rules: - name: Generic Secret id: kingfisher.generic.1 pattern: | (?xi) secret .{0,20} \b ([0-9a-z]{32,64}) \b min_entropy: 3.3 confidence: low examples: - ' private static String CLIENT_SECRET = "6fb1cff7690db9ac066cadbbde8e3c078efdabcf";' - name: Generic API Key id: kingfisher.generic.2 pattern: | (?xi) (?: api_key | apikey | access_key | accesskey ) (?:.|[\n\r]){0,8}? \b ([0-9a-z][0-9a-z\-._/+]{30,62}[0-9a-z]) \b min_entropy: 3.3 confidence: low examples: - 'API_KEY = "951bc382db9abad29c68634761dd6e19"' - "buildConfigField 'String' , 'API_KEY' , '\"951bc382db9cfee29c68634761dd6e19\"'\tAPI_KEY\t" - name: Generic Username and Password id: kingfisher.generic.3 pattern: | (?xi) (?: username | user) \b (?:.|[\n\r]){0,16}? (?: password | pass ) (?:.|[\n\r]){0,16}? ["'] ([^"']{5,30}) ["'] min_entropy: 3.3 confidence: low examples: - | credential = UsernamePasswordCredential( client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed', username='donjuandemarco', password='1qay@WXS????', tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b') - | hostname = '10.11.12.13' username = 'donjuandemarco@example.com' password = '`123QWERasdf' - | hostname = '10.11.12.13' USERNAME = 'donjuandemarco@example.com' # some comment # some other comment PASS = '`123QWERasdf' - | user = 'abuser' # some comment password = 'abuser123456' # some other comment - | user = 'Aladdin' password = 'open sesame' - name: Generic Username and Password id: kingfisher.generic.4 pattern: | (?xi) (?: username | user) \b (?:.|[\n\r]){0,16}? (?: password | pass ) (?:.|[\n\r]){0,16}? (\S{5,30}) (?: \s | $ ) min_entropy: 3.3 confidence: low examples: - | user = Aladdin password = open_sesame - | user = Aladdin // some comment // some other comment password = open_sesame - ":authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth'," - name: Generic Password id: kingfisher.generic.5 pattern: | (?x)(?i) password \b (?:.|[\n\r]){0,16}? ["'] ([^$<%@.,\s'"(){}&/\#\-][^\s'"(){}/]{4,}) (?# password ) ["'] min_entropy: 3.3 confidence: low categories: [fuzzy, generic, secret] examples: - | password = "super$ecret" - | password="super$ecret" - | String usernamePassword = "application:" + appKey + ":" + appSecret; - | my_password: "super$ecret" - | "password": "super$ecret", - | my_password := "super$ecret" - | password => "super$ecret" - | "ApplicationServicesConnection" : { "ServiceAddress" : "https://services-dev.examples.com", "AdminPassword" : "thisismypassword" } - | private const string DevFolkoosComPfxPassword = "thisismypassword"; - | "password": "YOURPASSWROD" - | create_random_name('sfrp-cli-cert2', 24), 'cluster_name': self.create_random_name('sfrp-cli-', 24), 'vm_password': "Pass123!@#", 'policy_path': os.path.join(TEST_DIR, 'policy.json') }) - name: Weak Password Pattern id: kingfisher.weak_password.1 pattern: | (?xi) \b ( blink\d{3,6} |correcthorsebatterystaple\d{0,6} |letmein\d{1,6} |newpass\d{1,6} |p@ssw0rd\d{0,6} |pa55word\d{0,6} |pass4now\d{0,6} |password\d{1,6} |qwer\d{4,6} |qwerty\d{3,6} |trustno\d{1,6} ) \b min_entropy: 1.0 confidence: low examples: - password123 - blink5678 - letmein42 - p@ssw0rd99 - qwerty456 - name: Generic Username and Password id: kingfisher.generic.8 pattern: | (?xi) (?: db_user | db_USERNAME | db_name) \b (?:.|[\n\r]){0,8}? ["'] ([^"']{5,40}) ["'] (?:.|[\n\r]){0,32}? ( db_password | db_pass \b (?:.|[\n\r]){0,16}? ["'] [^"']{5,40} ) ["'] min_entropy: 3.3 confidence: low examples: - | credential = UsernamePasswordCredential( client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed', username='donjuandemarco', password='1qay@WXS????', tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b') - | hostname = '10.11.12.13' username = 'donjuandemarco@example.com' password = '`123QWERasdf' - | hostname = '10.11.12.13' USERNAME = 'donjuandemarco@example.com' # some comment # some other comment PASS = '`123QWERasdf' - | user = 'abuser' # some comment password = 'abuser123456' # some other comment - | user = 'Aladdin' password = 'open sesame'