credsweeper.filters package

Subpackages

Submodules

credsweeper.filters.filter module

class credsweeper.filters.filter.Filter(config)[source]

Bases: object

Base class for all filters that operates on ‘line_data’ objects.

abstract run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.line_specific_key_check module

class credsweeper.filters.line_specific_key_check.LineSpecificKeyCheck(config=None)[source]

Bases: Filter

Check that values from list below is not in candidate line.

NOT_ALLOWED = ['example', 'enc\\(', 'enc\\[', 'true', 'false']
NOT_ALLOWED_PATTERN = re.compile('(?:example|enc\\(|enc\\[|true|false)', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.separator_unusual_check module

class credsweeper.filters.separator_unusual_check.SeparatorUnusualCheck(config=None)[source]

Bases: Filter

Check that candidate have no double symbol ops (like ++, –, <<) or comparison ops (like != or ==) as separator.

Example

pwd == ‘value’ pwd != ‘value’ pwd << value

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_allowlist_check module

class credsweeper.filters.value_allowlist_check.ValueAllowlistCheck(config=None)[source]

Bases: Filter

Check that patterns from the list is not present in the candidate value.

ALLOWED = ['ENC\\(.*\\)', 'ENC\\[.*\\]', '\\$\\{.*\\}', '#\\{.*\\}', '\\{\\{.+\\}\\}', '([.a-z0-9]|->)+\\(.*\\)', '\\S{0,5}\\*{5,}', '.*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@.*']
ALLOWED_PATTERN = re.compile('(?:ENC\\(.*\\)|ENC\\[.*\\]|\\$\\{.*\\}|#\\{.*\\}|\\{\\{.+\\}\\}|([.a-z0-9]|->)+\\(.*\\)|\\S{0,5}\\*{5,}|.*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@.*)', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_array_dictionary_check module

class credsweeper.filters.value_array_dictionary_check.ValueArrayDictionaryCheck(config=None)[source]

Bases: Filter

Match call to dictionary or array element.

This filter checks only calls, not declarations:

token = values[i] would be filtered token = {‘root’} would be kept

PATTERN = re.compile('\\[(\'|\\")?.+(\'|\\")?\\]')
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_atlassian_token_check module

class credsweeper.filters.value_atlassian_token_check.ValueAtlassianTokenCheck(config=None)[source]

Bases: Filter

Check that candidate have a known structure

static check_atlassian_struct(value)[source]

Returns False if value is valid for atlassian structure ‘integer:bytes’

Return type:

bool

static check_crc32_struct(value)[source]

Returns False if value is valid for bitbucket app password structure ‘payload:crc32’

Return type:

bool

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_base32_data_check module

class credsweeper.filters.value_base32_data_check.ValueBase32DataCheck(config=None)[source]

Bases: Filter

Check that candidate is NOT an ascii encoded string with entropy check

run(line_data, target)[source]

Run filter checks on received weird base32 token which must be a random string

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_base64_data_check module

class credsweeper.filters.value_base64_data_check.ValueBase64DataCheck(config=None)[source]

Bases: Filter

Check that candidate is NOT an ascii encoded string with entropy check

run(line_data, target)[source]

Run filter checks on received weird base64 token which must be a random string

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_base64_encoded_pem_check module

class credsweeper.filters.value_base64_encoded_pem_check.ValueBase64EncodedPem(config=None)[source]

Bases: Filter

Check that candidate contains base64 encoded pem private key

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_base64_key_check module

class credsweeper.filters.value_base64_key_check.ValueBase64KeyCheck(config=None)[source]

Bases: Filter

Check that candidate contains base64 encoded private key

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_blocklist_check module

class credsweeper.filters.value_blocklist_check.ValueBlocklistCheck(config=None)[source]

Bases: Filter

Check that words from block list is lest that 70% of candidate value length.

NOT_ALLOWED = ['true', 'false', 'null', 'bearer', 'string']
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_camel_case_check module

class credsweeper.filters.value_camel_case_check.ValueCamelCaseCheck(config=None)[source]

Bases: Filter

Check that candidate is not written in camel case.

CAMEL_CASE = ['^([a-z]+([A-Z][a-z]+)+)$', '^([A-Z][a-z]+([A-Z][a-z]+)+)$']
CAMEL_CASE_PATTERN = re.compile('(?:^([a-z]+([A-Z][a-z]+)+)$|^([A-Z][a-z]+([A-Z][a-z]+)+)$)')
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_couple_keyword_check module

class credsweeper.filters.value_couple_keyword_check.ValueCoupleKeywordCheck(config=None)[source]

Bases: Filter

Check value if TWO words from morphemes checklist exists in value

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_dictionary_keyword_check module

class credsweeper.filters.value_dictionary_keyword_check.ValueDictionaryKeywordCheck(config=None)[source]

Bases: Filter

Check that no word from dictionary present in the candidate value.

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_dictionary_value_length_check module

class credsweeper.filters.value_dictionary_value_length_check.ValueDictionaryValueLengthCheck(config=None)[source]

Bases: Filter

Check that candidate length is between 5 and 30.

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_entropy_base32_check module

class credsweeper.filters.value_entropy_base32_check.ValueEntropyBase32Check(config=None)[source]

Bases: Filter

Check that candidate have Shanon Entropy (for [a-z0-9])

static get_min_data_entropy(x)[source]

Returns average entropy for size of random data. Precalculated data is applied for speedup

Return type:

float

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_entropy_base36_check module

class credsweeper.filters.value_entropy_base36_check.ValueEntropyBase36Check(config=None)[source]

Bases: Filter

Check that candidate have Shanon Entropy (for [a-z0-9])

static get_min_data_entropy(x)[source]

Returns minimal entropy for size of random data. Precalculated data is applied for speedup

Return type:

float

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_entropy_base64_check module

class credsweeper.filters.value_entropy_base64_check.ValueEntropyBase64Check(config=None)[source]

Bases: Filter

Check that candidate have Shanon Entropy > 3 (for HEX_CHARS or BASE36_CHARS) or > 4.5 (for BASE64_CHARS).

static get_min_data_entropy(x)[source]

Returns minimal average entropy for size of random data. Precalculated round data is applied for speedup

Return type:

float

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_file_path_check module

class credsweeper.filters.value_file_path_check.ValueFilePathCheck(config=None)[source]

Bases: Filter

Check that candidate value is a path or not.

Check if a value contains either ‘/’ or ‘:’ separators (but not both) and do not have any special characters ( !$@`&*()+)

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_first_word_check module

class credsweeper.filters.value_first_word_check.ValueFirstWordCheck(config=None)[source]

Bases: Filter

Check that secret doesn’t starts with special character.

NOT_ALLOWED = ['\\=', '\\{', '\\)', '\\<', '\\>', '\\#', '\\:', '\\\\\\\\', '\\\\/\\\\/', '\\_', '\\/\\*', '\\%[deflspuvxz]']
NOT_ALLOWED_PATTERN = re.compile('^(?:\\=|\\{|\\)|\\<|\\>|\\#|\\:|\\\\\\\\|\\\\/\\\\/|\\_|\\/\\*|\\%[deflspuvxz])', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_github_check module

class credsweeper.filters.value_github_check.ValueGitHubCheck(config=None)[source]

Bases: Filter

GitHub Classic Token validation

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_grafana_check module

class credsweeper.filters.value_grafana_check.ValueGrafanaCheck(config=None)[source]

Bases: Filter

Grafana Provisioned API Key and Access Policy Token

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_ip_check module

class credsweeper.filters.value_ip_check.ValueIPCheck(config=None)[source]

Bases: Filter

Filter out some of insensible IP

FALSE_POSITIVE_MARKERS = ['version', 'oid', 'section', 'rfc']
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_jfrog_token_check module

class credsweeper.filters.value_jfrog_token_check.ValueJfrogTokenCheck(config=None)[source]

Bases: Filter

Check that candidate have a known structure JFROG token

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_json_web_token_check module

class credsweeper.filters.value_json_web_token_check.ValueJsonWebTokenCheck(config=None)[source]

Bases: Filter

Check that candidate is JWT which starts usually from ‘eyJ’ only header is parsed with “typ” or “alg” member from example of RFC7519 https://datatracker.ietf.org/doc/html/rfc7519

run(line_data, target)[source]

Run filter checks on received token which might be structured.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_last_word_check module

class credsweeper.filters.value_last_word_check.ValueLastWordCheck(config=None)[source]

Bases: Filter

Check that secret is not short value that ends with :.

NOT_ALLOWED_COLON_PATTERN = re.compile('.*:$', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_length_check module

class credsweeper.filters.value_length_check.ValueLengthCheck(config)[source]

Bases: Filter

Check if potential candidate value is not too short (longer or equal to min_len).

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_method_check module

class credsweeper.filters.value_method_check.ValueMethodCheck(config=None)[source]

Bases: Filter

Check if potential candidate value is a function.

Check if potential candidate value is a function by looking for ‘(’, ‘)’ or ‘function’ sub-strings in it

PATTERN = re.compile('.*\\(.*\\).*')
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_not_allowed_pattern_check module

class credsweeper.filters.value_not_allowed_pattern_check.ValueNotAllowedPatternCheck(config=None)[source]

Bases: Filter

Check that secret doesn’t open or closes brackets or a new line.

NOT_ALLOWED = ['[,<>{};\\]\\[]\\s*', '^\\s+\\\\$', '^\\s*\\\\n\\s*']
NOT_ALLOWED_PATTERN = re.compile('(?:[,<>{};\\]\\[]\\s*|^\\s+\\\\$|^\\s*\\\\n\\s*)$', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_not_part_encoded_check module

class credsweeper.filters.value_not_part_encoded_check.ValueNotPartEncodedCheck(config=None)[source]

Bases: Filter

Check that token is not a part of encoded data.

BASE64_ENCODED_DATA_PATTERN_AFTER = re.compile('(^|[^A-Za-z0-9]+)(?P<val>(([A-Za-z0-9=_-]{4}){4,64})|(([A-Za-z0-9=+/]{4}){4,64}))([^=A-Za-z0-9]+|$)')
BASE64_ENCODED_DATA_PATTERN_BEFORE = re.compile('(^|[^A-Za-z0-9]+)(?P<val>(([A-Za-z0-9_-]{4}){16,64})|(([A-Za-z0-9+/]{4}){16,64}))([^=A-Za-z0-9]+|$)')
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_number_check module

class credsweeper.filters.value_number_check.ValueNumberCheck(config=None)[source]

Bases: Filter

Check value if it a value in hex or decimal representation

DEC_VALUE_REGEX = re.compile('^-?[0-9]+[ul]*$')
HEX_VALUE_REGEX = re.compile('^(0x)?[0-9a-f]+[ul]*$')
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_pattern_check module

class credsweeper.filters.value_pattern_check.ValuePatternCheck(config)[source]

Bases: Filter

Check if candidate value contain specific pattern.

Similar to linguistic sequences of characters, random strings shouldn’t contain math sequences of characters. Based on “How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories”, details: https://www.ndss-symposium.org/ndss-paper/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/ PatternCheck checks the occurrence in “line_data.value” of three types of sequence:

  • N or more identical characters in sequence, example: “AAAA”, “1111” …

  • N or more increasing characters sequentially, example: “abcd”, “1234” …

  • N or more decreasing characters sequentially, example: “dcba”, “4321” …

Default pattern LEN is 4

ascending_pattern_check(line_data_value)[source]

Check if candidate value contain 4 and more ascending chars or numbers sequences.

Arg:

line_data_value: credential candidate value

Return type:

bool

Returns:

True if contain and False if not

descending_pattern_check(line_data_value)[source]

Check if candidate value contain 4 and more descending chars or numbers sequences.

Arg:

line_data_value: string variable, credential candidate value

Return type:

bool

Returns:

boolean variable. True if contain and False if not

equal_pattern_check(line_data_value)[source]

Check if candidate value contain 4 and more same chars or numbers sequences.

Parameters:

line_data_value (str) – string variable, credential candidate value

Return type:

bool

Returns:

True if contain and False if not

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Arg:

line_data: LineData object, credential candidate data target: multiline target from which line data was obtained

Return type:

bool

Returns:

boolean variable. True, if need to filter candidate and False if left

credsweeper.filters.value_pattern_length_check module

class credsweeper.filters.value_pattern_length_check.ValuePatternLengthCheck(config)[source]

Bases: ValueLengthCheck

Check if potential candidate value is not too short like ValueLengthCheck but with different min_len

credsweeper.filters.value_similarity_check module

class credsweeper.filters.value_similarity_check.ValueSimilarityCheck(config=None)[source]

Bases: Filter

Check if candidate value is at least 70% same as candidate keyword. Like: secret = “mysecret”.

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_split_keyword_check module

class credsweeper.filters.value_split_keyword_check.ValueSplitKeywordCheck(config=None)[source]

Bases: Filter

Check value by splitting with standard whitespace separators and any word is not matched in checklist.

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_string_type_check module

class credsweeper.filters.value_string_type_check.ValueStringTypeCheck(config)[source]

Bases: Filter

Check if line_data is in source code file that require quotes for string declaration.

If it is, then checks if line_data really have string literal declaration. Comment rows in source files (start with //, /*, etc) ignored.

True if:

  • line_data have no value

  • line_data have no path

  • line_data is in source code file (.cpp, .py, etc.) and is not comment and contain no quotes (so no string literal declared)

False otherwise

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_base32_check module

class credsweeper.filters.value_token_base32_check.ValueTokenBase32Check(config=None)[source]

Bases: Filter

Check that candidate have good randomization

static get_min_strength(x)[source]

Returns minimal strength. Precalculated data is applied for speedup

Return type:

float

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_base36_check module

class credsweeper.filters.value_token_base36_check.ValueTokenBase36Check(config=None)[source]

Bases: Filter

Check that candidate have good randomization

static get_min_strength(x)[source]

Returns minimal strength. Precalculated data is applied for speedup

Return type:

float

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_base64_check module

class credsweeper.filters.value_token_base64_check.ValueTokenBase64Check(config=None)[source]

Bases: Filter

Check that candidate have good randomization

static get_min_strength(x)[source]

Returns minimal strength. Precalculated rounded data is applied for speedup

Return type:

float

run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_check module

class credsweeper.filters.value_token_check.ValueTokenCheck(config=None)[source]

Bases: Filter

Check if first substring of token is shorter than 5.

Split candidate value into substrings using ` ;`{})(<>[]` separators. Check if first substring is shorter than 5

Examples

“my password” “12);password”

SPLIT_PATTERN = ' |;|\\)|\\(|{|}|<|>|\\[|\\]|`'
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_useless_word_check module

class credsweeper.filters.value_useless_word_check.ValueUselessWordCheck(config=None)[source]

Bases: Filter

Check is candidate value contains sub-rows with operators (like ->).

NOT_ALLOWED = ['((\\{)?(0x)+([0-9a-f]|\\%){1}.*)', '(\\-\\>.*)', '(xxxx.*)', '(\\s).*']
NOT_ALLOWED_PATTERN = re.compile('(?:((\\{)?(0x)+([0-9a-f]|\\%){1}.*)|(\\-\\>.*)|(xxxx.*)|(\\s).*)', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.variable_not_allowed_pattern_check module

class credsweeper.filters.variable_not_allowed_pattern_check.VariableNotAllowedPatternCheck(config=None)[source]

Bases: Filter

Check if candidate variable is a regex placeholder or ends with match character (like + or >).

NOT_ALLOWED = ['^([<]|\\{\\{).*', '(@.*)', '[!><+*/^|)](\\s)?$', '.*public', '.*pubkey', '.*_id$', '.*name$', '.*type$']
NOT_ALLOWED_PATTERN = re.compile('(?:^([<]|\\{\\{).*|(@.*)|[!><+*/^|)](\\s)?$|.*public|.*pubkey|.*_id$|.*name$|.*type$)', re.IGNORECASE)
run(line_data, target)[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

  • line_data (LineData) – credential candidate data

  • target (AnalysisTarget) – multiline target from which line data was obtained

Return type:

bool

Returns:

True, if need to filter candidate and False if left

Module contents