-
Notifications
You must be signed in to change notification settings - Fork 0
/
patterns.yaml
72 lines (70 loc) · 6.23 KB
/
patterns.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
- name: Recon
severity: info
regex:
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*risk[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*info[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*level[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*data[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*prod[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*dev[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*test[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*code[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*privileged[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*security[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*sensitive[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*protection[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*score[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*secure[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*authorized[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*safe[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*protected[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*encrypted[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*classified[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*restricted[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*danger[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*id[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*factor[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*safety[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*value[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*number[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*rating[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*index[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*ref[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*amount[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*tag[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*name[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*group[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*detail[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*system[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*user[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*client[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*priv[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*account[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*stg[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*app[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*db[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*database[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)x-[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- name: Keys
severity: info
regex:
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*key[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*secret[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*auth[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*token[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*critical[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*private[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*confidential[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*hook[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*jwt[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*credential[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*cookie[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*password[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*license[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*hash[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*access[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- "['\\\"]*(?i)[a-zA-Z0-9_\\-]*api[a-zA-Z0-9_\\-]*['\\\"]*\\s*[:=]\\s*['\\\"]([^'\\\"]*)['\\\"]"
- name: IP
severity: info
regex:
- "\"d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\""