forked from mirrors/kingfisher
42 lines
1.2 KiB
YAML
42 lines
1.2 KiB
YAML
rules:
|
|
- name: VirusTotal API Key
|
|
id: kingfisher.virustotal.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
virustotal
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:api[_-]?key|x[_-]?apikey|key)
|
|
(?:.|[\n\r]){0,16}?
|
|
\b
|
|
(
|
|
[A-Za-z0-9]{64}
|
|
)
|
|
\b
|
|
min_entropy: 3.6
|
|
confidence: medium
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
examples:
|
|
- VIRUSTOTAL_API_KEY=abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890
|
|
- virustotal_x_apikey = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2"
|
|
references:
|
|
- https://docs.virustotal.com/reference/authentication
|
|
- https://docs.virustotal.com/docs/please-give-me-an-api-key
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: https://www.virustotal.com/api/v3/domains/google.com
|
|
headers:
|
|
x-apikey: "{{ TOKEN }}"
|
|
Accept: application/json
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: StatusMatch
|
|
status: [401, 403]
|
|
negative: true
|
|
- type: JsonValid
|