-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapi_patterns.yaml
More file actions
56 lines (55 loc) · 3.8 KB
/
api_patterns.yaml
File metadata and controls
56 lines (55 loc) · 3.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
api_keys:
Cloudinary: "\\bcloudinary://[a-zA-Z0-9:_-]+\\b"
Firebase URL: "(?:[a-zA-Z0-9-]+\\.)?firebaseapp\\.com\\b"
Firebase Bucket: "(?:[a-zA-Z0-9-]+\\.)?appspot\\.com\\b"
Firebase Database: "(?:[a-zA-Z0-9-]+\\.)?firebasedatabase\\.app\\b"
Slack Token: "\\b(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})\\b"
PGP Private Key Block: "-----BEGIN PGP PRIVATE KEY BLOCK-----[\\s\\S]+?-----END PGP PRIVATE KEY BLOCK-----"
Amazon AWS Access Key ID: "\\bAKIA[0-9A-Z]{16}\\b"
Amazon MWS Auth Token: "\\bamzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\\b"
Facebook Access Token: "\\bEAACEdEose0cBA[0-9A-Z]{32}\\b"
Facebook OAuth: "\\bfacebook[\\s\"']{0,2}:[\\s\"']{0,2}[0-9a-f]{32}\\b"
GitHub: "\\bgh[pous]_[0-9a-zA-Z]{36,40}\\b"
Generic API Key: "(?i)\\b(?:api[_-]?key|access[_-]?token|Bugsnag-Api-Key)[\"'\\s]?[:=]\\s*[\"']?([a-zA-Z0-9_-]{24,45})[\"']?\\b"
Generic Secret: "\\b(secret|private[_-]?key)[\\s\"']{0,2}:[\\s\"']{0,2}[0-9a-zA-Z_-]{32,45}\\b"
Google OAuth: "\\bya29\\.[A-Za-z0-9-_]{100,}\\b"
MailChimp API Key: "\\b[0-9a-f]{32}-us[0-9]{1,2}\\b"
Mailgun API Key: "\\bkey-[0-9a-zA-Z]{32}\\b"
Stripe API Key: "\\b(sk|rk)_live_[0-9a-zA-Z]{24}\\b"
Square Access Token: "\\bsq0atp-[0-9A-Za-z\\-_]{22}\\b"
Square OAuth Secret: "\\bsq0csp-[0-9A-Za-z\\-_]{43}\\b"
Twilio API Key: "\\bSK[0-9a-fA-F]{32}\\b"
Telegram Bot API Token: "\\b[0-9]+:AA[0-9A-Za-z\\-_]{33}\\b"
GitLab Personal Access Token: "\\bglpat-[0-9a-zA-Z\\-]{20}\\b"
NPM Access Token: "\\bnpm_[a-zA-Z0-9]{36}\\b"
Dropbox API Key: "\\bsl\\.[a-zA-Z0-9_-]{130}\\b"
SendGrid API Key: "\\bSG\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9_-]{43}\\b"
Mapbox API Token: "\\bpk\\.[a-zA-Z0-9]{60}|sk\\.[a-zA-Z0-9]{60}\\b"
Password in URL: "\\b[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]\\b"
PayPal Braintree Access Token: "\\baccess_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}\\b"
Picatic API Key: "\\bsk_live_[0-9a-z]{32}\\b"
Slack Webhook: "\\bhttps://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}\\b"
Laravel Environment Variables:
"APP_KEY": "\\bAPP_KEY=base64:[a-zA-Z0-9+/=]+\\b"
"DB Password": "\\bDB_PASSWORD=['\"]?[a-zA-Z0-9!@#$%^&*()_+=-]+['\"]?\\b"
"Session Encryption Key": "\\bSESSION_DRIVER=['\"]?database['\"]?\\b"
"Redis Password": "\\bREDIS_PASSWORD=['\"]?[a-zA-Z0-9!@#$%^&*()_+=-]*['\"]?\\b"
"Mail Credentials": "\\bMAIL_USERNAME=['\"]?[a-zA-Z0-9._%+-]+['\"]?\\b|\\bMAIL_PASSWORD=['\"]?[a-zA-Z0-9!@#$%^&*()_+=-]+['\"]?\\b"
"AWS Credentials": "\\bAWS_ACCESS_KEY_ID=['\"]?[A-Z0-9]{20}['\"]?\\b|\\bAWS_SECRET_ACCESS_KEY=['\"]?[A-Za-z0-9/+=]{40}['\"]?\\b"
"Meilisearch Host": "\\bMEILISEARCH_HOST=['\"]?http[s]?://[a-zA-Z0-9.:/-]+['\"]?\\b"
React App Environment Variables: "\\bREACT_APP_[A-Z0-9_]+=['\"][^'\"]+['\"]\\b"
Alibaba Cloud Access Key: "\\bLTAI[0-9A-Za-z]{20}\\b"
Grafana API Key: "\\beyJrIjoi[0-9a-zA-Z]{70,}=\\b"
OpenAI API Key: "\\bsk-[0-9a-zA-Z]{48}\\b"
Postman API Key: "\\bPMAK-[0-9a-f]{24}-[0-9a-f]{34}\\b"
GitLab CI/CD Token: "\\bglcbt-[0-9a-zA-Z\\-]{20}\\b"
OAuth2 Bearer Token: "\\bBearer [A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_.+/=]*\\b"
Grafana Service Account Token: "\\bglsa_[0-9a-f]{32}_[0-9a-f]{8}\\b"
Discord Webhook: "\\bhttps://(?:discord|discordapp)\\.com/api/webhooks/[0-9]+/[A-Za-z0-9_-]+\\b"
Heroku API Key: "\\bheroku_[A-Za-z0-9]{32}\\b"
Instagram: "\\bIG[0-9a-f]{32}\\b"
Microsoft Azure API Key: "\\bazure[A-Za-z0-9]{48}\\b"
Vercel API Token: "\\bvercel_[A-Za-z0-9]{40}\\b"
Shopify Access Token: "[xX]-[sS]hopify-([sS]torefront-)?[aA]ccess-[tT]oken(\"?)\\s*(?:[:=>]?\\s*\"?([0-9a-f]{32})\"?)?"
JWT: "\\beyJ[A-Za-z0-9-_=]+\\.[A-Za-z0-9-_=]+(?:\\.[A-Za-z0-9-_.+/=]*)?\\b"
RSA Private Key: "-----BEGIN RSA PRIVATE KEY-----\\b[\\s\\S]+?-----END RSA PRIVATE KEY-----\\b"