-
Notifications
You must be signed in to change notification settings - Fork 0
/
regex-secrets-list.txt
95 lines (95 loc) · 4.82 KB
/
regex-secrets-list.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
regex: '^.*_dsa$'
regex: '^.*_ed25519$'
regex: '^.*_ecdsa$'
regex: '\.?ssh/config$'
regex: '^key(pair)?$'
regex: '^\.?(bash_|zsh_|sh_|z)?history$'
regex: '^\.?mysql_history$'
regex: '^\.?psql_history$'
regex: '^\.?pgpass$'
regex: '^\.?irb_history$'
regex: '\.?purple/accounts\.xml$'
regex: '\.?xchat2?/servlist_?\.conf$'
regex: '\.?irssi/config$'
regex: '\.?recon-ng/keys\.db$'
regex: '^\.?dbeaver-data-sources.xml$'
regex: '^\.?muttrc$'
regex: '^\.?s3cfg$'
regex: '\.?aws/credentials$'
regex: '^sftp-config(\.json)?$'
regex: '^\.?trc$'
regex: '^\.?(bash|zsh|csh)rc$'
regex: '^\.?(bash_|zsh_)?profile$'
regex: '^\.?(bash_|zsh_)?aliases$'
regex: 'config(\.inc)?\.php$'
regex: '^key(store|ring)$'
regex: '^kdbx?$'
regex: '^sql(dump)?$'
regex: '^\.?htpasswd$'
regex: '^(\.|_)?netrc$'
regex: '\.?gem/credentials$'
regex: '^\.?tugboat$'
regex: 'doctl/config.yaml$'
regex: '^\.?git-credentials$'
regex: 'config/hub$'
regex: '^\.?gitconfig$'
regex: '\.?chef/(.*)\.pem$'
regex: 'etc/shadow$'
regex: 'etc/passwd$'
regex: '^\.?dockercfg$'
regex: '^\.?npmrc$'
regex: '^\.?env$'
regex: '(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
regex: "((\\\"|'|`)?((?i)aws)?_?((?i)access)_?((?i)key)?_?((?i)id)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}(\\\"|'|`)?)"
regex: "((\\\"|'|`)?((?i)aws)?_?((?i)account)_?((?i)id)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?[0-9]{4}-?[0-9]{4}-?[0-9]{4}(\\\"|'|`)?)"
regex: "((\\\"|'|`)?((?i)aws)?_?((?i)secret)_?((?i)access)?_?((?i)key)?_?((?i)id)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?[A-Za-z0-9/+=]{40}(\\\"|'|`)?)"
regex: "((\\\"|'|`)?((?i)aws)?_?((?i)session)?_?((?i)token)?(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?[A-Za-z0-9/+=]{16,}(\\\"|'|`)?)"
regex: "(?i)artifactory.{0,50}(\\\"|'|`)?[a-zA-Z0-9=]{112}(\\\"|'|`)?"
regex: "(?i)codeclima.{0,50}(\\\"|'|`)?[0-9a-f]{64}(\\\"|'|`)?"
regex: 'EAACEdEose0cBA[0-9A-Za-z]+'
regex: "((\\\"|'|`)?type(\\\"|'|`)?\\\\s{0,50}(:|=>|=)\\\\s{0,50}(\\\"|'|`)?service_account(\\\"|'|`)?,?)"
regex: '(?:r|s)k_[live|test]_[0-9a-zA-Z]{24}'
regex: '[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com'
regex: 'AIza[0-9A-Za-z\\-_]{35}'
regex: 'ya29\\.[0-9A-Za-z\\-_]+'
regex: 'sk_[live|test]_[0-9a-z]{32}'
regex: 'sq0atp-[0-9A-Za-z\-_]{22}'
regex: 'sq0csp-[0-9A-Za-z\-_]{43}'
regex: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
regex: 'amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
regex: 'SK[0-9a-fA-F]{32}'
regex: 'SG\.[0-9A-Za-z\-_]{22}\.[0-9A-Za-z\-_]{43}'
regex: 'key-[0-9a-zA-Z]{32}'
regex: '[0-9a-f]{32}-us[0-9]{12}'
regex: "sshpass -p.*['|\\\"]"
regex: '(https\\://outlook\\.office.com/webhook/[0-9a-f-]{36}\\@)'
regex: "(?i)sauce.{0,50}(\\\"|'|`)?[0-9a-f-]{36}(\\\"|'|`)?"
regex: '(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})'
regex: 'https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'
regex: "(?i)sonar.{0,50}(\\\"|'|`)?[0-9a-f]{40}(\\\"|'|`)?"
regex: "(?i)hockey.{0,50}(\\\"|'|`)?[0-9a-f]{32}(\\\"|'|`)?"
regex: '([\w+]{1,24})(://)([^$<]{1})([^\s";]{1,}):([^$<]{1})([^\s";/]{1,})@[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,24}([^\s]+)'
regex: 'oy2[a-z0-9]{43}'
regex: 'hawk\.[0-9A-Za-z\-_]{20}\.[0-9A-Za-z\-_]{20}'
regex: '.remote-sync.json$'
regex: '.esmtprc$'
regex: '^deployment-config.json?$'
regex: '.ftpconfig$'
regex: '-----BEGIN (EC|RSA|DSA|OPENSSH|PGP) PRIVATE KEY'
regex: 'define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?[''|"].{10,120}[''|"]'
regex: '(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'
regex: '(?i)(facebook|fb)(.{0,20})?(?-i)[''\"][0-9a-f]{32}[''\"]'
regex: '(?i)(facebook|fb)(.{0,20})?[''\"][0-9]{13,17}[''\"]'
regex: '(?i)twitter(.{0,20})?[''\"][0-9a-z]{35,44}[''\"]'
regex: '(?i)twitter(.{0,20})?[''\"][0-9a-z]{18,25}[''\"]'
regex: '(?i)github(.{0,20})?(?-i)[''\"][0-9a-zA-Z]{35,40}[''\"]'
regex: '(?i)heroku(.{0,20})?[''"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}[''"]'
regex: '(?i)linkedin(.{0,20})?(?-i)[''\"][0-9a-z]{12}[''\"]'
regex: '(?i)linkedin(.{0,20})?[''\"][0-9a-z]{16}[''\"]'
regex: '\.?idea[\\\/]WebServers.xml$'
regex: '\.?vscode[\\\/]sftp.json$'
regex: 'web[\\\/]ruby[\\\/]secrets.yml'
regex: '\.?docker[\\\/]config.json$'
name: 'Docker registry authentication file'
regex: 'ruby[\\\/]config[\\\/]master.key$'
regex: '\.?mozilla[\\\/]firefox[\\\/]logins.json$'