gitleaks.toml 79 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960
  1. # This file has been auto-generated. Do not edit manually.
  2. # If you would like to contribute new rules, please use
  3. # cmd/generate/config/main.go and follow the contributing guidelines
  4. # at https://github.com/zricethezav/gitleaks/blob/master/CONTRIBUTING.md
  5. # This is the default gitleaks configuration file.
  6. # Rules and allowlists are defined within this file.
  7. # Rules instruct gitleaks on what should be considered a secret.
  8. # Allowlists instruct gitleaks on what is allowed, i.e. not a secret.
  9. title = "gitleaks config"
  10. [allowlist]
  11. description = "global allow lists"
  12. paths = [
  13. '''gitleaks.toml''',
  14. '''(.*?)(jpg|gif|doc|docx|zip|xls|pdf|bin|svg|socket|vsidx|v2|suo|wsuo|.dll|pdb|exe|gltf)$''',
  15. '''(go.mod|go.sum|go.work|go.work.sum)$''',
  16. '''gradle.lockfile''',
  17. '''verification-metadata.xml''',
  18. '''node_modules''',
  19. '''package-lock.json''',
  20. '''yarn.lock''',
  21. '''pnpm-lock.yaml''',
  22. '''poetry.lock''',
  23. '''Database.refactorlog''',
  24. '''vendor''',
  25. ]
  26. [[rules]]
  27. id = "adafruit-api-key"
  28. description = "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure."
  29. regex = '''(?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  30. keywords = [
  31. "adafruit",
  32. ]
  33. [[rules]]
  34. id = "adobe-client-id"
  35. description = "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches."
  36. regex = '''(?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  37. keywords = [
  38. "adobe",
  39. ]
  40. [[rules]]
  41. id = "adobe-client-secret"
  42. description = "Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation."
  43. regex = '''(?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  44. keywords = [
  45. "p8e-",
  46. ]
  47. [[rules]]
  48. id = "age-secret-key"
  49. description = "Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information."
  50. regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
  51. keywords = [
  52. "age-secret-key-1",
  53. ]
  54. [[rules]]
  55. id = "airtable-api-key"
  56. description = "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration."
  57. regex = '''(?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  58. keywords = [
  59. "airtable",
  60. ]
  61. [[rules]]
  62. id = "algolia-api-key"
  63. description = "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms."
  64. regex = '''(?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  65. keywords = [
  66. "algolia",
  67. ]
  68. [[rules]]
  69. id = "alibaba-access-key-id"
  70. description = "Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise."
  71. regex = '''(?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  72. keywords = [
  73. "ltai",
  74. ]
  75. [[rules]]
  76. id = "alibaba-secret-key"
  77. description = "Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud."
  78. regex = '''(?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  79. keywords = [
  80. "alibaba",
  81. ]
  82. [[rules]]
  83. id = "asana-client-id"
  84. description = "Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information."
  85. regex = '''(?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  86. keywords = [
  87. "asana",
  88. ]
  89. [[rules]]
  90. id = "asana-client-secret"
  91. description = "Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access."
  92. regex = '''(?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  93. keywords = [
  94. "asana",
  95. ]
  96. [[rules]]
  97. id = "atlassian-api-token"
  98. description = "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality."
  99. regex = '''(?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  100. keywords = [
  101. "atlassian","confluence","jira",
  102. ]
  103. [[rules]]
  104. id = "authress-service-client-access-key"
  105. description = "Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data."
  106. regex = '''(?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  107. keywords = [
  108. "sc_","ext_","scauth_","authress_",
  109. ]
  110. [[rules]]
  111. id = "aws-access-token"
  112. description = "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms."
  113. regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
  114. keywords = [
  115. "akia","asia","abia","acca",
  116. ]
  117. [[rules]]
  118. id = "beamer-api-token"
  119. description = "Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates."
  120. regex = '''(?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  121. keywords = [
  122. "beamer",
  123. ]
  124. [[rules]]
  125. id = "bitbucket-client-id"
  126. description = "Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure."
  127. regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  128. keywords = [
  129. "bitbucket",
  130. ]
  131. [[rules]]
  132. id = "bitbucket-client-secret"
  133. description = "Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access."
  134. regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  135. keywords = [
  136. "bitbucket",
  137. ]
  138. [[rules]]
  139. id = "bittrex-access-key"
  140. description = "Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss."
  141. regex = '''(?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  142. keywords = [
  143. "bittrex",
  144. ]
  145. [[rules]]
  146. id = "bittrex-secret-key"
  147. description = "Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security."
  148. regex = '''(?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  149. keywords = [
  150. "bittrex",
  151. ]
  152. [[rules]]
  153. id = "clojars-api-token"
  154. description = "Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation."
  155. regex = '''(?i)CLOJARS_[a-z0-9]{60}'''
  156. keywords = [
  157. "clojars",
  158. ]
  159. [[rules]]
  160. id = "cloudflare-api-key"
  161. description = "Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security."
  162. regex = '''(?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  163. keywords = [
  164. "cloudflare",
  165. ]
  166. [[rules]]
  167. id = "cloudflare-global-api-key"
  168. description = "Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security."
  169. regex = '''(?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  170. keywords = [
  171. "cloudflare",
  172. ]
  173. [[rules]]
  174. id = "cloudflare-origin-ca-key"
  175. description = "Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security."
  176. regex = '''\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  177. keywords = [
  178. "cloudflare","v1.0-",
  179. ]
  180. [[rules]]
  181. id = "codecov-access-token"
  182. description = "Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data."
  183. regex = '''(?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  184. keywords = [
  185. "codecov",
  186. ]
  187. [[rules]]
  188. id = "coinbase-access-token"
  189. description = "Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions."
  190. regex = '''(?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  191. keywords = [
  192. "coinbase",
  193. ]
  194. [[rules]]
  195. id = "confluent-access-token"
  196. description = "Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow."
  197. regex = '''(?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  198. keywords = [
  199. "confluent",
  200. ]
  201. [[rules]]
  202. id = "confluent-secret-key"
  203. description = "Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services."
  204. regex = '''(?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  205. keywords = [
  206. "confluent",
  207. ]
  208. [[rules]]
  209. id = "contentful-delivery-api-token"
  210. description = "Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity."
  211. regex = '''(?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  212. keywords = [
  213. "contentful",
  214. ]
  215. [[rules]]
  216. id = "databricks-api-token"
  217. description = "Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing."
  218. regex = '''(?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  219. keywords = [
  220. "dapi",
  221. ]
  222. [[rules]]
  223. id = "datadog-access-token"
  224. description = "Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation."
  225. regex = '''(?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  226. keywords = [
  227. "datadog",
  228. ]
  229. [[rules]]
  230. id = "defined-networking-api-token"
  231. description = "Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches."
  232. regex = '''(?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  233. keywords = [
  234. "dnkey",
  235. ]
  236. [[rules]]
  237. id = "digitalocean-access-token"
  238. description = "Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise."
  239. regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  240. keywords = [
  241. "doo_v1_",
  242. ]
  243. [[rules]]
  244. id = "digitalocean-pat"
  245. description = "Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy."
  246. regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  247. keywords = [
  248. "dop_v1_",
  249. ]
  250. [[rules]]
  251. id = "digitalocean-refresh-token"
  252. description = "Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation."
  253. regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  254. keywords = [
  255. "dor_v1_",
  256. ]
  257. [[rules]]
  258. id = "discord-api-token"
  259. description = "Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord."
  260. regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  261. keywords = [
  262. "discord",
  263. ]
  264. [[rules]]
  265. id = "discord-client-id"
  266. description = "Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications."
  267. regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  268. keywords = [
  269. "discord",
  270. ]
  271. [[rules]]
  272. id = "discord-client-secret"
  273. description = "Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks."
  274. regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  275. keywords = [
  276. "discord",
  277. ]
  278. [[rules]]
  279. id = "doppler-api-token"
  280. description = "Discovered a Doppler API token, posing a risk to environment and secrets management security."
  281. regex = '''dp\.pt\.(?i)[a-z0-9]{43}'''
  282. keywords = [
  283. "doppler",
  284. ]
  285. [[rules]]
  286. id = "droneci-access-token"
  287. description = "Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows."
  288. regex = '''(?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  289. keywords = [
  290. "droneci",
  291. ]
  292. [[rules]]
  293. id = "dropbox-api-token"
  294. description = "Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage."
  295. regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  296. keywords = [
  297. "dropbox",
  298. ]
  299. [[rules]]
  300. id = "dropbox-long-lived-api-token"
  301. description = "Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data."
  302. regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  303. keywords = [
  304. "dropbox",
  305. ]
  306. [[rules]]
  307. id = "dropbox-short-lived-api-token"
  308. description = "Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation."
  309. regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  310. keywords = [
  311. "dropbox",
  312. ]
  313. [[rules]]
  314. id = "duffel-api-token"
  315. description = "Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data."
  316. regex = '''duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43}'''
  317. keywords = [
  318. "duffel",
  319. ]
  320. [[rules]]
  321. id = "dynatrace-api-token"
  322. description = "Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure."
  323. regex = '''dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}'''
  324. keywords = [
  325. "dynatrace",
  326. ]
  327. [[rules]]
  328. id = "easypost-api-token"
  329. description = "Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure."
  330. regex = '''\bEZAK(?i)[a-z0-9]{54}'''
  331. keywords = [
  332. "ezak",
  333. ]
  334. [[rules]]
  335. id = "easypost-test-api-token"
  336. description = "Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data."
  337. regex = '''\bEZTK(?i)[a-z0-9]{54}'''
  338. keywords = [
  339. "eztk",
  340. ]
  341. [[rules]]
  342. id = "etsy-access-token"
  343. description = "Found an Etsy Access Token, potentially compromising Etsy shop management and customer data."
  344. regex = '''(?i)(?:(?-i:ETSY|[Ee]tsy))(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  345. entropy = 3
  346. keywords = [
  347. "etsy",
  348. ]
  349. [[rules]]
  350. id = "facebook-access-token"
  351. description = "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
  352. regex = '''(?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  353. [[rules]]
  354. id = "facebook-page-access-token"
  355. description = "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
  356. regex = '''(?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  357. keywords = [
  358. "eaam","eaac",
  359. ]
  360. [[rules]]
  361. id = "facebook-secret"
  362. description = "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
  363. regex = '''(?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  364. keywords = [
  365. "facebook",
  366. ]
  367. [[rules]]
  368. id = "fastly-api-token"
  369. description = "Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues."
  370. regex = '''(?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  371. keywords = [
  372. "fastly",
  373. ]
  374. [[rules]]
  375. id = "finicity-api-token"
  376. description = "Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations."
  377. regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  378. keywords = [
  379. "finicity",
  380. ]
  381. [[rules]]
  382. id = "finicity-client-secret"
  383. description = "Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches."
  384. regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  385. keywords = [
  386. "finicity",
  387. ]
  388. [[rules]]
  389. id = "finnhub-access-token"
  390. description = "Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics."
  391. regex = '''(?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  392. keywords = [
  393. "finnhub",
  394. ]
  395. [[rules]]
  396. id = "flickr-access-token"
  397. description = "Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage."
  398. regex = '''(?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  399. keywords = [
  400. "flickr",
  401. ]
  402. [[rules]]
  403. id = "flutterwave-encryption-key"
  404. description = "Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information."
  405. regex = '''FLWSECK_TEST-(?i)[a-h0-9]{12}'''
  406. keywords = [
  407. "flwseck_test",
  408. ]
  409. [[rules]]
  410. id = "flutterwave-public-key"
  411. description = "Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations."
  412. regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
  413. keywords = [
  414. "flwpubk_test",
  415. ]
  416. [[rules]]
  417. id = "flutterwave-secret-key"
  418. description = "Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches."
  419. regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
  420. keywords = [
  421. "flwseck_test",
  422. ]
  423. [[rules]]
  424. id = "flyio-access-token"
  425. description = "Uncovered a Fly.io API key"
  426. regex = '''\b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  427. entropy = 4
  428. keywords = [
  429. "fo1_","fm1","fm2_",
  430. ]
  431. [[rules]]
  432. id = "frameio-api-token"
  433. description = "Found a Frame.io API token, potentially compromising video collaboration and project management."
  434. regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
  435. keywords = [
  436. "fio-u-",
  437. ]
  438. [[rules]]
  439. id = "freshbooks-access-token"
  440. description = "Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure."
  441. regex = '''(?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  442. keywords = [
  443. "freshbooks",
  444. ]
  445. [[rules]]
  446. id = "gcp-api-key"
  447. description = "Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches."
  448. regex = '''\b(AIza[\w-]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  449. entropy = 3
  450. keywords = [
  451. "aiza",
  452. ]
  453. [[rules]]
  454. id = "generic-api-key"
  455. description = "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."
  456. regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  457. entropy = 3.5
  458. keywords = [
  459. "key","api","token","secret","client","passwd","password","auth","access",
  460. ]
  461. [rules.allowlist]
  462. stopwords = [
  463. "000000",
  464. "aaaaaa",
  465. "about",
  466. "abstract",
  467. "academy",
  468. "acces",
  469. "account",
  470. "act-",
  471. "act.",
  472. "act_",
  473. "action",
  474. "active",
  475. "actively",
  476. "activity",
  477. "adapter",
  478. "add-",
  479. "add.",
  480. "add_",
  481. "add-on",
  482. "addon",
  483. "addres",
  484. "admin",
  485. "adobe",
  486. "advanced",
  487. "adventure",
  488. "agent",
  489. "agile",
  490. "air-",
  491. "air.",
  492. "air_",
  493. "ajax",
  494. "akka",
  495. "alert",
  496. "alfred",
  497. "algorithm",
  498. "all-",
  499. "all.",
  500. "all_",
  501. "alloy",
  502. "alpha",
  503. "amazon",
  504. "amqp",
  505. "analysi",
  506. "analytic",
  507. "analyzer",
  508. "android",
  509. "angular",
  510. "angularj",
  511. "animate",
  512. "animation",
  513. "another",
  514. "ansible",
  515. "answer",
  516. "ant-",
  517. "ant.",
  518. "ant_",
  519. "any-",
  520. "any.",
  521. "any_",
  522. "apache",
  523. "app-",
  524. "app-",
  525. "app.",
  526. "app.",
  527. "app_",
  528. "app_",
  529. "apple",
  530. "arch",
  531. "archive",
  532. "archived",
  533. "arduino",
  534. "array",
  535. "art-",
  536. "art.",
  537. "art_",
  538. "article",
  539. "asp-",
  540. "asp.",
  541. "asp_",
  542. "asset",
  543. "async",
  544. "atom",
  545. "attention",
  546. "audio",
  547. "audit",
  548. "aura",
  549. "auth",
  550. "author",
  551. "author",
  552. "authorize",
  553. "auto",
  554. "automated",
  555. "automatic",
  556. "awesome",
  557. "aws_",
  558. "azure",
  559. "back",
  560. "backbone",
  561. "backend",
  562. "backup",
  563. "bar-",
  564. "bar.",
  565. "bar_",
  566. "base",
  567. "based",
  568. "bash",
  569. "basic",
  570. "batch",
  571. "been",
  572. "beer",
  573. "behavior",
  574. "being",
  575. "benchmark",
  576. "best",
  577. "beta",
  578. "better",
  579. "big-",
  580. "big.",
  581. "big_",
  582. "binary",
  583. "binding",
  584. "bit-",
  585. "bit.",
  586. "bit_",
  587. "bitcoin",
  588. "block",
  589. "blog",
  590. "board",
  591. "book",
  592. "bookmark",
  593. "boost",
  594. "boot",
  595. "bootstrap",
  596. "bosh",
  597. "bot-",
  598. "bot.",
  599. "bot_",
  600. "bower",
  601. "box-",
  602. "box.",
  603. "box_",
  604. "boxen",
  605. "bracket",
  606. "branch",
  607. "bridge",
  608. "browser",
  609. "brunch",
  610. "buffer",
  611. "bug-",
  612. "bug.",
  613. "bug_",
  614. "build",
  615. "builder",
  616. "building",
  617. "buildout",
  618. "buildpack",
  619. "built",
  620. "bundle",
  621. "busines",
  622. "but-",
  623. "but.",
  624. "but_",
  625. "button",
  626. "cache",
  627. "caching",
  628. "cakephp",
  629. "calendar",
  630. "call",
  631. "camera",
  632. "campfire",
  633. "can-",
  634. "can.",
  635. "can_",
  636. "canva",
  637. "captcha",
  638. "capture",
  639. "card",
  640. "carousel",
  641. "case",
  642. "cassandra",
  643. "cat-",
  644. "cat.",
  645. "cat_",
  646. "category",
  647. "center",
  648. "cento",
  649. "challenge",
  650. "change",
  651. "changelog",
  652. "channel",
  653. "chart",
  654. "chat",
  655. "cheat",
  656. "check",
  657. "checker",
  658. "chef",
  659. "ches",
  660. "chinese",
  661. "chosen",
  662. "chrome",
  663. "ckeditor",
  664. "clas",
  665. "classe",
  666. "classic",
  667. "clean",
  668. "cli-",
  669. "cli.",
  670. "cli_",
  671. "client",
  672. "client",
  673. "clojure",
  674. "clone",
  675. "closure",
  676. "cloud",
  677. "club",
  678. "cluster",
  679. "cms-",
  680. "cms_",
  681. "coco",
  682. "code",
  683. "coding",
  684. "coffee",
  685. "color",
  686. "combination",
  687. "combo",
  688. "command",
  689. "commander",
  690. "comment",
  691. "commit",
  692. "common",
  693. "community",
  694. "compas",
  695. "compiler",
  696. "complete",
  697. "component",
  698. "composer",
  699. "computer",
  700. "computing",
  701. "con-",
  702. "con.",
  703. "con_",
  704. "concept",
  705. "conf",
  706. "config",
  707. "config",
  708. "connect",
  709. "connector",
  710. "console",
  711. "contact",
  712. "container",
  713. "contao",
  714. "content",
  715. "contest",
  716. "context",
  717. "control",
  718. "convert",
  719. "converter",
  720. "conway'",
  721. "cookbook",
  722. "cookie",
  723. "cool",
  724. "copy",
  725. "cordova",
  726. "core",
  727. "couchbase",
  728. "couchdb",
  729. "countdown",
  730. "counter",
  731. "course",
  732. "craft",
  733. "crawler",
  734. "create",
  735. "creating",
  736. "creator",
  737. "credential",
  738. "crm-",
  739. "crm.",
  740. "crm_",
  741. "cros",
  742. "crud",
  743. "csv-",
  744. "csv.",
  745. "csv_",
  746. "cube",
  747. "cucumber",
  748. "cuda",
  749. "current",
  750. "currently",
  751. "custom",
  752. "daemon",
  753. "dark",
  754. "dart",
  755. "dash",
  756. "dashboard",
  757. "data",
  758. "database",
  759. "date",
  760. "day-",
  761. "day.",
  762. "day_",
  763. "dead",
  764. "debian",
  765. "debug",
  766. "debug",
  767. "debugger",
  768. "deck",
  769. "define",
  770. "del-",
  771. "del.",
  772. "del_",
  773. "delete",
  774. "demo",
  775. "deploy",
  776. "design",
  777. "designer",
  778. "desktop",
  779. "detection",
  780. "detector",
  781. "dev-",
  782. "dev.",
  783. "dev_",
  784. "develop",
  785. "developer",
  786. "device",
  787. "devise",
  788. "diff",
  789. "digital",
  790. "directive",
  791. "directory",
  792. "discovery",
  793. "display",
  794. "django",
  795. "dns-",
  796. "dns_",
  797. "doc-",
  798. "doc-",
  799. "doc.",
  800. "doc.",
  801. "doc_",
  802. "doc_",
  803. "docker",
  804. "docpad",
  805. "doctrine",
  806. "document",
  807. "doe-",
  808. "doe.",
  809. "doe_",
  810. "dojo",
  811. "dom-",
  812. "dom.",
  813. "dom_",
  814. "domain",
  815. "done",
  816. "don't",
  817. "dot-",
  818. "dot.",
  819. "dot_",
  820. "dotfile",
  821. "download",
  822. "draft",
  823. "drag",
  824. "drill",
  825. "drive",
  826. "driven",
  827. "driver",
  828. "drop",
  829. "dropbox",
  830. "drupal",
  831. "dsl-",
  832. "dsl.",
  833. "dsl_",
  834. "dynamic",
  835. "easy",
  836. "_ec2_",
  837. "ecdsa",
  838. "eclipse",
  839. "edit",
  840. "editing",
  841. "edition",
  842. "editor",
  843. "element",
  844. "emac",
  845. "email",
  846. "embed",
  847. "embedded",
  848. "ember",
  849. "emitter",
  850. "emulator",
  851. "encoding",
  852. "endpoint",
  853. "engine",
  854. "english",
  855. "enhanced",
  856. "entity",
  857. "entry",
  858. "env_",
  859. "episode",
  860. "erlang",
  861. "error",
  862. "espresso",
  863. "event",
  864. "evented",
  865. "example",
  866. "example",
  867. "exchange",
  868. "exercise",
  869. "experiment",
  870. "expire",
  871. "exploit",
  872. "explorer",
  873. "export",
  874. "exporter",
  875. "expres",
  876. "ext-",
  877. "ext.",
  878. "ext_",
  879. "extended",
  880. "extension",
  881. "external",
  882. "extra",
  883. "extractor",
  884. "fabric",
  885. "facebook",
  886. "factory",
  887. "fake",
  888. "fast",
  889. "feature",
  890. "feed",
  891. "fewfwef",
  892. "ffmpeg",
  893. "field",
  894. "file",
  895. "filter",
  896. "find",
  897. "finder",
  898. "firefox",
  899. "firmware",
  900. "first",
  901. "fish",
  902. "fix-",
  903. "fix_",
  904. "flash",
  905. "flask",
  906. "flat",
  907. "flex",
  908. "flexible",
  909. "flickr",
  910. "flow",
  911. "fluent",
  912. "fluentd",
  913. "fluid",
  914. "folder",
  915. "font",
  916. "force",
  917. "foreman",
  918. "fork",
  919. "form",
  920. "format",
  921. "formatter",
  922. "forum",
  923. "foundry",
  924. "framework",
  925. "free",
  926. "friend",
  927. "friendly",
  928. "front-end",
  929. "frontend",
  930. "ftp-",
  931. "ftp.",
  932. "ftp_",
  933. "fuel",
  934. "full",
  935. "fun-",
  936. "fun.",
  937. "fun_",
  938. "func",
  939. "future",
  940. "gaia",
  941. "gallery",
  942. "game",
  943. "gateway",
  944. "gem-",
  945. "gem.",
  946. "gem_",
  947. "gen-",
  948. "gen.",
  949. "gen_",
  950. "general",
  951. "generator",
  952. "generic",
  953. "genetic",
  954. "get-",
  955. "get.",
  956. "get_",
  957. "getenv",
  958. "getting",
  959. "ghost",
  960. "gist",
  961. "git-",
  962. "git.",
  963. "git_",
  964. "github",
  965. "gitignore",
  966. "gitlab",
  967. "glas",
  968. "gmail",
  969. "gnome",
  970. "gnu-",
  971. "gnu.",
  972. "gnu_",
  973. "goal",
  974. "golang",
  975. "gollum",
  976. "good",
  977. "google",
  978. "gpu-",
  979. "gpu.",
  980. "gpu_",
  981. "gradle",
  982. "grail",
  983. "graph",
  984. "graphic",
  985. "great",
  986. "grid",
  987. "groovy",
  988. "group",
  989. "grunt",
  990. "guard",
  991. "gui-",
  992. "gui.",
  993. "gui_",
  994. "guide",
  995. "guideline",
  996. "gulp",
  997. "gwt-",
  998. "gwt.",
  999. "gwt_",
  1000. "hack",
  1001. "hackathon",
  1002. "hacker",
  1003. "hacking",
  1004. "hadoop",
  1005. "haml",
  1006. "handler",
  1007. "hardware",
  1008. "has-",
  1009. "has_",
  1010. "hash",
  1011. "haskell",
  1012. "have",
  1013. "haxe",
  1014. "hello",
  1015. "help",
  1016. "helper",
  1017. "here",
  1018. "hero",
  1019. "heroku",
  1020. "high",
  1021. "hipchat",
  1022. "history",
  1023. "home",
  1024. "homebrew",
  1025. "homepage",
  1026. "hook",
  1027. "host",
  1028. "hosting",
  1029. "hot-",
  1030. "hot.",
  1031. "hot_",
  1032. "house",
  1033. "how-",
  1034. "how.",
  1035. "how_",
  1036. "html",
  1037. "http",
  1038. "hub-",
  1039. "hub.",
  1040. "hub_",
  1041. "hubot",
  1042. "human",
  1043. "icon",
  1044. "ide-",
  1045. "ide.",
  1046. "ide_",
  1047. "idea",
  1048. "identity",
  1049. "idiomatic",
  1050. "image",
  1051. "impact",
  1052. "import",
  1053. "important",
  1054. "importer",
  1055. "impres",
  1056. "index",
  1057. "infinite",
  1058. "info",
  1059. "injection",
  1060. "inline",
  1061. "input",
  1062. "inside",
  1063. "inspector",
  1064. "instagram",
  1065. "install",
  1066. "installer",
  1067. "instant",
  1068. "intellij",
  1069. "interface",
  1070. "internet",
  1071. "interview",
  1072. "into",
  1073. "intro",
  1074. "ionic",
  1075. "iphone",
  1076. "ipython",
  1077. "irc-",
  1078. "irc_",
  1079. "iso-",
  1080. "iso.",
  1081. "iso_",
  1082. "issue",
  1083. "jade",
  1084. "jasmine",
  1085. "java",
  1086. "jbos",
  1087. "jekyll",
  1088. "jenkin",
  1089. "job-",
  1090. "job.",
  1091. "job_",
  1092. "joomla",
  1093. "jpa-",
  1094. "jpa.",
  1095. "jpa_",
  1096. "jquery",
  1097. "json",
  1098. "just",
  1099. "kafka",
  1100. "karma",
  1101. "kata",
  1102. "kernel",
  1103. "keyboard",
  1104. "kindle",
  1105. "kit-",
  1106. "kit.",
  1107. "kit_",
  1108. "kitchen",
  1109. "knife",
  1110. "koan",
  1111. "kohana",
  1112. "lab-",
  1113. "lab-",
  1114. "lab.",
  1115. "lab.",
  1116. "lab_",
  1117. "lab_",
  1118. "lambda",
  1119. "lamp",
  1120. "language",
  1121. "laravel",
  1122. "last",
  1123. "latest",
  1124. "latex",
  1125. "launcher",
  1126. "layer",
  1127. "layout",
  1128. "lazy",
  1129. "ldap",
  1130. "leaflet",
  1131. "league",
  1132. "learn",
  1133. "learning",
  1134. "led-",
  1135. "led.",
  1136. "led_",
  1137. "leetcode",
  1138. "les-",
  1139. "les.",
  1140. "les_",
  1141. "level",
  1142. "leveldb",
  1143. "lib-",
  1144. "lib.",
  1145. "lib_",
  1146. "librarie",
  1147. "library",
  1148. "license",
  1149. "life",
  1150. "liferay",
  1151. "light",
  1152. "lightbox",
  1153. "like",
  1154. "line",
  1155. "link",
  1156. "linked",
  1157. "linkedin",
  1158. "linux",
  1159. "lisp",
  1160. "list",
  1161. "lite",
  1162. "little",
  1163. "load",
  1164. "loader",
  1165. "local",
  1166. "location",
  1167. "lock",
  1168. "log-",
  1169. "log.",
  1170. "log_",
  1171. "logger",
  1172. "logging",
  1173. "logic",
  1174. "login",
  1175. "logstash",
  1176. "longer",
  1177. "look",
  1178. "love",
  1179. "lua-",
  1180. "lua.",
  1181. "lua_",
  1182. "mac-",
  1183. "mac.",
  1184. "mac_",
  1185. "machine",
  1186. "made",
  1187. "magento",
  1188. "magic",
  1189. "mail",
  1190. "make",
  1191. "maker",
  1192. "making",
  1193. "man-",
  1194. "man.",
  1195. "man_",
  1196. "manage",
  1197. "manager",
  1198. "manifest",
  1199. "manual",
  1200. "map-",
  1201. "map-",
  1202. "map.",
  1203. "map.",
  1204. "map_",
  1205. "map_",
  1206. "mapper",
  1207. "mapping",
  1208. "markdown",
  1209. "markup",
  1210. "master",
  1211. "math",
  1212. "matrix",
  1213. "maven",
  1214. "md5",
  1215. "mean",
  1216. "media",
  1217. "mediawiki",
  1218. "meetup",
  1219. "memcached",
  1220. "memory",
  1221. "menu",
  1222. "merchant",
  1223. "message",
  1224. "messaging",
  1225. "meta",
  1226. "metadata",
  1227. "meteor",
  1228. "method",
  1229. "metric",
  1230. "micro",
  1231. "middleman",
  1232. "migration",
  1233. "minecraft",
  1234. "miner",
  1235. "mini",
  1236. "minimal",
  1237. "mirror",
  1238. "mit-",
  1239. "mit.",
  1240. "mit_",
  1241. "mobile",
  1242. "mocha",
  1243. "mock",
  1244. "mod-",
  1245. "mod.",
  1246. "mod_",
  1247. "mode",
  1248. "model",
  1249. "modern",
  1250. "modular",
  1251. "module",
  1252. "modx",
  1253. "money",
  1254. "mongo",
  1255. "mongodb",
  1256. "mongoid",
  1257. "mongoose",
  1258. "monitor",
  1259. "monkey",
  1260. "more",
  1261. "motion",
  1262. "moved",
  1263. "movie",
  1264. "mozilla",
  1265. "mqtt",
  1266. "mule",
  1267. "multi",
  1268. "multiple",
  1269. "music",
  1270. "mustache",
  1271. "mvc-",
  1272. "mvc.",
  1273. "mvc_",
  1274. "mysql",
  1275. "nagio",
  1276. "name",
  1277. "native",
  1278. "need",
  1279. "neo-",
  1280. "neo.",
  1281. "neo_",
  1282. "nest",
  1283. "nested",
  1284. "net-",
  1285. "net.",
  1286. "net_",
  1287. "nette",
  1288. "network",
  1289. "new-",
  1290. "new-",
  1291. "new.",
  1292. "new.",
  1293. "new_",
  1294. "new_",
  1295. "next",
  1296. "nginx",
  1297. "ninja",
  1298. "nlp-",
  1299. "nlp.",
  1300. "nlp_",
  1301. "node",
  1302. "nodej",
  1303. "nosql",
  1304. "not-",
  1305. "not.",
  1306. "not_",
  1307. "note",
  1308. "notebook",
  1309. "notepad",
  1310. "notice",
  1311. "notifier",
  1312. "now-",
  1313. "now.",
  1314. "now_",
  1315. "number",
  1316. "oauth",
  1317. "object",
  1318. "objective",
  1319. "obsolete",
  1320. "ocaml",
  1321. "octopres",
  1322. "official",
  1323. "old-",
  1324. "old.",
  1325. "old_",
  1326. "onboard",
  1327. "online",
  1328. "only",
  1329. "open",
  1330. "opencv",
  1331. "opengl",
  1332. "openshift",
  1333. "openwrt",
  1334. "option",
  1335. "oracle",
  1336. "org-",
  1337. "org.",
  1338. "org_",
  1339. "origin",
  1340. "original",
  1341. "orm-",
  1342. "orm.",
  1343. "orm_",
  1344. "osx-",
  1345. "osx_",
  1346. "our-",
  1347. "our.",
  1348. "our_",
  1349. "out-",
  1350. "out.",
  1351. "out_",
  1352. "output",
  1353. "over",
  1354. "overview",
  1355. "own-",
  1356. "own.",
  1357. "own_",
  1358. "pack",
  1359. "package",
  1360. "packet",
  1361. "page",
  1362. "page",
  1363. "panel",
  1364. "paper",
  1365. "paperclip",
  1366. "para",
  1367. "parallax",
  1368. "parallel",
  1369. "parse",
  1370. "parser",
  1371. "parsing",
  1372. "particle",
  1373. "party",
  1374. "password",
  1375. "patch",
  1376. "path",
  1377. "pattern",
  1378. "payment",
  1379. "paypal",
  1380. "pdf-",
  1381. "pdf.",
  1382. "pdf_",
  1383. "pebble",
  1384. "people",
  1385. "perl",
  1386. "personal",
  1387. "phalcon",
  1388. "phoenix",
  1389. "phone",
  1390. "phonegap",
  1391. "photo",
  1392. "php-",
  1393. "php.",
  1394. "php_",
  1395. "physic",
  1396. "picker",
  1397. "pipeline",
  1398. "platform",
  1399. "play",
  1400. "player",
  1401. "please",
  1402. "plu-",
  1403. "plu.",
  1404. "plu_",
  1405. "plug-in",
  1406. "plugin",
  1407. "plupload",
  1408. "png-",
  1409. "png.",
  1410. "png_",
  1411. "poker",
  1412. "polyfill",
  1413. "polymer",
  1414. "pool",
  1415. "pop-",
  1416. "pop.",
  1417. "pop_",
  1418. "popcorn",
  1419. "popup",
  1420. "port",
  1421. "portable",
  1422. "portal",
  1423. "portfolio",
  1424. "post",
  1425. "power",
  1426. "powered",
  1427. "powerful",
  1428. "prelude",
  1429. "pretty",
  1430. "preview",
  1431. "principle",
  1432. "print",
  1433. "pro-",
  1434. "pro.",
  1435. "pro_",
  1436. "problem",
  1437. "proc",
  1438. "product",
  1439. "profile",
  1440. "profiler",
  1441. "program",
  1442. "progres",
  1443. "project",
  1444. "protocol",
  1445. "prototype",
  1446. "provider",
  1447. "proxy",
  1448. "public",
  1449. "pull",
  1450. "puppet",
  1451. "pure",
  1452. "purpose",
  1453. "push",
  1454. "pusher",
  1455. "pyramid",
  1456. "python",
  1457. "quality",
  1458. "query",
  1459. "queue",
  1460. "quick",
  1461. "rabbitmq",
  1462. "rack",
  1463. "radio",
  1464. "rail",
  1465. "railscast",
  1466. "random",
  1467. "range",
  1468. "raspberry",
  1469. "rdf-",
  1470. "rdf.",
  1471. "rdf_",
  1472. "react",
  1473. "reactive",
  1474. "read",
  1475. "reader",
  1476. "readme",
  1477. "ready",
  1478. "real",
  1479. "reality",
  1480. "real-time",
  1481. "realtime",
  1482. "recipe",
  1483. "recorder",
  1484. "red-",
  1485. "red.",
  1486. "red_",
  1487. "reddit",
  1488. "redi",
  1489. "redmine",
  1490. "reference",
  1491. "refinery",
  1492. "refresh",
  1493. "registry",
  1494. "related",
  1495. "release",
  1496. "remote",
  1497. "rendering",
  1498. "repo",
  1499. "report",
  1500. "request",
  1501. "require",
  1502. "required",
  1503. "requirej",
  1504. "research",
  1505. "resource",
  1506. "response",
  1507. "resque",
  1508. "rest",
  1509. "restful",
  1510. "resume",
  1511. "reveal",
  1512. "reverse",
  1513. "review",
  1514. "riak",
  1515. "rich",
  1516. "right",
  1517. "ring",
  1518. "robot",
  1519. "role",
  1520. "room",
  1521. "router",
  1522. "routing",
  1523. "rpc-",
  1524. "rpc.",
  1525. "rpc_",
  1526. "rpg-",
  1527. "rpg.",
  1528. "rpg_",
  1529. "rspec",
  1530. "ruby-",
  1531. "ruby.",
  1532. "ruby_",
  1533. "rule",
  1534. "run-",
  1535. "run.",
  1536. "run_",
  1537. "runner",
  1538. "running",
  1539. "runtime",
  1540. "rust",
  1541. "rvm-",
  1542. "rvm.",
  1543. "rvm_",
  1544. "salt",
  1545. "sample",
  1546. "sample",
  1547. "sandbox",
  1548. "sas-",
  1549. "sas.",
  1550. "sas_",
  1551. "sbt-",
  1552. "sbt.",
  1553. "sbt_",
  1554. "scala",
  1555. "scalable",
  1556. "scanner",
  1557. "schema",
  1558. "scheme",
  1559. "school",
  1560. "science",
  1561. "scraper",
  1562. "scratch",
  1563. "screen",
  1564. "script",
  1565. "scroll",
  1566. "scs-",
  1567. "scs.",
  1568. "scs_",
  1569. "sdk-",
  1570. "sdk.",
  1571. "sdk_",
  1572. "sdl-",
  1573. "sdl.",
  1574. "sdl_",
  1575. "search",
  1576. "secure",
  1577. "security",
  1578. "see-",
  1579. "see.",
  1580. "see_",
  1581. "seed",
  1582. "select",
  1583. "selector",
  1584. "selenium",
  1585. "semantic",
  1586. "sencha",
  1587. "send",
  1588. "sentiment",
  1589. "serie",
  1590. "server",
  1591. "service",
  1592. "session",
  1593. "set-",
  1594. "set.",
  1595. "set_",
  1596. "setting",
  1597. "setting",
  1598. "setup",
  1599. "sha1",
  1600. "sha2",
  1601. "sha256",
  1602. "share",
  1603. "shared",
  1604. "sharing",
  1605. "sheet",
  1606. "shell",
  1607. "shield",
  1608. "shipping",
  1609. "shop",
  1610. "shopify",
  1611. "shortener",
  1612. "should",
  1613. "show",
  1614. "showcase",
  1615. "side",
  1616. "silex",
  1617. "simple",
  1618. "simulator",
  1619. "single",
  1620. "site",
  1621. "skeleton",
  1622. "sketch",
  1623. "skin",
  1624. "slack",
  1625. "slide",
  1626. "slider",
  1627. "slim",
  1628. "small",
  1629. "smart",
  1630. "smtp",
  1631. "snake",
  1632. "snippet",
  1633. "soap",
  1634. "social",
  1635. "socket",
  1636. "software",
  1637. "solarized",
  1638. "solr",
  1639. "solution",
  1640. "solver",
  1641. "some",
  1642. "soon",
  1643. "source",
  1644. "space",
  1645. "spark",
  1646. "spatial",
  1647. "spec",
  1648. "sphinx",
  1649. "spine",
  1650. "spotify",
  1651. "spree",
  1652. "spring",
  1653. "sprite",
  1654. "sql-",
  1655. "sql.",
  1656. "sql_",
  1657. "sqlite",
  1658. "ssh-",
  1659. "ssh.",
  1660. "ssh_",
  1661. "stack",
  1662. "staging",
  1663. "standard",
  1664. "stanford",
  1665. "start",
  1666. "started",
  1667. "starter",
  1668. "startup",
  1669. "stat",
  1670. "statamic",
  1671. "state",
  1672. "static",
  1673. "statistic",
  1674. "statsd",
  1675. "statu",
  1676. "steam",
  1677. "step",
  1678. "still",
  1679. "stm-",
  1680. "stm.",
  1681. "stm_",
  1682. "storage",
  1683. "store",
  1684. "storm",
  1685. "story",
  1686. "strategy",
  1687. "stream",
  1688. "streaming",
  1689. "string",
  1690. "stripe",
  1691. "structure",
  1692. "studio",
  1693. "study",
  1694. "stuff",
  1695. "style",
  1696. "sublime",
  1697. "sugar",
  1698. "suite",
  1699. "summary",
  1700. "super",
  1701. "support",
  1702. "supported",
  1703. "svg-",
  1704. "svg.",
  1705. "svg_",
  1706. "svn-",
  1707. "svn.",
  1708. "svn_",
  1709. "swagger",
  1710. "swift",
  1711. "switch",
  1712. "switcher",
  1713. "symfony",
  1714. "symphony",
  1715. "sync",
  1716. "synopsi",
  1717. "syntax",
  1718. "system",
  1719. "system",
  1720. "tab-",
  1721. "tab-",
  1722. "tab.",
  1723. "tab.",
  1724. "tab_",
  1725. "tab_",
  1726. "table",
  1727. "tag-",
  1728. "tag-",
  1729. "tag.",
  1730. "tag.",
  1731. "tag_",
  1732. "tag_",
  1733. "talk",
  1734. "target",
  1735. "task",
  1736. "tcp-",
  1737. "tcp.",
  1738. "tcp_",
  1739. "tdd-",
  1740. "tdd.",
  1741. "tdd_",
  1742. "team",
  1743. "tech",
  1744. "template",
  1745. "term",
  1746. "terminal",
  1747. "testing",
  1748. "tetri",
  1749. "text",
  1750. "textmate",
  1751. "theme",
  1752. "theory",
  1753. "three",
  1754. "thrift",
  1755. "time",
  1756. "timeline",
  1757. "timer",
  1758. "tiny",
  1759. "tinymce",
  1760. "tip-",
  1761. "tip.",
  1762. "tip_",
  1763. "title",
  1764. "todo",
  1765. "todomvc",
  1766. "token",
  1767. "tool",
  1768. "toolbox",
  1769. "toolkit",
  1770. "top-",
  1771. "top.",
  1772. "top_",
  1773. "tornado",
  1774. "touch",
  1775. "tower",
  1776. "tracker",
  1777. "tracking",
  1778. "traffic",
  1779. "training",
  1780. "transfer",
  1781. "translate",
  1782. "transport",
  1783. "tree",
  1784. "trello",
  1785. "try-",
  1786. "try.",
  1787. "try_",
  1788. "tumblr",
  1789. "tut-",
  1790. "tut.",
  1791. "tut_",
  1792. "tutorial",
  1793. "tweet",
  1794. "twig",
  1795. "twitter",
  1796. "type",
  1797. "typo",
  1798. "ubuntu",
  1799. "uiview",
  1800. "ultimate",
  1801. "under",
  1802. "unit",
  1803. "unity",
  1804. "universal",
  1805. "unix",
  1806. "update",
  1807. "updated",
  1808. "upgrade",
  1809. "upload",
  1810. "uploader",
  1811. "uri-",
  1812. "uri.",
  1813. "uri_",
  1814. "url-",
  1815. "url.",
  1816. "url_",
  1817. "usage",
  1818. "usb-",
  1819. "usb.",
  1820. "usb_",
  1821. "use-",
  1822. "use.",
  1823. "use_",
  1824. "used",
  1825. "useful",
  1826. "user",
  1827. "using",
  1828. "util",
  1829. "utilitie",
  1830. "utility",
  1831. "vagrant",
  1832. "validator",
  1833. "value",
  1834. "variou",
  1835. "varnish",
  1836. "version",
  1837. "via-",
  1838. "via.",
  1839. "via_",
  1840. "video",
  1841. "view",
  1842. "viewer",
  1843. "vim-",
  1844. "vim.",
  1845. "vim_",
  1846. "vimrc",
  1847. "virtual",
  1848. "vision",
  1849. "visual",
  1850. "vpn",
  1851. "want",
  1852. "warning",
  1853. "watch",
  1854. "watcher",
  1855. "wave",
  1856. "way-",
  1857. "way.",
  1858. "way_",
  1859. "weather",
  1860. "web-",
  1861. "web_",
  1862. "webapp",
  1863. "webgl",
  1864. "webhook",
  1865. "webkit",
  1866. "webrtc",
  1867. "website",
  1868. "websocket",
  1869. "welcome",
  1870. "welcome",
  1871. "what",
  1872. "what'",
  1873. "when",
  1874. "where",
  1875. "which",
  1876. "why-",
  1877. "why.",
  1878. "why_",
  1879. "widget",
  1880. "wifi",
  1881. "wiki",
  1882. "win-",
  1883. "win.",
  1884. "win_",
  1885. "window",
  1886. "wip-",
  1887. "wip.",
  1888. "wip_",
  1889. "within",
  1890. "without",
  1891. "wizard",
  1892. "word",
  1893. "wordpres",
  1894. "work",
  1895. "worker",
  1896. "workflow",
  1897. "working",
  1898. "workshop",
  1899. "world",
  1900. "wrapper",
  1901. "write",
  1902. "writer",
  1903. "writing",
  1904. "written",
  1905. "www-",
  1906. "www.",
  1907. "www_",
  1908. "xamarin",
  1909. "xcode",
  1910. "xml-",
  1911. "xml.",
  1912. "xml_",
  1913. "xmpp",
  1914. "xxxxxx",
  1915. "yahoo",
  1916. "yaml",
  1917. "yandex",
  1918. "yeoman",
  1919. "yet-",
  1920. "yet.",
  1921. "yet_",
  1922. "yii-",
  1923. "yii.",
  1924. "yii_",
  1925. "youtube",
  1926. "yui-",
  1927. "yui.",
  1928. "yui_",
  1929. "zend",
  1930. "zero",
  1931. "zip-",
  1932. "zip.",
  1933. "zip_",
  1934. "zsh-",
  1935. "zsh.",
  1936. "zsh_",
  1937. ]
  1938. [[rules]]
  1939. id = "github-app-token"
  1940. description = "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security."
  1941. regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
  1942. entropy = 3
  1943. keywords = [
  1944. "ghu_","ghs_",
  1945. ]
  1946. [[rules]]
  1947. id = "github-fine-grained-pat"
  1948. description = "Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation."
  1949. regex = '''github_pat_\w{82}'''
  1950. entropy = 3
  1951. keywords = [
  1952. "github_pat_",
  1953. ]
  1954. [[rules]]
  1955. id = "github-oauth"
  1956. description = "Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks."
  1957. regex = '''gho_[0-9a-zA-Z]{36}'''
  1958. entropy = 3
  1959. keywords = [
  1960. "gho_",
  1961. ]
  1962. [[rules]]
  1963. id = "github-pat"
  1964. description = "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."
  1965. regex = '''ghp_[0-9a-zA-Z]{36}'''
  1966. entropy = 3
  1967. keywords = [
  1968. "ghp_",
  1969. ]
  1970. [[rules]]
  1971. id = "github-refresh-token"
  1972. description = "Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services."
  1973. regex = '''ghr_[0-9a-zA-Z]{36}'''
  1974. entropy = 3
  1975. keywords = [
  1976. "ghr_",
  1977. ]
  1978. [[rules]]
  1979. id = "gitlab-pat"
  1980. description = "Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure."
  1981. regex = '''glpat-[0-9a-zA-Z\-\_]{20}'''
  1982. keywords = [
  1983. "glpat-",
  1984. ]
  1985. [[rules]]
  1986. id = "gitlab-ptt"
  1987. description = "Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security."
  1988. regex = '''glptt-[0-9a-f]{40}'''
  1989. keywords = [
  1990. "glptt-",
  1991. ]
  1992. [[rules]]
  1993. id = "gitlab-rrt"
  1994. description = "Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access."
  1995. regex = '''GR1348941[0-9a-zA-Z\-\_]{20}'''
  1996. keywords = [
  1997. "gr1348941",
  1998. ]
  1999. [[rules]]
  2000. id = "gitter-access-token"
  2001. description = "Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services."
  2002. regex = '''(?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2003. keywords = [
  2004. "gitter",
  2005. ]
  2006. [[rules]]
  2007. id = "gocardless-api-token"
  2008. description = "Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure."
  2009. regex = '''(?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2010. keywords = [
  2011. "live_","gocardless",
  2012. ]
  2013. [[rules]]
  2014. id = "grafana-api-key"
  2015. description = "Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics."
  2016. regex = '''(?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2017. keywords = [
  2018. "eyjrijoi",
  2019. ]
  2020. [[rules]]
  2021. id = "grafana-cloud-api-token"
  2022. description = "Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure."
  2023. regex = '''(?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2024. keywords = [
  2025. "glc_",
  2026. ]
  2027. [[rules]]
  2028. id = "grafana-service-account-token"
  2029. description = "Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity."
  2030. regex = '''(?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2031. keywords = [
  2032. "glsa_",
  2033. ]
  2034. [[rules]]
  2035. id = "harness-api-key"
  2036. description = "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account."
  2037. regex = '''(?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}'''
  2038. keywords = [
  2039. "pat.","sat.",
  2040. ]
  2041. [[rules]]
  2042. id = "hashicorp-tf-api-token"
  2043. description = "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches."
  2044. regex = '''(?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70}'''
  2045. entropy = 3.5
  2046. keywords = [
  2047. "atlasv1",
  2048. ]
  2049. [[rules]]
  2050. id = "hashicorp-tf-password"
  2051. description = "Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches."
  2052. regex = '''(?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2053. path = '''(?i)\.(?:tf|hcl)$'''
  2054. keywords = [
  2055. "administrator_login_password","password",
  2056. ]
  2057. [[rules]]
  2058. id = "heroku-api-key"
  2059. description = "Detected a Heroku API Key, potentially compromising cloud application deployments and operational security."
  2060. regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2061. keywords = [
  2062. "heroku",
  2063. ]
  2064. [[rules]]
  2065. id = "hubspot-api-key"
  2066. description = "Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations."
  2067. regex = '''(?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2068. keywords = [
  2069. "hubspot",
  2070. ]
  2071. [[rules]]
  2072. id = "huggingface-access-token"
  2073. description = "Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data."
  2074. regex = '''(?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <])'''
  2075. entropy = 1
  2076. keywords = [
  2077. "hf_",
  2078. ]
  2079. [[rules]]
  2080. id = "huggingface-organization-api-token"
  2081. description = "Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data."
  2082. regex = '''(?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),])'''
  2083. entropy = 2
  2084. keywords = [
  2085. "api_org_",
  2086. ]
  2087. [[rules]]
  2088. id = "infracost-api-token"
  2089. description = "Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data."
  2090. regex = '''(?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2091. keywords = [
  2092. "ico-",
  2093. ]
  2094. [[rules]]
  2095. id = "intercom-api-key"
  2096. description = "Identified an Intercom API Token, which could compromise customer communication channels and data privacy."
  2097. regex = '''(?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2098. keywords = [
  2099. "intercom",
  2100. ]
  2101. [[rules]]
  2102. id = "intra42-client-secret"
  2103. description = "Found a Intra42 client secret, which could lead to unauthorized access to the 42School API and sensitive data."
  2104. regex = '''(?i)\b(s-s4t2(?:ud|af)-[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2105. keywords = [
  2106. "intra","s-s4t2ud-","s-s4t2af-",
  2107. ]
  2108. [[rules]]
  2109. id = "jfrog-api-key"
  2110. description = "Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines."
  2111. regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2112. keywords = [
  2113. "jfrog","artifactory","bintray","xray",
  2114. ]
  2115. [[rules]]
  2116. id = "jfrog-identity-token"
  2117. description = "Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts."
  2118. regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2119. keywords = [
  2120. "jfrog","artifactory","bintray","xray",
  2121. ]
  2122. [[rules]]
  2123. id = "jwt"
  2124. description = "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data."
  2125. regex = '''\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2126. keywords = [
  2127. "ey",
  2128. ]
  2129. [[rules]]
  2130. id = "jwt-base64"
  2131. description = "Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information."
  2132. regex = '''\bZXlK(?:(?P<alg>aGJHY2lPaU)|(?P<apu>aGNIVWlPaU)|(?P<apv>aGNIWWlPaU)|(?P<aud>aGRXUWlPaU)|(?P<b64>aU5qUWlP)|(?P<crit>amNtbDBJanBi)|(?P<cty>amRIa2lPaU)|(?P<epk>bGNHc2lPbn)|(?P<enc>bGJtTWlPaU)|(?P<jku>cWEzVWlPaU)|(?P<jwk>cWQyc2lPb)|(?P<iss>cGMzTWlPaU)|(?P<iv>cGRpSTZJ)|(?P<kid>cmFXUWlP)|(?P<key_ops>clpYbGZiM0J6SWpwY)|(?P<kty>cmRIa2lPaUp)|(?P<nonce>dWIyNWpaU0k2)|(?P<p2c>d01tTWlP)|(?P<p2s>d01uTWlPaU)|(?P<ppt>d2NIUWlPaU)|(?P<sub>emRXSWlPaU)|(?P<svt>emRuUWlP)|(?P<tag>MFlXY2lPaU)|(?P<typ>MGVYQWlPaUp)|(?P<url>MWNtd2l)|(?P<use>MWMyVWlPaUp)|(?P<ver>MlpYSWlPaU)|(?P<version>MlpYSnphVzl1SWpv)|(?P<x>NElqb2)|(?P<x5c>NE5XTWlP)|(?P<x5t>NE5YUWlPaU)|(?P<x5ts256>NE5YUWpVekkxTmlJNkl)|(?P<x5u>NE5YVWlPaU)|(?P<zip>NmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2}'''
  2133. keywords = [
  2134. "zxlk",
  2135. ]
  2136. [[rules]]
  2137. id = "kraken-access-token"
  2138. description = "Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security."
  2139. regex = '''(?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2140. keywords = [
  2141. "kraken",
  2142. ]
  2143. [[rules]]
  2144. id = "kubernetes-secret-yaml"
  2145. description = "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"
  2146. regex = '''(?i)(?:\bkind:[ \t]*["']?secret["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?secret["']?)'''
  2147. path = '''(?i)\.ya?ml$'''
  2148. keywords = [
  2149. "secret",
  2150. ]
  2151. [rules.allowlist]
  2152. regexes = [
  2153. '''[\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:\{\{[ \t\w"|$:=,.-]+}}|""|'')''',
  2154. ]
  2155. [[rules]]
  2156. id = "kucoin-access-token"
  2157. description = "Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions."
  2158. regex = '''(?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2159. keywords = [
  2160. "kucoin",
  2161. ]
  2162. [[rules]]
  2163. id = "kucoin-secret-key"
  2164. description = "Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches."
  2165. regex = '''(?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2166. keywords = [
  2167. "kucoin",
  2168. ]
  2169. [[rules]]
  2170. id = "launchdarkly-access-token"
  2171. description = "Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality."
  2172. regex = '''(?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2173. keywords = [
  2174. "launchdarkly",
  2175. ]
  2176. [[rules]]
  2177. id = "linear-api-key"
  2178. description = "Detected a Linear API Token, posing a risk to project management tools and sensitive task data."
  2179. regex = '''lin_api_(?i)[a-z0-9]{40}'''
  2180. keywords = [
  2181. "lin_api_",
  2182. ]
  2183. [[rules]]
  2184. id = "linear-client-secret"
  2185. description = "Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data."
  2186. regex = '''(?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2187. keywords = [
  2188. "linear",
  2189. ]
  2190. [[rules]]
  2191. id = "linkedin-client-id"
  2192. description = "Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure."
  2193. regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2194. keywords = [
  2195. "linkedin","linked-in",
  2196. ]
  2197. [[rules]]
  2198. id = "linkedin-client-secret"
  2199. description = "Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data."
  2200. regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2201. keywords = [
  2202. "linkedin","linked-in",
  2203. ]
  2204. [[rules]]
  2205. id = "lob-api-key"
  2206. description = "Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services."
  2207. regex = '''(?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2208. keywords = [
  2209. "test_","live_",
  2210. ]
  2211. [[rules]]
  2212. id = "lob-pub-api-key"
  2213. description = "Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations."
  2214. regex = '''(?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2215. keywords = [
  2216. "test_pub","live_pub","_pub",
  2217. ]
  2218. [[rules]]
  2219. id = "mailchimp-api-key"
  2220. description = "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data."
  2221. regex = '''(?i)(?:MailchimpSDK.initialize|mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2222. keywords = [
  2223. "mailchimp",
  2224. ]
  2225. [[rules]]
  2226. id = "mailgun-private-api-token"
  2227. description = "Found a Mailgun private API token, risking unauthorized email service operations and data breaches."
  2228. regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2229. keywords = [
  2230. "mailgun",
  2231. ]
  2232. [[rules]]
  2233. id = "mailgun-pub-key"
  2234. description = "Discovered a Mailgun public validation key, which could expose email verification processes and associated data."
  2235. regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2236. keywords = [
  2237. "mailgun",
  2238. ]
  2239. [[rules]]
  2240. id = "mailgun-signing-key"
  2241. description = "Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity."
  2242. regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2243. keywords = [
  2244. "mailgun",
  2245. ]
  2246. [[rules]]
  2247. id = "mapbox-api-token"
  2248. description = "Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure."
  2249. regex = '''(?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2250. keywords = [
  2251. "mapbox",
  2252. ]
  2253. [[rules]]
  2254. id = "mattermost-access-token"
  2255. description = "Identified a Mattermost Access Token, which may compromise team communication channels and data privacy."
  2256. regex = '''(?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2257. keywords = [
  2258. "mattermost",
  2259. ]
  2260. [[rules]]
  2261. id = "messagebird-api-token"
  2262. description = "Found a MessageBird API token, risking unauthorized access to communication platforms and message data."
  2263. regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2264. keywords = [
  2265. "messagebird","message-bird","message_bird",
  2266. ]
  2267. [[rules]]
  2268. id = "messagebird-client-id"
  2269. description = "Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data."
  2270. regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2271. keywords = [
  2272. "messagebird","message-bird","message_bird",
  2273. ]
  2274. [[rules]]
  2275. id = "microsoft-teams-webhook"
  2276. description = "Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks."
  2277. regex = '''https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}'''
  2278. keywords = [
  2279. "webhook.office.com","webhookb2","incomingwebhook",
  2280. ]
  2281. [[rules]]
  2282. id = "netlify-access-token"
  2283. description = "Detected a Netlify Access Token, potentially compromising web hosting services and site management."
  2284. regex = '''(?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2285. keywords = [
  2286. "netlify",
  2287. ]
  2288. [[rules]]
  2289. id = "new-relic-browser-api-token"
  2290. description = "Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics."
  2291. regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2292. keywords = [
  2293. "nrjs-",
  2294. ]
  2295. [[rules]]
  2296. id = "new-relic-insert-key"
  2297. description = "Discovered a New Relic insight insert key, compromising data injection into the platform."
  2298. regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2299. keywords = [
  2300. "nrii-",
  2301. ]
  2302. [[rules]]
  2303. id = "new-relic-user-api-id"
  2304. description = "Found a New Relic user API ID, posing a risk to application monitoring services and data integrity."
  2305. regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2306. keywords = [
  2307. "new-relic","newrelic","new_relic",
  2308. ]
  2309. [[rules]]
  2310. id = "new-relic-user-api-key"
  2311. description = "Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring."
  2312. regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2313. keywords = [
  2314. "nrak",
  2315. ]
  2316. [[rules]]
  2317. id = "npm-access-token"
  2318. description = "Uncovered an npm access token, potentially compromising package management and code repository access."
  2319. regex = '''(?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2320. keywords = [
  2321. "npm_",
  2322. ]
  2323. [[rules]]
  2324. id = "nytimes-access-token"
  2325. description = "Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services."
  2326. regex = '''(?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2327. keywords = [
  2328. "nytimes","new-york-times","newyorktimes",
  2329. ]
  2330. [[rules]]
  2331. id = "okta-access-token"
  2332. description = "Identified an Okta Access Token, which may compromise identity management services and user authentication data."
  2333. regex = '''(?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2334. keywords = [
  2335. "okta",
  2336. ]
  2337. [[rules]]
  2338. id = "openai-api-key"
  2339. description = "Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation."
  2340. regex = '''(?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2341. keywords = [
  2342. "t3blbkfj",
  2343. ]
  2344. [[rules]]
  2345. id = "openshift-user-token"
  2346. description = "Found an OpenShift user token, potentially compromising an OpenShift/Kubernetes cluster."
  2347. regex = '''\b(sha256~[\w-]{43})(?:[^\w-]|\z)'''
  2348. entropy = 3.5
  2349. keywords = [
  2350. "sha256~",
  2351. ]
  2352. [[rules]]
  2353. id = "plaid-api-token"
  2354. description = "Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services."
  2355. regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2356. keywords = [
  2357. "plaid",
  2358. ]
  2359. [[rules]]
  2360. id = "plaid-client-id"
  2361. description = "Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches."
  2362. regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2363. entropy = 3.5
  2364. keywords = [
  2365. "plaid",
  2366. ]
  2367. [[rules]]
  2368. id = "plaid-secret-key"
  2369. description = "Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data."
  2370. regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2371. entropy = 3.5
  2372. keywords = [
  2373. "plaid",
  2374. ]
  2375. [[rules]]
  2376. id = "planetscale-api-token"
  2377. description = "Identified a PlanetScale API token, potentially compromising database management and operations."
  2378. regex = '''(?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2379. keywords = [
  2380. "pscale_tkn_",
  2381. ]
  2382. [[rules]]
  2383. id = "planetscale-oauth-token"
  2384. description = "Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity."
  2385. regex = '''(?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2386. keywords = [
  2387. "pscale_oauth_",
  2388. ]
  2389. [[rules]]
  2390. id = "planetscale-password"
  2391. description = "Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches."
  2392. regex = '''(?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2393. keywords = [
  2394. "pscale_pw_",
  2395. ]
  2396. [[rules]]
  2397. id = "postman-api-token"
  2398. description = "Uncovered a Postman API token, potentially compromising API testing and development workflows."
  2399. regex = '''(?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2400. keywords = [
  2401. "pmak-",
  2402. ]
  2403. [[rules]]
  2404. id = "prefect-api-token"
  2405. description = "Detected a Prefect API token, risking unauthorized access to workflow management and automation services."
  2406. regex = '''(?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2407. keywords = [
  2408. "pnu_",
  2409. ]
  2410. [[rules]]
  2411. id = "private-key"
  2412. description = "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."
  2413. regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*KEY(?: BLOCK)?----'''
  2414. keywords = [
  2415. "-----begin",
  2416. ]
  2417. [[rules]]
  2418. id = "pulumi-api-token"
  2419. description = "Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management."
  2420. regex = '''(?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2421. keywords = [
  2422. "pul-",
  2423. ]
  2424. [[rules]]
  2425. id = "pypi-upload-token"
  2426. description = "Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity."
  2427. regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
  2428. keywords = [
  2429. "pypi-ageichlwas5vcmc",
  2430. ]
  2431. [[rules]]
  2432. id = "rapidapi-access-token"
  2433. description = "Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services."
  2434. regex = '''(?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2435. keywords = [
  2436. "rapidapi",
  2437. ]
  2438. [[rules]]
  2439. id = "readme-api-token"
  2440. description = "Detected a Readme API token, risking unauthorized documentation management and content exposure."
  2441. regex = '''(?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2442. keywords = [
  2443. "rdme_",
  2444. ]
  2445. [[rules]]
  2446. id = "rubygems-api-token"
  2447. description = "Identified a Rubygem API token, potentially compromising Ruby library distribution and package management."
  2448. regex = '''(?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2449. keywords = [
  2450. "rubygems_",
  2451. ]
  2452. [[rules]]
  2453. id = "scalingo-api-token"
  2454. description = "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security."
  2455. regex = '''\b(tk-us-[a-zA-Z0-9-_]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2456. keywords = [
  2457. "tk-us-",
  2458. ]
  2459. [[rules]]
  2460. id = "sendbird-access-id"
  2461. description = "Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations."
  2462. regex = '''(?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2463. keywords = [
  2464. "sendbird",
  2465. ]
  2466. [[rules]]
  2467. id = "sendbird-access-token"
  2468. description = "Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data."
  2469. regex = '''(?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2470. keywords = [
  2471. "sendbird",
  2472. ]
  2473. [[rules]]
  2474. id = "sendgrid-api-token"
  2475. description = "Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure."
  2476. regex = '''(?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2477. keywords = [
  2478. "sg.",
  2479. ]
  2480. [[rules]]
  2481. id = "sendinblue-api-token"
  2482. description = "Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy."
  2483. regex = '''(?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2484. keywords = [
  2485. "xkeysib-",
  2486. ]
  2487. [[rules]]
  2488. id = "sentry-access-token"
  2489. description = "Found a Sentry Access Token, risking unauthorized access to error tracking services and sensitive application data."
  2490. regex = '''(?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2491. keywords = [
  2492. "sentry",
  2493. ]
  2494. [[rules]]
  2495. id = "shippo-api-token"
  2496. description = "Discovered a Shippo API token, potentially compromising shipping services and customer order data."
  2497. regex = '''(?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2498. keywords = [
  2499. "shippo_",
  2500. ]
  2501. [[rules]]
  2502. id = "shopify-access-token"
  2503. description = "Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches."
  2504. regex = '''shpat_[a-fA-F0-9]{32}'''
  2505. keywords = [
  2506. "shpat_",
  2507. ]
  2508. [[rules]]
  2509. id = "shopify-custom-access-token"
  2510. description = "Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security."
  2511. regex = '''shpca_[a-fA-F0-9]{32}'''
  2512. keywords = [
  2513. "shpca_",
  2514. ]
  2515. [[rules]]
  2516. id = "shopify-private-app-access-token"
  2517. description = "Identified a Shopify private app access token, risking unauthorized access to private app data and store operations."
  2518. regex = '''shppa_[a-fA-F0-9]{32}'''
  2519. keywords = [
  2520. "shppa_",
  2521. ]
  2522. [[rules]]
  2523. id = "shopify-shared-secret"
  2524. description = "Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security."
  2525. regex = '''shpss_[a-fA-F0-9]{32}'''
  2526. keywords = [
  2527. "shpss_",
  2528. ]
  2529. [[rules]]
  2530. id = "sidekiq-secret"
  2531. description = "Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches."
  2532. regex = '''(?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2533. keywords = [
  2534. "bundle_enterprise__contribsys__com","bundle_gems__contribsys__com",
  2535. ]
  2536. [[rules]]
  2537. id = "sidekiq-sensitive-url"
  2538. description = "Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details."
  2539. regex = '''(?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)'''
  2540. keywords = [
  2541. "gems.contribsys.com","enterprise.contribsys.com",
  2542. ]
  2543. [[rules]]
  2544. id = "slack-app-token"
  2545. description = "Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data."
  2546. regex = '''(?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+'''
  2547. keywords = [
  2548. "xapp",
  2549. ]
  2550. [[rules]]
  2551. id = "slack-bot-token"
  2552. description = "Identified a Slack Bot token, which may compromise bot integrations and communication channel security."
  2553. regex = '''(xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*)'''
  2554. keywords = [
  2555. "xoxb",
  2556. ]
  2557. [[rules]]
  2558. id = "slack-config-access-token"
  2559. description = "Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access."
  2560. regex = '''(?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166}'''
  2561. keywords = [
  2562. "xoxe.xoxb-","xoxe.xoxp-",
  2563. ]
  2564. [[rules]]
  2565. id = "slack-config-refresh-token"
  2566. description = "Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings."
  2567. regex = '''(?i)xoxe-\d-[A-Z0-9]{146}'''
  2568. keywords = [
  2569. "xoxe-",
  2570. ]
  2571. [[rules]]
  2572. id = "slack-legacy-bot-token"
  2573. description = "Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure."
  2574. regex = '''(xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26})'''
  2575. keywords = [
  2576. "xoxb",
  2577. ]
  2578. [[rules]]
  2579. id = "slack-legacy-token"
  2580. description = "Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data."
  2581. regex = '''xox[os]-\d+-\d+-\d+-[a-fA-F\d]+'''
  2582. keywords = [
  2583. "xoxo","xoxs",
  2584. ]
  2585. [[rules]]
  2586. id = "slack-legacy-workspace-token"
  2587. description = "Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features."
  2588. regex = '''(xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48})'''
  2589. keywords = [
  2590. "xoxa","xoxr",
  2591. ]
  2592. [[rules]]
  2593. id = "slack-user-token"
  2594. description = "Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces."
  2595. regex = '''xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}'''
  2596. keywords = [
  2597. "xoxp-","xoxe-",
  2598. ]
  2599. [[rules]]
  2600. id = "slack-webhook-url"
  2601. description = "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels."
  2602. regex = '''(https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{43,46}'''
  2603. keywords = [
  2604. "hooks.slack.com",
  2605. ]
  2606. [[rules]]
  2607. id = "snyk-api-token"
  2608. description = "Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security."
  2609. regex = '''(?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2610. keywords = [
  2611. "snyk_token","snyk_key","snyk_api_token","snyk_api_key","snyk_oauth_token",
  2612. ]
  2613. [[rules]]
  2614. id = "square-access-token"
  2615. description = "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure."
  2616. regex = '''\b((?:EAAA|sq0atp-)[\w-]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2617. keywords = [
  2618. "sq0atp-","eaaa",
  2619. ]
  2620. [[rules]]
  2621. id = "squarespace-access-token"
  2622. description = "Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace."
  2623. regex = '''(?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2624. keywords = [
  2625. "squarespace",
  2626. ]
  2627. [[rules]]
  2628. id = "stripe-access-token"
  2629. description = "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."
  2630. regex = '''(?i)\b((sk|rk)_(test|live|prod)_[0-9a-z]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2631. keywords = [
  2632. "sk_test","sk_live","sk_prod","rk_test","rk_live","rk_prod",
  2633. ]
  2634. [[rules]]
  2635. id = "sumologic-access-id"
  2636. description = "Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity."
  2637. regex = '''(?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2638. entropy = 3
  2639. keywords = [
  2640. "sumo",
  2641. ]
  2642. [rules.allowlist]
  2643. regexTarget = "line"
  2644. regexes = [
  2645. '''sumOf''',
  2646. ]
  2647. [[rules]]
  2648. id = "sumologic-access-token"
  2649. description = "Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights."
  2650. regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2651. entropy = 3
  2652. keywords = [
  2653. "sumo",
  2654. ]
  2655. [[rules]]
  2656. id = "telegram-bot-api-token"
  2657. description = "Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram."
  2658. regex = '''(?i:telegr(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)'''
  2659. keywords = [
  2660. "telegr",
  2661. ]
  2662. [[rules]]
  2663. id = "travisci-access-token"
  2664. description = "Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security."
  2665. regex = '''(?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2666. keywords = [
  2667. "travis",
  2668. ]
  2669. [[rules]]
  2670. id = "twilio-api-key"
  2671. description = "Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data."
  2672. regex = '''SK[0-9a-fA-F]{32}'''
  2673. keywords = [
  2674. "twilio",
  2675. ]
  2676. [[rules]]
  2677. id = "twitch-api-token"
  2678. description = "Discovered a Twitch API token, which could compromise streaming services and account integrations."
  2679. regex = '''(?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2680. keywords = [
  2681. "twitch",
  2682. ]
  2683. [[rules]]
  2684. id = "twitter-access-secret"
  2685. description = "Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches."
  2686. regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2687. keywords = [
  2688. "twitter",
  2689. ]
  2690. [[rules]]
  2691. id = "twitter-access-token"
  2692. description = "Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure."
  2693. regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2694. keywords = [
  2695. "twitter",
  2696. ]
  2697. [[rules]]
  2698. id = "twitter-api-key"
  2699. description = "Identified a Twitter API Key, which may compromise Twitter application integrations and user data security."
  2700. regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2701. keywords = [
  2702. "twitter",
  2703. ]
  2704. [[rules]]
  2705. id = "twitter-api-secret"
  2706. description = "Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access."
  2707. regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2708. keywords = [
  2709. "twitter",
  2710. ]
  2711. [[rules]]
  2712. id = "twitter-bearer-token"
  2713. description = "Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter."
  2714. regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2715. keywords = [
  2716. "twitter",
  2717. ]
  2718. [[rules]]
  2719. id = "typeform-api-token"
  2720. description = "Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection."
  2721. regex = '''(?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2722. keywords = [
  2723. "tfp_",
  2724. ]
  2725. [[rules]]
  2726. id = "vault-batch-token"
  2727. description = "Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data."
  2728. regex = '''(?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2729. keywords = [
  2730. "hvb",
  2731. ]
  2732. [[rules]]
  2733. id = "vault-service-token"
  2734. description = "Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials."
  2735. regex = '''\b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2736. entropy = 3.5
  2737. keywords = [
  2738. "hvs","s.",
  2739. ]
  2740. [rules.allowlist]
  2741. regexes = [
  2742. '''s\.[A-Za-z]{24}''',
  2743. ]
  2744. [[rules]]
  2745. id = "yandex-access-token"
  2746. description = "Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy."
  2747. regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2748. keywords = [
  2749. "yandex",
  2750. ]
  2751. [[rules]]
  2752. id = "yandex-api-key"
  2753. description = "Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation."
  2754. regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2755. keywords = [
  2756. "yandex",
  2757. ]
  2758. [[rules]]
  2759. id = "yandex-aws-access-token"
  2760. description = "Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud."
  2761. regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2762. keywords = [
  2763. "yandex",
  2764. ]
  2765. [[rules]]
  2766. id = "zendesk-secret-key"
  2767. description = "Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data."
  2768. regex = '''(?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  2769. keywords = [
  2770. "zendesk",
  2771. ]