kingfisher/data/rules/generic.yml

rules:
  - name: Generic Secret
    id: kingfisher.generic.1
    pattern: |
      (?xi)
      secret
      .{0,20}
      \b
      ([0-9a-z]{32,64})
      \b
    min_entropy: 3.3
    confidence: low
    examples:
      - '    private static String CLIENT_SECRET = "6fb1cff7690db9ac066cadbbde8e3c078efdabcf";'
  - name: Generic API Key
    id: kingfisher.generic.2
    pattern: |
      (?xi)
      (?: api_key | apikey | access_key | accesskey )
      (?:.|[\n\r]){0,8}?
      \b
      ([0-9a-z][0-9a-z\-._/+]{30,62}[0-9a-z])
      \b
    min_entropy: 3.3
    confidence: low
    examples:
      - 'API_KEY = "951bc382db9abad29c68634761dd6e19"'
      - "buildConfigField 'String' , 'API_KEY' , '\"951bc382db9cfee29c68634761dd6e19\"'\tAPI_KEY\t"
  - name: Generic Username and Password
    id: kingfisher.generic.3
    pattern: |
      (?xi)
      (?: username | user)
      \b
      (?:.|[\n\r]){0,16}?
      (?: password | pass )
      (?:.|[\n\r]){0,16}?
      ["'] ([^"']{5,30}) ["']
    min_entropy: 3.3
    confidence: low
    examples:
      - |
        credential = UsernamePasswordCredential(
            client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed',
            username='donjuandemarco',
            password='1qay@WXS????',
            tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b')
      - |
        hostname = '10.11.12.13'
        username = 'donjuandemarco@example.com'
        password = '`123QWERasdf'
      - |
        hostname = '10.11.12.13'
        USERNAME = 'donjuandemarco@example.com'
        # some comment
        # some other comment
        PASS = '`123QWERasdf'
      - |
        user = 'abuser'  # some comment
        password = 'abuser123456'  # some other comment
      - |
        user = 'Aladdin'
        password = 'open sesame'
  - name: Generic Username and Password
    id: kingfisher.generic.4
    pattern: |
      (?xi)
      (?: username | user)
      \b
      (?:.|[\n\r]){0,16}?
      (?: password | pass )
      (?:.|[\n\r]){0,16}?
      (\S{5,30})
      (?: \s | $ )
    min_entropy: 3.3
    confidence: low
    examples:
      - |
        user = Aladdin
        password = open_sesame
      - |
        user = Aladdin
        // some comment
        // some other comment
        password = open_sesame
      - ":authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth',"
  - name: Generic Password
    id: kingfisher.generic.5
    pattern: |
      (?xi)
      password
      \b
      (?:.|[\n\r]){0,16}?
      ["']
      ([^$<%@.,\s'"(){}&/\#\-][^\s'"(){}/]{4,})  (?# password )
      ["']
    min_entropy: 3.3
    confidence: low
    examples:
      - |
        password = "super$ecret"
      - |
        password="super$ecret"
      - |
        String usernamePassword = "application:" + appKey + ":" + appSecret;
      - |
        my_password: "super$ecret"
      - |
        "password": "super$ecret",
      - |
        my_password := "super$ecret"
      - |
        password   =>   "super$ecret"
      - |
        "ApplicationServicesConnection" : {
            "ServiceAddress" : "https://services-dev.examples.com",
            "AdminPassword" : "thisismypassword"
        }
      - |
        private const string DevFolkoosComPfxPassword = "thisismypassword";
      - |
        "password": "YOURPASSWROD"
      - |
        create_random_name('sfrp-cli-cert2', 24),
                    'cluster_name': self.create_random_name('sfrp-cli-', 24),
                    'vm_password': "Pass123!@#",
                    'policy_path': os.path.join(TEST_DIR, 'policy.json')
                })
  - name: Weak Password Pattern
    id: kingfisher.weak_password.1
    pattern: |
      (?xi)
      \b
      (
        blink\d{3,6}
        |correcthorsebatterystaple\d{0,6}
        |letmein\d{1,6}
        |newpass\d{1,6}
        |p@ssw0rd\d{0,6}
        |pa55word\d{0,6}
        |pass4now\d{0,6}
        |password\d{1,6}
        |qwer\d{4,6}
        |qwerty\d{3,6}
        |trustno\d{1,6}
      )
      \b
    min_entropy: 1.0
    confidence: low
    examples:
      - password123
      - blink5678
      - letmein42
      - p@ssw0rd99
      - qwerty456
  - name: Generic Username and Password
    id: kingfisher.generic.8
    pattern: |
      (?xi)
      (?: db_user | db_USERNAME | db_name)
      \b
      (?:.|[\n\r]){0,8}?
      ["'] ([^"']{5,40}) ["']
      (?:.|[\n\r]){0,32}?
      (
        db_password | db_pass
        \b
        (?:.|[\n\r]){0,16}?
        ["'] [^"']{5,40}
      ) ["']
    min_entropy: 3.3
    confidence: low
    examples:
      - |
        credential = UsernamePasswordCredential(
            client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed',
            username='donjuandemarco',
            password='1qay@WXS????',
            tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b')
      - |
        hostname = '10.11.12.13'
        username = 'donjuandemarco@example.com'
        password = '`123QWERasdf'
      - |
        hostname = '10.11.12.13'
        USERNAME = 'donjuandemarco@example.com'
        # some comment
        # some other comment
        PASS = '`123QWERasdf'
      - |
        user = 'abuser'  # some comment
        password = 'abuser123456'  # some other comment
      - |
        user = 'Aladdin'
        password = 'open sesame'