From e170f1f13fff8dfca4e46c556acd035b45ddcee1 Mon Sep 17 00:00:00 2001 From: Joseph Thacker Date: Thu, 28 Aug 2025 09:35:59 -0400 Subject: [PATCH 1/3] feat: Integrate TruffleHog secret detection patterns MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added script to extract regex patterns from TruffleHog detectors - Extracted 166+ secret detection patterns for various services - Integrated patterns into frontend with new "Secrets" category - Enhanced UI with category filters and search functionality - Added visual indicators for different pattern types 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- extract_trufflehog_patterns.py | 137 ++ .../search/patterns/PatternsList.vue | 77 +- packages/frontend/src/stores/patternsStore.ts | 44 + packages/frontend/src/trufflehog_patterns.ts | 1263 +++++++++++++ trufflehog_patterns.json | 1606 +++++++++++++++++ trufflehog_patterns_simplified.json | 1274 +++++++++++++ 6 files changed, 4398 insertions(+), 3 deletions(-) create mode 100644 extract_trufflehog_patterns.py create mode 100644 packages/frontend/src/trufflehog_patterns.ts create mode 100644 trufflehog_patterns.json create mode 100644 trufflehog_patterns_simplified.json diff --git a/extract_trufflehog_patterns.py b/extract_trufflehog_patterns.py new file mode 100644 index 0000000..22ae980 --- /dev/null +++ b/extract_trufflehog_patterns.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python3 + +import os +import re +import json +from pathlib import Path + +def extract_patterns_from_go_file(filepath): + """Extract regex patterns and keywords from a Go detector file.""" + patterns = {} + keywords = [] + detector_name = Path(filepath).parent.name + + with open(filepath, 'r') as f: + content = f.read() + + # Extract patterns using various common pattern names + # Pattern 1: keyPat = regexp.MustCompile(`...`) + # Pattern 2: tokenPats = map[string]*regexp.Regexp{ ... } + # Pattern 3: var xxxPat = regexp.MustCompile(`...`) + + # Simple single pattern extraction + single_patterns = re.findall(r'(\w+Pat)\s*=\s*regexp\.MustCompile\(`([^`]+)`\)', content) + for name, pattern in single_patterns: + patterns[name] = pattern + + # Map-based patterns (like Slack) + map_pattern = re.search(r'tokenPats\s*=\s*map\[string\]\*regexp\.Regexp\{([^}]+)\}', content, re.DOTALL) + if map_pattern: + map_content = map_pattern.group(1) + map_entries = re.findall(r'"([^"]+)":\s*regexp\.MustCompile\(`([^`]+)`\)', map_content) + for name, pattern in map_entries: + patterns[name] = pattern + + # Extract var SecretPat patterns (AWS style) + secret_patterns = re.findall(r'var\s+(\w+)\s*=\s*regexp\.MustCompile\(`([^`]+)`\)', content) + for name, pattern in secret_patterns: + patterns[name] = pattern + + # Extract keywords + keyword_match = re.search(r'func\s+\(\w+\s+\w+\)\s+Keywords\(\)\s+\[\]string\s*\{[^}]*return\s+\[\]string\{([^}]+)\}', content, re.DOTALL) + if keyword_match: + keyword_content = keyword_match.group(1) + keywords = re.findall(r'"([^"]+)"', keyword_content) + + return { + 'detector': detector_name, + 'patterns': patterns, + 'keywords': keywords + } + +def main(): + base_path = '/Users/rez0/git/trufflehog/pkg/detectors' + all_detectors = [] + + # Find all detector Go files (excluding test files) + for root, dirs, files in os.walk(base_path): + # Skip test directories + if 'test' in root: + continue + + for file in files: + if file.endswith('.go') and not file.endswith('_test.go'): + filepath = os.path.join(root, file) + + # Only process main detector files, not integration tests + if 'integration' in file or file in ['detectors.go', 'falsepositives.go', + 'account_filter.go', 'http.go', + 'endpoint_customizer.go', + 'multi_part_credential_provider.go']: + continue + + try: + detector_info = extract_patterns_from_go_file(filepath) + if detector_info['patterns']: # Only include if patterns were found + all_detectors.append(detector_info) + print(f"Extracted patterns from {detector_info['detector']}: {len(detector_info['patterns'])} patterns") + except Exception as e: + print(f"Error processing {filepath}: {e}") + + # Save to JSON file + output_file = '/Users/rez0/git/data-grep/trufflehog_patterns.json' + with open(output_file, 'w') as f: + json.dump(all_detectors, f, indent=2) + + print(f"\nExtracted patterns from {len(all_detectors)} detectors") + print(f"Saved to {output_file}") + + # Create a simplified version with just patterns for easier use + simplified_patterns = {} + for detector in all_detectors: + for pattern_name, pattern in detector['patterns'].items(): + # Create a descriptive name + full_name = f"{detector['detector']}.{pattern_name}" + simplified_patterns[full_name] = { + 'pattern': pattern, + 'keywords': detector['keywords'] + } + + simplified_file = '/Users/rez0/git/data-grep/trufflehog_patterns_simplified.json' + with open(simplified_file, 'w') as f: + json.dump(simplified_patterns, f, indent=2) + + print(f"Saved simplified patterns to {simplified_file}") + + # Create TypeScript constants file for direct integration + ts_file = '/Users/rez0/git/data-grep/packages/frontend/src/trufflehog_patterns.ts' + with open(ts_file, 'w') as f: + f.write("// Auto-generated from TruffleHog detectors\n") + f.write("// Generated by extract_trufflehog_patterns.py\n\n") + f.write("export interface SecretPattern {\n") + f.write(" name: string;\n") + f.write(" pattern: string;\n") + f.write(" keywords?: string[];\n") + f.write(" category: string;\n") + f.write("}\n\n") + f.write("export const TRUFFLEHOG_PATTERNS: SecretPattern[] = [\n") + + for detector in all_detectors: + for pattern_name, pattern in detector['patterns'].items(): + # Escape the pattern for TypeScript + escaped_pattern = pattern.replace('\\', '\\\\').replace('"', '\\"') + f.write(" {\n") + f.write(f' name: "{detector["detector"]}.{pattern_name}",\n') + f.write(f' pattern: "{escaped_pattern}",\n') + f.write(f' category: "{detector["detector"]}",\n') + if detector['keywords']: + keywords_str = '", "'.join(detector['keywords']) + f.write(f' keywords: ["{keywords_str}"],\n') + f.write(" },\n") + + f.write("];\n") + + print(f"Generated TypeScript file at {ts_file}") + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/packages/frontend/src/components/search/patterns/PatternsList.vue b/packages/frontend/src/components/search/patterns/PatternsList.vue index 7b827b8..04e270c 100644 --- a/packages/frontend/src/components/search/patterns/PatternsList.vue +++ b/packages/frontend/src/components/search/patterns/PatternsList.vue @@ -43,13 +43,78 @@ function isCustomPattern(name: string) { /> + +
+
+ +
+ +
+ + + + +
+
+
-
+
+ +

No patterns found matching your criteria

+
+ +

{{ pattern.name }}

+ Secret + + Custom diff --git a/packages/frontend/src/stores/patternsStore.ts b/packages/frontend/src/stores/patternsStore.ts index 46a30b4..a1f7894 100644 --- a/packages/frontend/src/stores/patternsStore.ts +++ b/packages/frontend/src/stores/patternsStore.ts @@ -3,12 +3,14 @@ import { ref, computed } from "vue"; import { useGrepStore } from "./grepStore"; import { useCustomRegexRepository } from "@/repositories/customRegex"; import type { CustomRegex } from "shared"; +import { TRUFFLEHOG_PATTERNS, type SecretPattern } from "../trufflehog_patterns"; interface PredefinedPattern { name: string; pattern: string; description: string; matchGroups?: number[]; + category?: string; } export const usePatternsStore = defineStore("patterns", () => { @@ -21,56 +23,94 @@ export const usePatternsStore = defineStore("patterns", () => { const isLoading = ref(false); const editingPattern = ref<(CustomRegex & { id: string }) | null>(null); const showCustomRegexDialog = ref(false); + const selectedCategory = ref<'all' | 'predefined' | 'secrets' | 'custom'>('all'); + const searchQuery = ref(''); const predefinedPatterns: PredefinedPattern[] = [ { name: "Email", pattern: "[\\w.-]+@[\\w.-]+\\.\\w+", description: "Matches email addresses", + category: 'predefined', }, { name: "URL", pattern: "https?://[\\w.-]+(?:\\.[a-zA-Z]{2,})+[\\w/.-]*", description: "Matches HTTP/HTTPS URLs", + category: 'predefined', }, { name: "IP Address", pattern: "(?:[0-9]{1,3}\\.){3}[0-9]{1,3}", description: "Matches IPv4 addresses", + category: 'predefined', }, { name: "JSON Object", pattern: "\\{[^}]*\\}", description: "Matches simple JSON objects", + category: 'predefined', }, { name: "AWS Keys", pattern: "AKIA[0-9A-Z]{16}", description: "Matches AWS access key IDs", + category: 'predefined', }, { name: "JWT Tokens", pattern: "eyJ[a-zA-Z0-9_-]*\\.[a-zA-Z0-9_-]*\\.[a-zA-Z0-9_-]*", description: "Matches JWT tokens", + category: 'predefined', }, { name: "Strings", pattern: "'(.*?)'|\"(.*?)\"|`(.*?)`", description: "Matches strings", matchGroups: [1, 2, 3], + category: 'predefined', }, ]; + const secretPatterns: PredefinedPattern[] = TRUFFLEHOG_PATTERNS.map(pattern => ({ + name: pattern.name, + pattern: pattern.pattern, + description: `Secret detection: ${pattern.category}`, + category: 'secrets', + })); + const allPatterns = computed(() => [ ...predefinedPatterns, + ...secretPatterns, ...customPatterns.value.map((cp) => ({ name: cp.name, pattern: cp.regex, description: cp.description, matchGroups: cp.matchGroups, + category: 'custom', })), ]); + const filteredPatterns = computed(() => { + let patterns = allPatterns.value; + + // Filter by category + if (selectedCategory.value !== 'all') { + patterns = patterns.filter(p => p.category === selectedCategory.value); + } + + // Filter by search query + if (searchQuery.value) { + const query = searchQuery.value.toLowerCase(); + patterns = patterns.filter(p => + p.name.toLowerCase().includes(query) || + p.description.toLowerCase().includes(query) + ); + } + + return patterns; + }); + async function loadCustomPatterns() { isLoading.value = true; try { @@ -136,12 +176,16 @@ export const usePatternsStore = defineStore("patterns", () => { return { dialogVisible, predefinedPatterns, + secretPatterns, customPatterns, allPatterns, + filteredPatterns, scrollPosition, isLoading, editingPattern, showCustomRegexDialog, + selectedCategory, + searchQuery, openDialog, closeDialog, openCustomRegexDialog, diff --git a/packages/frontend/src/trufflehog_patterns.ts b/packages/frontend/src/trufflehog_patterns.ts new file mode 100644 index 0000000..76102a2 --- /dev/null +++ b/packages/frontend/src/trufflehog_patterns.ts @@ -0,0 +1,1263 @@ +// Auto-generated from TruffleHog detectors +// Generated by extract_trufflehog_patterns.py + +export interface SecretPattern { + name: string; + pattern: string; + keywords?: string[]; + category: string; +} + +export const TRUFFLEHOG_PATTERNS: SecretPattern[] = [ + { + name: "sendinbluev2.keyPat", + pattern: "\\b(xkeysib\\-[A-Za-z0-9_-]{81})\\b", + category: "sendinbluev2", + keywords: ["xkeysib"], + }, + { + name: "squareup.keyPat", + pattern: "\\b(sq0idp-[0-9A-Za-z]{22})\\b", + category: "squareup", + keywords: ["sq0idp-"], + }, + { + name: "databrickstoken.keyPat", + pattern: "\\b(dapi[0-9a-f]{32}(-\\d)?)\\b", + category: "databrickstoken", + keywords: ["databricks", "dapi"], + }, + { + name: "freshdesk.urlPat", + pattern: "\\b([0-9a-z-]{1,}\\.freshdesk\\.com)\\b", + category: "freshdesk", + keywords: ["freshdesk"], + }, + { + name: "endorlabs.keyAndSecretPat", + pattern: "\\b(endr\\+[a-zA-Z0-9-]{16})\\b", + category: "endorlabs", + keywords: ["endr+"], + }, + { + name: "ftp.keyPat", + pattern: "\\bftp://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + category: "ftp", + keywords: ["ftp://"], + }, + { + name: "azure_batch.urlPat", + pattern: "https://(.{1,50})\\.(.{1,50})\\.batch\\.azure\\.com", + category: "azure_batch", + keywords: [".batch.azure.com"], + }, + { + name: "azure_batch.secretPat", + pattern: "[A-Za-z0-9+/=]{88}", + category: "azure_batch", + keywords: [".batch.azure.com"], + }, + { + name: "finage.keyPat", + pattern: "\\b(API_KEY[0-9A-Z]{32})\\b", + category: "finage", + keywords: ["finage"], + }, + { + name: "adafruitio.keyPat", + pattern: "\\b(aio\\_[a-zA-Z0-9]{28})\\b", + category: "adafruitio", + keywords: ["aio_"], + }, + { + name: "nightfall.keyPat", + pattern: "\\b(NF\\-[a-zA-Z0-9]{32})\\b", + category: "nightfall", + keywords: ["nightfall"], + }, + { + name: "deno.tokenPat", + pattern: "\\b(dd[pw]_[a-zA-Z0-9]{36})\\b", + category: "deno", + keywords: ["ddp_", "ddw_"], + }, + { + name: "closecrm.keyPat", + pattern: "\\b(api_[a-z0-9A-Z.]{45})\\b", + category: "closecrm", + keywords: ["close"], + }, + { + name: "langsmith.keyPat", + pattern: "\\b(lsv2_(?:pt|sk)_[a-f0-9]{32}_[a-f0-9]{10})\\b", + category: "langsmith", + keywords: ["lsv2_pt_", "lsv2_sk_"], + }, + { + name: "docker.keyPat", + pattern: "{(?:\\s|\\\\+[nrt])*\\\\*\"auths\\\\*\"(?:\\s|\\\\+t)*:(?:\\s|\\\\+t)*{(?:\\s|\\\\+[nrt])*\\\\*\"(?i:https?:\\/\\/)?[a-z0-9\\-.:\\/]+\\\\*\"(?:\\s|\\\\+t)*:(?:\\s|\\\\+t)*{(?:(?:\\s|\\\\+[nrt])*\\\\*\"(?i:auth|email|username|password)\\\\*\"\\s*:\\s*\\\\*\".*\\\\*\"\\s*,?)+?(?:\\s|\\\\+[nrt])*}(?:\\s|\\\\+[nrt])*}(?:\\s|\\\\+[nrt])*}", + category: "docker", + keywords: ["auths"], + }, + { + name: "googleoauth2.keyPat", + pattern: "\\b(ya29\\.(?i:[a-z0-9_-]{10,}))(?:[^a-z0-9_-]|\\z)", + category: "googleoauth2", + keywords: ["ya29."], + }, + { + name: "signalwire.urlPat", + pattern: "\\b([0-9a-z-]{3,64}\\.signalwire\\.com)\\b", + category: "signalwire", + keywords: ["signalwire"], + }, + { + name: "hashicorpvaultauth.vaultUrlPat", + pattern: "(https?:\\/\\/[^\\s\\/]*\\.hashicorp\\.cloud(?::\\d+)?)(?:\\/[^\\s]*)?", + category: "hashicorpvaultauth", + keywords: ["hashicorp"], + }, + { + name: "v2.keyPat", + pattern: "\\b(bb_(?:pr|ma)_[a-f0-9]{30})\\b", + category: "v2", + keywords: ["bb_pr_", "bb_ma_"], + }, + { + name: "signable.keywordPat", + pattern: "(?i)([a-z]{2})signable", + category: "signable", + keywords: ["signable"], + }, + { + name: "tableau.tokenSecretPat", + pattern: "\\b([A-Za-z0-9+/]{22}==:[A-Za-z0-9]{32})\\b", + category: "tableau", + keywords: ["tableau", "online.tableau.com"], + }, + { + name: "tableau.tableauURLPat", + pattern: "\\b([a-zA-Z0-9\\-]+\\.online\\.tableau\\.com)\\b", + category: "tableau", + keywords: ["tableau", "online.tableau.com"], + }, + { + name: "invoiceocean.urlPat", + pattern: "\\b([0-9a-z]{1,}\\.invoiceocean\\.com)\\b", + category: "invoiceocean", + keywords: ["invoiceocean"], + }, + { + name: "v2.keyPat", + pattern: "\\b(glpat-[a-zA-Z0-9\\-=_]{20,22})\\b", + category: "v2", + keywords: ["glpat-"], + }, + { + name: "sparkpost.keyPat", + pattern: "\\b([a-zA-Z0-9]{40})\\b", + category: "sparkpost", + keywords: ["sparkpost"], + }, + { + name: "gemini.keyPat", + pattern: "\\b((?:master-|account-)[0-9A-Za-z]{20})\\b", + category: "gemini", + keywords: ["master-", "account-"], + }, + { + name: "gemini.secretPat", + pattern: "[A-Za-z0-9]{27,28}", + category: "gemini", + keywords: ["master-", "account-"], + }, + { + name: "v2.keyPat", + pattern: "\\b(HRKU-AA[0-9a-zA-Z_-]{58})\\b", + category: "v2", + keywords: ["HRKU-AA"], + }, + { + name: "azure_openai.azureUrlPat", + pattern: "(?i)([a-z0-9-]+\\.openai\\.azure\\.com)", + category: "azure_openai", + keywords: [".openai.azure.com"], + }, + { + name: "locationiq.keyPat", + pattern: "\\b(pk\\.[a-zA-Z-0-9]{32})\\b", + category: "locationiq", + keywords: ["locationiq"], + }, + { + name: "frameio.keyPat", + pattern: "\\b(fio-u-[0-9a-zA-Z_-]{64})\\b", + category: "frameio", + keywords: ["fio-u-"], + }, + { + name: "grafanaserviceaccount.keyPat", + pattern: "\\b(glsa_[0-9a-zA-Z_]{41})\\b", + category: "grafanaserviceaccount", + keywords: ["glsa_"], + }, + { + name: "grafanaserviceaccount.domainPat", + pattern: "\\b([a-zA-Z0-9-]+\\.grafana\\.net)\\b", + category: "grafanaserviceaccount", + keywords: ["glsa_"], + }, + { + name: "saucelabs.baseUrlPat", + pattern: "\\b(api\\.(?:us|eu)-(?:west|east|central)-[0-9].saucelabs\\.com)\\b", + category: "saucelabs", + keywords: ["saucelabs"], + }, + { + name: "supabasetoken.keyPat", + pattern: "\\b(sbp_[a-z0-9]{40})\\b", + category: "supabasetoken", + keywords: ["sbp_"], + }, + { + name: "clickhelp.portalPat", + pattern: "\\b([0-9A-Za-z-]{3,20}\\.(?:try\\.)?clickhelp\\.co)\\b", + category: "clickhelp", + keywords: ["clickhelp.co"], + }, + { + name: "v2.keyPat", + pattern: "\\b([a-zA-Z0-9]{6}_[a-zA-Z0-9]{29}_mmk)\\b", + category: "v2", + keywords: ["_mmk"], + }, + { + name: "redis.keyPat", + pattern: "\\bredi[s]{1,2}://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + category: "redis", + keywords: ["redis"], + }, + { + name: "redis.azureRedisPat", + pattern: "\\b([\\w\\d.-]{1,100}\\.redis\\.cache\\.windows\\.net:6380),password=([^,]{44}),ssl=True,abortConnect=False\\b", + category: "redis", + keywords: ["redis"], + }, + { + name: "azurecontainerregistry.urlPat", + pattern: "([a-z0-9][a-z0-9-]{1,100}[a-z0-9])\\.azurecr\\.io", + category: "azurecontainerregistry", + keywords: [".azurecr.io"], + }, + { + name: "azurecontainerregistry.passwordPat", + pattern: "\\b[a-zA-Z0-9+/]{42}\\+ACR[a-zA-Z0-9]{6}\\b", + category: "azurecontainerregistry", + keywords: [".azurecr.io"], + }, + { + name: "sendgrid.keyPat", + pattern: "\\bSG\\.[\\w\\-]{20,24}\\.[\\w\\-]{39,50}\\b", + category: "sendgrid", + keywords: ["SG."], + }, + { + name: "trufflehogenterprise.keyPat", + pattern: "\\bthog-key-[0-9a-f]{16}\\b", + category: "trufflehogenterprise", + keywords: ["thog"], + }, + { + name: "trufflehogenterprise.secretPat", + pattern: "\\bthog-secret-[0-9a-f]{32}\\b", + category: "trufflehogenterprise", + keywords: ["thog"], + }, + { + name: "trufflehogenterprise.hostnamePat", + pattern: "\\b[a-z]+-[a-z]+-[a-z]+\\.[a-z][0-9]\\.[a-z]+\\.trufflehog\\.org\\b", + category: "trufflehogenterprise", + keywords: ["thog"], + }, + { + name: "anypoint.keyPat", + pattern: "\\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\\b", + category: "anypoint", + keywords: ["anypoint"], + }, + { + name: "cloudflarecakey.keyPat", + pattern: "\\b(v1\\.0-[A-Za-z0-9-]{171})\\b", + category: "cloudflarecakey", + keywords: ["cloudflare"], + }, + { + name: "ldap.uriPat", + pattern: "\\b(?i)ldaps?://[\\S]+\\b", + category: "ldap", + keywords: ["ldaps://", "ldap://"], + }, + { + name: "ldap.iadPat", + pattern: "OpenDSObject\\(\\\"(?i)(ldaps?://[\\S]+)\\\", ?\\\"([\\S]+)\\\", ?\\\"([\\S]+)\\\",[ \\d]+\\)", + category: "ldap", + keywords: ["ldaps://", "ldap://"], + }, + { + name: "sentryorgtoken.orgAuthTokenPat", + pattern: "\\b(sntrys_eyJ[a-zA-Z0-9=_+/]{197})\\b", + category: "sentryorgtoken", + keywords: ["sntrys_eyJ"], + }, + { + name: "launchdarkly.keyPat", + pattern: "\\b((?:api|sdk)-[a-z0-9]{8}-[a-z0-9]{4}-4[a-z0-9]{3}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + category: "launchdarkly", + keywords: ["api-", "sdk-"], + }, + { + name: "klaviyo.keyPat", + pattern: "\\b(pk_[[:alnum:]]{34})\\b", + category: "klaviyo", + keywords: ["pk_"], + }, + { + name: "coinbase.keyNamePat", + pattern: "\\b(organizations\\\\*/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}\\\\*/apiKeys\\\\*/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12})\\b", + category: "coinbase", + keywords: ["begin ec"], + }, + { + name: "coinbase.privateKeyPat", + pattern: "(-----BEGIN EC(?:DSA)? PRIVATE KEY-----(?:\\r|\\n|\\\\+r|\\\\+n)(?:[a-zA-Z0-9+/]+={0,2}(?:\\r|\\n|\\\\+r|\\\\+n))+-----END EC(?:DSA)? PRIVATE KEY-----(?:\\r|\\n|\\\\+r|\\\\+n)?)", + category: "coinbase", + keywords: ["begin ec"], + }, + { + name: "v2.keyPat", + pattern: "(CCIPAT_[a-zA-Z0-9]{22}_[a-fA-F0-9]{40})", + category: "v2", + keywords: ["CCIPAT_"], + }, + { + name: "zulipchat.idPat", + pattern: "\\b([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,})\\b", + category: "zulipchat", + keywords: ["zulip"], + }, + { + name: "zulipchat.domainPat", + pattern: "(?i)\\b([a-z0-9-]+\\.zulip(?:chat)?\\.com|chat\\.zulip\\.org)\\b", + category: "zulipchat", + keywords: ["zulip"], + }, + { + name: "azuredirectmanagementkey.urlPat", + pattern: "https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\\.management\\.azure-api\\.net", + category: "azuredirectmanagementkey", + keywords: [".management.azure-api.net"], + }, + { + name: "tineswebhook.keyPat", + pattern: "(https://[\\w-]+\\.tines\\.com/webhook/[a-z0-9]{32}/[a-z0-9]{32})", + category: "tineswebhook", + keywords: ["tines.com"], + }, + { + name: "hasura.domainPat", + pattern: "\\b([a-zA-Z0-9-]+\\.hasura\\.app)\\b", + category: "hasura", + keywords: ["hasura"], + }, + { + name: "postman.keyPat", + pattern: "\\b(PMAK-[a-zA-Z-0-9]{59})\\b", + category: "postman", + keywords: ["PMAK-"], + }, + { + name: "shopify.keyPat", + pattern: "\\b(shppa_|shpat_)([0-9A-Fa-f]{32})\\b", + category: "shopify", + keywords: ["shppa_", "shpat_"], + }, + { + name: "shopify.domainPat", + pattern: "[a-zA-Z0-9-]+\\.myshopify\\.com", + category: "shopify", + keywords: ["shppa_", "shpat_"], + }, + { + name: "v2.keyPat", + pattern: "\\b(sntryu_[a-f0-9]{64})\\b", + category: "v2", + keywords: ["sentry", "sntryu"], + }, + { + name: "groq.keyPat", + pattern: "\\b(gsk_[a-zA-Z0-9]{52})\\b", + category: "groq", + keywords: ["gsk_"], + }, + { + name: "apideck.keyPat", + pattern: "\\b(sk_live_[a-z0-9A-Z-]{93})\\b", + category: "apideck", + keywords: ["apideck"], + }, + { + name: "v2.keyPat", + pattern: "\\btfp_[a-zA-Z0-9_]{40,59}\\b", + category: "v2", + keywords: ["tfp_"], + }, + { + name: "azure_entra.tenantOnMicrosoftPat", + pattern: "([\\w-]+\\.onmicrosoft\\.com)", + category: "azure_entra", + }, + { + name: "refreshtoken.refreshTokenPat", + pattern: "\\b[01]\\.A[\\w-]{50,}(?:\\.\\d)?\\.Ag[\\w-]{250,}(?:\\.A[\\w-]{200,})?", + category: "refreshtoken", + keywords: ["0.A", "1.A"], + }, + { + name: "v1.clientSecretPat", + pattern: "(?i)(?:secret|password| -p[ =]).{0,80}?([\\w~@[\\]:.?*/+=-]{31,34}", + category: "v1", + keywords: ["azure", "az", "entra", "msal", "login.microsoftonline.com", ".onmicrosoft.com"], + }, + { + name: "v1.secretPat", + pattern: "(?i)(?:secret|password| -p[ =]).{0,80}[^A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]([A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]{31,34})[^A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]", + category: "v1", + keywords: ["azure", "az", "entra", "msal", "login.microsoftonline.com", ".onmicrosoft.com"], + }, + { + name: "v2.SecretPat", + pattern: "(?:[^a-zA-Z0-9_~.-]|\\A)([a-zA-Z0-9_~.-]{3}\\dQ~[a-zA-Z0-9_~.-]{31,34})(?:[^a-zA-Z0-9_~.-]|\\z)", + category: "v2", + keywords: ["q~"], + }, + { + name: "grafana.keyPat", + pattern: "\\b(glc_eyJ[A-Za-z0-9+\\/=]{60,160})", + category: "grafana", + keywords: ["glc_eyJ"], + }, + { + name: "mailchimp.keyPat", + pattern: "[0-9a-f]{32}-us[0-9]{1,2}", + category: "mailchimp", + keywords: ["-us"], + }, + { + name: "discordwebhook.keyPat", + pattern: "(https:\\/\\/discord\\.com\\/api\\/webhooks\\/[0-9]{18,19}\\/[0-9a-zA-Z-]{68})", + category: "discordwebhook", + keywords: ["https://discord.com/api/webhooks/"], + }, + { + name: "webexbot.keyPat", + pattern: "([a-zA-Z0-9]{64}_[a-zA-Z0-9]{4}_[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12})", + category: "webexbot", + keywords: ["spark", "webex"], + }, + { + name: "documo.keyPat", + pattern: "\\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\\b", + category: "documo", + keywords: ["documo"], + }, + { + name: "doppler.keyPat", + pattern: "\\b(dp\\.(?:ct|pt|st(?:\\.[a-z0-9\\-_]{2,35})?|sa|scim|audit)\\.[a-zA-Z0-9]{40,44})\\b", + category: "doppler", + keywords: ["dp.ct.", "dp.pt.", "dp.st", "dp.sa.", "dp.scim.", "dp.audit."], + }, + { + name: "rabbitmq.keyPat", + pattern: "\\b(?:amqps?):\\/\\/[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + category: "rabbitmq", + keywords: ["amqp"], + }, + { + name: "pagarme.keyPat", + pattern: "\\b(ak_live_[a-zA-Z0-9]{30})\\b", + category: "pagarme", + keywords: ["ak_live_"], + }, + { + name: "planetscale.usernamePat", + pattern: "\\b[a-z0-9]{12}\\b", + category: "planetscale", + keywords: ["pscale_tkn_"], + }, + { + name: "planetscale.passwordPat", + pattern: "\\bpscale_tkn_[A-Za-z0-9_]{43}\\b", + category: "planetscale", + keywords: ["pscale_tkn_"], + }, + { + name: "gcp.keyPat", + pattern: "\\{[^{]+auth_provider_x509_cert_url[^}]+\\}", + category: "gcp", + keywords: ["provider_x509"], + }, + { + name: "flyio.keyPat", + pattern: "\\b(FlyV1 fm\\d+_[A-Za-z0-9+\\/=,_-]{500,700})\\b", + category: "flyio", + keywords: ["FlyV1"], + }, + { + name: "sourcegraphcody.keyPat", + pattern: "\\b(slk_[a-f0-9]{64})\\b", + category: "sourcegraphcody", + keywords: ["slk_"], + }, + { + name: "onelogin.oauthClientIDPat", + pattern: "(?i)id[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})", + category: "onelogin", + keywords: ["onelogin"], + }, + { + name: "onelogin.oauthClientSecretPat", + pattern: "(?i)secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})", + category: "onelogin", + keywords: ["onelogin"], + }, + { + name: "mite.urlPat", + pattern: "\\b([0-9a-z-]{1,}.mite.yo.lk)\\b", + category: "mite", + keywords: ["mite"], + }, + { + name: "alibaba.keyPat", + pattern: "\\b([a-zA-Z0-9]{30})\\b", + category: "alibaba", + keywords: ["LTAI"], + }, + { + name: "alibaba.idPat", + pattern: "\\b(LTAI[a-zA-Z0-9]{17,21})[\\\"';\\s]*", + category: "alibaba", + keywords: ["LTAI"], + }, + { + name: "reallysimplesystems.keyPat", + pattern: "\\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\\b", + category: "reallysimplesystems", + keywords: ["reallysimplesystems"], + }, + { + name: "auth0managementapitoken.managementAPITokenPat", + pattern: "\\b(ey[a-zA-Z0-9._-]+)\\b", + category: "auth0managementapitoken", + keywords: ["auth0"], + }, + { + name: "auth0managementapitoken.domainPat", + pattern: "([a-zA-Z0-9\\-]{2,16}\\.[a-zA-Z0-9_-]{2,3}\\.auth0\\.com)", + category: "auth0managementapitoken", + keywords: ["auth0"], + }, + { + name: "xai.keyPat", + pattern: "\\b(xai-[0-9a-zA-Z_]{80})\\b", + category: "xai", + keywords: ["xai-"], + }, + { + name: "voiceflow.keyPat", + pattern: "\\b(VF\\.(?:(?:DM|WS)\\.)?[a-fA-F0-9]{24}\\.[a-zA-Z0-9]{16})\\b", + category: "voiceflow", + keywords: ["vf", "dm"], + }, + { + name: "azureapimanagementsubscriptionkey.urlPat", + pattern: "https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\\.azure-api\\.net", + category: "azureapimanagementsubscriptionkey", + keywords: [".azure-api.net"], + }, + { + name: "readme.keyPat", + pattern: "(rdme_[a-z0-9]{70})", + category: "readme", + keywords: ["rdme_"], + }, + { + name: "mongodb.connStrPat", + pattern: "\\b(mongodb(?:\\+srv)?://(?P\\S{3,50}):(?P\\S{3,88})@(?P[-.%\\w]+(?::\\d{1,5})?(?:,[-.%\\w]+(?::\\d{1,5})?)*)(?:/(?P[\\w-]+)?(?P\\?\\w+=[\\w@/.$-]+(?:&(?:amp;)?\\w+=[\\w@/.$-]+)*)?)?)(?:\\b|$)", + category: "mongodb", + keywords: ["mongodb"], + }, + { + name: "mongodb.placeholderPasswordPat", + pattern: "^[xX]+|\\*+$", + category: "mongodb", + keywords: ["mongodb"], + }, + { + name: "notion.keyPat", + pattern: "\\b(secret_[A-Za-z0-9]{43})\\b", + category: "notion", + keywords: ["notion"], + }, + { + name: "v1.keyPat", + pattern: "(?i)(?:elevenlabs|xi-api-key|el|token|key)[^\\.].{0,40}[ =:'\"]+([a-f0-9]{32})\\b", + category: "v1", + keywords: ["elevenlabs", "xi-api-key", "xi_api_key"], + }, + { + name: "v2.keyPat", + pattern: "\\b((?:sk)_[a-f0-9]{48})\\b", + category: "v2", + keywords: ["elevenlabs", "xi-api-key", "xi_api_key"], + }, + { + name: "rubygems.keyPat", + pattern: "\\b(rubygems_[a-zA0-9]{48})\\b", + category: "rubygems", + keywords: ["rubygems"], + }, + { + name: "jdbc.keyPat", + pattern: "(?i)jdbc:[\\w]{3,10}:[^\\s\"'<>,(){}[\\]&]{10,512}", + category: "jdbc", + keywords: ["jdbc"], + }, + { + name: "planetscaledb.usernamePat", + pattern: "\\b[a-z0-9]{20}\\b", + category: "planetscaledb", + keywords: ["pscale_pw_"], + }, + { + name: "planetscaledb.passwordPat", + pattern: "\\bpscale_pw_[A-Za-z0-9_]{43}\\b", + category: "planetscaledb", + keywords: ["pscale_pw_"], + }, + { + name: "planetscaledb.hostPat", + pattern: "\\b(aws|gcp)\\.connect\\.psdb\\.cloud\\b", + category: "planetscaledb", + keywords: ["pscale_pw_"], + }, + { + name: "deputy.urlPat", + pattern: "\\b([0-9a-z]{1,}\\.as\\.deputy\\.com)\\b", + category: "deputy", + keywords: ["deputy"], + }, + { + name: "openvpn.clientSecretPat", + pattern: "\\b([a-zA-Z0-9_-]{64,})\\b", + category: "openvpn", + keywords: ["openvpn"], + }, + { + name: "openvpn.domainPat", + pattern: "\\b(https?://[A-Za-z0-9-]+\\.api\\.openvpn\\.com)\\b", + category: "openvpn", + keywords: ["openvpn"], + }, + { + name: "v2.keyPat", + pattern: "\\b(na1\\.[A-Za-z0-9\\+\\/]{100})\\b", + category: "v2", + keywords: ["fullstory"], + }, + { + name: "squareapp.keyPat", + pattern: "(?:sandbox-)?sq0i[a-z]{2}-[0-9A-Za-z_-]{22,43}", + category: "squareapp", + keywords: ["sq0i"], + }, + { + name: "squareapp.secPat", + pattern: "(?:sandbox-)?sq0c[a-z]{2}-[0-9A-Za-z_-]{40,50}", + category: "squareapp", + keywords: ["sq0i"], + }, + { + name: "ubidots.keyPat", + pattern: "\\b(BBFF-[0-9a-zA-Z]{30})\\b", + category: "ubidots", + keywords: ["BBFF-"], + }, + { + name: "trelloapikey.tokenPat", + pattern: "\\b([a-zA-Z-0-9]{64})\\b", + category: "trelloapikey", + keywords: ["trello"], + }, + { + name: "robinhoodcrypto.keyPat", + pattern: "\\b(rh-api-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\\b", + category: "robinhoodcrypto", + keywords: ["rh-api-"], + }, + { + name: "robinhoodcrypto.privKeyBase64Pat", + pattern: "(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)", + category: "robinhoodcrypto", + keywords: ["rh-api-"], + }, + { + name: "terraformcloudpersonaltoken.keyPat", + pattern: "\\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\\b", + category: "terraformcloudpersonaltoken", + keywords: [".atlasv1."], + }, + { + name: "contentfulpersonalaccesstoken.keyPat", + pattern: "\\b(CFPAT-[a-zA-Z0-9_\\-]{43})\\b", + category: "contentfulpersonalaccesstoken", + keywords: ["CFPAT-"], + }, + { + name: "sumologickey.urlPat", + pattern: "(?i)api\\.(?:au|ca|de|eu|fed|jp|kr|in|us2)\\.sumologic\\.com", + category: "sumologickey", + keywords: ["sumo", "accessId", "accessKey"], + }, + { + name: "artifactory.keyPat", + pattern: "\\b([a-zA-Z0-9]{64,73})\\b", + category: "artifactory", + keywords: ["artifactory", "jfrog.io"], + }, + { + name: "artifactory.URLPat", + pattern: "\\b([A-Za-z0-9][A-Za-z0-9\\-]{0,61}[A-Za-z0-9]\\.jfrog\\.io)", + category: "artifactory", + keywords: ["artifactory", "jfrog.io"], + }, + { + name: "v2.keyPat", + pattern: "\\b((?:ghp|gho|ghu|ghs|ghr|github_pat)_[a-zA-Z0-9_]{36,255})\\b", + category: "v2", + keywords: ["ghp_", "gho_", "ghu_", "ghs_", "ghr_", "github_pat_"], + }, + { + name: "sourcegraph.keyPat", + pattern: "\\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\\b", + category: "sourcegraph", + keywords: ["sgp_"], + }, + { + name: "nvapi.keyPat", + pattern: "\\b(nvapi-[a-zA-Z0-9_-]{64})\\b", + category: "nvapi", + keywords: ["nvapi-"], + }, + { + name: "v2.keyPat", + pattern: "\\b(ATCTT3xFfG[A-Za-z0-9+/=_-]+=[A-Za-z0-9]{8})\\b", + category: "v2", + keywords: ["ATCTT3xFfG"], + }, + { + name: "aha.URLPat", + pattern: "\\b([A-Za-z0-9](?:[A-Za-z0-9\\-]{0,61}[A-Za-z0-9])\\.aha\\.io)", + category: "aha", + keywords: ["aha.io"], + }, + { + name: "pubnubpublishkey.pubPat", + pattern: "\\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + category: "pubnubpublishkey", + keywords: ["sub-c-"], + }, + { + name: "pubnubpublishkey.subPat", + pattern: "\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + category: "pubnubpublishkey", + keywords: ["sub-c-"], + }, + { + name: "linearapi.keyPat", + pattern: "\\b(lin_api_[0-9A-Za-z]{40})\\b", + category: "linearapi", + keywords: ["lin_api_"], + }, + { + name: "paypaloauth.idPat", + pattern: "\\b([A-Za-z0-9_\\.]{7}-[A-Za-z0-9_\\.]{72}|[A-Za-z0-9_\\.]{5}-[A-Za-z0-9_\\.]{38})\\b", + category: "paypaloauth", + keywords: ["paypal"], + }, + { + name: "paypaloauth.keyPat", + pattern: "\\b([A-Za-z0-9_\\.\\-]{44,80})\\b", + category: "paypaloauth", + keywords: ["paypal"], + }, + { + name: "paystack.keyPat", + pattern: "\\b(sk\\_[a-z]{1,}\\_[A-Za-z0-9]{40})\\b", + category: "paystack", + keywords: ["paystack"], + }, + { + name: "flutterwave.keyPat", + pattern: "\\b(FLWSECK-[0-9a-z]{32}-X)\\b", + category: "flutterwave", + keywords: ["FLWSECK-"], + }, + { + name: "microsoftteamswebhook.keyPat", + pattern: "(https:\\/\\/[a-zA-Z-0-9]+\\.webhook\\.office\\.com\\/webhookb2\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\/IncomingWebhook\\/[a-zA-Z-0-9]{32}\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})", + category: "microsoftteamswebhook", + keywords: ["webhook.office.com"], + }, + { + name: "azureappconfigconnectionstring.connectionStringPat", + pattern: "Endpoint=(https:\\/\\/[a-zA-Z0-9-]+\\.azconfig\\.io);Id=([a-zA-Z0-9+\\/=]+);Secret=([a-zA-Z0-9+\\/=]+)", + category: "azureappconfigconnectionstring", + keywords: [".azconfig.io"], + }, + { + name: "rootly.keyPat", + pattern: "\\b(rootly_[a-f0-9]{64})\\b", + category: "rootly", + keywords: ["rootly_"], + }, + { + name: "dotdigital.emailPat", + pattern: "\\b(apiuser-[a-z0-9]{12}@apiconnector.com)\\b", + category: "dotdigital", + keywords: ["@apiconnector.com"], + }, + { + name: "graphcms.keyPat", + pattern: "\\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\\b", + category: "graphcms", + keywords: ["graphcms"], + }, + { + name: "airtableoauth.tokenPat", + pattern: "\\b([[:alnum:]]+\\.v1\\.[a-zA-Z0-9_-]+\\.[a-f0-9]+)\\b", + category: "airtableoauth", + keywords: ["airtable"], + }, + { + name: "fleetbase.keyPat", + pattern: "\\b(flb_live_[0-9a-zA-Z]{20})\\b", + category: "fleetbase", + keywords: ["fleetbase"], + }, + { + name: "kanban.urlPat", + pattern: "\\b([0-9a-z]{1,}\\.kanbantool\\.com)\\b", + category: "kanban", + keywords: ["kanban"], + }, + { + name: "loggly.domainPat", + pattern: "\\b([a-zA-Z0-9-]+\\.loggly\\.com)\\b", + category: "loggly", + keywords: ["loggly"], + }, + { + name: "azurefunctionkey.azureUrlPat", + pattern: "\\bhttps:\\/\\/([a-zA-Z0-9-]{2,30})\\.azurewebsites\\.net\\/api\\/([a-zA-Z0-9-]{2,30})\\b", + category: "azurefunctionkey", + keywords: ["azure"], + }, + { + name: "okta.domainPat", + pattern: "\\b[a-z0-9-]{1,40}\\.okta(?:preview|-emea){0,1}\\.com\\b", + category: "okta", + keywords: [".okta"], + }, + { + name: "okta.tokenPat", + pattern: "\\b00[a-zA-Z0-9_-]{40}\\b", + category: "okta", + keywords: [".okta"], + }, + { + name: "tailscale.keyPat", + pattern: "\\btskey-[a-z]+-[0-9A-Za-z_]+-[0-9A-Za-z_]+\\b", + category: "tailscale", + keywords: ["tskey-", "tskey-api-", "tskey-oauth-"], + }, + { + name: "auth0oauth.clientSecretPat", + pattern: "\\b([a-zA-Z0-9_-]{64,})\\b", + category: "auth0oauth", + keywords: ["auth0"], + }, + { + name: "auth0oauth.domainPat", + pattern: "\\b([a-zA-Z0-9][a-zA-Z0-9._-]*auth0\\.com)\\b", + category: "auth0oauth", + keywords: ["auth0"], + }, + { + name: "v2.tokenPat", + pattern: "\\b(ATATT[A-Za-z0-9+/=_-]+=[A-Za-z0-9]{8})\\b", + category: "v2", + keywords: ["atlassian", "confluence", "jira"], + }, + { + name: "v2.domainPat", + pattern: "\\b((?:[a-zA-Z0-9-]{1,24}\\.)+[a-zA-Z0-9-]{2,24}\\.[a-zA-Z0-9-]{2,16})\\b", + category: "v2", + keywords: ["atlassian", "confluence", "jira"], + }, + { + name: "replicate.keyPat", + pattern: "\\b(r8_[0-9A-Za-z-_]{37})\\b", + category: "replicate", + keywords: ["replicate", "r8_"], + }, + { + name: "salesforce.accessTokenPat", + pattern: "\\b00[a-zA-Z0-9]{13}![a-zA-Z0-9_.]{96}\\b", + category: "salesforce", + keywords: ["salesforce"], + }, + { + name: "salesforce.instancePat", + pattern: "\\bhttps://[0-9a-zA-Z-\\.]{1,100}\\.my\\.salesforce\\.com\\b", + category: "salesforce", + keywords: ["salesforce"], + }, + { + name: "fibery.domainPat", + pattern: "(?:https?:\\/\\/)?([a-zA-Z0-9-]{1,63})\\.fibery\\.io(?:\\/.*)?", + category: "fibery", + keywords: [".fibery.io"], + }, + { + name: "anthropic.keyPat", + pattern: "\\b(sk-ant-(?:admin01|api03)-[\\w\\-]{93}AA)\\b", + category: "anthropic", + keywords: ["sk-ant-api03", "sk-ant-admin01"], + }, + { + name: "aws.SecretPat", + pattern: "(?:[^A-Za-z0-9+/]|\\A)([A-Za-z0-9+/]{40})(?:[^A-Za-z0-9+/]|\\z)", + category: "aws", + }, + { + name: "aws.FalsePositiveSecretPat", + pattern: "[a-f0-9]{40}", + category: "aws", + }, + { + name: "session_keys.idPat", + pattern: "\\b((?:ASIA)[A-Z0-9]{16})\\b", + category: "session_keys", + keywords: ["ASIA"], + }, + { + name: "session_keys.sessionPat", + pattern: "(?:[^A-Za-z0-9+/]|\\A)([a-zA-Z0-9+/]{100,}={0,3})(?:[^A-Za-z0-9+/=]|\\z)", + category: "session_keys", + keywords: ["ASIA"], + }, + { + name: "access_keys.idPat", + pattern: "\\b((?:AKIA|ABIA|ACCA)[A-Z0-9]{16})\\b", + category: "access_keys", + keywords: ["AKIA", "ABIA", "ACCA"], + }, + { + name: "pubnubsubscriptionkey.keyPat", + pattern: "\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + category: "pubnubsubscriptionkey", + keywords: ["sub-c-"], + }, + { + name: "digitaloceanv2.keyPat", + pattern: "\\b((?:dop|doo|dor)_v1_[a-f0-9]{64})\\b", + category: "digitaloceanv2", + keywords: ["dop_v1_", "doo_v1_", "dor_v1_"], + }, + { + name: "stripepaymentintent.clientSecretPat", + pattern: "\\b(pi_[a-zA-Z0-9]{24}_secret_[a-zA-Z0-9]{25})\\b", + category: "stripepaymentintent", + keywords: ["_secret_"], + }, + { + name: "stripepaymentintent.secretKeyPat", + pattern: "\\b([rs]k_live_[a-zA-Z0-9]{20,247})\\b", + category: "stripepaymentintent", + keywords: ["_secret_"], + }, + { + name: "stripepaymentintent.publishableKeyPat", + pattern: "\\b(pk_live_[a-zA-Z0-9]{20,247})\\b", + category: "stripepaymentintent", + keywords: ["_secret_"], + }, + { + name: "ramp.keyPat", + pattern: "\\b(ramp_id_[[:alnum:]]{40})\\b", + category: "ramp", + keywords: ["ramp_"], + }, + { + name: "ramp.secretPat", + pattern: "\\b(ramp_sec_[[:alnum:]]{48})\\b", + category: "ramp", + keywords: ["ramp_"], + }, + { + name: "posthog.keyPat", + pattern: "\\b(phx_[a-zA-Z0-9_]{43})\\b", + category: "posthog", + keywords: ["phx_"], + }, + { + name: "huggingface.keyPat", + pattern: "\\b(?:hf_|api_org_)[a-zA-Z0-9]{34}\\b", + category: "huggingface", + keywords: ["hf_", "api_org_"], + }, + { + name: "repositorykey.regex", + pattern: "\\d+\\.\\d+\\.\\d+", + category: "repositorykey", + keywords: ["azure", ".scm.azure-api.net"], + }, + { + name: "flexport.keyPat", + pattern: "\\b(shltm_[0-9a-zA-Z-_]{40})", + category: "flexport", + keywords: ["shltm_"], + }, + { + name: "razorpay.keyPat", + pattern: "(?i)\\brzp_live_[A-Za-z0-9]{14}\\b", + category: "razorpay", + keywords: ["rzp_live_"], + }, + { + name: "razorpay.secretPat", + pattern: "\\b[A-Za-z0-9]{24}\\b", + category: "razorpay", + keywords: ["rzp_live_"], + }, + { + name: "mapbox.idPat", + pattern: "([a-zA-Z-0-9]{4,32})", + category: "mapbox", + keywords: ["mapbox"], + }, + { + name: "mapbox.keyPat", + pattern: "\\b(sk\\.[a-zA-Z-0-9\\.]{80,240})\\b", + category: "mapbox", + keywords: ["mapbox"], + }, + { + name: "salesforceoauth2.instancePat", + pattern: "\\b(?:https?://)?([0-9a-zA-Z\\-\\.]{1,100}\\.my\\.salesforce\\.com)\\b", + category: "salesforceoauth2", + keywords: ["salesforce", "3MVG9"], + }, + { + name: "salesforceoauth2.consumerKeyPat", + pattern: "\\b(3MVG9[0-9a-zA-Z._+/=]{80,251})", + category: "salesforceoauth2", + keywords: ["salesforce", "3MVG9"], + }, + { + name: "liveagent.domainPat", + pattern: "\\b(https?://[A-Za-z0-9-]+\\.ladesk\\.com)\\b", + category: "liveagent", + keywords: ["liveagent", "ladesk"], + }, + { + name: "pulumi.keyPat", + pattern: "\\b(pul-[a-z0-9]{40})\\b", + category: "pulumi", + keywords: ["pul-"], + }, + { + name: "prefect.keyPat", + pattern: "\\b(pnu_[a-zA-Z0-9]{36})\\b", + category: "prefect", + keywords: ["pnu_"], + }, + { + name: "v2.keyPat", + pattern: "\\b(pat-(?:eu|na)1-[A-Za-z0-9]{8}\\-[A-Za-z0-9]{4}\\-[A-Za-z0-9]{4}\\-[A-Za-z0-9]{4}\\-[A-Za-z0-9]{12})\\b", + category: "v2", + keywords: ["pat-na1-", "pat-eu1-"], + }, + { + name: "azure_storage.namePat", + pattern: "(?i:Account[_.-]?Name|Storage[_.-]?(?:Account|Name))(?:.|\\s){0,20}?\\b([a-z0-9]{3,24})\\b|([a-z0-9]{3,24})(?i:\\.blob\\.core\\.windows\\.net)", + category: "azure_storage", + keywords: ["DefaultEndpointsProtocol=http", "EndpointSuffix", "core.windows.net", "AccountName", "Account_Name", "Account.Name", "Account-Name", "StorageAccount", "Storage_Account", "Storage.Account", "Storage-Account", "AccountKey", "Account_Key", "Account.Key", "Account-Key"], + }, + { + name: "azure_storage.keyPat", + pattern: "(?i:(?:Access|Account|Storage)[_.-]?Key)(?:.|\\s){0,25}?([a-zA-Z0-9+\\/-]{86,88}={0,2})", + category: "azure_storage", + keywords: ["DefaultEndpointsProtocol=http", "EndpointSuffix", "core.windows.net", "AccountName", "Account_Name", "Account.Name", "Account-Name", "StorageAccount", "Storage_Account", "Storage.Account", "Storage-Account", "AccountKey", "Account_Key", "Account.Key", "Account-Key"], + }, + { + name: "wepay.appIDPat", + pattern: "\\b(\\d{6})\\b", + category: "wepay", + keywords: ["wepay"], + }, + { + name: "npmtokenv2.keyPat", + pattern: "(npm_[0-9a-zA-Z]{36})", + category: "npmtokenv2", + keywords: ["npm_"], + }, + { + name: "caflou.keyPat", + pattern: "\\b(eyJhbGciOiJIUzI1NiJ9[a-zA-Z0-9._-]{135})\\b", + category: "caflou", + keywords: ["caflou"], + }, + { + name: "v2.keyPat", + pattern: "\\b(bkua_[a-z0-9]{40})\\b", + category: "v2", + keywords: ["bkua_"], + }, + { + name: "dfuse.keyPat", + pattern: "\\b(web\\_[0-9a-z]{32})\\b", + category: "dfuse", + keywords: ["dfuse"], + }, + { + name: "uri.keyPat", + pattern: "\\bhttps?:\\/\\/[\\w!#$%&()*+,\\-./;<=>?@[\\\\\\]^_{|}~]{0,50}:([\\w!#$%&()*+,\\-./:;<=>?[\\\\\\]^_{|}~]{3,50})@[a-zA-Z0-9.-]+(?:\\.[a-zA-Z]{2,})?(?::\\d{1,5})?[\\w/]+\\b", + category: "uri", + keywords: ["http://", "https://"], + }, + { + name: "salesforcerefreshtoken.refreshTokenPat", + pattern: "(?i)\\b(5AEP861[a-zA-Z0-9._=]{80,})\\b", + category: "salesforcerefreshtoken", + keywords: ["salesforce", "5AEP861", "3MVG9"], + }, + { + name: "salesforcerefreshtoken.consumerKeyPat", + pattern: "\\b(3MVG9[0-9a-zA-Z._+/=]{80,251})", + category: "salesforcerefreshtoken", + keywords: ["salesforce", "5AEP861", "3MVG9"], + }, + { + name: "gocardless.keyPat", + pattern: "\\b(live_[0-9A-Za-z\\_\\-]{40}[ \"'\\r\\n]{1})", + category: "gocardless", + keywords: ["gocardless"], + }, + { + name: "apify.keyPat", + pattern: "\\b(apify\\_api\\_[a-zA-Z-0-9]{36})\\b", + category: "apify", + keywords: ["apify"], + }, + { + name: "twilioapikey.apiKeyPat", + pattern: "\\bSK[a-zA-Z0-9]{32}\\b", + category: "twilioapikey", + keywords: ["twilio"], + }, + { + name: "twilioapikey.secretPat", + pattern: "\\b[0-9a-zA-Z]{32}\\b", + category: "twilioapikey", + keywords: ["twilio"], + }, + { + name: "gcpapplicationdefaultcredentials.keyPat", + pattern: "\\{[^{]+client_secret[^}]+\\}", + category: "gcpapplicationdefaultcredentials", + keywords: [".apps.googleusercontent.com"], + }, + { + name: "privatekey.keyPat", + pattern: "(?i)-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\\s*?-----[\\s\\S]*?----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY\\s*?-----", + category: "privatekey", + keywords: ["private key"], + }, + { + name: "azuresastoken.urlPat", + pattern: "https://([a-zA-Z0-9][a-z0-9_-]{1,22}[a-zA-Z0-9])\\.blob\\.core\\.windows\\.net/[a-z0-9]([a-z0-9-]{1,61}[a-z0-9])?(?:/[a-zA-Z0-9._-]+)*", + category: "azuresastoken", + keywords: ["azure", ".blob.core.windows.net"], + }, + { + name: "intra42.keyPat", + pattern: "\\b(s-s4t2(?:ud|af)-[a-f0-9]{64})\\b", + category: "intra42", + keywords: ["s-s4t2ud-", "s-s4t2af-"], + }, + { + name: "intra42.idPat", + pattern: "\\b(u-s4t2(?:ud|af)-[a-f0-9]{64})\\b", + category: "intra42", + keywords: ["s-s4t2ud-", "s-s4t2af-"], + }, + { + name: "openai.keyPat", + pattern: "\\b(sk-[[:alnum:]_-]+T3BlbkFJ[[:alnum:]_-]+)\\b", + category: "openai", + keywords: ["T3BlbkFJ"], + }, + { + name: "zapierwebhook.keyPat", + pattern: "(https:\\/\\/hooks\\.zapier\\.com\\/hooks\\/catch\\/[A-Za-z0-9\\/]{16})", + category: "zapierwebhook", + keywords: ["hooks.zapier.com/hooks/catch/"], + }, + { + name: "v2.usernamePat", + pattern: "(?im)(?:user|usr|-u|id)\\S{0,40}?[:=\\s]{1,3}[ '\"=]?([a-zA-Z0-9]{4,40})\\b", + category: "v2", + keywords: ["docker", "dckr_pat_", "dckr_oat_"], + }, + { + name: "v2.accessTokenPat", + pattern: "\\b(dckr_pat_[a-zA-Z0-9_-]{27}|dckr_oat_[a-zA-Z0-9_-]{32})(?:[^a-zA-Z0-9_-]|\\z)", + category: "v2", + keywords: ["docker", "dckr_pat_", "dckr_oat_"], + }, + { + name: "twilio.sidPat", + pattern: "\\bAC[0-9a-f]{32}\\b", + category: "twilio", + keywords: ["sid", "twilio"], + }, + { + name: "twilio.keyPat", + pattern: "\\b[0-9a-f]{32}\\b", + category: "twilio", + keywords: ["sid", "twilio"], + }, + { + name: "zohocrm.keyPat", + pattern: "\\b(1000\\.[a-f0-9]{32}\\.[a-f0-9]{32})\\b", + category: "zohocrm", + keywords: ["1000."], + }, + { + name: "couchbase.connectionStringPat", + pattern: "\\b(cb\\.[a-z0-9]+\\.cloud\\.couchbase\\.com)\\b", + category: "couchbase", + keywords: ["couchbase://", "couchbases://"], + }, +]; diff --git a/trufflehog_patterns.json b/trufflehog_patterns.json new file mode 100644 index 0000000..1e6345d --- /dev/null +++ b/trufflehog_patterns.json @@ -0,0 +1,1606 @@ +[ + { + "detector": "sendinbluev2", + "patterns": { + "keyPat": "\\b(xkeysib\\-[A-Za-z0-9_-]{81})\\b" + }, + "keywords": [ + "xkeysib" + ] + }, + { + "detector": "squareup", + "patterns": { + "keyPat": "\\b(sq0idp-[0-9A-Za-z]{22})\\b" + }, + "keywords": [ + "sq0idp-" + ] + }, + { + "detector": "databrickstoken", + "patterns": { + "keyPat": "\\b(dapi[0-9a-f]{32}(-\\d)?)\\b" + }, + "keywords": [ + "databricks", + "dapi" + ] + }, + { + "detector": "freshdesk", + "patterns": { + "urlPat": "\\b([0-9a-z-]{1,}\\.freshdesk\\.com)\\b" + }, + "keywords": [ + "freshdesk" + ] + }, + { + "detector": "endorlabs", + "patterns": { + "keyAndSecretPat": "\\b(endr\\+[a-zA-Z0-9-]{16})\\b" + }, + "keywords": [ + "endr+" + ] + }, + { + "detector": "ftp", + "patterns": { + "keyPat": "\\bftp://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b" + }, + "keywords": [ + "ftp://" + ] + }, + { + "detector": "azure_batch", + "patterns": { + "urlPat": "https://(.{1,50})\\.(.{1,50})\\.batch\\.azure\\.com", + "secretPat": "[A-Za-z0-9+/=]{88}" + }, + "keywords": [ + ".batch.azure.com" + ] + }, + { + "detector": "finage", + "patterns": { + "keyPat": "\\b(API_KEY[0-9A-Z]{32})\\b" + }, + "keywords": [ + "finage" + ] + }, + { + "detector": "adafruitio", + "patterns": { + "keyPat": "\\b(aio\\_[a-zA-Z0-9]{28})\\b" + }, + "keywords": [ + "aio_" + ] + }, + { + "detector": "nightfall", + "patterns": { + "keyPat": "\\b(NF\\-[a-zA-Z0-9]{32})\\b" + }, + "keywords": [ + "nightfall" + ] + }, + { + "detector": "deno", + "patterns": { + "tokenPat": "\\b(dd[pw]_[a-zA-Z0-9]{36})\\b" + }, + "keywords": [ + "ddp_", + "ddw_" + ] + }, + { + "detector": "closecrm", + "patterns": { + "keyPat": "\\b(api_[a-z0-9A-Z.]{45})\\b" + }, + "keywords": [ + "close" + ] + }, + { + "detector": "langsmith", + "patterns": { + "keyPat": "\\b(lsv2_(?:pt|sk)_[a-f0-9]{32}_[a-f0-9]{10})\\b" + }, + "keywords": [ + "lsv2_pt_", + "lsv2_sk_" + ] + }, + { + "detector": "docker", + "patterns": { + "keyPat": "{(?:\\s|\\\\+[nrt])*\\\\*\"auths\\\\*\"(?:\\s|\\\\+t)*:(?:\\s|\\\\+t)*{(?:\\s|\\\\+[nrt])*\\\\*\"(?i:https?:\\/\\/)?[a-z0-9\\-.:\\/]+\\\\*\"(?:\\s|\\\\+t)*:(?:\\s|\\\\+t)*{(?:(?:\\s|\\\\+[nrt])*\\\\*\"(?i:auth|email|username|password)\\\\*\"\\s*:\\s*\\\\*\".*\\\\*\"\\s*,?)+?(?:\\s|\\\\+[nrt])*}(?:\\s|\\\\+[nrt])*}(?:\\s|\\\\+[nrt])*}" + }, + "keywords": [ + "auths" + ] + }, + { + "detector": "googleoauth2", + "patterns": { + "keyPat": "\\b(ya29\\.(?i:[a-z0-9_-]{10,}))(?:[^a-z0-9_-]|\\z)" + }, + "keywords": [ + "ya29." + ] + }, + { + "detector": "signalwire", + "patterns": { + "urlPat": "\\b([0-9a-z-]{3,64}\\.signalwire\\.com)\\b" + }, + "keywords": [ + "signalwire" + ] + }, + { + "detector": "hashicorpvaultauth", + "patterns": { + "vaultUrlPat": "(https?:\\/\\/[^\\s\\/]*\\.hashicorp\\.cloud(?::\\d+)?)(?:\\/[^\\s]*)?" + }, + "keywords": [ + "hashicorp" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(bb_(?:pr|ma)_[a-f0-9]{30})\\b" + }, + "keywords": [ + "bb_pr_", + "bb_ma_" + ] + }, + { + "detector": "signable", + "patterns": { + "keywordPat": "(?i)([a-z]{2})signable" + }, + "keywords": [ + "signable" + ] + }, + { + "detector": "tableau", + "patterns": { + "tokenSecretPat": "\\b([A-Za-z0-9+/]{22}==:[A-Za-z0-9]{32})\\b", + "tableauURLPat": "\\b([a-zA-Z0-9\\-]+\\.online\\.tableau\\.com)\\b" + }, + "keywords": [ + "tableau", + "online.tableau.com" + ] + }, + { + "detector": "invoiceocean", + "patterns": { + "urlPat": "\\b([0-9a-z]{1,}\\.invoiceocean\\.com)\\b" + }, + "keywords": [ + "invoiceocean" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(glpat-[a-zA-Z0-9\\-=_]{20,22})\\b" + }, + "keywords": [ + "glpat-" + ] + }, + { + "detector": "sparkpost", + "patterns": { + "keyPat": "\\b([a-zA-Z0-9]{40})\\b" + }, + "keywords": [ + "sparkpost" + ] + }, + { + "detector": "gemini", + "patterns": { + "keyPat": "\\b((?:master-|account-)[0-9A-Za-z]{20})\\b", + "secretPat": "[A-Za-z0-9]{27,28}" + }, + "keywords": [ + "master-", + "account-" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(HRKU-AA[0-9a-zA-Z_-]{58})\\b" + }, + "keywords": [ + "HRKU-AA" + ] + }, + { + "detector": "azure_openai", + "patterns": { + "azureUrlPat": "(?i)([a-z0-9-]+\\.openai\\.azure\\.com)" + }, + "keywords": [ + ".openai.azure.com" + ] + }, + { + "detector": "locationiq", + "patterns": { + "keyPat": "\\b(pk\\.[a-zA-Z-0-9]{32})\\b" + }, + "keywords": [ + "locationiq" + ] + }, + { + "detector": "frameio", + "patterns": { + "keyPat": "\\b(fio-u-[0-9a-zA-Z_-]{64})\\b" + }, + "keywords": [ + "fio-u-" + ] + }, + { + "detector": "grafanaserviceaccount", + "patterns": { + "keyPat": "\\b(glsa_[0-9a-zA-Z_]{41})\\b", + "domainPat": "\\b([a-zA-Z0-9-]+\\.grafana\\.net)\\b" + }, + "keywords": [ + "glsa_" + ] + }, + { + "detector": "saucelabs", + "patterns": { + "baseUrlPat": "\\b(api\\.(?:us|eu)-(?:west|east|central)-[0-9].saucelabs\\.com)\\b" + }, + "keywords": [ + "saucelabs" + ] + }, + { + "detector": "supabasetoken", + "patterns": { + "keyPat": "\\b(sbp_[a-z0-9]{40})\\b" + }, + "keywords": [ + "sbp_" + ] + }, + { + "detector": "clickhelp", + "patterns": { + "portalPat": "\\b([0-9A-Za-z-]{3,20}\\.(?:try\\.)?clickhelp\\.co)\\b" + }, + "keywords": [ + "clickhelp.co" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b([a-zA-Z0-9]{6}_[a-zA-Z0-9]{29}_mmk)\\b" + }, + "keywords": [ + "_mmk" + ] + }, + { + "detector": "redis", + "patterns": { + "keyPat": "\\bredi[s]{1,2}://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + "azureRedisPat": "\\b([\\w\\d.-]{1,100}\\.redis\\.cache\\.windows\\.net:6380),password=([^,]{44}),ssl=True,abortConnect=False\\b" + }, + "keywords": [ + "redis" + ] + }, + { + "detector": "azurecontainerregistry", + "patterns": { + "urlPat": "([a-z0-9][a-z0-9-]{1,100}[a-z0-9])\\.azurecr\\.io", + "passwordPat": "\\b[a-zA-Z0-9+/]{42}\\+ACR[a-zA-Z0-9]{6}\\b" + }, + "keywords": [ + ".azurecr.io" + ] + }, + { + "detector": "sendgrid", + "patterns": { + "keyPat": "\\bSG\\.[\\w\\-]{20,24}\\.[\\w\\-]{39,50}\\b" + }, + "keywords": [ + "SG." + ] + }, + { + "detector": "trufflehogenterprise", + "patterns": { + "keyPat": "\\bthog-key-[0-9a-f]{16}\\b", + "secretPat": "\\bthog-secret-[0-9a-f]{32}\\b", + "hostnamePat": "\\b[a-z]+-[a-z]+-[a-z]+\\.[a-z][0-9]\\.[a-z]+\\.trufflehog\\.org\\b" + }, + "keywords": [ + "thog" + ] + }, + { + "detector": "anypoint", + "patterns": { + "keyPat": "\\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\\b" + }, + "keywords": [ + "anypoint" + ] + }, + { + "detector": "cloudflarecakey", + "patterns": { + "keyPat": "\\b(v1\\.0-[A-Za-z0-9-]{171})\\b" + }, + "keywords": [ + "cloudflare" + ] + }, + { + "detector": "ldap", + "patterns": { + "uriPat": "\\b(?i)ldaps?://[\\S]+\\b", + "iadPat": "OpenDSObject\\(\\\"(?i)(ldaps?://[\\S]+)\\\", ?\\\"([\\S]+)\\\", ?\\\"([\\S]+)\\\",[ \\d]+\\)" + }, + "keywords": [ + "ldaps://", + "ldap://" + ] + }, + { + "detector": "sentryorgtoken", + "patterns": { + "orgAuthTokenPat": "\\b(sntrys_eyJ[a-zA-Z0-9=_+/]{197})\\b" + }, + "keywords": [ + "sntrys_eyJ" + ] + }, + { + "detector": "launchdarkly", + "patterns": { + "keyPat": "\\b((?:api|sdk)-[a-z0-9]{8}-[a-z0-9]{4}-4[a-z0-9]{3}-[a-z0-9]{4}-[a-z0-9]{12})\\b" + }, + "keywords": [ + "api-", + "sdk-" + ] + }, + { + "detector": "klaviyo", + "patterns": { + "keyPat": "\\b(pk_[[:alnum:]]{34})\\b" + }, + "keywords": [ + "pk_" + ] + }, + { + "detector": "coinbase", + "patterns": { + "keyNamePat": "\\b(organizations\\\\*/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}\\\\*/apiKeys\\\\*/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12})\\b", + "privateKeyPat": "(-----BEGIN EC(?:DSA)? PRIVATE KEY-----(?:\\r|\\n|\\\\+r|\\\\+n)(?:[a-zA-Z0-9+/]+={0,2}(?:\\r|\\n|\\\\+r|\\\\+n))+-----END EC(?:DSA)? PRIVATE KEY-----(?:\\r|\\n|\\\\+r|\\\\+n)?)" + }, + "keywords": [ + "begin ec" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "(CCIPAT_[a-zA-Z0-9]{22}_[a-fA-F0-9]{40})" + }, + "keywords": [ + "CCIPAT_" + ] + }, + { + "detector": "zulipchat", + "patterns": { + "idPat": "\\b([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,})\\b", + "domainPat": "(?i)\\b([a-z0-9-]+\\.zulip(?:chat)?\\.com|chat\\.zulip\\.org)\\b" + }, + "keywords": [ + "zulip" + ] + }, + { + "detector": "azuredirectmanagementkey", + "patterns": { + "urlPat": "https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\\.management\\.azure-api\\.net" + }, + "keywords": [ + ".management.azure-api.net" + ] + }, + { + "detector": "tineswebhook", + "patterns": { + "keyPat": "(https://[\\w-]+\\.tines\\.com/webhook/[a-z0-9]{32}/[a-z0-9]{32})" + }, + "keywords": [ + "tines.com" + ] + }, + { + "detector": "hasura", + "patterns": { + "domainPat": "\\b([a-zA-Z0-9-]+\\.hasura\\.app)\\b" + }, + "keywords": [ + "hasura" + ] + }, + { + "detector": "postman", + "patterns": { + "keyPat": "\\b(PMAK-[a-zA-Z-0-9]{59})\\b" + }, + "keywords": [ + "PMAK-" + ] + }, + { + "detector": "shopify", + "patterns": { + "keyPat": "\\b(shppa_|shpat_)([0-9A-Fa-f]{32})\\b", + "domainPat": "[a-zA-Z0-9-]+\\.myshopify\\.com" + }, + "keywords": [ + "shppa_", + "shpat_" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(sntryu_[a-f0-9]{64})\\b" + }, + "keywords": [ + "sentry", + "sntryu" + ] + }, + { + "detector": "groq", + "patterns": { + "keyPat": "\\b(gsk_[a-zA-Z0-9]{52})\\b" + }, + "keywords": [ + "gsk_" + ] + }, + { + "detector": "apideck", + "patterns": { + "keyPat": "\\b(sk_live_[a-z0-9A-Z-]{93})\\b" + }, + "keywords": [ + "apideck" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\btfp_[a-zA-Z0-9_]{40,59}\\b" + }, + "keywords": [ + "tfp_" + ] + }, + { + "detector": "azure_entra", + "patterns": { + "tenantOnMicrosoftPat": "([\\w-]+\\.onmicrosoft\\.com)" + }, + "keywords": [] + }, + { + "detector": "refreshtoken", + "patterns": { + "refreshTokenPat": "\\b[01]\\.A[\\w-]{50,}(?:\\.\\d)?\\.Ag[\\w-]{250,}(?:\\.A[\\w-]{200,})?" + }, + "keywords": [ + "0.A", + "1.A" + ] + }, + { + "detector": "v1", + "patterns": { + "clientSecretPat": "(?i)(?:secret|password| -p[ =]).{0,80}?([\\w~@[\\]:.?*/+=-]{31,34}", + "secretPat": "(?i)(?:secret|password| -p[ =]).{0,80}[^A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]([A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]{31,34})[^A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]" + }, + "keywords": [ + "azure", + "az", + "entra", + "msal", + "login.microsoftonline.com", + ".onmicrosoft.com" + ] + }, + { + "detector": "v2", + "patterns": { + "SecretPat": "(?:[^a-zA-Z0-9_~.-]|\\A)([a-zA-Z0-9_~.-]{3}\\dQ~[a-zA-Z0-9_~.-]{31,34})(?:[^a-zA-Z0-9_~.-]|\\z)" + }, + "keywords": [ + "q~" + ] + }, + { + "detector": "grafana", + "patterns": { + "keyPat": "\\b(glc_eyJ[A-Za-z0-9+\\/=]{60,160})" + }, + "keywords": [ + "glc_eyJ" + ] + }, + { + "detector": "mailchimp", + "patterns": { + "keyPat": "[0-9a-f]{32}-us[0-9]{1,2}" + }, + "keywords": [ + "-us" + ] + }, + { + "detector": "discordwebhook", + "patterns": { + "keyPat": "(https:\\/\\/discord\\.com\\/api\\/webhooks\\/[0-9]{18,19}\\/[0-9a-zA-Z-]{68})" + }, + "keywords": [ + "https://discord.com/api/webhooks/" + ] + }, + { + "detector": "webexbot", + "patterns": { + "keyPat": "([a-zA-Z0-9]{64}_[a-zA-Z0-9]{4}_[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12})" + }, + "keywords": [ + "spark", + "webex" + ] + }, + { + "detector": "documo", + "patterns": { + "keyPat": "\\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\\b" + }, + "keywords": [ + "documo" + ] + }, + { + "detector": "doppler", + "patterns": { + "keyPat": "\\b(dp\\.(?:ct|pt|st(?:\\.[a-z0-9\\-_]{2,35})?|sa|scim|audit)\\.[a-zA-Z0-9]{40,44})\\b" + }, + "keywords": [ + "dp.ct.", + "dp.pt.", + "dp.st", + "dp.sa.", + "dp.scim.", + "dp.audit." + ] + }, + { + "detector": "rabbitmq", + "patterns": { + "keyPat": "\\b(?:amqps?):\\/\\/[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b" + }, + "keywords": [ + "amqp" + ] + }, + { + "detector": "pagarme", + "patterns": { + "keyPat": "\\b(ak_live_[a-zA-Z0-9]{30})\\b" + }, + "keywords": [ + "ak_live_" + ] + }, + { + "detector": "planetscale", + "patterns": { + "usernamePat": "\\b[a-z0-9]{12}\\b", + "passwordPat": "\\bpscale_tkn_[A-Za-z0-9_]{43}\\b" + }, + "keywords": [ + "pscale_tkn_" + ] + }, + { + "detector": "gcp", + "patterns": { + "keyPat": "\\{[^{]+auth_provider_x509_cert_url[^}]+\\}" + }, + "keywords": [ + "provider_x509" + ] + }, + { + "detector": "flyio", + "patterns": { + "keyPat": "\\b(FlyV1 fm\\d+_[A-Za-z0-9+\\/=,_-]{500,700})\\b" + }, + "keywords": [ + "FlyV1" + ] + }, + { + "detector": "sourcegraphcody", + "patterns": { + "keyPat": "\\b(slk_[a-f0-9]{64})\\b" + }, + "keywords": [ + "slk_" + ] + }, + { + "detector": "onelogin", + "patterns": { + "oauthClientIDPat": "(?i)id[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})", + "oauthClientSecretPat": "(?i)secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})" + }, + "keywords": [ + "onelogin" + ] + }, + { + "detector": "mite", + "patterns": { + "urlPat": "\\b([0-9a-z-]{1,}.mite.yo.lk)\\b" + }, + "keywords": [ + "mite" + ] + }, + { + "detector": "alibaba", + "patterns": { + "keyPat": "\\b([a-zA-Z0-9]{30})\\b", + "idPat": "\\b(LTAI[a-zA-Z0-9]{17,21})[\\\"';\\s]*" + }, + "keywords": [ + "LTAI" + ] + }, + { + "detector": "reallysimplesystems", + "patterns": { + "keyPat": "\\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\\b" + }, + "keywords": [ + "reallysimplesystems" + ] + }, + { + "detector": "auth0managementapitoken", + "patterns": { + "managementAPITokenPat": "\\b(ey[a-zA-Z0-9._-]+)\\b", + "domainPat": "([a-zA-Z0-9\\-]{2,16}\\.[a-zA-Z0-9_-]{2,3}\\.auth0\\.com)" + }, + "keywords": [ + "auth0" + ] + }, + { + "detector": "xai", + "patterns": { + "keyPat": "\\b(xai-[0-9a-zA-Z_]{80})\\b" + }, + "keywords": [ + "xai-" + ] + }, + { + "detector": "voiceflow", + "patterns": { + "keyPat": "\\b(VF\\.(?:(?:DM|WS)\\.)?[a-fA-F0-9]{24}\\.[a-zA-Z0-9]{16})\\b" + }, + "keywords": [ + "vf", + "dm" + ] + }, + { + "detector": "azureapimanagementsubscriptionkey", + "patterns": { + "urlPat": "https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\\.azure-api\\.net" + }, + "keywords": [ + ".azure-api.net" + ] + }, + { + "detector": "readme", + "patterns": { + "keyPat": "(rdme_[a-z0-9]{70})" + }, + "keywords": [ + "rdme_" + ] + }, + { + "detector": "mongodb", + "patterns": { + "connStrPat": "\\b(mongodb(?:\\+srv)?://(?P\\S{3,50}):(?P\\S{3,88})@(?P[-.%\\w]+(?::\\d{1,5})?(?:,[-.%\\w]+(?::\\d{1,5})?)*)(?:/(?P[\\w-]+)?(?P\\?\\w+=[\\w@/.$-]+(?:&(?:amp;)?\\w+=[\\w@/.$-]+)*)?)?)(?:\\b|$)", + "placeholderPasswordPat": "^[xX]+|\\*+$" + }, + "keywords": [ + "mongodb" + ] + }, + { + "detector": "notion", + "patterns": { + "keyPat": "\\b(secret_[A-Za-z0-9]{43})\\b" + }, + "keywords": [ + "notion" + ] + }, + { + "detector": "v1", + "patterns": { + "keyPat": "(?i)(?:elevenlabs|xi-api-key|el|token|key)[^\\.].{0,40}[ =:'\"]+([a-f0-9]{32})\\b" + }, + "keywords": [ + "elevenlabs", + "xi-api-key", + "xi_api_key" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b((?:sk)_[a-f0-9]{48})\\b" + }, + "keywords": [ + "elevenlabs", + "xi-api-key", + "xi_api_key" + ] + }, + { + "detector": "rubygems", + "patterns": { + "keyPat": "\\b(rubygems_[a-zA0-9]{48})\\b" + }, + "keywords": [ + "rubygems" + ] + }, + { + "detector": "jdbc", + "patterns": { + "keyPat": "(?i)jdbc:[\\w]{3,10}:[^\\s\"'<>,(){}[\\]&]{10,512}" + }, + "keywords": [ + "jdbc" + ] + }, + { + "detector": "planetscaledb", + "patterns": { + "usernamePat": "\\b[a-z0-9]{20}\\b", + "passwordPat": "\\bpscale_pw_[A-Za-z0-9_]{43}\\b", + "hostPat": "\\b(aws|gcp)\\.connect\\.psdb\\.cloud\\b" + }, + "keywords": [ + "pscale_pw_" + ] + }, + { + "detector": "deputy", + "patterns": { + "urlPat": "\\b([0-9a-z]{1,}\\.as\\.deputy\\.com)\\b" + }, + "keywords": [ + "deputy" + ] + }, + { + "detector": "openvpn", + "patterns": { + "clientSecretPat": "\\b([a-zA-Z0-9_-]{64,})\\b", + "domainPat": "\\b(https?://[A-Za-z0-9-]+\\.api\\.openvpn\\.com)\\b" + }, + "keywords": [ + "openvpn" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(na1\\.[A-Za-z0-9\\+\\/]{100})\\b" + }, + "keywords": [ + "fullstory" + ] + }, + { + "detector": "squareapp", + "patterns": { + "keyPat": "(?:sandbox-)?sq0i[a-z]{2}-[0-9A-Za-z_-]{22,43}", + "secPat": "(?:sandbox-)?sq0c[a-z]{2}-[0-9A-Za-z_-]{40,50}" + }, + "keywords": [ + "sq0i" + ] + }, + { + "detector": "ubidots", + "patterns": { + "keyPat": "\\b(BBFF-[0-9a-zA-Z]{30})\\b" + }, + "keywords": [ + "BBFF-" + ] + }, + { + "detector": "trelloapikey", + "patterns": { + "tokenPat": "\\b([a-zA-Z-0-9]{64})\\b" + }, + "keywords": [ + "trello" + ] + }, + { + "detector": "robinhoodcrypto", + "patterns": { + "keyPat": "\\b(rh-api-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\\b", + "privKeyBase64Pat": "(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)" + }, + "keywords": [ + "rh-api-" + ] + }, + { + "detector": "terraformcloudpersonaltoken", + "patterns": { + "keyPat": "\\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\\b" + }, + "keywords": [ + ".atlasv1." + ] + }, + { + "detector": "contentfulpersonalaccesstoken", + "patterns": { + "keyPat": "\\b(CFPAT-[a-zA-Z0-9_\\-]{43})\\b" + }, + "keywords": [ + "CFPAT-" + ] + }, + { + "detector": "sumologickey", + "patterns": { + "urlPat": "(?i)api\\.(?:au|ca|de|eu|fed|jp|kr|in|us2)\\.sumologic\\.com" + }, + "keywords": [ + "sumo", + "accessId", + "accessKey" + ] + }, + { + "detector": "artifactory", + "patterns": { + "keyPat": "\\b([a-zA-Z0-9]{64,73})\\b", + "URLPat": "\\b([A-Za-z0-9][A-Za-z0-9\\-]{0,61}[A-Za-z0-9]\\.jfrog\\.io)" + }, + "keywords": [ + "artifactory", + "jfrog.io" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b((?:ghp|gho|ghu|ghs|ghr|github_pat)_[a-zA-Z0-9_]{36,255})\\b" + }, + "keywords": [ + "ghp_", + "gho_", + "ghu_", + "ghs_", + "ghr_", + "github_pat_" + ] + }, + { + "detector": "sourcegraph", + "patterns": { + "keyPat": "\\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\\b" + }, + "keywords": [ + "sgp_" + ] + }, + { + "detector": "nvapi", + "patterns": { + "keyPat": "\\b(nvapi-[a-zA-Z0-9_-]{64})\\b" + }, + "keywords": [ + "nvapi-" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(ATCTT3xFfG[A-Za-z0-9+/=_-]+=[A-Za-z0-9]{8})\\b" + }, + "keywords": [ + "ATCTT3xFfG" + ] + }, + { + "detector": "aha", + "patterns": { + "URLPat": "\\b([A-Za-z0-9](?:[A-Za-z0-9\\-]{0,61}[A-Za-z0-9])\\.aha\\.io)" + }, + "keywords": [ + "aha.io" + ] + }, + { + "detector": "pubnubpublishkey", + "patterns": { + "pubPat": "\\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + "subPat": "\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b" + }, + "keywords": [ + "sub-c-" + ] + }, + { + "detector": "linearapi", + "patterns": { + "keyPat": "\\b(lin_api_[0-9A-Za-z]{40})\\b" + }, + "keywords": [ + "lin_api_" + ] + }, + { + "detector": "paypaloauth", + "patterns": { + "idPat": "\\b([A-Za-z0-9_\\.]{7}-[A-Za-z0-9_\\.]{72}|[A-Za-z0-9_\\.]{5}-[A-Za-z0-9_\\.]{38})\\b", + "keyPat": "\\b([A-Za-z0-9_\\.\\-]{44,80})\\b" + }, + "keywords": [ + "paypal" + ] + }, + { + "detector": "paystack", + "patterns": { + "keyPat": "\\b(sk\\_[a-z]{1,}\\_[A-Za-z0-9]{40})\\b" + }, + "keywords": [ + "paystack" + ] + }, + { + "detector": "flutterwave", + "patterns": { + "keyPat": "\\b(FLWSECK-[0-9a-z]{32}-X)\\b" + }, + "keywords": [ + "FLWSECK-" + ] + }, + { + "detector": "microsoftteamswebhook", + "patterns": { + "keyPat": "(https:\\/\\/[a-zA-Z-0-9]+\\.webhook\\.office\\.com\\/webhookb2\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\/IncomingWebhook\\/[a-zA-Z-0-9]{32}\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})" + }, + "keywords": [ + "webhook.office.com" + ] + }, + { + "detector": "azureappconfigconnectionstring", + "patterns": { + "connectionStringPat": "Endpoint=(https:\\/\\/[a-zA-Z0-9-]+\\.azconfig\\.io);Id=([a-zA-Z0-9+\\/=]+);Secret=([a-zA-Z0-9+\\/=]+)" + }, + "keywords": [ + ".azconfig.io" + ] + }, + { + "detector": "rootly", + "patterns": { + "keyPat": "\\b(rootly_[a-f0-9]{64})\\b" + }, + "keywords": [ + "rootly_" + ] + }, + { + "detector": "dotdigital", + "patterns": { + "emailPat": "\\b(apiuser-[a-z0-9]{12}@apiconnector.com)\\b" + }, + "keywords": [ + "@apiconnector.com" + ] + }, + { + "detector": "graphcms", + "patterns": { + "keyPat": "\\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\\b" + }, + "keywords": [ + "graphcms" + ] + }, + { + "detector": "airtableoauth", + "patterns": { + "tokenPat": "\\b([[:alnum:]]+\\.v1\\.[a-zA-Z0-9_-]+\\.[a-f0-9]+)\\b" + }, + "keywords": [ + "airtable" + ] + }, + { + "detector": "fleetbase", + "patterns": { + "keyPat": "\\b(flb_live_[0-9a-zA-Z]{20})\\b" + }, + "keywords": [ + "fleetbase" + ] + }, + { + "detector": "kanban", + "patterns": { + "urlPat": "\\b([0-9a-z]{1,}\\.kanbantool\\.com)\\b" + }, + "keywords": [ + "kanban" + ] + }, + { + "detector": "loggly", + "patterns": { + "domainPat": "\\b([a-zA-Z0-9-]+\\.loggly\\.com)\\b" + }, + "keywords": [ + "loggly" + ] + }, + { + "detector": "azurefunctionkey", + "patterns": { + "azureUrlPat": "\\bhttps:\\/\\/([a-zA-Z0-9-]{2,30})\\.azurewebsites\\.net\\/api\\/([a-zA-Z0-9-]{2,30})\\b" + }, + "keywords": [ + "azure" + ] + }, + { + "detector": "okta", + "patterns": { + "domainPat": "\\b[a-z0-9-]{1,40}\\.okta(?:preview|-emea){0,1}\\.com\\b", + "tokenPat": "\\b00[a-zA-Z0-9_-]{40}\\b" + }, + "keywords": [ + ".okta" + ] + }, + { + "detector": "tailscale", + "patterns": { + "keyPat": "\\btskey-[a-z]+-[0-9A-Za-z_]+-[0-9A-Za-z_]+\\b" + }, + "keywords": [ + "tskey-", + "tskey-api-", + "tskey-oauth-" + ] + }, + { + "detector": "auth0oauth", + "patterns": { + "clientSecretPat": "\\b([a-zA-Z0-9_-]{64,})\\b", + "domainPat": "\\b([a-zA-Z0-9][a-zA-Z0-9._-]*auth0\\.com)\\b" + }, + "keywords": [ + "auth0" + ] + }, + { + "detector": "v2", + "patterns": { + "tokenPat": "\\b(ATATT[A-Za-z0-9+/=_-]+=[A-Za-z0-9]{8})\\b", + "domainPat": "\\b((?:[a-zA-Z0-9-]{1,24}\\.)+[a-zA-Z0-9-]{2,24}\\.[a-zA-Z0-9-]{2,16})\\b" + }, + "keywords": [ + "atlassian", + "confluence", + "jira" + ] + }, + { + "detector": "replicate", + "patterns": { + "keyPat": "\\b(r8_[0-9A-Za-z-_]{37})\\b" + }, + "keywords": [ + "replicate", + "r8_" + ] + }, + { + "detector": "salesforce", + "patterns": { + "accessTokenPat": "\\b00[a-zA-Z0-9]{13}![a-zA-Z0-9_.]{96}\\b", + "instancePat": "\\bhttps://[0-9a-zA-Z-\\.]{1,100}\\.my\\.salesforce\\.com\\b" + }, + "keywords": [ + "salesforce" + ] + }, + { + "detector": "fibery", + "patterns": { + "domainPat": "(?:https?:\\/\\/)?([a-zA-Z0-9-]{1,63})\\.fibery\\.io(?:\\/.*)?" + }, + "keywords": [ + ".fibery.io" + ] + }, + { + "detector": "anthropic", + "patterns": { + "keyPat": "\\b(sk-ant-(?:admin01|api03)-[\\w\\-]{93}AA)\\b" + }, + "keywords": [ + "sk-ant-api03", + "sk-ant-admin01" + ] + }, + { + "detector": "aws", + "patterns": { + "SecretPat": "(?:[^A-Za-z0-9+/]|\\A)([A-Za-z0-9+/]{40})(?:[^A-Za-z0-9+/]|\\z)" + }, + "keywords": [] + }, + { + "detector": "aws", + "patterns": { + "FalsePositiveSecretPat": "[a-f0-9]{40}" + }, + "keywords": [] + }, + { + "detector": "session_keys", + "patterns": { + "idPat": "\\b((?:ASIA)[A-Z0-9]{16})\\b", + "sessionPat": "(?:[^A-Za-z0-9+/]|\\A)([a-zA-Z0-9+/]{100,}={0,3})(?:[^A-Za-z0-9+/=]|\\z)" + }, + "keywords": [ + "ASIA" + ] + }, + { + "detector": "access_keys", + "patterns": { + "idPat": "\\b((?:AKIA|ABIA|ACCA)[A-Z0-9]{16})\\b" + }, + "keywords": [ + "AKIA", + "ABIA", + "ACCA" + ] + }, + { + "detector": "pubnubsubscriptionkey", + "patterns": { + "keyPat": "\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b" + }, + "keywords": [ + "sub-c-" + ] + }, + { + "detector": "digitaloceanv2", + "patterns": { + "keyPat": "\\b((?:dop|doo|dor)_v1_[a-f0-9]{64})\\b" + }, + "keywords": [ + "dop_v1_", + "doo_v1_", + "dor_v1_" + ] + }, + { + "detector": "stripepaymentintent", + "patterns": { + "clientSecretPat": "\\b(pi_[a-zA-Z0-9]{24}_secret_[a-zA-Z0-9]{25})\\b", + "secretKeyPat": "\\b([rs]k_live_[a-zA-Z0-9]{20,247})\\b", + "publishableKeyPat": "\\b(pk_live_[a-zA-Z0-9]{20,247})\\b" + }, + "keywords": [ + "_secret_" + ] + }, + { + "detector": "ramp", + "patterns": { + "keyPat": "\\b(ramp_id_[[:alnum:]]{40})\\b", + "secretPat": "\\b(ramp_sec_[[:alnum:]]{48})\\b" + }, + "keywords": [ + "ramp_" + ] + }, + { + "detector": "posthog", + "patterns": { + "keyPat": "\\b(phx_[a-zA-Z0-9_]{43})\\b" + }, + "keywords": [ + "phx_" + ] + }, + { + "detector": "huggingface", + "patterns": { + "keyPat": "\\b(?:hf_|api_org_)[a-zA-Z0-9]{34}\\b" + }, + "keywords": [ + "hf_", + "api_org_" + ] + }, + { + "detector": "repositorykey", + "patterns": { + "regex": "\\d+\\.\\d+\\.\\d+" + }, + "keywords": [ + "azure", + ".scm.azure-api.net" + ] + }, + { + "detector": "flexport", + "patterns": { + "keyPat": "\\b(shltm_[0-9a-zA-Z-_]{40})" + }, + "keywords": [ + "shltm_" + ] + }, + { + "detector": "razorpay", + "patterns": { + "keyPat": "(?i)\\brzp_live_[A-Za-z0-9]{14}\\b", + "secretPat": "\\b[A-Za-z0-9]{24}\\b" + }, + "keywords": [ + "rzp_live_" + ] + }, + { + "detector": "mapbox", + "patterns": { + "idPat": "([a-zA-Z-0-9]{4,32})", + "keyPat": "\\b(sk\\.[a-zA-Z-0-9\\.]{80,240})\\b" + }, + "keywords": [ + "mapbox" + ] + }, + { + "detector": "salesforceoauth2", + "patterns": { + "instancePat": "\\b(?:https?://)?([0-9a-zA-Z\\-\\.]{1,100}\\.my\\.salesforce\\.com)\\b", + "consumerKeyPat": "\\b(3MVG9[0-9a-zA-Z._+/=]{80,251})" + }, + "keywords": [ + "salesforce", + "3MVG9" + ] + }, + { + "detector": "liveagent", + "patterns": { + "domainPat": "\\b(https?://[A-Za-z0-9-]+\\.ladesk\\.com)\\b" + }, + "keywords": [ + "liveagent", + "ladesk" + ] + }, + { + "detector": "pulumi", + "patterns": { + "keyPat": "\\b(pul-[a-z0-9]{40})\\b" + }, + "keywords": [ + "pul-" + ] + }, + { + "detector": "prefect", + "patterns": { + "keyPat": "\\b(pnu_[a-zA-Z0-9]{36})\\b" + }, + "keywords": [ + "pnu_" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(pat-(?:eu|na)1-[A-Za-z0-9]{8}\\-[A-Za-z0-9]{4}\\-[A-Za-z0-9]{4}\\-[A-Za-z0-9]{4}\\-[A-Za-z0-9]{12})\\b" + }, + "keywords": [ + "pat-na1-", + "pat-eu1-" + ] + }, + { + "detector": "azure_storage", + "patterns": { + "namePat": "(?i:Account[_.-]?Name|Storage[_.-]?(?:Account|Name))(?:.|\\s){0,20}?\\b([a-z0-9]{3,24})\\b|([a-z0-9]{3,24})(?i:\\.blob\\.core\\.windows\\.net)", + "keyPat": "(?i:(?:Access|Account|Storage)[_.-]?Key)(?:.|\\s){0,25}?([a-zA-Z0-9+\\/-]{86,88}={0,2})" + }, + "keywords": [ + "DefaultEndpointsProtocol=http", + "EndpointSuffix", + "core.windows.net", + "AccountName", + "Account_Name", + "Account.Name", + "Account-Name", + "StorageAccount", + "Storage_Account", + "Storage.Account", + "Storage-Account", + "AccountKey", + "Account_Key", + "Account.Key", + "Account-Key" + ] + }, + { + "detector": "wepay", + "patterns": { + "appIDPat": "\\b(\\d{6})\\b" + }, + "keywords": [ + "wepay" + ] + }, + { + "detector": "npmtokenv2", + "patterns": { + "keyPat": "(npm_[0-9a-zA-Z]{36})" + }, + "keywords": [ + "npm_" + ] + }, + { + "detector": "caflou", + "patterns": { + "keyPat": "\\b(eyJhbGciOiJIUzI1NiJ9[a-zA-Z0-9._-]{135})\\b" + }, + "keywords": [ + "caflou" + ] + }, + { + "detector": "v2", + "patterns": { + "keyPat": "\\b(bkua_[a-z0-9]{40})\\b" + }, + "keywords": [ + "bkua_" + ] + }, + { + "detector": "dfuse", + "patterns": { + "keyPat": "\\b(web\\_[0-9a-z]{32})\\b" + }, + "keywords": [ + "dfuse" + ] + }, + { + "detector": "uri", + "patterns": { + "keyPat": "\\bhttps?:\\/\\/[\\w!#$%&()*+,\\-./;<=>?@[\\\\\\]^_{|}~]{0,50}:([\\w!#$%&()*+,\\-./:;<=>?[\\\\\\]^_{|}~]{3,50})@[a-zA-Z0-9.-]+(?:\\.[a-zA-Z]{2,})?(?::\\d{1,5})?[\\w/]+\\b" + }, + "keywords": [ + "http://", + "https://" + ] + }, + { + "detector": "salesforcerefreshtoken", + "patterns": { + "refreshTokenPat": "(?i)\\b(5AEP861[a-zA-Z0-9._=]{80,})\\b", + "consumerKeyPat": "\\b(3MVG9[0-9a-zA-Z._+/=]{80,251})" + }, + "keywords": [ + "salesforce", + "5AEP861", + "3MVG9" + ] + }, + { + "detector": "gocardless", + "patterns": { + "keyPat": "\\b(live_[0-9A-Za-z\\_\\-]{40}[ \"'\\r\\n]{1})" + }, + "keywords": [ + "gocardless" + ] + }, + { + "detector": "apify", + "patterns": { + "keyPat": "\\b(apify\\_api\\_[a-zA-Z-0-9]{36})\\b" + }, + "keywords": [ + "apify" + ] + }, + { + "detector": "twilioapikey", + "patterns": { + "apiKeyPat": "\\bSK[a-zA-Z0-9]{32}\\b", + "secretPat": "\\b[0-9a-zA-Z]{32}\\b" + }, + "keywords": [ + "twilio" + ] + }, + { + "detector": "gcpapplicationdefaultcredentials", + "patterns": { + "keyPat": "\\{[^{]+client_secret[^}]+\\}" + }, + "keywords": [ + ".apps.googleusercontent.com" + ] + }, + { + "detector": "privatekey", + "patterns": { + "keyPat": "(?i)-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\\s*?-----[\\s\\S]*?----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY\\s*?-----" + }, + "keywords": [ + "private key" + ] + }, + { + "detector": "azuresastoken", + "patterns": { + "urlPat": "https://([a-zA-Z0-9][a-z0-9_-]{1,22}[a-zA-Z0-9])\\.blob\\.core\\.windows\\.net/[a-z0-9]([a-z0-9-]{1,61}[a-z0-9])?(?:/[a-zA-Z0-9._-]+)*" + }, + "keywords": [ + "azure", + ".blob.core.windows.net" + ] + }, + { + "detector": "intra42", + "patterns": { + "keyPat": "\\b(s-s4t2(?:ud|af)-[a-f0-9]{64})\\b", + "idPat": "\\b(u-s4t2(?:ud|af)-[a-f0-9]{64})\\b" + }, + "keywords": [ + "s-s4t2ud-", + "s-s4t2af-" + ] + }, + { + "detector": "openai", + "patterns": { + "keyPat": "\\b(sk-[[:alnum:]_-]+T3BlbkFJ[[:alnum:]_-]+)\\b" + }, + "keywords": [ + "T3BlbkFJ" + ] + }, + { + "detector": "zapierwebhook", + "patterns": { + "keyPat": "(https:\\/\\/hooks\\.zapier\\.com\\/hooks\\/catch\\/[A-Za-z0-9\\/]{16})" + }, + "keywords": [ + "hooks.zapier.com/hooks/catch/" + ] + }, + { + "detector": "v2", + "patterns": { + "usernamePat": "(?im)(?:user|usr|-u|id)\\S{0,40}?[:=\\s]{1,3}[ '\"=]?([a-zA-Z0-9]{4,40})\\b", + "accessTokenPat": "\\b(dckr_pat_[a-zA-Z0-9_-]{27}|dckr_oat_[a-zA-Z0-9_-]{32})(?:[^a-zA-Z0-9_-]|\\z)" + }, + "keywords": [ + "docker", + "dckr_pat_", + "dckr_oat_" + ] + }, + { + "detector": "twilio", + "patterns": { + "sidPat": "\\bAC[0-9a-f]{32}\\b", + "keyPat": "\\b[0-9a-f]{32}\\b" + }, + "keywords": [ + "sid", + "twilio" + ] + }, + { + "detector": "zohocrm", + "patterns": { + "keyPat": "\\b(1000\\.[a-f0-9]{32}\\.[a-f0-9]{32})\\b" + }, + "keywords": [ + "1000." + ] + }, + { + "detector": "couchbase", + "patterns": { + "connectionStringPat": "\\b(cb\\.[a-z0-9]+\\.cloud\\.couchbase\\.com)\\b" + }, + "keywords": [ + "couchbase://", + "couchbases://" + ] + } +] \ No newline at end of file diff --git a/trufflehog_patterns_simplified.json b/trufflehog_patterns_simplified.json new file mode 100644 index 0000000..eff88e9 --- /dev/null +++ b/trufflehog_patterns_simplified.json @@ -0,0 +1,1274 @@ +{ + "sendinbluev2.keyPat": { + "pattern": "\\b(xkeysib\\-[A-Za-z0-9_-]{81})\\b", + "keywords": [ + "xkeysib" + ] + }, + "squareup.keyPat": { + "pattern": "\\b(sq0idp-[0-9A-Za-z]{22})\\b", + "keywords": [ + "sq0idp-" + ] + }, + "databrickstoken.keyPat": { + "pattern": "\\b(dapi[0-9a-f]{32}(-\\d)?)\\b", + "keywords": [ + "databricks", + "dapi" + ] + }, + "freshdesk.urlPat": { + "pattern": "\\b([0-9a-z-]{1,}\\.freshdesk\\.com)\\b", + "keywords": [ + "freshdesk" + ] + }, + "endorlabs.keyAndSecretPat": { + "pattern": "\\b(endr\\+[a-zA-Z0-9-]{16})\\b", + "keywords": [ + "endr+" + ] + }, + "ftp.keyPat": { + "pattern": "\\bftp://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + "keywords": [ + "ftp://" + ] + }, + "azure_batch.urlPat": { + "pattern": "https://(.{1,50})\\.(.{1,50})\\.batch\\.azure\\.com", + "keywords": [ + ".batch.azure.com" + ] + }, + "azure_batch.secretPat": { + "pattern": "[A-Za-z0-9+/=]{88}", + "keywords": [ + ".batch.azure.com" + ] + }, + "finage.keyPat": { + "pattern": "\\b(API_KEY[0-9A-Z]{32})\\b", + "keywords": [ + "finage" + ] + }, + "adafruitio.keyPat": { + "pattern": "\\b(aio\\_[a-zA-Z0-9]{28})\\b", + "keywords": [ + "aio_" + ] + }, + "nightfall.keyPat": { + "pattern": "\\b(NF\\-[a-zA-Z0-9]{32})\\b", + "keywords": [ + "nightfall" + ] + }, + "deno.tokenPat": { + "pattern": "\\b(dd[pw]_[a-zA-Z0-9]{36})\\b", + "keywords": [ + "ddp_", + "ddw_" + ] + }, + "closecrm.keyPat": { + "pattern": "\\b(api_[a-z0-9A-Z.]{45})\\b", + "keywords": [ + "close" + ] + }, + "langsmith.keyPat": { + "pattern": "\\b(lsv2_(?:pt|sk)_[a-f0-9]{32}_[a-f0-9]{10})\\b", + "keywords": [ + "lsv2_pt_", + "lsv2_sk_" + ] + }, + "docker.keyPat": { + "pattern": "{(?:\\s|\\\\+[nrt])*\\\\*\"auths\\\\*\"(?:\\s|\\\\+t)*:(?:\\s|\\\\+t)*{(?:\\s|\\\\+[nrt])*\\\\*\"(?i:https?:\\/\\/)?[a-z0-9\\-.:\\/]+\\\\*\"(?:\\s|\\\\+t)*:(?:\\s|\\\\+t)*{(?:(?:\\s|\\\\+[nrt])*\\\\*\"(?i:auth|email|username|password)\\\\*\"\\s*:\\s*\\\\*\".*\\\\*\"\\s*,?)+?(?:\\s|\\\\+[nrt])*}(?:\\s|\\\\+[nrt])*}(?:\\s|\\\\+[nrt])*}", + "keywords": [ + "auths" + ] + }, + "googleoauth2.keyPat": { + "pattern": "\\b(ya29\\.(?i:[a-z0-9_-]{10,}))(?:[^a-z0-9_-]|\\z)", + "keywords": [ + "ya29." + ] + }, + "signalwire.urlPat": { + "pattern": "\\b([0-9a-z-]{3,64}\\.signalwire\\.com)\\b", + "keywords": [ + "signalwire" + ] + }, + "hashicorpvaultauth.vaultUrlPat": { + "pattern": "(https?:\\/\\/[^\\s\\/]*\\.hashicorp\\.cloud(?::\\d+)?)(?:\\/[^\\s]*)?", + "keywords": [ + "hashicorp" + ] + }, + "v2.keyPat": { + "pattern": "\\b(bkua_[a-z0-9]{40})\\b", + "keywords": [ + "bkua_" + ] + }, + "signable.keywordPat": { + "pattern": "(?i)([a-z]{2})signable", + "keywords": [ + "signable" + ] + }, + "tableau.tokenSecretPat": { + "pattern": "\\b([A-Za-z0-9+/]{22}==:[A-Za-z0-9]{32})\\b", + "keywords": [ + "tableau", + "online.tableau.com" + ] + }, + "tableau.tableauURLPat": { + "pattern": "\\b([a-zA-Z0-9\\-]+\\.online\\.tableau\\.com)\\b", + "keywords": [ + "tableau", + "online.tableau.com" + ] + }, + "invoiceocean.urlPat": { + "pattern": "\\b([0-9a-z]{1,}\\.invoiceocean\\.com)\\b", + "keywords": [ + "invoiceocean" + ] + }, + "sparkpost.keyPat": { + "pattern": "\\b([a-zA-Z0-9]{40})\\b", + "keywords": [ + "sparkpost" + ] + }, + "gemini.keyPat": { + "pattern": "\\b((?:master-|account-)[0-9A-Za-z]{20})\\b", + "keywords": [ + "master-", + "account-" + ] + }, + "gemini.secretPat": { + "pattern": "[A-Za-z0-9]{27,28}", + "keywords": [ + "master-", + "account-" + ] + }, + "azure_openai.azureUrlPat": { + "pattern": "(?i)([a-z0-9-]+\\.openai\\.azure\\.com)", + "keywords": [ + ".openai.azure.com" + ] + }, + "locationiq.keyPat": { + "pattern": "\\b(pk\\.[a-zA-Z-0-9]{32})\\b", + "keywords": [ + "locationiq" + ] + }, + "frameio.keyPat": { + "pattern": "\\b(fio-u-[0-9a-zA-Z_-]{64})\\b", + "keywords": [ + "fio-u-" + ] + }, + "grafanaserviceaccount.keyPat": { + "pattern": "\\b(glsa_[0-9a-zA-Z_]{41})\\b", + "keywords": [ + "glsa_" + ] + }, + "grafanaserviceaccount.domainPat": { + "pattern": "\\b([a-zA-Z0-9-]+\\.grafana\\.net)\\b", + "keywords": [ + "glsa_" + ] + }, + "saucelabs.baseUrlPat": { + "pattern": "\\b(api\\.(?:us|eu)-(?:west|east|central)-[0-9].saucelabs\\.com)\\b", + "keywords": [ + "saucelabs" + ] + }, + "supabasetoken.keyPat": { + "pattern": "\\b(sbp_[a-z0-9]{40})\\b", + "keywords": [ + "sbp_" + ] + }, + "clickhelp.portalPat": { + "pattern": "\\b([0-9A-Za-z-]{3,20}\\.(?:try\\.)?clickhelp\\.co)\\b", + "keywords": [ + "clickhelp.co" + ] + }, + "redis.keyPat": { + "pattern": "\\bredi[s]{1,2}://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + "keywords": [ + "redis" + ] + }, + "redis.azureRedisPat": { + "pattern": "\\b([\\w\\d.-]{1,100}\\.redis\\.cache\\.windows\\.net:6380),password=([^,]{44}),ssl=True,abortConnect=False\\b", + "keywords": [ + "redis" + ] + }, + "azurecontainerregistry.urlPat": { + "pattern": "([a-z0-9][a-z0-9-]{1,100}[a-z0-9])\\.azurecr\\.io", + "keywords": [ + ".azurecr.io" + ] + }, + "azurecontainerregistry.passwordPat": { + "pattern": "\\b[a-zA-Z0-9+/]{42}\\+ACR[a-zA-Z0-9]{6}\\b", + "keywords": [ + ".azurecr.io" + ] + }, + "sendgrid.keyPat": { + "pattern": "\\bSG\\.[\\w\\-]{20,24}\\.[\\w\\-]{39,50}\\b", + "keywords": [ + "SG." + ] + }, + "trufflehogenterprise.keyPat": { + "pattern": "\\bthog-key-[0-9a-f]{16}\\b", + "keywords": [ + "thog" + ] + }, + "trufflehogenterprise.secretPat": { + "pattern": "\\bthog-secret-[0-9a-f]{32}\\b", + "keywords": [ + "thog" + ] + }, + "trufflehogenterprise.hostnamePat": { + "pattern": "\\b[a-z]+-[a-z]+-[a-z]+\\.[a-z][0-9]\\.[a-z]+\\.trufflehog\\.org\\b", + "keywords": [ + "thog" + ] + }, + "anypoint.keyPat": { + "pattern": "\\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\\b", + "keywords": [ + "anypoint" + ] + }, + "cloudflarecakey.keyPat": { + "pattern": "\\b(v1\\.0-[A-Za-z0-9-]{171})\\b", + "keywords": [ + "cloudflare" + ] + }, + "ldap.uriPat": { + "pattern": "\\b(?i)ldaps?://[\\S]+\\b", + "keywords": [ + "ldaps://", + "ldap://" + ] + }, + "ldap.iadPat": { + "pattern": "OpenDSObject\\(\\\"(?i)(ldaps?://[\\S]+)\\\", ?\\\"([\\S]+)\\\", ?\\\"([\\S]+)\\\",[ \\d]+\\)", + "keywords": [ + "ldaps://", + "ldap://" + ] + }, + "sentryorgtoken.orgAuthTokenPat": { + "pattern": "\\b(sntrys_eyJ[a-zA-Z0-9=_+/]{197})\\b", + "keywords": [ + "sntrys_eyJ" + ] + }, + "launchdarkly.keyPat": { + "pattern": "\\b((?:api|sdk)-[a-z0-9]{8}-[a-z0-9]{4}-4[a-z0-9]{3}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + "keywords": [ + "api-", + "sdk-" + ] + }, + "klaviyo.keyPat": { + "pattern": "\\b(pk_[[:alnum:]]{34})\\b", + "keywords": [ + "pk_" + ] + }, + "coinbase.keyNamePat": { + "pattern": "\\b(organizations\\\\*/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}\\\\*/apiKeys\\\\*/\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12})\\b", + "keywords": [ + "begin ec" + ] + }, + "coinbase.privateKeyPat": { + "pattern": "(-----BEGIN EC(?:DSA)? PRIVATE KEY-----(?:\\r|\\n|\\\\+r|\\\\+n)(?:[a-zA-Z0-9+/]+={0,2}(?:\\r|\\n|\\\\+r|\\\\+n))+-----END EC(?:DSA)? PRIVATE KEY-----(?:\\r|\\n|\\\\+r|\\\\+n)?)", + "keywords": [ + "begin ec" + ] + }, + "zulipchat.idPat": { + "pattern": "\\b([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,})\\b", + "keywords": [ + "zulip" + ] + }, + "zulipchat.domainPat": { + "pattern": "(?i)\\b([a-z0-9-]+\\.zulip(?:chat)?\\.com|chat\\.zulip\\.org)\\b", + "keywords": [ + "zulip" + ] + }, + "azuredirectmanagementkey.urlPat": { + "pattern": "https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\\.management\\.azure-api\\.net", + "keywords": [ + ".management.azure-api.net" + ] + }, + "tineswebhook.keyPat": { + "pattern": "(https://[\\w-]+\\.tines\\.com/webhook/[a-z0-9]{32}/[a-z0-9]{32})", + "keywords": [ + "tines.com" + ] + }, + "hasura.domainPat": { + "pattern": "\\b([a-zA-Z0-9-]+\\.hasura\\.app)\\b", + "keywords": [ + "hasura" + ] + }, + "postman.keyPat": { + "pattern": "\\b(PMAK-[a-zA-Z-0-9]{59})\\b", + "keywords": [ + "PMAK-" + ] + }, + "shopify.keyPat": { + "pattern": "\\b(shppa_|shpat_)([0-9A-Fa-f]{32})\\b", + "keywords": [ + "shppa_", + "shpat_" + ] + }, + "shopify.domainPat": { + "pattern": "[a-zA-Z0-9-]+\\.myshopify\\.com", + "keywords": [ + "shppa_", + "shpat_" + ] + }, + "groq.keyPat": { + "pattern": "\\b(gsk_[a-zA-Z0-9]{52})\\b", + "keywords": [ + "gsk_" + ] + }, + "apideck.keyPat": { + "pattern": "\\b(sk_live_[a-z0-9A-Z-]{93})\\b", + "keywords": [ + "apideck" + ] + }, + "azure_entra.tenantOnMicrosoftPat": { + "pattern": "([\\w-]+\\.onmicrosoft\\.com)", + "keywords": [] + }, + "refreshtoken.refreshTokenPat": { + "pattern": "\\b[01]\\.A[\\w-]{50,}(?:\\.\\d)?\\.Ag[\\w-]{250,}(?:\\.A[\\w-]{200,})?", + "keywords": [ + "0.A", + "1.A" + ] + }, + "v1.clientSecretPat": { + "pattern": "(?i)(?:secret|password| -p[ =]).{0,80}?([\\w~@[\\]:.?*/+=-]{31,34}", + "keywords": [ + "azure", + "az", + "entra", + "msal", + "login.microsoftonline.com", + ".onmicrosoft.com" + ] + }, + "v1.secretPat": { + "pattern": "(?i)(?:secret|password| -p[ =]).{0,80}[^A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]([A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]{31,34})[^A-Za-z0-9!#$%&()*+,\\-./:;<=>?@[\\\\\\]^_{|}~]", + "keywords": [ + "azure", + "az", + "entra", + "msal", + "login.microsoftonline.com", + ".onmicrosoft.com" + ] + }, + "v2.SecretPat": { + "pattern": "(?:[^a-zA-Z0-9_~.-]|\\A)([a-zA-Z0-9_~.-]{3}\\dQ~[a-zA-Z0-9_~.-]{31,34})(?:[^a-zA-Z0-9_~.-]|\\z)", + "keywords": [ + "q~" + ] + }, + "grafana.keyPat": { + "pattern": "\\b(glc_eyJ[A-Za-z0-9+\\/=]{60,160})", + "keywords": [ + "glc_eyJ" + ] + }, + "mailchimp.keyPat": { + "pattern": "[0-9a-f]{32}-us[0-9]{1,2}", + "keywords": [ + "-us" + ] + }, + "discordwebhook.keyPat": { + "pattern": "(https:\\/\\/discord\\.com\\/api\\/webhooks\\/[0-9]{18,19}\\/[0-9a-zA-Z-]{68})", + "keywords": [ + "https://discord.com/api/webhooks/" + ] + }, + "webexbot.keyPat": { + "pattern": "([a-zA-Z0-9]{64}_[a-zA-Z0-9]{4}_[a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12})", + "keywords": [ + "spark", + "webex" + ] + }, + "documo.keyPat": { + "pattern": "\\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\\b", + "keywords": [ + "documo" + ] + }, + "doppler.keyPat": { + "pattern": "\\b(dp\\.(?:ct|pt|st(?:\\.[a-z0-9\\-_]{2,35})?|sa|scim|audit)\\.[a-zA-Z0-9]{40,44})\\b", + "keywords": [ + "dp.ct.", + "dp.pt.", + "dp.st", + "dp.sa.", + "dp.scim.", + "dp.audit." + ] + }, + "rabbitmq.keyPat": { + "pattern": "\\b(?:amqps?):\\/\\/[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b", + "keywords": [ + "amqp" + ] + }, + "pagarme.keyPat": { + "pattern": "\\b(ak_live_[a-zA-Z0-9]{30})\\b", + "keywords": [ + "ak_live_" + ] + }, + "planetscale.usernamePat": { + "pattern": "\\b[a-z0-9]{12}\\b", + "keywords": [ + "pscale_tkn_" + ] + }, + "planetscale.passwordPat": { + "pattern": "\\bpscale_tkn_[A-Za-z0-9_]{43}\\b", + "keywords": [ + "pscale_tkn_" + ] + }, + "gcp.keyPat": { + "pattern": "\\{[^{]+auth_provider_x509_cert_url[^}]+\\}", + "keywords": [ + "provider_x509" + ] + }, + "flyio.keyPat": { + "pattern": "\\b(FlyV1 fm\\d+_[A-Za-z0-9+\\/=,_-]{500,700})\\b", + "keywords": [ + "FlyV1" + ] + }, + "sourcegraphcody.keyPat": { + "pattern": "\\b(slk_[a-f0-9]{64})\\b", + "keywords": [ + "slk_" + ] + }, + "onelogin.oauthClientIDPat": { + "pattern": "(?i)id[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})", + "keywords": [ + "onelogin" + ] + }, + "onelogin.oauthClientSecretPat": { + "pattern": "(?i)secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})", + "keywords": [ + "onelogin" + ] + }, + "mite.urlPat": { + "pattern": "\\b([0-9a-z-]{1,}.mite.yo.lk)\\b", + "keywords": [ + "mite" + ] + }, + "alibaba.keyPat": { + "pattern": "\\b([a-zA-Z0-9]{30})\\b", + "keywords": [ + "LTAI" + ] + }, + "alibaba.idPat": { + "pattern": "\\b(LTAI[a-zA-Z0-9]{17,21})[\\\"';\\s]*", + "keywords": [ + "LTAI" + ] + }, + "reallysimplesystems.keyPat": { + "pattern": "\\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\\b", + "keywords": [ + "reallysimplesystems" + ] + }, + "auth0managementapitoken.managementAPITokenPat": { + "pattern": "\\b(ey[a-zA-Z0-9._-]+)\\b", + "keywords": [ + "auth0" + ] + }, + "auth0managementapitoken.domainPat": { + "pattern": "([a-zA-Z0-9\\-]{2,16}\\.[a-zA-Z0-9_-]{2,3}\\.auth0\\.com)", + "keywords": [ + "auth0" + ] + }, + "xai.keyPat": { + "pattern": "\\b(xai-[0-9a-zA-Z_]{80})\\b", + "keywords": [ + "xai-" + ] + }, + "voiceflow.keyPat": { + "pattern": "\\b(VF\\.(?:(?:DM|WS)\\.)?[a-fA-F0-9]{24}\\.[a-zA-Z0-9]{16})\\b", + "keywords": [ + "vf", + "dm" + ] + }, + "azureapimanagementsubscriptionkey.urlPat": { + "pattern": "https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\\.azure-api\\.net", + "keywords": [ + ".azure-api.net" + ] + }, + "readme.keyPat": { + "pattern": "(rdme_[a-z0-9]{70})", + "keywords": [ + "rdme_" + ] + }, + "mongodb.connStrPat": { + "pattern": "\\b(mongodb(?:\\+srv)?://(?P\\S{3,50}):(?P\\S{3,88})@(?P[-.%\\w]+(?::\\d{1,5})?(?:,[-.%\\w]+(?::\\d{1,5})?)*)(?:/(?P[\\w-]+)?(?P\\?\\w+=[\\w@/.$-]+(?:&(?:amp;)?\\w+=[\\w@/.$-]+)*)?)?)(?:\\b|$)", + "keywords": [ + "mongodb" + ] + }, + "mongodb.placeholderPasswordPat": { + "pattern": "^[xX]+|\\*+$", + "keywords": [ + "mongodb" + ] + }, + "notion.keyPat": { + "pattern": "\\b(secret_[A-Za-z0-9]{43})\\b", + "keywords": [ + "notion" + ] + }, + "v1.keyPat": { + "pattern": "(?i)(?:elevenlabs|xi-api-key|el|token|key)[^\\.].{0,40}[ =:'\"]+([a-f0-9]{32})\\b", + "keywords": [ + "elevenlabs", + "xi-api-key", + "xi_api_key" + ] + }, + "rubygems.keyPat": { + "pattern": "\\b(rubygems_[a-zA0-9]{48})\\b", + "keywords": [ + "rubygems" + ] + }, + "jdbc.keyPat": { + "pattern": "(?i)jdbc:[\\w]{3,10}:[^\\s\"'<>,(){}[\\]&]{10,512}", + "keywords": [ + "jdbc" + ] + }, + "planetscaledb.usernamePat": { + "pattern": "\\b[a-z0-9]{20}\\b", + "keywords": [ + "pscale_pw_" + ] + }, + "planetscaledb.passwordPat": { + "pattern": "\\bpscale_pw_[A-Za-z0-9_]{43}\\b", + "keywords": [ + "pscale_pw_" + ] + }, + "planetscaledb.hostPat": { + "pattern": "\\b(aws|gcp)\\.connect\\.psdb\\.cloud\\b", + "keywords": [ + "pscale_pw_" + ] + }, + "deputy.urlPat": { + "pattern": "\\b([0-9a-z]{1,}\\.as\\.deputy\\.com)\\b", + "keywords": [ + "deputy" + ] + }, + "openvpn.clientSecretPat": { + "pattern": "\\b([a-zA-Z0-9_-]{64,})\\b", + "keywords": [ + "openvpn" + ] + }, + "openvpn.domainPat": { + "pattern": "\\b(https?://[A-Za-z0-9-]+\\.api\\.openvpn\\.com)\\b", + "keywords": [ + "openvpn" + ] + }, + "squareapp.keyPat": { + "pattern": "(?:sandbox-)?sq0i[a-z]{2}-[0-9A-Za-z_-]{22,43}", + "keywords": [ + "sq0i" + ] + }, + "squareapp.secPat": { + "pattern": "(?:sandbox-)?sq0c[a-z]{2}-[0-9A-Za-z_-]{40,50}", + "keywords": [ + "sq0i" + ] + }, + "ubidots.keyPat": { + "pattern": "\\b(BBFF-[0-9a-zA-Z]{30})\\b", + "keywords": [ + "BBFF-" + ] + }, + "trelloapikey.tokenPat": { + "pattern": "\\b([a-zA-Z-0-9]{64})\\b", + "keywords": [ + "trello" + ] + }, + "robinhoodcrypto.keyPat": { + "pattern": "\\b(rh-api-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\\b", + "keywords": [ + "rh-api-" + ] + }, + "robinhoodcrypto.privKeyBase64Pat": { + "pattern": "(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)", + "keywords": [ + "rh-api-" + ] + }, + "terraformcloudpersonaltoken.keyPat": { + "pattern": "\\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\\b", + "keywords": [ + ".atlasv1." + ] + }, + "contentfulpersonalaccesstoken.keyPat": { + "pattern": "\\b(CFPAT-[a-zA-Z0-9_\\-]{43})\\b", + "keywords": [ + "CFPAT-" + ] + }, + "sumologickey.urlPat": { + "pattern": "(?i)api\\.(?:au|ca|de|eu|fed|jp|kr|in|us2)\\.sumologic\\.com", + "keywords": [ + "sumo", + "accessId", + "accessKey" + ] + }, + "artifactory.keyPat": { + "pattern": "\\b([a-zA-Z0-9]{64,73})\\b", + "keywords": [ + "artifactory", + "jfrog.io" + ] + }, + "artifactory.URLPat": { + "pattern": "\\b([A-Za-z0-9][A-Za-z0-9\\-]{0,61}[A-Za-z0-9]\\.jfrog\\.io)", + "keywords": [ + "artifactory", + "jfrog.io" + ] + }, + "sourcegraph.keyPat": { + "pattern": "\\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\\b", + "keywords": [ + "sgp_" + ] + }, + "nvapi.keyPat": { + "pattern": "\\b(nvapi-[a-zA-Z0-9_-]{64})\\b", + "keywords": [ + "nvapi-" + ] + }, + "aha.URLPat": { + "pattern": "\\b([A-Za-z0-9](?:[A-Za-z0-9\\-]{0,61}[A-Za-z0-9])\\.aha\\.io)", + "keywords": [ + "aha.io" + ] + }, + "pubnubpublishkey.pubPat": { + "pattern": "\\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + "keywords": [ + "sub-c-" + ] + }, + "pubnubpublishkey.subPat": { + "pattern": "\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + "keywords": [ + "sub-c-" + ] + }, + "linearapi.keyPat": { + "pattern": "\\b(lin_api_[0-9A-Za-z]{40})\\b", + "keywords": [ + "lin_api_" + ] + }, + "paypaloauth.idPat": { + "pattern": "\\b([A-Za-z0-9_\\.]{7}-[A-Za-z0-9_\\.]{72}|[A-Za-z0-9_\\.]{5}-[A-Za-z0-9_\\.]{38})\\b", + "keywords": [ + "paypal" + ] + }, + "paypaloauth.keyPat": { + "pattern": "\\b([A-Za-z0-9_\\.\\-]{44,80})\\b", + "keywords": [ + "paypal" + ] + }, + "paystack.keyPat": { + "pattern": "\\b(sk\\_[a-z]{1,}\\_[A-Za-z0-9]{40})\\b", + "keywords": [ + "paystack" + ] + }, + "flutterwave.keyPat": { + "pattern": "\\b(FLWSECK-[0-9a-z]{32}-X)\\b", + "keywords": [ + "FLWSECK-" + ] + }, + "microsoftteamswebhook.keyPat": { + "pattern": "(https:\\/\\/[a-zA-Z-0-9]+\\.webhook\\.office\\.com\\/webhookb2\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\/IncomingWebhook\\/[a-zA-Z-0-9]{32}\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})", + "keywords": [ + "webhook.office.com" + ] + }, + "azureappconfigconnectionstring.connectionStringPat": { + "pattern": "Endpoint=(https:\\/\\/[a-zA-Z0-9-]+\\.azconfig\\.io);Id=([a-zA-Z0-9+\\/=]+);Secret=([a-zA-Z0-9+\\/=]+)", + "keywords": [ + ".azconfig.io" + ] + }, + "rootly.keyPat": { + "pattern": "\\b(rootly_[a-f0-9]{64})\\b", + "keywords": [ + "rootly_" + ] + }, + "dotdigital.emailPat": { + "pattern": "\\b(apiuser-[a-z0-9]{12}@apiconnector.com)\\b", + "keywords": [ + "@apiconnector.com" + ] + }, + "graphcms.keyPat": { + "pattern": "\\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\\b", + "keywords": [ + "graphcms" + ] + }, + "airtableoauth.tokenPat": { + "pattern": "\\b([[:alnum:]]+\\.v1\\.[a-zA-Z0-9_-]+\\.[a-f0-9]+)\\b", + "keywords": [ + "airtable" + ] + }, + "fleetbase.keyPat": { + "pattern": "\\b(flb_live_[0-9a-zA-Z]{20})\\b", + "keywords": [ + "fleetbase" + ] + }, + "kanban.urlPat": { + "pattern": "\\b([0-9a-z]{1,}\\.kanbantool\\.com)\\b", + "keywords": [ + "kanban" + ] + }, + "loggly.domainPat": { + "pattern": "\\b([a-zA-Z0-9-]+\\.loggly\\.com)\\b", + "keywords": [ + "loggly" + ] + }, + "azurefunctionkey.azureUrlPat": { + "pattern": "\\bhttps:\\/\\/([a-zA-Z0-9-]{2,30})\\.azurewebsites\\.net\\/api\\/([a-zA-Z0-9-]{2,30})\\b", + "keywords": [ + "azure" + ] + }, + "okta.domainPat": { + "pattern": "\\b[a-z0-9-]{1,40}\\.okta(?:preview|-emea){0,1}\\.com\\b", + "keywords": [ + ".okta" + ] + }, + "okta.tokenPat": { + "pattern": "\\b00[a-zA-Z0-9_-]{40}\\b", + "keywords": [ + ".okta" + ] + }, + "tailscale.keyPat": { + "pattern": "\\btskey-[a-z]+-[0-9A-Za-z_]+-[0-9A-Za-z_]+\\b", + "keywords": [ + "tskey-", + "tskey-api-", + "tskey-oauth-" + ] + }, + "auth0oauth.clientSecretPat": { + "pattern": "\\b([a-zA-Z0-9_-]{64,})\\b", + "keywords": [ + "auth0" + ] + }, + "auth0oauth.domainPat": { + "pattern": "\\b([a-zA-Z0-9][a-zA-Z0-9._-]*auth0\\.com)\\b", + "keywords": [ + "auth0" + ] + }, + "v2.tokenPat": { + "pattern": "\\b(ATATT[A-Za-z0-9+/=_-]+=[A-Za-z0-9]{8})\\b", + "keywords": [ + "atlassian", + "confluence", + "jira" + ] + }, + "v2.domainPat": { + "pattern": "\\b((?:[a-zA-Z0-9-]{1,24}\\.)+[a-zA-Z0-9-]{2,24}\\.[a-zA-Z0-9-]{2,16})\\b", + "keywords": [ + "atlassian", + "confluence", + "jira" + ] + }, + "replicate.keyPat": { + "pattern": "\\b(r8_[0-9A-Za-z-_]{37})\\b", + "keywords": [ + "replicate", + "r8_" + ] + }, + "salesforce.accessTokenPat": { + "pattern": "\\b00[a-zA-Z0-9]{13}![a-zA-Z0-9_.]{96}\\b", + "keywords": [ + "salesforce" + ] + }, + "salesforce.instancePat": { + "pattern": "\\bhttps://[0-9a-zA-Z-\\.]{1,100}\\.my\\.salesforce\\.com\\b", + "keywords": [ + "salesforce" + ] + }, + "fibery.domainPat": { + "pattern": "(?:https?:\\/\\/)?([a-zA-Z0-9-]{1,63})\\.fibery\\.io(?:\\/.*)?", + "keywords": [ + ".fibery.io" + ] + }, + "anthropic.keyPat": { + "pattern": "\\b(sk-ant-(?:admin01|api03)-[\\w\\-]{93}AA)\\b", + "keywords": [ + "sk-ant-api03", + "sk-ant-admin01" + ] + }, + "aws.SecretPat": { + "pattern": "(?:[^A-Za-z0-9+/]|\\A)([A-Za-z0-9+/]{40})(?:[^A-Za-z0-9+/]|\\z)", + "keywords": [] + }, + "aws.FalsePositiveSecretPat": { + "pattern": "[a-f0-9]{40}", + "keywords": [] + }, + "session_keys.idPat": { + "pattern": "\\b((?:ASIA)[A-Z0-9]{16})\\b", + "keywords": [ + "ASIA" + ] + }, + "session_keys.sessionPat": { + "pattern": "(?:[^A-Za-z0-9+/]|\\A)([a-zA-Z0-9+/]{100,}={0,3})(?:[^A-Za-z0-9+/=]|\\z)", + "keywords": [ + "ASIA" + ] + }, + "access_keys.idPat": { + "pattern": "\\b((?:AKIA|ABIA|ACCA)[A-Z0-9]{16})\\b", + "keywords": [ + "AKIA", + "ABIA", + "ACCA" + ] + }, + "pubnubsubscriptionkey.keyPat": { + "pattern": "\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b", + "keywords": [ + "sub-c-" + ] + }, + "digitaloceanv2.keyPat": { + "pattern": "\\b((?:dop|doo|dor)_v1_[a-f0-9]{64})\\b", + "keywords": [ + "dop_v1_", + "doo_v1_", + "dor_v1_" + ] + }, + "stripepaymentintent.clientSecretPat": { + "pattern": "\\b(pi_[a-zA-Z0-9]{24}_secret_[a-zA-Z0-9]{25})\\b", + "keywords": [ + "_secret_" + ] + }, + "stripepaymentintent.secretKeyPat": { + "pattern": "\\b([rs]k_live_[a-zA-Z0-9]{20,247})\\b", + "keywords": [ + "_secret_" + ] + }, + "stripepaymentintent.publishableKeyPat": { + "pattern": "\\b(pk_live_[a-zA-Z0-9]{20,247})\\b", + "keywords": [ + "_secret_" + ] + }, + "ramp.keyPat": { + "pattern": "\\b(ramp_id_[[:alnum:]]{40})\\b", + "keywords": [ + "ramp_" + ] + }, + "ramp.secretPat": { + "pattern": "\\b(ramp_sec_[[:alnum:]]{48})\\b", + "keywords": [ + "ramp_" + ] + }, + "posthog.keyPat": { + "pattern": "\\b(phx_[a-zA-Z0-9_]{43})\\b", + "keywords": [ + "phx_" + ] + }, + "huggingface.keyPat": { + "pattern": "\\b(?:hf_|api_org_)[a-zA-Z0-9]{34}\\b", + "keywords": [ + "hf_", + "api_org_" + ] + }, + "repositorykey.regex": { + "pattern": "\\d+\\.\\d+\\.\\d+", + "keywords": [ + "azure", + ".scm.azure-api.net" + ] + }, + "flexport.keyPat": { + "pattern": "\\b(shltm_[0-9a-zA-Z-_]{40})", + "keywords": [ + "shltm_" + ] + }, + "razorpay.keyPat": { + "pattern": "(?i)\\brzp_live_[A-Za-z0-9]{14}\\b", + "keywords": [ + "rzp_live_" + ] + }, + "razorpay.secretPat": { + "pattern": "\\b[A-Za-z0-9]{24}\\b", + "keywords": [ + "rzp_live_" + ] + }, + "mapbox.idPat": { + "pattern": "([a-zA-Z-0-9]{4,32})", + "keywords": [ + "mapbox" + ] + }, + "mapbox.keyPat": { + "pattern": "\\b(sk\\.[a-zA-Z-0-9\\.]{80,240})\\b", + "keywords": [ + "mapbox" + ] + }, + "salesforceoauth2.instancePat": { + "pattern": "\\b(?:https?://)?([0-9a-zA-Z\\-\\.]{1,100}\\.my\\.salesforce\\.com)\\b", + "keywords": [ + "salesforce", + "3MVG9" + ] + }, + "salesforceoauth2.consumerKeyPat": { + "pattern": "\\b(3MVG9[0-9a-zA-Z._+/=]{80,251})", + "keywords": [ + "salesforce", + "3MVG9" + ] + }, + "liveagent.domainPat": { + "pattern": "\\b(https?://[A-Za-z0-9-]+\\.ladesk\\.com)\\b", + "keywords": [ + "liveagent", + "ladesk" + ] + }, + "pulumi.keyPat": { + "pattern": "\\b(pul-[a-z0-9]{40})\\b", + "keywords": [ + "pul-" + ] + }, + "prefect.keyPat": { + "pattern": "\\b(pnu_[a-zA-Z0-9]{36})\\b", + "keywords": [ + "pnu_" + ] + }, + "azure_storage.namePat": { + "pattern": "(?i:Account[_.-]?Name|Storage[_.-]?(?:Account|Name))(?:.|\\s){0,20}?\\b([a-z0-9]{3,24})\\b|([a-z0-9]{3,24})(?i:\\.blob\\.core\\.windows\\.net)", + "keywords": [ + "DefaultEndpointsProtocol=http", + "EndpointSuffix", + "core.windows.net", + "AccountName", + "Account_Name", + "Account.Name", + "Account-Name", + "StorageAccount", + "Storage_Account", + "Storage.Account", + "Storage-Account", + "AccountKey", + "Account_Key", + "Account.Key", + "Account-Key" + ] + }, + "azure_storage.keyPat": { + "pattern": "(?i:(?:Access|Account|Storage)[_.-]?Key)(?:.|\\s){0,25}?([a-zA-Z0-9+\\/-]{86,88}={0,2})", + "keywords": [ + "DefaultEndpointsProtocol=http", + "EndpointSuffix", + "core.windows.net", + "AccountName", + "Account_Name", + "Account.Name", + "Account-Name", + "StorageAccount", + "Storage_Account", + "Storage.Account", + "Storage-Account", + "AccountKey", + "Account_Key", + "Account.Key", + "Account-Key" + ] + }, + "wepay.appIDPat": { + "pattern": "\\b(\\d{6})\\b", + "keywords": [ + "wepay" + ] + }, + "npmtokenv2.keyPat": { + "pattern": "(npm_[0-9a-zA-Z]{36})", + "keywords": [ + "npm_" + ] + }, + "caflou.keyPat": { + "pattern": "\\b(eyJhbGciOiJIUzI1NiJ9[a-zA-Z0-9._-]{135})\\b", + "keywords": [ + "caflou" + ] + }, + "dfuse.keyPat": { + "pattern": "\\b(web\\_[0-9a-z]{32})\\b", + "keywords": [ + "dfuse" + ] + }, + "uri.keyPat": { + "pattern": "\\bhttps?:\\/\\/[\\w!#$%&()*+,\\-./;<=>?@[\\\\\\]^_{|}~]{0,50}:([\\w!#$%&()*+,\\-./:;<=>?[\\\\\\]^_{|}~]{3,50})@[a-zA-Z0-9.-]+(?:\\.[a-zA-Z]{2,})?(?::\\d{1,5})?[\\w/]+\\b", + "keywords": [ + "http://", + "https://" + ] + }, + "salesforcerefreshtoken.refreshTokenPat": { + "pattern": "(?i)\\b(5AEP861[a-zA-Z0-9._=]{80,})\\b", + "keywords": [ + "salesforce", + "5AEP861", + "3MVG9" + ] + }, + "salesforcerefreshtoken.consumerKeyPat": { + "pattern": "\\b(3MVG9[0-9a-zA-Z._+/=]{80,251})", + "keywords": [ + "salesforce", + "5AEP861", + "3MVG9" + ] + }, + "gocardless.keyPat": { + "pattern": "\\b(live_[0-9A-Za-z\\_\\-]{40}[ \"'\\r\\n]{1})", + "keywords": [ + "gocardless" + ] + }, + "apify.keyPat": { + "pattern": "\\b(apify\\_api\\_[a-zA-Z-0-9]{36})\\b", + "keywords": [ + "apify" + ] + }, + "twilioapikey.apiKeyPat": { + "pattern": "\\bSK[a-zA-Z0-9]{32}\\b", + "keywords": [ + "twilio" + ] + }, + "twilioapikey.secretPat": { + "pattern": "\\b[0-9a-zA-Z]{32}\\b", + "keywords": [ + "twilio" + ] + }, + "gcpapplicationdefaultcredentials.keyPat": { + "pattern": "\\{[^{]+client_secret[^}]+\\}", + "keywords": [ + ".apps.googleusercontent.com" + ] + }, + "privatekey.keyPat": { + "pattern": "(?i)-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\\s*?-----[\\s\\S]*?----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY\\s*?-----", + "keywords": [ + "private key" + ] + }, + "azuresastoken.urlPat": { + "pattern": "https://([a-zA-Z0-9][a-z0-9_-]{1,22}[a-zA-Z0-9])\\.blob\\.core\\.windows\\.net/[a-z0-9]([a-z0-9-]{1,61}[a-z0-9])?(?:/[a-zA-Z0-9._-]+)*", + "keywords": [ + "azure", + ".blob.core.windows.net" + ] + }, + "intra42.keyPat": { + "pattern": "\\b(s-s4t2(?:ud|af)-[a-f0-9]{64})\\b", + "keywords": [ + "s-s4t2ud-", + "s-s4t2af-" + ] + }, + "intra42.idPat": { + "pattern": "\\b(u-s4t2(?:ud|af)-[a-f0-9]{64})\\b", + "keywords": [ + "s-s4t2ud-", + "s-s4t2af-" + ] + }, + "openai.keyPat": { + "pattern": "\\b(sk-[[:alnum:]_-]+T3BlbkFJ[[:alnum:]_-]+)\\b", + "keywords": [ + "T3BlbkFJ" + ] + }, + "zapierwebhook.keyPat": { + "pattern": "(https:\\/\\/hooks\\.zapier\\.com\\/hooks\\/catch\\/[A-Za-z0-9\\/]{16})", + "keywords": [ + "hooks.zapier.com/hooks/catch/" + ] + }, + "v2.usernamePat": { + "pattern": "(?im)(?:user|usr|-u|id)\\S{0,40}?[:=\\s]{1,3}[ '\"=]?([a-zA-Z0-9]{4,40})\\b", + "keywords": [ + "docker", + "dckr_pat_", + "dckr_oat_" + ] + }, + "v2.accessTokenPat": { + "pattern": "\\b(dckr_pat_[a-zA-Z0-9_-]{27}|dckr_oat_[a-zA-Z0-9_-]{32})(?:[^a-zA-Z0-9_-]|\\z)", + "keywords": [ + "docker", + "dckr_pat_", + "dckr_oat_" + ] + }, + "twilio.sidPat": { + "pattern": "\\bAC[0-9a-f]{32}\\b", + "keywords": [ + "sid", + "twilio" + ] + }, + "twilio.keyPat": { + "pattern": "\\b[0-9a-f]{32}\\b", + "keywords": [ + "sid", + "twilio" + ] + }, + "zohocrm.keyPat": { + "pattern": "\\b(1000\\.[a-f0-9]{32}\\.[a-f0-9]{32})\\b", + "keywords": [ + "1000." + ] + }, + "couchbase.connectionStringPat": { + "pattern": "\\b(cb\\.[a-z0-9]+\\.cloud\\.couchbase\\.com)\\b", + "keywords": [ + "couchbase://", + "couchbases://" + ] + } +} \ No newline at end of file From 4ae691134f3cd7369e361c0e684cc05d6fcfe385 Mon Sep 17 00:00:00 2001 From: Joseph Thacker Date: Thu, 28 Aug 2025 09:42:34 -0400 Subject: [PATCH 2/3] feat: Add batch 'Search All Secrets' functionality MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Added new 'Search All Secrets' button with warning icon - Implements batch search across all 166+ TruffleHog patterns - Shows warning dialog before starting long operation - Displays progress bar during search with current pattern info - Shows results dialog with sorted matches and quick search action - Allows cancellation of batch search at any time 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .../frontend/src/components/search/Form.vue | 15 +- .../search/batch/BatchSearchDialog.vue | 210 ++++++++++++++++++ .../frontend/src/stores/batchSearchStore.ts | 159 +++++++++++++ packages/frontend/src/stores/index.ts | 1 + 4 files changed, 383 insertions(+), 2 deletions(-) create mode 100644 packages/frontend/src/components/search/batch/BatchSearchDialog.vue create mode 100644 packages/frontend/src/stores/batchSearchStore.ts diff --git a/packages/frontend/src/components/search/Form.vue b/packages/frontend/src/components/search/Form.vue index 72d39f9..64a7c30 100644 --- a/packages/frontend/src/components/search/Form.vue +++ b/packages/frontend/src/components/search/Form.vue @@ -1,17 +1,19 @@ diff --git a/packages/frontend/src/components/search/batch/BatchSearchDialog.vue b/packages/frontend/src/components/search/batch/BatchSearchDialog.vue new file mode 100644 index 0000000..3959fd1 --- /dev/null +++ b/packages/frontend/src/components/search/batch/BatchSearchDialog.vue @@ -0,0 +1,210 @@ + + + \ No newline at end of file diff --git a/packages/frontend/src/stores/batchSearchStore.ts b/packages/frontend/src/stores/batchSearchStore.ts new file mode 100644 index 0000000..e2369cd --- /dev/null +++ b/packages/frontend/src/stores/batchSearchStore.ts @@ -0,0 +1,159 @@ +import { defineStore } from "pinia"; +import { ref, reactive, computed } from "vue"; +import { useSDK } from "@/plugins/sdk"; +import { useGrepRepository } from "@/repositories/grep"; +import { TRUFFLEHOG_PATTERNS } from "../trufflehog_patterns"; +import type { GrepOptions } from "shared"; + +interface BatchSearchResult { + patternName: string; + category: string; + matchesCount: number; + matches?: string[]; +} + +interface BatchSearchStatus { + isSearching: boolean; + currentPattern: string; + patternsCompleted: number; + totalPatterns: number; + cancelled: boolean; +} + +export const useBatchSearchStore = defineStore("batchSearch", () => { + const sdk = useSDK(); + const grepRepository = useGrepRepository(); + + const showWarningDialog = ref(false); + const showResultsDialog = ref(false); + const searchResults = ref([]); + + const status = reactive({ + isSearching: false, + currentPattern: "", + patternsCompleted: 0, + totalPatterns: 0, + cancelled: false, + }); + + const progress = computed(() => { + if (status.totalPatterns === 0) return 0; + return Math.round((status.patternsCompleted / status.totalPatterns) * 100); + }); + + const totalMatches = computed(() => { + return searchResults.value.reduce((sum, result) => sum + result.matchesCount, 0); + }); + + const resultsWithMatches = computed(() => { + return searchResults.value.filter(result => result.matchesCount > 0); + }); + + let abortController: AbortController | null = null; + + async function searchAllSecrets(options: GrepOptions) { + // Show warning dialog first + showWarningDialog.value = true; + } + + async function confirmAndStartSearch(options: GrepOptions) { + showWarningDialog.value = false; + status.isSearching = true; + status.cancelled = false; + status.patternsCompleted = 0; + status.totalPatterns = TRUFFLEHOG_PATTERNS.length; + searchResults.value = []; + abortController = new AbortController(); + + try { + for (const pattern of TRUFFLEHOG_PATTERNS) { + if (abortController.signal.aborted) { + status.cancelled = true; + break; + } + + status.currentPattern = pattern.name; + + try { + // Search with this pattern + const result = await grepRepository.searchGrepRequests( + pattern.pattern, + { + ...options, + maxResults: 100, // Limit results per pattern to avoid overwhelming + } + ); + + if (result.matchesCount && result.matchesCount > 0) { + searchResults.value.push({ + patternName: pattern.name, + category: pattern.category, + matchesCount: result.matchesCount, + }); + } + } catch (error) { + console.error(`Error searching with pattern ${pattern.name}:`, error); + } + + status.patternsCompleted++; + } + + // Show results dialog when done + showResultsDialog.value = true; + + if (status.cancelled) { + sdk.window.showToast("Batch search cancelled", { + variant: "info", + }); + } else if (totalMatches.value === 0) { + sdk.window.showToast("No secrets found in the requests/responses", { + variant: "success", + }); + } else { + sdk.window.showToast( + `Found ${totalMatches.value} potential secrets across ${resultsWithMatches.value.length} patterns!`, + { + variant: "warning", + } + ); + } + } catch (error) { + sdk.window.showToast(`Batch search error: ${error}`, { + variant: "error", + }); + } finally { + status.isSearching = false; + status.currentPattern = ""; + abortController = null; + } + } + + function cancelSearch() { + if (abortController) { + abortController.abort(); + } + } + + function closeWarningDialog() { + showWarningDialog.value = false; + } + + function closeResultsDialog() { + showResultsDialog.value = false; + } + + return { + showWarningDialog, + showResultsDialog, + searchResults, + status, + progress, + totalMatches, + resultsWithMatches, + searchAllSecrets, + confirmAndStartSearch, + cancelSearch, + closeWarningDialog, + closeResultsDialog, + }; +}); \ No newline at end of file diff --git a/packages/frontend/src/stores/index.ts b/packages/frontend/src/stores/index.ts index b6c610c..7d98a83 100644 --- a/packages/frontend/src/stores/index.ts +++ b/packages/frontend/src/stores/index.ts @@ -2,3 +2,4 @@ export * from "./aiStore"; export * from "./grepStore"; export * from "./guideStore"; export * from "./patternsStore"; +export * from "./batchSearchStore"; From 1bfc1115e65f7a9e7b76c682a2dd21cfa284dee0 Mon Sep 17 00:00:00 2001 From: Joseph Thacker Date: Thu, 28 Aug 2025 10:23:07 -0400 Subject: [PATCH 3/3] fix: Improve error handling and results display MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add pattern name to regex validation error messages - Display pattern name in results header for better context - Show "Custom Pattern" label when user enters manual regex - Validate regex patterns before execution in batch search - Clear pattern name when user types custom pattern in search box - Handle invalid TruffleHog patterns gracefully with specific error messages 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .../src/components/results/Results.vue | 26 ++++++++++++------- .../frontend/src/components/search/Search.vue | 11 +++++++- .../search/batch/BatchSearchDialog.vue | 1 + .../frontend/src/stores/batchSearchStore.ts | 21 ++++++++++++++- packages/frontend/src/stores/grepStore.ts | 2 ++ packages/frontend/src/stores/patternsStore.ts | 1 + 6 files changed, 51 insertions(+), 11 deletions(-) diff --git a/packages/frontend/src/components/results/Results.vue b/packages/frontend/src/components/results/Results.vue index 2e31f5a..e008a6e 100644 --- a/packages/frontend/src/components/results/Results.vue +++ b/packages/frontend/src/components/results/Results.vue @@ -153,15 +153,23 @@ const stopSearch = async () => {