credsweeper.filters package¶
Subpackages¶
- credsweeper.filters.group package
- Submodules
- credsweeper.filters.group.general_keyword module
- credsweeper.filters.group.general_pattern module
- credsweeper.filters.group.group module
- credsweeper.filters.group.password_keyword module
- credsweeper.filters.group.token_pattern module
- credsweeper.filters.group.url_credentials_group module
- credsweeper.filters.group.weird_base36_token module
- credsweeper.filters.group.weird_base64_token module
- Module contents
Submodules¶
credsweeper.filters.filter module¶
- class credsweeper.filters.filter.Filter(config)[source]¶
Bases:
object
Base class for all filters that operates on ‘line_data’ objects.
- abstract run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.line_specific_key_check module¶
- class credsweeper.filters.line_specific_key_check.LineSpecificKeyCheck(config=None)[source]¶
Bases:
Filter
Check that values from list below is not in candidate line.
- NOT_ALLOWED = ['example', 'enc\\(', 'enc\\[', 'true', 'false']¶
- NOT_ALLOWED_PATTERN = re.compile('(?:example|enc\\(|enc\\[|true|false)', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.separator_unusual_check module¶
- class credsweeper.filters.separator_unusual_check.SeparatorUnusualCheck(config=None)[source]¶
Bases:
Filter
Check that candidate have no double symbol ops (like ++, –, <<) or comparison ops (like != or ==) as separator.
Example
pwd == ‘value’ pwd != ‘value’ pwd << value
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_allowlist_check module¶
- class credsweeper.filters.value_allowlist_check.ValueAllowlistCheck(config=None)[source]¶
Bases:
Filter
Check that patterns from the list is not present in the candidate value.
- ALLOWED = ['ENC\\(.*\\)', 'ENC\\[.*\\]', '\\$\\{.*\\}', '#\\{.*\\}', '\\{\\{.+\\}\\}', '([.a-z0-9]|->)+\\(.*\\)', '\\S{0,5}\\*{5,}', '.*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@.*']¶
- ALLOWED_PATTERN = re.compile('(?:ENC\\(.*\\)|ENC\\[.*\\]|\\$\\{.*\\}|#\\{.*\\}|\\{\\{.+\\}\\}|([.a-z0-9]|->)+\\(.*\\)|\\S{0,5}\\*{5,}|.*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@.*)', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_array_dictionary_check module¶
- class credsweeper.filters.value_array_dictionary_check.ValueArrayDictionaryCheck(config=None)[source]¶
Bases:
Filter
Match call to dictionary or array element.
- This filter checks only calls, not declarations:
token = values[i] would be filtered token = {‘root’} would be kept
- PATTERN = re.compile('\\[(\'|\\")?.+(\'|\\")?\\]')¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_atlassian_token_check module¶
- class credsweeper.filters.value_atlassian_token_check.ValueAtlassianTokenCheck(config=None)[source]¶
Bases:
Filter
Check that candidate have a known structure
- static check_atlassian_struct(value)[source]¶
Returns False if value is valid for atlassian structure ‘integer:bytes’
- Return type:
- static check_crc32_struct(value)[source]¶
Returns False if value is valid for bitbucket app password structure ‘payload:crc32’
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_base32_data_check module¶
- class credsweeper.filters.value_base32_data_check.ValueBase32DataCheck(config=None)[source]¶
Bases:
Filter
Check that candidate is NOT an ascii encoded string with entropy check
- run(line_data, target)[source]¶
Run filter checks on received weird base32 token which must be a random string
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, when need to filter candidate and False if left
credsweeper.filters.value_base64_data_check module¶
- class credsweeper.filters.value_base64_data_check.ValueBase64DataCheck(config=None)[source]¶
Bases:
Filter
Check that candidate is NOT an ascii encoded string with entropy check
- run(line_data, target)[source]¶
Run filter checks on received weird base64 token which must be a random string
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, when need to filter candidate and False if left
credsweeper.filters.value_base64_encoded_pem_check module¶
- class credsweeper.filters.value_base64_encoded_pem_check.ValueBase64EncodedPem(config=None)[source]¶
Bases:
Filter
Check that candidate contains base64 encoded pem private key
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_base64_key_check module¶
- class credsweeper.filters.value_base64_key_check.ValueBase64KeyCheck(config=None)[source]¶
Bases:
Filter
Check that candidate contains base64 encoded private key
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_blocklist_check module¶
- class credsweeper.filters.value_blocklist_check.ValueBlocklistCheck(config=None)[source]¶
Bases:
Filter
Check that words from block list is lest that 70% of candidate value length.
- NOT_ALLOWED = ['true', 'false', 'null', 'bearer', 'string']¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_camel_case_check module¶
- class credsweeper.filters.value_camel_case_check.ValueCamelCaseCheck(config=None)[source]¶
Bases:
Filter
Check that candidate is not written in camel case.
- CAMEL_CASE = ['^([a-z]+([A-Z][a-z]+)+)$', '^([A-Z][a-z]+([A-Z][a-z]+)+)$']¶
- CAMEL_CASE_PATTERN = re.compile('(?:^([a-z]+([A-Z][a-z]+)+)$|^([A-Z][a-z]+([A-Z][a-z]+)+)$)')¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_couple_keyword_check module¶
- class credsweeper.filters.value_couple_keyword_check.ValueCoupleKeywordCheck(config=None)[source]¶
Bases:
Filter
Check value if TWO words from morphemes checklist exists in value
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_dictionary_keyword_check module¶
- class credsweeper.filters.value_dictionary_keyword_check.ValueDictionaryKeywordCheck(config=None)[source]¶
Bases:
Filter
Check that no word from dictionary present in the candidate value.
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_dictionary_value_length_check module¶
- class credsweeper.filters.value_dictionary_value_length_check.ValueDictionaryValueLengthCheck(config=None)[source]¶
Bases:
Filter
Check that candidate length is between 5 and 30.
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_entropy_base32_check module¶
- class credsweeper.filters.value_entropy_base32_check.ValueEntropyBase32Check(config=None)[source]¶
Bases:
Filter
Check that candidate have Shanon Entropy (for [a-z0-9])
- static get_min_data_entropy(x)[source]¶
Returns average entropy for size of random data. Precalculated data is applied for speedup
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_entropy_base36_check module¶
- class credsweeper.filters.value_entropy_base36_check.ValueEntropyBase36Check(config=None)[source]¶
Bases:
Filter
Check that candidate have Shanon Entropy (for [a-z0-9])
- static get_min_data_entropy(x)[source]¶
Returns minimal entropy for size of random data. Precalculated data is applied for speedup
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_entropy_base64_check module¶
- class credsweeper.filters.value_entropy_base64_check.ValueEntropyBase64Check(config=None)[source]¶
Bases:
Filter
Check that candidate have Shanon Entropy > 3 (for HEX_CHARS or BASE36_CHARS) or > 4.5 (for BASE64_CHARS).
- static get_min_data_entropy(x)[source]¶
Returns minimal average entropy for size of random data. Precalculated round data is applied for speedup
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_file_path_check module¶
- class credsweeper.filters.value_file_path_check.ValueFilePathCheck(config=None)[source]¶
Bases:
Filter
Check that candidate value is a path or not.
Check if a value contains either ‘/’ or ‘:’ separators (but not both) and do not have any special characters ( !$@`&*()+)
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_first_word_check module¶
- class credsweeper.filters.value_first_word_check.ValueFirstWordCheck(config=None)[source]¶
Bases:
Filter
Check that secret doesn’t starts with special character.
- NOT_ALLOWED = ['\\=', '\\{', '\\)', '\\<', '\\>', '\\#', '\\:', '\\\\\\\\', '\\\\/\\\\/', '\\_', '\\/\\*', '\\%[deflspuvxz]']¶
- NOT_ALLOWED_PATTERN = re.compile('^(?:\\=|\\{|\\)|\\<|\\>|\\#|\\:|\\\\\\\\|\\\\/\\\\/|\\_|\\/\\*|\\%[deflspuvxz])', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_github_check module¶
- class credsweeper.filters.value_github_check.ValueGitHubCheck(config=None)[source]¶
Bases:
Filter
GitHub Classic Token validation
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, when need to filter candidate and False if left
credsweeper.filters.value_grafana_check module¶
- class credsweeper.filters.value_grafana_check.ValueGrafanaCheck(config=None)[source]¶
Bases:
Filter
Grafana Provisioned API Key and Access Policy Token
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, when need to filter candidate and False if left
credsweeper.filters.value_ip_check module¶
- class credsweeper.filters.value_ip_check.ValueIPCheck(config=None)[source]¶
Bases:
Filter
Filter out some of insensible IP
- FALSE_POSITIVE_MARKERS = ['version', 'oid', 'section', 'rfc']¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_jfrog_token_check module¶
- class credsweeper.filters.value_jfrog_token_check.ValueJfrogTokenCheck(config=None)[source]¶
Bases:
Filter
Check that candidate have a known structure JFROG token
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_json_web_token_check module¶
- class credsweeper.filters.value_json_web_token_check.ValueJsonWebTokenCheck(config=None)[source]¶
Bases:
Filter
Check that candidate is JWT which starts usually from ‘eyJ’ only header is parsed with “typ” or “alg” member from example of RFC7519 https://datatracker.ietf.org/doc/html/rfc7519
- run(line_data, target)[source]¶
Run filter checks on received token which might be structured.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, when need to filter candidate and False if left
credsweeper.filters.value_last_word_check module¶
- class credsweeper.filters.value_last_word_check.ValueLastWordCheck(config=None)[source]¶
Bases:
Filter
Check that secret is not short value that ends with :.
- NOT_ALLOWED_COLON_PATTERN = re.compile('.*:$', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_length_check module¶
- class credsweeper.filters.value_length_check.ValueLengthCheck(config)[source]¶
Bases:
Filter
Check if potential candidate value is not too short (longer or equal to min_len).
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_method_check module¶
- class credsweeper.filters.value_method_check.ValueMethodCheck(config=None)[source]¶
Bases:
Filter
Check if potential candidate value is a function.
Check if potential candidate value is a function by looking for ‘(’, ‘)’ or ‘function’ sub-strings in it
- PATTERN = re.compile('.*\\(.*\\).*')¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_not_allowed_pattern_check module¶
- class credsweeper.filters.value_not_allowed_pattern_check.ValueNotAllowedPatternCheck(config=None)[source]¶
Bases:
Filter
Check that secret doesn’t open or closes brackets or a new line.
- NOT_ALLOWED = ['[,<>{};\\]\\[]\\s*', '^\\s+\\\\$', '^\\s*\\\\n\\s*']¶
- NOT_ALLOWED_PATTERN = re.compile('(?:[,<>{};\\]\\[]\\s*|^\\s+\\\\$|^\\s*\\\\n\\s*)$', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_not_part_encoded_check module¶
- class credsweeper.filters.value_not_part_encoded_check.ValueNotPartEncodedCheck(config=None)[source]¶
Bases:
Filter
Check that token is not a part of encoded data.
- BASE64_ENCODED_DATA_PATTERN_AFTER = re.compile('(^|[^A-Za-z0-9]+)(?P<val>(([A-Za-z0-9=_-]{4}){4,64})|(([A-Za-z0-9=+/]{4}){4,64}))([^=A-Za-z0-9]+|$)')¶
- BASE64_ENCODED_DATA_PATTERN_BEFORE = re.compile('(^|[^A-Za-z0-9]+)(?P<val>(([A-Za-z0-9_-]{4}){16,64})|(([A-Za-z0-9+/]{4}){16,64}))([^=A-Za-z0-9]+|$)')¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_number_check module¶
- class credsweeper.filters.value_number_check.ValueNumberCheck(config=None)[source]¶
Bases:
Filter
Check value if it a value in hex or decimal representation
- DEC_VALUE_REGEX = re.compile('^-?[0-9]+[ul]*$')¶
- HEX_VALUE_REGEX = re.compile('^(0x)?[0-9a-f]+[ul]*$')¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_pattern_check module¶
- class credsweeper.filters.value_pattern_check.ValuePatternCheck(config)[source]¶
Bases:
Filter
Check if candidate value contain specific pattern.
Similar to linguistic sequences of characters, random strings shouldn’t contain math sequences of characters. Based on “How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories”, details: https://www.ndss-symposium.org/ndss-paper/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/ PatternCheck checks the occurrence in “line_data.value” of three types of sequence:
N or more identical characters in sequence, example: “AAAA”, “1111” …
N or more increasing characters sequentially, example: “abcd”, “1234” …
N or more decreasing characters sequentially, example: “dcba”, “4321” …
Default pattern LEN is 4
- ascending_pattern_check(line_data_value)[source]¶
Check if candidate value contain 4 and more ascending chars or numbers sequences.
- Arg:
line_data_value: credential candidate value
- Return type:
- Returns:
True if contain and False if not
- descending_pattern_check(line_data_value)[source]¶
Check if candidate value contain 4 and more descending chars or numbers sequences.
- Arg:
line_data_value: string variable, credential candidate value
- Return type:
- Returns:
boolean variable. True if contain and False if not
- equal_pattern_check(line_data_value)[source]¶
Check if candidate value contain 4 and more same chars or numbers sequences.
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Arg:
line_data: LineData object, credential candidate data target: multiline target from which line data was obtained
- Return type:
- Returns:
boolean variable. True, if need to filter candidate and False if left
credsweeper.filters.value_pattern_length_check module¶
- class credsweeper.filters.value_pattern_length_check.ValuePatternLengthCheck(config)[source]¶
Bases:
ValueLengthCheck
Check if potential candidate value is not too short like ValueLengthCheck but with different min_len
credsweeper.filters.value_similarity_check module¶
- class credsweeper.filters.value_similarity_check.ValueSimilarityCheck(config=None)[source]¶
Bases:
Filter
Check if candidate value is at least 70% same as candidate keyword. Like: secret = “mysecret”.
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_split_keyword_check module¶
- class credsweeper.filters.value_split_keyword_check.ValueSplitKeywordCheck(config=None)[source]¶
Bases:
Filter
Check value by splitting with standard whitespace separators and any word is not matched in checklist.
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_string_type_check module¶
- class credsweeper.filters.value_string_type_check.ValueStringTypeCheck(config)[source]¶
Bases:
Filter
Check if line_data is in source code file that require quotes for string declaration.
If it is, then checks if line_data really have string literal declaration. Comment rows in source files (start with //, /*, etc) ignored.
True if:
line_data have no value
line_data have no path
line_data is in source code file (.cpp, .py, etc.) and is not comment and contain no quotes (so no string literal declared)
False otherwise
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_token_base32_check module¶
- class credsweeper.filters.value_token_base32_check.ValueTokenBase32Check(config=None)[source]¶
Bases:
Filter
Check that candidate have good randomization
- static get_min_strength(x)[source]¶
Returns minimal strength. Precalculated data is applied for speedup
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_token_base36_check module¶
- class credsweeper.filters.value_token_base36_check.ValueTokenBase36Check(config=None)[source]¶
Bases:
Filter
Check that candidate have good randomization
- static get_min_strength(x)[source]¶
Returns minimal strength. Precalculated data is applied for speedup
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_token_base64_check module¶
- class credsweeper.filters.value_token_base64_check.ValueTokenBase64Check(config=None)[source]¶
Bases:
Filter
Check that candidate have good randomization
- static get_min_strength(x)[source]¶
Returns minimal strength. Precalculated rounded data is applied for speedup
- Return type:
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_token_check module¶
- class credsweeper.filters.value_token_check.ValueTokenCheck(config=None)[source]¶
Bases:
Filter
Check if first substring of token is shorter than 5.
Split candidate value into substrings using ` ;`{})(<>[]` separators. Check if first substring is shorter than 5
Examples
“my password” “12);password”
- SPLIT_PATTERN = ' |;|\\)|\\(|{|}|<|>|\\[|\\]|`'¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.value_useless_word_check module¶
- class credsweeper.filters.value_useless_word_check.ValueUselessWordCheck(config=None)[source]¶
Bases:
Filter
Check is candidate value contains sub-rows with operators (like ->).
- NOT_ALLOWED = ['((\\{)?(0x)+([0-9a-f]|\\%){1}.*)', '(\\-\\>.*)', '(xxxx.*)', '(\\s).*']¶
- NOT_ALLOWED_PATTERN = re.compile('(?:((\\{)?(0x)+([0-9a-f]|\\%){1}.*)|(\\-\\>.*)|(xxxx.*)|(\\s).*)', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left
credsweeper.filters.variable_not_allowed_pattern_check module¶
- class credsweeper.filters.variable_not_allowed_pattern_check.VariableNotAllowedPatternCheck(config=None)[source]¶
Bases:
Filter
Check if candidate variable is a regex placeholder or ends with match character (like + or >).
- NOT_ALLOWED = ['^([<]|\\{\\{).*', '(@.*)', '[!><+*/^|)](\\s)?$', '.*public', '.*pubkey', '.*_id$', '.*name$', '.*type$']¶
- NOT_ALLOWED_PATTERN = re.compile('(?:^([<]|\\{\\{).*|(@.*)|[!><+*/^|)](\\s)?$|.*public|.*pubkey|.*_id$|.*name$|.*type$)', re.IGNORECASE)¶
- run(line_data, target)[source]¶
Run filter checks on received credential candidate data ‘line_data’.
- Parameters:
line_data (
LineData
) – credential candidate datatarget (
AnalysisTarget
) – multiline target from which line data was obtained
- Return type:
- Returns:
True, if need to filter candidate and False if left