forked from mirrors/kingfisher
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
rules:
|
|
- name: WPEngine API Key
|
|
id: kingfisher.wpengine.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(?:
|
|
wpengine(?:[_.-]?api)?[_.-]?(?:key|secret|token)
|
|
|
|
|
wpe(?:[_.-]?api)?[_.-]?(?:key|secret|token)
|
|
)
|
|
\b
|
|
\s* [=:] \s* ["']?
|
|
\b
|
|
(
|
|
[A-Za-z0-9]{24,64}
|
|
)
|
|
\b
|
|
confidence: medium
|
|
min_entropy: 3.5
|
|
examples:
|
|
- "WPE_APIKEY=a3b8f29e4d1c6a0578e23d9f41b6"
|
|
- 'wpengine_api_key: "9f4b2d7e1a3c8056d2e7f1b94a6c3d80"'
|
|
- "export WPENGINE_API_KEY=d4e8f2a7b1c39605d2e7f1b94a6c3d80"
|
|
references:
|
|
- https://wpengineapi.com/
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.wpengine.2
|
|
variable: WPE_ACCOUNT_NAME
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://api.wpengine.com/1.2/?method=site&account_name={{ WPE_ACCOUNT_NAME }}&wpe_apikey={{ TOKEN }}"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
|
|
- name: WPEngine Account Name
|
|
id: kingfisher.wpengine.2
|
|
visible: false
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(?:WPE_ACCOUNT_NAME|WPENGINE_ACCOUNT|wpengine_account_name|wpengine_account|account_name)
|
|
\s* [=:] \s* ["']?
|
|
(
|
|
[a-z0-9][a-z0-9-]+
|
|
)
|
|
["']?
|
|
confidence: medium
|
|
min_entropy: 1.0
|
|
examples:
|
|
- 'WPE_ACCOUNT_NAME=prod-account'
|
|
- 'account_name: "team-site-1"'
|