -------------------------------------------------------------------------------- /slack-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 4 | } -------------------------------------------------------------------------------- /slack-webhook_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 4 | } -------------------------------------------------------------------------------- /sqli.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "id=", 6 | "select=", 7 | "report=", 8 | "role=", 9 | "update=", 10 | "query=", 11 | "user=", 12 | "name=", 13 | "sort=", 14 | "where=", 15 | "search=", 16 | "params=", 17 | "process=", 18 | "row=", 19 | "view=", 20 | "table=", 21 | "from=", 22 | "sel=", 23 | "results=", 24 | "sleep=", 25 | "fetch=", 26 | "order=", 27 | "keyword=", 28 | "column=", 29 | "field=", 30 | "delete=", 31 | "string=", 32 | "number=", 33 | "filter=" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /square-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "sq0atp-[0-9A-Za-z\\-\\_]{22}", 5 | "rsq0csp-[0-9A-Za-z\\-\\_]{43}" 6 | ] 7 | } -------------------------------------------------------------------------------- /ssrf.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "access", 6 | "admin", 7 | "dbg", 8 | "debug", 9 | "edit", 10 | "grant", 11 | "test", 12 | "alter", 13 | "clone", 14 | "create", 15 | "delete", 16 | "disable", 17 | "enable", 18 | "exec", 19 | "execute", 20 | "load", 21 | "make", 22 | "modify", 23 | "rename", 24 | "reset", 25 | "shell", 26 | "toggle", 27 | "adm", 28 | "root", 29 | "cfg", 30 | "dest", 31 | "redirect", 32 | "uri", 33 | "path", 34 | "continue", 35 | "url", 36 | "window", 37 | "next", 38 | "data", 39 | "reference", 40 | "site", 41 | "html", 42 | "val", 43 | "validate", 44 | "domain", 45 | "callback", 46 | "return", 47 | "page", 48 | "feed", 49 | "host", 50 | "port", 51 | "to", 52 | "out", 53 | "view", 54 | "dir", 55 | "show", 56 | "navigation", 57 | "open", 58 | "file=", 59 | "document=", 60 | "folder=", 61 | "pg=", 62 | "php_path=", 63 | "style=", 64 | "doc=", 65 | "img=", 66 | "filename=" 67 | 68 | ] 69 | } 70 | 71 | 72 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /ssti.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "flags": "-iE", 4 | "patterns": [ 5 | 6 | "template=", 7 | "preview=", 8 | "id=", 9 | "view=", 10 | "activity=", 11 | "name=", 12 | "content=", 13 | "redirect=" 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /strings.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hroiaE", 3 | "patterns": [ 4 | "\"[^\"]+\"", 5 | "'[^']+'" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /stripe-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "sk_live_[0-9a-zA-Z]{24}", 5 | "rk_live_[0-9a-zA-Z]{24}" 6 | ] 7 | } -------------------------------------------------------------------------------- /swearwords.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(fuck|shit|stupid|dumb)" 4 | } 5 | -------------------------------------------------------------------------------- /takeovers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "patterns": [ 4 | "There is no app configured at that hostname", 5 | "NoSuchBucket", 6 | "No Such Account", 7 | "You're Almost There", 8 | "a GitHub Pages site here", 9 | "There's nothing here", 10 | "project not found", 11 | "Your CNAME settings", 12 | "InvalidBucketName", 13 | "PermanentRedirect", 14 | "The specified bucket does not exist", 15 | "Repository not found", 16 | "Sorry, We Couldn't Find That Page", 17 | "The feed has not been found.", 18 | "The thing you were looking for is no longer here, or never was", 19 | "Please renew your subscription", 20 | "There isn't a Github Pages site here.", 21 | "We could not find what you're looking for.", 22 | "No settings were found for this company:", 23 | "No such app", 24 | "is not a registered InCloud YouTrack", 25 | "Unrecognized domain", 26 | "project not found", 27 | "This UserVoice subdomain is currently available!", 28 | "Do you want to register", 29 | "Help Center Closed" 30 | ] 31 | } 32 | 33 | -------------------------------------------------------------------------------- /twilio-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "SK[0-9a-fA-F]{32}" 4 | } -------------------------------------------------------------------------------- /twitter-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "twitter.*['|\"][0-9a-zA-Z]{35,44}['|\"]" 4 | } -------------------------------------------------------------------------------- /twitter-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "twitter.*[1-9][0-9]+-[0-9a-zA-Z]{40}" 4 | } -------------------------------------------------------------------------------- /typos.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(pasword|passsword)" 4 | } 5 | -------------------------------------------------------------------------------- /upload-fields.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnriE", 3 | "pattern": "\u003cinput[^\u003e]+type=[\"']?file[\"']?" 4 | } 5 | -------------------------------------------------------------------------------- /urls.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-oriahE", 3 | "pattern": "https?://[^\"\\'> ]+" 4 | } 5 | -------------------------------------------------------------------------------- /xml.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(xml|xerces|sax|etree|xpath|documentbuilder)" 4 | } 5 | -------------------------------------------------------------------------------- /xss.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "q=", 5 | "s=", 6 | "search=", 7 | "lang=", 8 | "keyword=", 9 | "query=", 10 | "page=", 11 | "keywords=", 12 | "year=", 13 | "view=", 14 | "email=", 15 | "type=", 16 | "name=", 17 | "p=", 18 | "callback=", 19 | "jsonp=", 20 | "api_key=", 21 | "api=", 22 | "password=", 23 | "email=", 24 | "emailto=", 25 | "token=", 26 | "username=", 27 | "csrf_token=", 28 | "unsubscribe_token=", 29 | "id=", 30 | "item=", 31 | "page_id=", 32 | "month=", 33 | "immagine=", 34 | "list_type=", 35 | "url=", 36 | "terms=", 37 | "categoryid=", 38 | "key=", 39 | "l=", 40 | "begindate=", 41 | "enddate=" 42 | 43 | ] 44 | } 45 | --------------------------------------------------------------------------------