1- name: API
2 severity: medium
3 type: keyword
4 values:
5 - api
6 filter_type: GeneralKeyword
7 use_ml: true
8 validations: []
9 required_substrings:
10 - api
11
12- name: AWS Client ID
13 severity: high
14 type: pattern
15 values:
16 - (?P<value>(ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16})
17 filter_type: GeneralPattern
18 use_ml: true
19 validations: []
20 required_substrings:
21 - A
22 min_line_len: 20
23
24- name: AWS Multi
25 severity: high
26 type: pattern
27 values:
28 - (?P<value>(AKIA|ASIA)[0-9A-Z]{16})
29 - (?P<value>[0-9a-zA-Z/+]{40})
30 filter_type: GeneralPattern
31 use_ml: true
32 validations: []
33 required_substrings:
34 - AKIA
35 - ASIA
36 min_line_len: 20
37
38- name: AWS MWS Key
39 severity: high
40 type: pattern
41 values:
42 - (?P<value>amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
43 filter_type: GeneralPattern
44 use_ml: true
45 validations: []
46 required_substrings:
47 - amzn
48 min_line_len: 30
49
50- name: Credential
51 severity: medium
52 type: keyword
53 values:
54 - credential
55 filter_type: GeneralKeyword
56 use_ml: true
57 validations: []
58 required_substrings:
59 - credential
60
61- name: Dynatrace API Token
62 severity: high
63 type: pattern
64 values:
65 - (?P<value>dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})
66 filter_type: GeneralPattern
67 use_ml: true
68 validations: []
69 required_substrings:
70 - dt0
71 min_line_len: 90
72
73- name: Facebook Access Token
74 severity: high
75 type: pattern
76 values:
77 - (?P<value>EAACEdEose0cBA[0-9A-Za-z]+)
78 filter_type: GeneralPattern
79 use_ml: true
80 validations: []
81 required_substrings:
82 - EAACEdEose0cBA
83 min_line_len: 15
84
85- name: Github Old Token
86 severity: high
87 type: pattern
88 values:
89 - (?i)((git)[\w\-]*(token|key|api)[\w\-]*(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[a-z|\d]{40})(["']?))
90 filter_type: GeneralPattern
91 use_ml: true
92 validations:
93 - GithubTokenValidation
94 required_substrings:
95 - git
96 min_line_len: 47
97
98- name: Google API Key
99 severity: high
100 type: pattern
101 values:
102 - (?P<value>AIza[0-9A-Za-z\-_]{35})
103 filter_type: GeneralPattern
104 use_ml: true
105 validations:
106 - GoogleApiKeyValidation
107 required_substrings:
108 - AIza
109 min_line_len: 39
110
111- name: Google Multi
112 severity: high
113 type: pattern
114 values:
115 - (?P<value>[0-9]+\-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com)
116 - (?<![0-9a-zA-Z_-])(?P<value>[0-9a-zA-Z_-]{24})(?![0-9a-zA-Z_-])
117 filter_type: GeneralPattern
118 use_ml: true
119 validations: []
120 required_substrings:
121 - googleusercontent
122 min_line_len: 40
123
124- name: Google OAuth Access Token
125 severity: high
126 type: pattern
127 values:
128 - (?P<value>ya29\.[0-9A-Za-z\-_]+)
129 filter_type: GeneralPattern
130 use_ml: true
131 validations: []
132 required_substrings:
133 - ya29.
134 min_line_len: 6
135
136- name: Heroku API Key
137 severity: high
138 type: pattern
139 values:
140 - (?P<value>(?i)heroku(.{0,20})?[0-9a-f]{8}(-[0-9a-f]{4})+-[0-9a-f]{12})
141 filter_type: GeneralPattern
142 use_ml: true
143 validations: []
144 required_substrings:
145 - heroku
146 min_line_len: 24
147
148- name: Instagram Access Token
149 severity: high
150 type: pattern
151 values:
152 - (?P<value>IGQVJ[\w]{100,})
153 filter_type: GeneralPattern
154 use_ml: true
155 validations: []
156 required_substrings:
157 - IGQVJ
158 min_line_len: 105
159
160- name: JSON Web Token
161 severity: medium
162 type: pattern
163 values:
164 - (?P<value>eyJ[A-Za-z0-9-_=]+\.eyJ[A-Za-z0-9-_=]+(\.[A-Za-z0-9-_.+\/=]+)?)
165 filter_type: GeneralPattern
166 use_ml: true
167 validations: []
168 required_substrings:
169 - .eyJ
170 min_line_len: 9
171
172- name: MailChimp API Key
173 severity: high
174 type: pattern
175 values:
176 - (?P<value>[0-9a-f]{32}-us[0-9]{1,2})
177 filter_type: GeneralPattern
178 use_ml: true
179 validations:
180 - MailChimpKeyValidation
181 required_substrings:
182 - -us
183 min_line_len: 35
184
185- name: MailGun API Key
186 severity: high
187 type: pattern
188 values:
189 - (?P<value>key-[0-9a-zA-Z]{32})
190 filter_type: GeneralPattern
191 use_ml: true
192 validations: []
193 required_substrings:
194 - key-
195 min_line_len: 36
196
197- name: Password
198 severity: medium
199 type: keyword
200 values:
201 - pass|pwd
202 filter_type: PasswordKeyword
203 use_ml: true
204 validations: []
205 required_substrings:
206 - pass
207 - pwd
208
209- name: PayPal Braintree Access Token
210 severity: high
211 type: pattern
212 values:
213 - (?P<value>access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32})
214 filter_type: GeneralPattern
215 use_ml: true
216 validations: []
217 required_substrings:
218 - access_token
219 min_line_len: 72
220
221- name: PEM Certificate
222 severity: high
223 type: pem_key
224 values:
225 - (?P<value>-----BEGIN\s(?!ENCRYPTED|EC).*PRIVATE)
226 filter_type: PEMPattern
227 use_ml: false
228 validations: []
229
230- name: Picatic API Key
231 severity: high
232 type: pattern
233 values:
234 - (?P<value>sk_live_[0-9a-z]{32})
235 filter_type: GeneralPattern
236 use_ml: true
237 validations: []
238 required_substrings:
239 - sk_live_
240 min_line_len: 40
241
242- name: Secret
243 severity: medium
244 type: keyword
245 values:
246 - secret
247 filter_type: GeneralKeyword
248 use_ml: true
249 validations: []
250 required_substrings:
251 - secret
252
253- name: SendGrid API Key
254 severity: high
255 type: pattern
256 values:
257 - (?P<value>SG\.[\w_]{16,32}\.[\w_]{16,64})
258 filter_type: GeneralPattern
259 use_ml: true
260 validations: []
261 required_substrings:
262 - SG.
263 min_line_len: 34
264
265- name: Shopify Token
266 severity: high
267 type: pattern
268 values:
269 - (?P<value>(shpat|shpca|shppa|shpss)_[a-fA-F0-9]{32})
270 filter_type: GeneralPattern
271 use_ml: true
272 validations: []
273 required_substrings:
274 - shp
275 min_line_len: 38
276
277- name: Slack Token
278 severity: high
279 type: pattern
280 values:
281 - (?P<value>xox[a|b|p|r|o|s]\-[-a-zA-Z0-9]{10,250})
282 filter_type: GeneralPattern
283 use_ml: true
284 validations:
285 - SlackTokenValidation
286 required_substrings:
287 - xox
288 min_line_len: 15
289
290- name: Slack Webhook
291 severity: high
292 type: pattern
293 values:
294 - (?P<value>hooks\.slack\.com/services/T\w{8}/B\w{8}/\w{24})
295 filter_type: GeneralPattern
296 use_ml: true
297 validations: []
298 required_substrings:
299 - slack
300 min_line_len: 61
301
302- name: Stripe Standard API Key
303 severity: high
304 type: pattern
305 values:
306 - (?P<value>sk_live_[0-9a-zA-Z]{24})
307 filter_type: GeneralPattern
308 use_ml: true
309 validations:
310 - StripeApiKeyValidation
311 required_substrings:
312 - sk_live_
313 min_line_len: 32
314
315- name: Stripe Restricted API Key
316 severity: high
317 type: pattern
318 values:
319 - (?P<value>rk_live_[0-9a-zA-Z]{24})
320 filter_type: GeneralPattern
321 use_ml: true
322 validations: []
323 required_substrings:
324 - rk_live_
325 min_line_len: 32
326
327- name: Square Access Token
328 severity: high
329 type: pattern
330 values:
331 - (?P<value>EAAA[0-9A-Za-z\-_]{60})
332 filter_type: GeneralPattern
333 use_ml: true
334 validations:
335 - SquareAccessTokenValidation
336 required_substrings:
337 - EAAA
338 min_line_len: 64
339
340- name: Square Client ID
341 severity: medium
342 type: pattern
343 values:
344 - (?P<value>sq0[a-z]{3}-[0-9A-Za-z\-_]{22})
345 filter_type: GeneralPattern
346 use_ml: true
347 validations:
348 - SquareClientIdValidation
349 required_substrings:
350 - sq0
351 min_line_len: 29
352
353- name: Square OAuth Secret
354 severity: high
355 type: pattern
356 values:
357 - (?P<value>sq0csp-[0-9A-Za-z\-_]{43})
358 filter_type: GeneralPattern
359 use_ml: true
360 validations: []
361 required_substrings:
362 - sq0csp
363 min_line_len: 50
364
365- name: Token
366 severity: medium
367 type: keyword
368 values:
369 - token
370 filter_type: GeneralKeyword
371 use_ml: true
372 validations: []
373 required_substrings:
374 - token
375
376- name: Twilio API Key
377 severity: high
378 type: pattern
379 values:
380 - (?P<value>SK[0-9a-fA-F]{32})
381 filter_type: GeneralPattern
382 use_ml: true
383 validations: []
384 required_substrings:
385 - SK
386 min_line_len: 34
387
388- name: URL Credentials
389 severity: high
390 type: pattern
391 values:
392 - //[^:]+(?P<separator>:)(?P<value>[^@]+)@
393 filter_type: UrlCredentialsGroup
394 use_ml: true
395 validations: []
396 required_substrings:
397 - //
398 min_line_len: 6
399
400- name: Auth
401 severity: medium
402 type: keyword
403 values:
404 - auth(?!or)
405 filter_type: GeneralKeyword
406 use_ml: true
407 validations: []
408 required_substrings:
409 - auth
410
411- name: Key
412 severity: medium
413 type: keyword
414 values:
415 - key(?!word)
416 filter_type: GeneralKeyword
417 use_ml: true
418 validations: []
419 required_substrings:
420 - key
421
422- name: Telegram Bot API Token
423 severity: high
424 type: pattern
425 values:
426 - (?P<value>[0-9]{10}:AA[\w\\-_-]{33})
427 filter_type: GeneralPattern
428 use_ml: false
429 validations: []
430 required_substrings:
431 - :AA
432 min_line_len: 45
433
434- name: PyPi API Token
435 severity: high
436 type: pattern
437 values:
438 - (?P<value>pypi-[\w_\-]{150,})
439 filter_type: GeneralPattern
440 use_ml: false
441 validations: []
442 required_substrings:
443 - pypi
444 min_line_len: 155
445
446- name: Github Token
447 severity: high
448 type: pattern
449 values:
450 - (?P<value>(ghr|gho|ghu|ghs)_[\w]{36,255})
451 filter_type: GeneralPattern
452 use_ml: false
453 validations: []
454 required_substrings:
455 - gh
456 min_line_len: 40
457
458- name: Github Personal Access Token
459 severity: high
460 type: pattern
461 values:
462 - (?P<value>ghp_[\w]{36,255})
463 filter_type: GeneralPattern
464 use_ml: false
465 validations:
466 - GithubTokenValidation
467 required_substrings:
468 - ghp_
469 min_line_len: 40
470
471- name: Firebase Domain
472 severity: info
473 type: pattern
474 values:
475 - (?P<value>[a-z0-9.-]+\.firebaseio\.com|[a-z0-9.-]+\.firebaseapp\.com)
476 filter_type: GeneralPattern
477 use_ml: false
478 validations: []
479 required_substrings:
480 - firebase
481 min_line_len: 16
482
483- name: AWS S3 Bucket
484 severity: info
485 type: pattern
486 values:
487 - (?P<value>[a-z0-9.-]+\.s3\.amazonaws\.com|[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn))
488 filter_type: GeneralPattern
489 use_ml: false
490 validations: []
491 required_substrings:
492 - s3-website
493 - amazonaws
494 min_line_len: 14
495
496- name: Nonce
497 severity: medium
498 type: keyword
499 values:
500 - nonce
501 filter_type: GeneralKeyword
502 use_ml: true
503 validations: []
504 required_substrings:
505 - nonce
506
507- name: Salt
508 severity: medium
509 type: keyword
510 values:
511 - salt
512 filter_type: GeneralKeyword
513 use_ml: true
514 validations: []
515 required_substrings:
516 - salt
517
518- name: Certificate
519 severity: medium
520 type: keyword
521 values:
522 - cert
523 filter_type: GeneralKeyword
524 use_ml: true
525 validations: []
526 required_substrings:
527 - cert