forked from mirrors/kingfisher
72 lines
No EOL
1.9 KiB
YAML
72 lines
No EOL
1.9 KiB
YAML
rules:
|
|
- name: Flickr API Key
|
|
id: kingfisher.flickr.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
flickr
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)?
|
|
(?:.|[\n\r]){0,32}?
|
|
\b
|
|
(
|
|
[a-f0-9]{32}
|
|
)
|
|
\b
|
|
confidence: medium
|
|
min_entropy: 3.0
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://www.flickr.com/services/rest/?method=flickr.test.login&api_key={{TOKEN}}&format=json&nojsoncallback=1"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
words:
|
|
- '"Invalid API Key"'
|
|
negative: true
|
|
references:
|
|
- https://www.flickr.com/services/api/
|
|
- https://www.flickr.com/services/api/flickr.test.login.html
|
|
examples:
|
|
- "flickr_api_key: d6953dc63a9498593bfdb4287ed2293c"
|
|
- name: Flickr OAuth Token
|
|
id: kingfisher.flickr.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
flickr
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:OAUTH|ACCESS|TOKEN)?
|
|
(?:.|[\n\r]){0,32}?
|
|
\b
|
|
(
|
|
[a-f0-9]{32}
|
|
)
|
|
\b
|
|
confidence: medium
|
|
min_entropy: 3.0
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://www.flickr.com/services/rest/?method=flickr.auth.oauth.checkToken&api_key={{TOKEN}}&oauth_token={{TOKEN}}&format=json&nojsoncallback=1"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
words:
|
|
- '"stat":"ok"'
|
|
- '"oauth":'
|
|
match_all_words: true
|
|
references:
|
|
- https://www.flickr.com/services/api/
|
|
- https://www.flickr.com/services/api/flickr.auth.oauth.checkToken.html
|
|
examples:
|
|
- "flickr_oauth_token: a8c1e1f1d9d34aa5a1bdbd94234bcdef" |