forked from mirrors/kingfisher
36 lines
1,012 B
YAML
36 lines
1,012 B
YAML
rules:
|
|
- name: HTTP Basic Authentication
|
|
id: kingfisher.http.1
|
|
|
|
pattern: |
|
|
(?x)(?i)
|
|
Authorization (?: :\s+ | \s*.{1, 5}\s*) Basic \s+
|
|
( [A-Za-z0-9+/]{6,} ={0,2} )
|
|
(?: [^A-Za-z0-9+/=] | $ )
|
|
confidence: low
|
|
min_entropy: 3.0
|
|
examples:
|
|
- "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="
|
|
|
|
references:
|
|
- https://datatracker.ietf.org/doc/html/rfc7617
|
|
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
|
|
|
|
- name: HTTP Bearer Token
|
|
id: kingfisher.http.2
|
|
pattern: |
|
|
(?x)(?i)
|
|
Authorization (?: :\s+ | \s*.{1, 5}\s*) Bearer \s+
|
|
([a-zA-z0-9._~+/-]{6,} =*)
|
|
(?: [^a-zA-z0-9._~+/=-] | $ )
|
|
confidence: low
|
|
min_entropy: 3.0
|
|
examples:
|
|
- |
|
|
GET /resource HTTP/1.1
|
|
Host: server.example.com
|
|
Authorization: Bearer mF_9.B5f-4.1JqM
|
|
|
|
references:
|
|
- https://datatracker.ietf.org/doc/html/rfc6750
|
|
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication
|