diff --git a/crates/kingfisher-rules/data/rules/age.yml b/crates/kingfisher-rules/data/rules/age.yml index e024a63..8267e0f 100644 --- a/crates/kingfisher-rules/data/rules/age.yml +++ b/crates/kingfisher-rules/data/rules/age.yml @@ -2,14 +2,13 @@ rules: - name: Age Recipient (X25519 public key) id: kingfisher.age.1 pattern: | - (?xi) + (?x) ( - age1[0-9a-z]{58} + age1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{58} ) \b pattern_requirements: min_digits: 2 - min_uppercase: 1 min_lowercase: 1 min_entropy: 3.3 confidence: medium @@ -23,9 +22,9 @@ rules: - name: Age Identity (X22519 secret key) id: kingfisher.age.2 pattern: | - (?xi) + (?x) ( - AGE-SECRET-KEY-1[0-9A-Z]{58} + AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58} ) min_entropy: 3.3 confidence: medium @@ -40,4 +39,4 @@ rules: - https://htmlpreview.github.io/?https://github.com/FiloSottile/age/blob/main/doc/age.1.html - https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type categories: - - secret \ No newline at end of file + - secret diff --git a/crates/kingfisher-rules/data/rules/airtable.yml b/crates/kingfisher-rules/data/rules/airtable.yml index c20c68c..3f77c16 100644 --- a/crates/kingfisher-rules/data/rules/airtable.yml +++ b/crates/kingfisher-rules/data/rules/airtable.yml @@ -2,13 +2,13 @@ rules: - name: Airtable Personal Access Token id: kingfisher.airtable.1 pattern: | - (?xi) + (?x) \b ( pat - [a-z0-9]{14} + [A-Za-z0-9]{14} \. - [a-z0-9]{64} + [a-f0-9]{64} ) \b pattern_requirements: diff --git a/crates/kingfisher-rules/data/rules/asana.yml b/crates/kingfisher-rules/data/rules/asana.yml index 2d43c31..64a7fd3 100644 --- a/crates/kingfisher-rules/data/rules/asana.yml +++ b/crates/kingfisher-rules/data/rules/asana.yml @@ -43,30 +43,24 @@ rules: - "asana :'20c2F0d03201af478ca1aBE9515A1A4FEfb'" - ASANA_PAT = 1234567890abcdef1234567890abcdef12 - - name: Asana OAuth / Personal Access Token + - name: Asana OAuth / Personal Access Token (Legacy) id: kingfisher.asana.3 pattern: | - (?xi) - \b + (?xi) + \b asana (?:.|[\n\r]){0,64}? - \b - ( - [01]{1,} - \/ - [0-9a-f]{16,32} - (?: - : - [a-z0-9]{32,64} - )? - ) + \b + ( + 0/ + [a-f0-9]{32} + ) \b pattern_requirements: min_digits: 4 min_entropy: 3.5 confidence: medium examples: - - asana_pat = 1/1248440223456784:d3d7e52e5c4a5d4c9bc424d2d882324d - asana token = 0/d6f1e29e5b4b4d8c9bb419b2d882154d categories: - api @@ -89,4 +83,94 @@ rules: - 'data:' - email - name - url: https://app.asana.com/api/1.0/users/me \ No newline at end of file + url: https://app.asana.com/api/1.0/users/me + + - name: Asana OAuth / Personal Access Token (V1) + id: kingfisher.asana.4 + pattern: | + (?xi) + \b + asana + (?:.|[\n\r]){0,64}? + \b + ( + 1/ + [0-9]{14,16} + : + [a-f0-9]{32} + ) + \b + pattern_requirements: + min_digits: 4 + min_entropy: 3.5 + confidence: medium + examples: + - asana_pat = 1/1248440223456784:d3d7e52e5c4a5d4c9bc424d2d882324d + categories: + - api + - key + - asana + references: + - https://developers.asana.com/docs/personal-access-token#example + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + method: GET + response_matcher: + - report_response: true + - match_all_words: true + type: WordMatch + words: + - 'data:' + - email + - name + url: https://app.asana.com/api/1.0/users/me + + - name: Asana OAuth / Personal Access Token (V2) + id: kingfisher.asana.5 + pattern: | + (?xi) + \b + asana + (?:.|[\n\r]){0,64}? + \b + ( + 2/ + [0-9]{16} + / + [0-9]{16} + : + [a-f0-9]{32} + ) + \b + pattern_requirements: + min_digits: 4 + min_entropy: 3.5 + confidence: medium + examples: + - ASANA_TOKEN = "2/1208779539612523/1208824174176866:99d6decca6ce6ef503bf0c5bca554e1a" + categories: + - api + - key + - asana + references: + - https://developers.asana.com/docs/personal-access-token#example + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + method: GET + response_matcher: + - report_response: true + - match_all_words: true + type: WordMatch + words: + - 'data:' + - email + - name + url: https://app.asana.com/api/1.0/users/me diff --git a/crates/kingfisher-rules/data/rules/circleci.yml b/crates/kingfisher-rules/data/rules/circleci.yml index da20a80..78ef95e 100644 --- a/crates/kingfisher-rules/data/rules/circleci.yml +++ b/crates/kingfisher-rules/data/rules/circleci.yml @@ -2,21 +2,11 @@ rules: - name: CircleCI API Personal Access Token id: kingfisher.circleci.1 pattern: | - (?xi) + (?x) \b ( CCIPAT_ - [a-z0-9]{4} - [a-z]{5} - [a-z0-9]{3} - [0-9]{3} - [a-z]{2} - [A-Z]{2} - [0-9]{1} - [a-z]{1} - [a-z0-9]{1} - [0-9]{1} - [a-z]{1} + [a-zA-Z0-9]{22} _ [a-z0-9]{40} ) @@ -26,9 +16,8 @@ rules: min_entropy: 3.5 confidence: medium examples: - - CircleCI_PAT = "CCIPAT_lZyPAuThWn2G908ssDT0g33e_t7qh0r5hrvsqzmuraqzduq6qco5onxgrtcn7y2z4" - | - export CIRCLECI_TOKEN=CCIPAT_lZyPAuThWn2G908ssDT0g33e_t7qh0r5hrvsqzmuraqzduq6qco5onxgrtcn7y2z4 + export CIRCLECI_TOKEN=CCIPAT_FERZRjTN451xnDCy1y9gWn_79fb6ca4d0e5f833612eee17de397a9dca0a9e9f references: - https://circleci.com/docs/api-developers-guide/#using-the-api-securely-wtih-curl validation: @@ -85,4 +74,4 @@ rules: - type: WordMatch words: - '"vcs_url"' - url: https://circleci.com/api/v1.1/projects \ No newline at end of file + url: https://circleci.com/api/v1.1/projects diff --git a/crates/kingfisher-rules/data/rules/deepseek.yml b/crates/kingfisher-rules/data/rules/deepseek.yml index 233ae52..fac865e 100644 --- a/crates/kingfisher-rules/data/rules/deepseek.yml +++ b/crates/kingfisher-rules/data/rules/deepseek.yml @@ -2,7 +2,7 @@ rules: - name: DeepSeek API Key id: kingfisher.deepseek.1 pattern: | - (?xi) + (?x) \b ( sk-[a-f0-9]{32} diff --git a/crates/kingfisher-rules/data/rules/discord.yml b/crates/kingfisher-rules/data/rules/discord.yml index f350c29..59df775 100644 --- a/crates/kingfisher-rules/data/rules/discord.yml +++ b/crates/kingfisher-rules/data/rules/discord.yml @@ -4,11 +4,11 @@ rules: pattern: | (?xi) ( - https://discord\.com/api/webhooks/ - \d{18} + https://discord(app)?\.com/api/webhooks/ + [0-9]{17,20} )/ ( - [0-9a-z_\-]{68} + [0-9a-z_\-]{60,68} ) \b pattern_requirements: @@ -73,4 +73,4 @@ rules: confidence: medium examples: - discord = 12345678901234567 - - 'bot_id: "123456789012345678"' \ No newline at end of file + - 'bot_id: "123456789012345678"' diff --git a/crates/kingfisher-rules/data/rules/dockerhub.yml b/crates/kingfisher-rules/data/rules/dockerhub.yml index d8231d7..c99a29a 100644 --- a/crates/kingfisher-rules/data/rules/dockerhub.yml +++ b/crates/kingfisher-rules/data/rules/dockerhub.yml @@ -63,3 +63,35 @@ rules: - docker login --username=myuser - DOCKER_USERNAME=myuser - 'docker_user: "myuser"' + + - name: Docker Hub Organization Access Token + id: kingfisher.dockerhub.3 + pattern: | + (?xi) + \b + ( + dckr_oat_[A-Z0-9_-]{32} + ) + (?: $ | [^A-Z0-9_-] ) + pattern_requirements: + min_digits: 2 + min_entropy: 3.3 + confidence: medium + examples: + - docker login -u docker-test -p dckr_oat_7bA9zRt5-JqX3vP0l_MnY8sK2wE-dF6h + references: + - https://docs.docker.com/enterprise/security/access-tokens/ + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + Accept: application/json + method: GET + response_matcher: + - report_response: true + - status: + - 200 + type: StatusMatch + url: https://hub.docker.com/v2/access-tokens?page_size=1 diff --git a/crates/kingfisher-rules/data/rules/mercury.yml b/crates/kingfisher-rules/data/rules/mercury.yml new file mode 100644 index 0000000..51eaacf --- /dev/null +++ b/crates/kingfisher-rules/data/rules/mercury.yml @@ -0,0 +1,67 @@ +rules: + - name: Mercury Production API Token + id: kingfisher.mercury.1 + pattern: | + (?x) + \b + ( + mercury_production_ + [a-z]{3,6} + _ + [a-zA-Z0-9]{40,50} + _yrucrem + ) + \b + min_entropy: 3.5 + confidence: medium + examples: + - Bearer secret-token:mercury_production_wma_24SCp4G81X3yHL4Wq8FgzuaP9ye3VKf2mgTDctXyRg5HY_yrucrem + references: + - https://docs.mercury.com/docs/api-token-security-policies + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + Accept: application/json + method: GET + response_matcher: + - report_response: true + - status: + - 200 + type: StatusMatch + url: https://api.mercury.com/api/v1/accounts + - name: Mercury Non-Production API Token + id: kingfisher.mercury.2 + pattern: | + (?x) + \b + ( + mercury_sandbox_ + [a-z]{3,6} + _ + [a-zA-Z0-9]{40,50} + _yrucrem + ) + \b + min_entropy: 3.5 + confidence: medium + examples: + - Bearer secret-token:mercury_sandbox_rma_24pnbcT7NygLbpJPr4xBuSuBDpo6tK89S8u3ERYn3FXVz_yrucrem + references: + - https://docs.mercury.com/docs/api-token-security-policies + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + Accept: application/json + method: GET + response_matcher: + - report_response: true + - status: + - 200 + type: StatusMatch + url: https://api-sandbox.mercury.com/api/v1/accounts diff --git a/crates/kingfisher-rules/data/rules/neon.yml b/crates/kingfisher-rules/data/rules/neon.yml new file mode 100644 index 0000000..2c7ee79 --- /dev/null +++ b/crates/kingfisher-rules/data/rules/neon.yml @@ -0,0 +1,31 @@ +rules: + - name: Neon API Key + id: kingfisher.neon.1 + pattern: | + (?x) + \b + ( + napi_ + [a-zA-Z0-9]{64} + ) + \b + min_entropy: 3.5 + confidence: high + examples: + - napi_f6n4wv0d0nzglfk64c1bnzrc5ug82tmrmekh8h4hsxeq8zd0p5ii234bdkah71kw + references: + - https://neon.com/docs/manage/api-keys + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + Accept: application/json + method: GET + response_matcher: + - report_response: true + - status: + - 200 + type: StatusMatch + url: https://console.neon.tech/api/v2/auth diff --git a/crates/kingfisher-rules/data/rules/planetscale.yml b/crates/kingfisher-rules/data/rules/planetscale.yml index 859531b..d37aa89 100644 --- a/crates/kingfisher-rules/data/rules/planetscale.yml +++ b/crates/kingfisher-rules/data/rules/planetscale.yml @@ -5,7 +5,7 @@ rules: (?xi) \b ( - pscale_tkn_[a-z0-9-_]{43} + pscale_tkn_[a-z0-9-_]{32,64} ) \b pattern_requirements: