rules: - name: FileZilla base64 encoded password id: kingfisher.filezilla.1 pattern: ]*\bencoding\s*=\s*"(?:base64|radix64)"[^>]*>\s*([A-Za-z0-9+/]{8,}={0,2})\s* min_entropy: 3.2 confidence: low pattern_requirements: ignore_if_contains: - "ZXhhbXBsZQ==" # "example" (base64) - "cGFzc3dvcmQ=" # "password" (base64) - "Y2hhbmdlbWU=" # "changeme" (base64) examples: - 'VGhpc0lzQVRlc3RQYXNzd29yZA==' - 'NjllNWU5ZWMwZDU0MmU5Y2QwOTY4MWM5YzZhMDdkYWVmNjg3OWE3MDMzM2Q4MWJmCg==' references: - https://forum.filezilla-project.org/viewtopic.php?style=246&t=38820 - https://forum.filezilla-project.org/viewtopic.php?p=133138 - https://forum.filezilla-project.org/viewtopic.php?t=24758 - name: FileZilla stored password (Pass plaintext) id: kingfisher.filezilla.2 pattern: \s*([^<\r\n]{4,128})\s* min_entropy: 2.8 confidence: low pattern_requirements: ignore_if_contains: - example - Example - password - Password - changeme - ChangeMe examples: - "ExamplePas123" - "superS3cret!" references: - https://stackoverflow.com/questions/29790136/filezilla-plain-text-password - https://forum.filezilla-project.org/viewtopic.php?t=24758