Add ScraperAPI key detection rule

Adds a new rule to detect ScraperAPI keys with: - Pattern matching for 32-character alphanumeric keys - Live validation against ScraperAPI endpoint - Medium confidence with entropy check (min 3.5) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-07 13:38:53 +05:30 · 2026-01-07 13:38:53 +05:30 · 98d009deae
commit 98d009deae
parent f164122349
1 changed files with 35 additions and 0 deletions
--- a/data/rules/scraperapi.yml
+++ b/data/rules/scraperapi.yml
@ -0,0 +1,35 @@
+rules:
+  - name: ScraperAPI Key
+    id: kingfisher.scraperapi.1
+    pattern: |
+      (?xi)
+      \b(?:scraper(?:\s|[_-])?api|scraperapi)
+      (?:.|[\n\r]){0,32}?
+      (?:key|token|api[_-]?key)
+      (?:.|[\n\r]){0,16}?
+      ([a-z0-9]{32})
+      \b
+    pattern_requirements:
+      min_digits: 2
+      min_lowercase: 10
+    min_entropy: 3.5
+    confidence: medium
+    examples:
+      - 'SCRAPERAPI_KEY=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'
+      - 'scraper_api_token: "9f8e7d6c5b4a3029182736455463728a"'
+    references:
+      - https://www.scraperapi.com/documentation/
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: "https://api.scraperapi.com?api_key={{ TOKEN }}&url=http://httpbin.org/ip"
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: JsonValid
+            - type: WordMatch
+              words:
+                - '"origin"'