diff --git a/data/rules/shopify.yml b/data/rules/shopify.yml new file mode 100644 index 0000000..da340e5 --- /dev/null +++ b/data/rules/shopify.yml @@ -0,0 +1,40 @@ +rules: + - name: Shopify access token + id: kingfisher.shopify.1 + pattern: | + (?xi) + \b + ( + (?:shpat|shpca|shppa|shpss)_[a-f0-9]{30,34} + ) + \b + min_entropy: 3.5 + examples: + - 'shopify_app_secret: "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"' + validation: + type: Http + content: + request: + headers: + X-Shopify-Access-Token: '{{ TOKEN }}' + method: GET + response_matcher: + - report_response: true + - type: StatusMatch + status: + - 200 + - type: WordMatch + match_all_words: true + words: ['"shop":'] + url: https://{{ DOMAIN }}/admin/api/2024-10/shop.json + depends_on_rule: + - rule_id: "kingfisher.shopify.2" + variable: DOMAIN + + - name: Shopify Domain + id: kingfisher.shopify.2 + pattern: (?xi)([a-z0-9-]+\.myshopify\.com) + min_entropy: 3.0 + visible: false + examples: + - example.myshopify.com \ No newline at end of file diff --git a/data/rules/truenas.yml b/data/rules/truenas.yml new file mode 100644 index 0000000..9e0067a --- /dev/null +++ b/data/rules/truenas.yml @@ -0,0 +1,49 @@ +rules: + - name: TrueNAS API Key (WebSocket) + id: kingfisher.truenas.1 + pattern: | + (?x) + "params"\s*:\s*\[\s*" + (\d+-[a-zA-Z0-9]{64}) + "\s*\] + min_entropy: 3.3 + confidence: medium + examples: + - '{"id":"3286a508-a6ca-278a-c078-85b2b515d8d2", "msg":"method", "method":"auth.login_with_api_key", "params":["8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu"]}' + - '{"id":"677d9914-f598-f497-e77e-2a3aadbb822e", "msg":"method", "method":"auth.login_with_api_key", "params" : ["9-hTSZDBPyg0PjRZvWb8omoxJ7X2gAjRGmiPKql9ENGIUP9OPtEAzz5f6g9YIMVbZT"]}' + - '{"id":"2755dad4-cc12-94bb-a894-ba0f85c3fdbf", "msg":"method", "method":"auth.login_with_api_key", "params" : [ "10-6LZBVhNq8zze0rzXJptfSWDBoskWuThnQb3fUVw4sVNgJ7GKT3ITVIovhwPf34oL" ]}' + - | + { + "id": "2755dad4-cc12-94bb-a894-ba0f85c3fdbf", + "msg": "method", + "method": "auth.login_with_api_key", + "params": [ + "10-6LZBVhNq8zze0rzXJptfSWDBoskWuThnQb3fUVw4sVNgJ7GKT3ITVIovhwPf34oL" + ] + } + references: + - https://www.truenas.com/docs/api/core_websocket_api.html + - https://www.truenas.com/docs/api/scale_rest_api.html + - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/ + - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ + - https://www.truenas.com/docs/scale/api/ + - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ + + - name: TrueNAS API Key (REST API) + id: kingfisher.truenas.2 + pattern: | + (?x) + Bearer\s* + (\d+-[a-zA-Z0-9]{64}) + \b + min_entropy: 3.3 + confidence: medium + examples: + - 'curl -X POST "http://192.168.0.30/api/v2.0/device/get_info" -H "Content-Type: application/json" -H "Authorization: Bearer 8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu" -d "\"SERIAL\""' + references: + - https://www.truenas.com/docs/api/core_websocket_api.html + - https://www.truenas.com/docs/api/scale_rest_api.html + - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/ + - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ + - https://www.truenas.com/docs/scale/api/ + - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ \ No newline at end of file