kingfisher/crates/kingfisher-rules/data/rules/abuseipdb.yml

rules:
  - name: AbuseIPDB API Key
    id: kingfisher.abuseipdb.1
    pattern: |
      (?xi)
      \b
      abuseipdb
      (?:.|[\n\r]){0,16}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,16}?
      \b
      (
        [A-Za-z0-9]{80}
      )
      \b
    min_entropy: 3.5
    confidence: medium
    pattern_requirements:
      min_digits: 2
    examples:
      - abuseipdb_api_key = "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
      - ABUSEIPDB_KEY=1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
    references:
      - https://docs.abuseipdb.com/#introduction
      - https://www.abuseipdb.com/api
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://api.abuseipdb.com/api/v2/check?ipAddress=127.0.0.1
          headers:
            Key: "{{ TOKEN }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid