eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

Merge main into development

Browse source 
- Added mercury.yml and neon.yml rules from main
- Merged Docker Hub Organization Access Token rule from main into updated dockerhub.yml
- Resolved file location conflicts due to rules directory restructuring
This commit is contained in:
Mick Grove 2026-01-31 21:57:57 -08:00
commit 181df458ba
10 changed files with 247 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

11
crates/kingfisher-rules/data/rules/age.yml
View file

@ -2,14 +2,13 @@ rules:
- name: Age Recipient (X25519 public key)
id: kingfisher.age.1
pattern: |
(?xi)
(?x)
(
age1[0-9a-z]{58}
age1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{58}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.3
confidence: medium
@ -23,9 +22,9 @@ rules:
- name: Age Identity (X22519 secret key)
id: kingfisher.age.2
pattern: |
(?xi)
(?x)
(
AGE-SECRET-KEY-1[0-9A-Z]{58}
AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}
)
min_entropy: 3.3
confidence: medium
@ -40,4 +39,4 @@ rules:
- https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html
- https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type
categories:
- secret
- secret

6
crates/kingfisher-rules/data/rules/airtable.yml
View file

@ -2,13 +2,13 @@ rules:
- name: Airtable Personal Access Token
id: kingfisher.airtable.1
pattern: |
(?xi)
(?x)
\b
(
pat
[a-z0-9]{14}
[A-Za-z0-9]{14}
\.
[a-z0-9]{64}
[a-f0-9]{64}
)
\b
pattern_requirements:

114
crates/kingfisher-rules/data/rules/asana.yml
View file

@ -43,30 +43,24 @@ rules:
- "asana :'20c2F0d03201af478ca1aBE9515A1A4FEfb'"
- ASANA_PAT = 1234567890abcdef1234567890abcdef12
- name: Asana OAuth / Personal Access Token
- name: Asana OAuth / Personal Access Token (Legacy)
id: kingfisher.asana.3
pattern: |
(?xi)
\b
(?xi)
\b
asana
(?:.|[\n\r]){0,64}?
\b
(
[01]{1,}
\/
[0-9a-f]{16,32}
(?:
:
[a-z0-9]{32,64}
)?
)
\b
(
0/
[a-f0-9]{32}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.5
confidence: medium
examples:
- asana_pat = 1/1248440223456784:d3d7e52e5c4a5d4c9bc424d2d882324d
- asana token = 0/d6f1e29e5b4b4d8c9bb419b2d882154d
categories:
- api
@ -89,4 +83,94 @@ rules:
- 'data:'
- email
- name
url: https://app.asana.com/api/1.0/users/me
url: https://app.asana.com/api/1.0/users/me
- name: Asana OAuth / Personal Access Token (V1)
id: kingfisher.asana.4
pattern: |
(?xi)
\b
asana
(?:.|[\n\r]){0,64}?
\b
(
1/
[0-9]{14,16}
:
[a-f0-9]{32}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.5
confidence: medium
examples:
- asana_pat = 1/1248440223456784:d3d7e52e5c4a5d4c9bc424d2d882324d
categories:
- api
- key
- asana
references:
- https://developers.asana.com/docs/personal-access-token#example
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
method: GET
response_matcher:
- report_response: true
- match_all_words: true
type: WordMatch
words:
- 'data:'
- email
- name
url: https://app.asana.com/api/1.0/users/me
- name: Asana OAuth / Personal Access Token (V2)
id: kingfisher.asana.5
pattern: |
(?xi)
\b
asana
(?:.|[\n\r]){0,64}?
\b
(
2/
[0-9]{16}
/
[0-9]{16}
:
[a-f0-9]{32}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.5
confidence: medium
examples:
- ASANA_TOKEN = "2/1208779539612523/1208824174176866:99d6decca6ce6ef503bf0c5bca554e1a"
categories:
- api
- key
- asana
references:
- https://developers.asana.com/docs/personal-access-token#example
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
method: GET
response_matcher:
- report_response: true
- match_all_words: true
type: WordMatch
words:
- 'data:'
- email
- name
url: https://app.asana.com/api/1.0/users/me

19
crates/kingfisher-rules/data/rules/circleci.yml
View file

@ -2,21 +2,11 @@ rules:
- name: CircleCI API Personal Access Token
id: kingfisher.circleci.1
pattern: |
(?xi)
(?x)
\b
(
CCIPAT_
[a-z0-9]{4}
[a-z]{5}
[a-z0-9]{3}
[0-9]{3}
[a-z]{2}
[A-Z]{2}
[0-9]{1}
[a-z]{1}
[a-z0-9]{1}
[0-9]{1}
[a-z]{1}
[a-zA-Z0-9]{22}
_
[a-z0-9]{40}
)
@ -26,9 +16,8 @@ rules:
min_entropy: 3.5
confidence: medium
examples:
- CircleCI_PAT = "CCIPAT_lZyPAuThWn2G908ssDT0g33e_t7qh0r5hrvsqzmuraqzduq6qco5onxgrtcn7y2z4"
- |
export CIRCLECI_TOKEN=CCIPAT_lZyPAuThWn2G908ssDT0g33e_t7qh0r5hrvsqzmuraqzduq6qco5onxgrtcn7y2z4
export CIRCLECI_TOKEN=CCIPAT_FERZRjTN451xnDCy1y9gWn_79fb6ca4d0e5f833612eee17de397a9dca0a9e9f
references:
- https://circleci.com/docs/api-developers-guide/#using-the-api-securely-wtih-curl
validation:
@ -85,4 +74,4 @@ rules:
- type: WordMatch
words:
- '"vcs_url"'
url: https://circleci.com/api/v1.1/projects
url: https://circleci.com/api/v1.1/projects

2
crates/kingfisher-rules/data/rules/deepseek.yml
View file

@ -2,7 +2,7 @@ rules:
- name: DeepSeek API Key
id: kingfisher.deepseek.1
pattern: |
(?xi)
(?x)
\b
(
sk-[a-f0-9]{32}

8
crates/kingfisher-rules/data/rules/discord.yml
View file

@ -4,11 +4,11 @@ rules:
pattern: |
(?xi)
(
https://discord\.com/api/webhooks/
\d{18}
https://discord(app)?\.com/api/webhooks/
[0-9]{17,20}
)/
(
[0-9a-z_\-]{68}
[0-9a-z_\-]{60,68}
)
\b
pattern_requirements:
@ -73,4 +73,4 @@ rules:
confidence: medium
examples:
- discord = 12345678901234567
- 'bot_id: "123456789012345678"'
- 'bot_id: "123456789012345678"'

32
crates/kingfisher-rules/data/rules/dockerhub.yml
View file

@ -63,3 +63,35 @@ rules:
- docker login --username=myuser
- DOCKER_USERNAME=myuser
- 'docker_user: "myuser"'
- name: Docker Hub Organization Access Token
id: kingfisher.dockerhub.3
pattern: |
(?xi)
\b
(
dckr_oat_[A-Z0-9_-]{32}
)
(?: $ | [^A-Z0-9_-] )
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- docker login -u docker-test -p dckr_oat_7bA9zRt5-JqX3vP0l_MnY8sK2wE-dF6h
references:
- https://docs.docker.com/enterprise/security/access-tokens/
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
Accept: application/json
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://hub.docker.com/v2/access-tokens?page_size=1

67
crates/kingfisher-rules/data/rules/mercury.yml Normal file
View file

@ -0,0 +1,67 @@
rules:
- name: Mercury Production API Token
id: kingfisher.mercury.1
pattern: |
(?x)
\b
(
mercury_production_
[a-z]{3,6}
_
[a-zA-Z0-9]{40,50}
_yrucrem
)
\b
min_entropy: 3.5
confidence: medium
examples:
- Bearer secret-token:mercury_production_wma_24SCp4G81X3yHL4Wq8FgzuaP9ye3VKf2mgTDctXyRg5HY_yrucrem
references:
- https://docs.mercury.com/docs/api-token-security-policies
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
Accept: application/json
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://api.mercury.com/api/v1/accounts
- name: Mercury Non-Production API Token
id: kingfisher.mercury.2
pattern: |
(?x)
\b
(
mercury_sandbox_
[a-z]{3,6}
_
[a-zA-Z0-9]{40,50}
_yrucrem
)
\b
min_entropy: 3.5
confidence: medium
examples:
- Bearer secret-token:mercury_sandbox_rma_24pnbcT7NygLbpJPr4xBuSuBDpo6tK89S8u3ERYn3FXVz_yrucrem
references:
- https://docs.mercury.com/docs/api-token-security-policies
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
Accept: application/json
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://api-sandbox.mercury.com/api/v1/accounts

31
crates/kingfisher-rules/data/rules/neon.yml Normal file
View file

@ -0,0 +1,31 @@
rules:
- name: Neon API Key
id: kingfisher.neon.1
pattern: |
(?x)
\b
(
napi_
[a-zA-Z0-9]{64}
)
\b
min_entropy: 3.5
confidence: high
examples:
- napi_f6n4wv0d0nzglfk64c1bnzrc5ug82tmrmekh8h4hsxeq8zd0p5ii234bdkah71kw
references:
- https://neon.com/docs/manage/api-keys
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
Accept: application/json
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://console.neon.tech/api/v2/auth

2
crates/kingfisher-rules/data/rules/planetscale.yml
View file

@ -5,7 +5,7 @@ rules:
(?xi)
\b
(
pscale_tkn_[a-z0-9-_]{43}
pscale_tkn_[a-z0-9-_]{32,64}
)
\b
pattern_requirements: