forked from mirrors/kingfisher
196 lines
No EOL
5.2 KiB
YAML
196 lines
No EOL
5.2 KiB
YAML
rules:
|
|
- name: Generic Secret
|
|
id: kingfisher.generic.1
|
|
pattern: |
|
|
(?xi)
|
|
secret
|
|
.{0,20}
|
|
\b
|
|
([0-9a-z]{32,64})
|
|
\b
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- ' private static String CLIENT_SECRET = "6fb1cff7690db9ac066cadbbde8e3c078efdabcf";'
|
|
- name: Generic API Key
|
|
id: kingfisher.generic.2
|
|
pattern: |
|
|
(?xi)
|
|
(?: api_key | apikey | access_key | accesskey )
|
|
(?:.|[\n\r]){0,8}?
|
|
\b
|
|
([0-9a-z][0-9a-z\-._/+]{30,62}[0-9a-z])
|
|
\b
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- 'API_KEY = "951bc382db9abad29c68634761dd6e19"'
|
|
- "buildConfigField 'String' , 'API_KEY' , '\"951bc382db9cfee29c68634761dd6e19\"'\tAPI_KEY\t"
|
|
- name: Generic Username and Password
|
|
id: kingfisher.generic.3
|
|
pattern: |
|
|
(?xi)
|
|
(?: username | user)
|
|
\b
|
|
(?:.|[\n\r]){0,16}?
|
|
(?: password | pass )
|
|
(?:.|[\n\r]){0,16}?
|
|
["'] ([^"']{5,30}) ["']
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
credential = UsernamePasswordCredential(
|
|
client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed',
|
|
username='donjuandemarco',
|
|
password='1qay@WXS????',
|
|
tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b')
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
username = 'donjuandemarco@example.com'
|
|
password = '`123QWERasdf'
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
USERNAME = 'donjuandemarco@example.com'
|
|
# some comment
|
|
# some other comment
|
|
PASS = '`123QWERasdf'
|
|
- |
|
|
user = 'abuser' # some comment
|
|
password = 'abuser123456' # some other comment
|
|
- |
|
|
user = 'Aladdin'
|
|
password = 'open sesame'
|
|
- name: Generic Username and Password
|
|
id: kingfisher.generic.4
|
|
pattern: |
|
|
(?xi)
|
|
(?: username | user)
|
|
\b
|
|
(?:.|[\n\r]){0,16}?
|
|
(?: password | pass )
|
|
(?:.|[\n\r]){0,16}?
|
|
(\S{5,30})
|
|
(?: \s | $ )
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
user = Aladdin
|
|
password = open_sesame
|
|
- |
|
|
user = Aladdin
|
|
// some comment
|
|
// some other comment
|
|
password = open_sesame
|
|
- ":authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth',"
|
|
- name: Generic Password
|
|
id: kingfisher.generic.5
|
|
pattern: |
|
|
(?x)(?i)
|
|
password
|
|
\b
|
|
(?:.|[\n\r]){0,16}?
|
|
["']
|
|
([^$<%@.,\s'"(){}&/\#\-][^\s'"(){}/]{4,}) (?# password )
|
|
["']
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
categories: [fuzzy, generic, secret]
|
|
examples:
|
|
- |
|
|
password = "super$ecret"
|
|
- |
|
|
password="super$ecret"
|
|
- |
|
|
String usernamePassword = "application:" + appKey + ":" + appSecret;
|
|
- |
|
|
my_password: "super$ecret"
|
|
- |
|
|
"password": "super$ecret",
|
|
- |
|
|
my_password := "super$ecret"
|
|
- |
|
|
password => "super$ecret"
|
|
- |
|
|
"ApplicationServicesConnection" : {
|
|
"ServiceAddress" : "https://services-dev.examples.com",
|
|
"AdminPassword" : "thisismypassword"
|
|
}
|
|
- |
|
|
private const string DevFolkoosComPfxPassword = "thisismypassword";
|
|
- |
|
|
"password": "YOURPASSWROD"
|
|
- |
|
|
create_random_name('sfrp-cli-cert2', 24),
|
|
'cluster_name': self.create_random_name('sfrp-cli-', 24),
|
|
'vm_password': "Pass123!@#",
|
|
'policy_path': os.path.join(TEST_DIR, 'policy.json')
|
|
})
|
|
- name: Weak Password Pattern
|
|
id: kingfisher.weak_password.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(
|
|
blink\d{3,6}
|
|
|correcthorsebatterystaple\d{0,6}
|
|
|letmein\d{1,6}
|
|
|newpass\d{1,6}
|
|
|p@ssw0rd\d{0,6}
|
|
|pa55word\d{0,6}
|
|
|pass4now\d{0,6}
|
|
|password\d{1,6}
|
|
|qwer\d{4,6}
|
|
|qwerty\d{3,6}
|
|
|trustno\d{1,6}
|
|
)
|
|
\b
|
|
min_entropy: 1.0
|
|
confidence: low
|
|
examples:
|
|
- password123
|
|
- blink5678
|
|
- letmein42
|
|
- p@ssw0rd99
|
|
- qwerty456
|
|
- name: Generic Username and Password
|
|
id: kingfisher.generic.8
|
|
pattern: |
|
|
(?xi)
|
|
(?: db_user | db_USERNAME | db_name)
|
|
\b
|
|
(?:.|[\n\r]){0,8}?
|
|
["'] ([^"']{5,40}) ["']
|
|
(?:.|[\n\r]){0,32}?
|
|
(
|
|
db_password | db_pass
|
|
\b
|
|
(?:.|[\n\r]){0,16}?
|
|
["'] [^"']{5,40}
|
|
) ["']
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
credential = UsernamePasswordCredential(
|
|
client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed',
|
|
username='donjuandemarco',
|
|
password='1qay@WXS????',
|
|
tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b')
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
username = 'donjuandemarco@example.com'
|
|
password = '`123QWERasdf'
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
USERNAME = 'donjuandemarco@example.com'
|
|
# some comment
|
|
# some other comment
|
|
PASS = '`123QWERasdf'
|
|
- |
|
|
user = 'abuser' # some comment
|
|
password = 'abuser123456' # some other comment
|
|
- |
|
|
user = 'Aladdin'
|
|
password = 'open sesame' |