1- name: DOC_GET
2 severity: medium
3 confidence: moderate
4 type: pattern
5 values:
6 - (?P<variable>(\w*(?i:비밀번호|비번|패스워드|키|암호화?|토큰|(?<!by)pass(?!e[dns]|ing|ion|age)|\bpwd?\b|token(?!ize)|secret|key(?!word|board|pad)|cred)\w*)\s*(설정은|[=:!]{1,3}))?\s*([._0-9A-Za-z\[\]]*get(env)?\s*\(\s*(?(variable)[^,]+|[\"'\\]*(\\*([\"']|&(quot|apos|#3[49]);)){0,4}(\w*(?i:(?<!by)pass(?!e[dns]|ing|ion|age|\s+[a-z]{3,64})|\bpwd?\b|token|secret|key|cred)\w*))(\\*([\"']|&(quot|apos|#3[49]);)){0,4})\s*(,(\s*default\s*=)?|\)\s*or)\s*([brufl@]{1,2}(?=\\*[\"'&]))?(?P<lq>(\\*([\"']|&(quot|apos|#3[49]);)){1,4})(?P<value>(.(?!(?P=lq))){4,8000}.?)
7 filter_type:
8 - ValueAllowlistCheck
9 - ValueBlocklistCheck
10 - LineGitBinaryCheck
11 - LineUUEPartCheck
12 - ValueFilePathCheck
13 - ValuePatternCheck(5)
14 min_line_len: 8
15 required_substrings:
16 - pass
17 - pw
18 - token
19 - secret
20 - key
21 - cred
22 - 비밀번호
23 - 비번
24 - 패스워드
25 - 암호
26 - 키
27 - 토큰
28 target:
29 - doc
30 use_ml: true
31
32- name: DOC_CREDENTIALS
33 severity: medium
34 confidence: moderate
35 type: pattern
36 values:
37 - (?P<wrap>[\"'`(])?\s*(?P<variable>(\w*(?i:(?<!by)passw?o?r?d?s?(?!e[dns]|ing|ion|age)|pwd?\b|\bp/w\b|token(?!ize)|secret|key(?!word|board|pad)|credential)\w*|비밀번호|비번|패스워드|키|암호화?|토큰))[\"'`]*(\s+(?i:is|are|was|were)(\s*[:-])?\s+|\s*(?P<separator>설정은|:=|:(?!:)|=(>|>|(\\\\*u00|%)26gt;)|!==|!=|===|==|=~|=|%3[Dd])\s*)(?P<quote>[\"'`]{1,6})?(?P<value>(?(quote)(?(wrap)[^\"'`)]{4,8000}|[^\"'`]{4,8000})|(?(wrap)[^\"'`)]{4,8000}|\S{4,8000})))
38 filter_type:
39 - ValueAllowlistCheck
40 - ValueBlocklistCheck
41 - LineGitBinaryCheck
42 - LineUUEPartCheck
43 - ValueFilePathCheck
44 - ValuePatternCheck(5)
45 - ValueSealedSecretCheck
46 min_line_len: 8
47 required_substrings:
48 - pass
49 - sword
50 - pw
51 - p/w
52 - paasw
53 - 비밀번호
54 - 비번
55 - 패스워드
56 - 암호
57 - token
58 - secret
59 - key
60 - credential
61 - 키
62 - 토큰
63 target:
64 - doc
65 use_ml: true
66
67- name: SECRET_PAIR
68 severity: medium
69 confidence: moderate
70 type: pattern
71 values:
72 - (?P<variable>[\"'`]?(?i:token|secret|key|키|암호화?|토큰)[\"'`]?)((\s)*(?P<separator>설정은|:=|:(?!:)|=(>|>|(\\\\*u00|%)26gt;)|!==|!=|===|==|=~|=|%3[Dd])(\s)*)(?P<quote>[\"'`(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,80}(?(a)(?(b)(?(c)((?(quote)[^)\"'`]{1,8000}|([0-9A-Za-z/_+=~!@#$%^&*;:?-]{1,8000}|\b))|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)\"'`])
73 filter_type:
74 - ValueAllowlistCheck
75 - ValuePatternCheck(4)
76 - ValueEntropyBase64Check
77 - ValueMorphemesCheck
78 - ValueSealedSecretCheck
79 min_line_len: 16
80 required_substrings:
81 - token
82 - secret
83 - key
84 - 키
85 - 암호
86 - 토큰
87 target:
88 - doc
89 use_ml: true
90
91- name: PASSWD_PAIR
92 severity: medium
93 confidence: moderate
94 type: pattern
95 values:
96 - (?P<variable>[\"'`]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[\"'`]?)((\s)*(?P<separator>설정은|:=|:(?!:)|=(>|>|(\\\\*u00|%)26gt;)|!==|!=|===|==|=~|=|%3[Dd])(\s)*)(?P<quote>[\"'`(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,64}(?(a)(?(b)(?(c)((?(quote)[^)\"'`]{1,8000}|([0-9A-Za-z/_+=~!@#$%^&*;:?-]{1,8000}|\b))|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)\"'`])
97 filter_type:
98 - ValueAllowlistCheck
99 - ValuePatternCheck(4)
100 - ValueDictionaryKeywordCheck
101 - LineGitBinaryCheck
102 - LineUUEPartCheck
103 - ValueFilePathCheck
104 - ValueHexNumberCheck
105 - ValueSealedSecretCheck
106 min_line_len: 10
107 required_substrings:
108 - pass
109 - sword
110 - pw
111 - p/w
112 - paasw
113 - 비밀번호
114 - 비번
115 - 패스워드
116 - 암호
117 target:
118 - doc
119 use_ml: true
120
121- name: IP_ID_PASSWORD_TRIPLE
122 severity: medium
123 confidence: moderate
124 type: pattern
125 values:
126 - (^|\s|(?P<variable>(?i:\bip[\s/]{1,80}id[\s/]{1,80}pw[\s/:]{0,80}))|(?P<url>://))(?P<ip>(?<![0-9.])[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}(?![0-9.]))((\s*[(])?|(?(variable)[\s,/]{1,80}|(?(url)[,]|[,/])))\s*\w[\w.-]{3,80}[\s,/]{1,80}(?P<value>(?(url)(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_+=~!@#$%^&*;?-])){7,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)|(?-i:(?P<e>[A-Z])|(?P<f>[a-z])|(?P<g>[0-9/_+=~!@#$%^&*;?-])){7,64}(?(e)(?(f)(?(g)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)))(?:\s|[^/]|$)
127 filter_type:
128 - ValueAllowlistCheck
129 - ValuePatternCheck(4)
130 - ValueDictionaryKeywordCheck
131 min_line_len: 10
132 required_substrings:
133 - "."
134 target:
135 - doc
136 use_ml: true
137
138- name: ID_PAIR_PASSWD_PAIR
139 severity: medium
140 confidence: moderate
141 type: pattern
142 values:
143 - (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*(?P<quote>[\"'`]{1,8})?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)(?P=quote)|(\s|$))
144 - (?P<ddash>--)?(?P<variable>(?i:user\s*)?(?i:id|login|account|root|admin|user|name|wifi|role|host|default|계정|아이디))\s*?(?(ddash)[ =]|[ :=])\s*?(?P<value>\S+)
145 filter_type:
146 - ValueAllowlistCheck
147 - ValuePatternCheck(4)
148 min_line_len: 10
149 required_substrings:
150 - pass
151 - sword
152 - p/w
153 - pw
154 - 비밀번호
155 - 비번
156 - 패스워드
157 - 암호
158 target:
159 - doc
160 use_ml: true
161
162- name: ID_PASSWD_PAIR
163 severity: medium
164 confidence: moderate
165 type: pattern
166 values:
167 - (?P<variable>[\w.-]{0,80}(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]{0,80}(?(id)[ :(/]{1,80}|[:(/]{1,80})(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]{1,80}|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,64})[ :\(/\"',]{1,80}(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))
168 filter_type:
169 - ValueAllowlistCheck
170 - ValuePatternCheck(4)
171 - ValueDictionaryKeywordCheck
172 min_line_len: 10
173 required_substrings:
174 - pw
175 - pass
176 - sword
177 - 비밀번호
178 - 비번
179 - 패스워드
180 - 암호
181 target:
182 - doc
183 use_ml: true
184
185- name: UUID
186 severity: info
187 confidence: strong
188 type: pattern
189 values:
190 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-F]{8}(-[0-9A-F]{4}){3}-[0-9A-F]{12}|[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12})(?![0-9A-Za-z_+-])
191 min_line_len: 36
192 required_substrings:
193 - "-"
194 filter_type:
195 - ValuePatternCheck(4)
196 use_ml: false
197 target:
198 - code
199 - doc
200
201- name: Akamai Credentials
202 severity: high
203 confidence: strong
204 type: pattern
205 values:
206 - (?P<value>akab-[0-9a-z]{16}-[0-9a-z]{16})(?!\.[0-9a-z-]{1,80}\.akamaiapis\.net)
207 filter_type: GeneralPattern
208 required_substrings:
209 - akab-
210 min_line_len: 38
211 target:
212 - code
213 - doc
214
215- name: Amazon Bedrock API Key
216 severity: high
217 confidence: moderate
218 type: pattern
219 values:
220 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(ABSK|bedrock-api-key-)[0-9A-Za-z/+]{28,800})(?![0-9A-Za-z/+])
221 filter_type: GeneralPattern
222 required_substrings:
223 - ABSK
224 - bedrock-api-key-
225 min_line_len: 44
226 target:
227 - code
228 - doc
229
230- name: AWS Client ID
231 severity: high
232 confidence: moderate
233 type: pattern
234 values:
235 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(A3T[0-9A-Z]|ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16,17})(?![0-9A-Za-z_+-])
236 filter_type: GeneralPattern
237 required_substrings:
238 - A3T
239 - ABIA
240 - ACCA
241 - AGPA
242 - AIDA
243 - AIPA
244 - AKIA
245 - ANPA
246 - ANVA
247 - AROA
248 - APKA
249 - ASCA
250 - ASIA
251 min_line_len: 20
252 required_regex: "[0-9A-Za-z_/+-]{15}"
253 target:
254 - code
255 - doc
256
257- name: AWS Multi
258 severity: high
259 confidence: moderate
260 type: multi
261 values:
262 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>A(KIA|SIA)[0-9A-Z]{16})(?![0-9A-Za-z_])
263 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>((?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/+])){40,44}(?(a)(?(b)(?(c)\b|(?!x)x)|(?!x)x)|(?!x)x))(?![0-9A-Za-z/+])
264 filter_type:
265 - LineSpecificKeyCheck
266 - ValuePatternCheck
267 - ValueBase64PartCheck
268 - ValueMorphemesCheck
269 required_substrings:
270 - AKIA
271 - ASIA
272 min_line_len: 20
273 required_regex: "[0-9A-Za-z_/+-]{15}"
274 target:
275 - code
276 - doc
277
278- name: AWS MWS Key
279 severity: high
280 confidence: strong
281 type: pattern
282 values:
283 - (?P<value>amzn\.mws\.[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})(?![0-9A-Za-z_-])
284 filter_type: GeneralPattern
285 required_substrings:
286 - amzn.mws.
287 min_line_len: 30
288 target:
289 - code
290 - doc
291
292- name: Dynatrace API Token
293 severity: high
294 confidence: moderate
295 type: pattern
296 values:
297 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>dt0[A-Za-z]{1}[0-9]{2}\.[0-9A-Z]{24}\.[0-9A-Z]{64})(?![0-9A-Za-z_-])
298 filter_type: TokenPattern
299 required_substrings:
300 - dt0
301 min_line_len: 90
302 target:
303 - code
304 - doc
305
306- name: Facebook Access Token
307 severity: high
308 confidence: moderate
309 type: pattern
310 values:
311 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>EAA[0-9A-Za-z]{80,800})
312 filter_type:
313 - ValuePatternCheck
314 - ValueBase64PartCheck
315 - ValueNotPartEncodedCheck
316 required_substrings:
317 - EAA
318 min_line_len: 80
319 target:
320 - code
321 - doc
322
323- name: Facebook App Token
324 severity: high
325 confidence: moderate
326 type: pattern
327 values:
328 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9]{12,18}\|[0-9A-Za-z_-]{24,28})(?![0-9A-Za-z_+-])
329 filter_type: TokenPattern
330 required_substrings:
331 - "|"
332 required_regex: "[0-9A-Za-z_/+-]{15}"
333 min_line_len: 33
334 target:
335 - code
336 - doc
337
338- name: Google API Key
339 severity: high
340 confidence: moderate
341 type: pattern
342 values:
343 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>AIza[0-9A-Za-z_-]{35})
344 filter_type: TokenPattern
345 required_substrings:
346 - AIza
347 min_line_len: 39
348 target:
349 - code
350 - doc
351
352- name: Google Multi
353 severity: high
354 confidence: moderate
355 type: multi
356 values:
357 - (?P<value>[0-9]{3,80}-[0-9a-z_]{32}\.apps\.googleusercontent\.com)
358 - \b(?P<value>GOCSPX-[0-9A-Za-z_-]{28}|((?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_-])){24,80}(?(a)(?(b)(?(c)\b|(?!x)x)|(?!x)x)|(?!x)x))
359 filter_type: GeneralPattern
360 required_substrings:
361 - .apps.googleusercontent.com
362 min_line_len: 40
363 target:
364 - code
365 - doc
366
367- name: Google OAuth Secret
368 severity: high
369 confidence: strong
370 type: pattern
371 values:
372 - (?P<value>GOCSPX-[0-9A-Za-z_-]{28})(?![0-9A-Za-z_-])
373 filter_type: TokenPattern
374 required_substrings:
375 - GOCSPX-
376 min_line_len: 40
377 target:
378 - code
379 - doc
380
381- name: Google OAuth Access Token
382 severity: high
383 confidence: moderate
384 type: pattern
385 values:
386 - (?P<value>ya29\.[0-9A-Za-z_-]{22,8000})
387 filter_type: TokenPattern
388 required_substrings:
389 - ya29.
390 min_line_len: 27
391 target:
392 - code
393 - doc
394
395- name: Google OAuth Refresh Token
396 severity: medium
397 confidence: weak
398 type: pattern
399 values:
400 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>1//0[0-9A-Za-z_-]{80,8000})
401 filter_type: TokenPattern
402 required_substrings:
403 - 1//0
404 min_line_len: 84
405 target:
406 - code
407 - doc
408
409- name: Heroku Credentials
410 severity: high
411 confidence: strong
412 type: pattern
413 values:
414 - (?P<value>HRKU-([0-9A-Za-z_-]{60}|[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}))
415 filter_type: TokenPattern
416 required_substrings:
417 - HRKU-
418 min_line_len: 41
419 target:
420 - code
421 - doc
422
423- name: Instagram Access Token
424 severity: high
425 confidence: strong
426 type: pattern
427 values:
428 - (?P<value>IGQVJ[=0-9A-Za-z_-]{100,8000})(?![=0-9A-Za-z_-])
429 filter_type: TokenPattern
430 required_substrings:
431 - IGQVJ
432 min_line_len: 105
433 target:
434 - code
435 - doc
436
437- name: JSON Web Token
438 severity: medium
439 confidence: strong
440 type: pattern
441 values:
442 - (?P<value>eyJ[=0-9A-Za-z_+/-]{15,8000}(\.[=0-9A-Za-z_+/-]{0,8000}){2,16})(?![=0-9A-Za-z_-])
443 filter_type:
444 - ValueJsonWebTokenCheck
445 required_substrings:
446 - eyJ
447 min_line_len: 64
448 target:
449 - code
450 - doc
451
452- name: JSON Web Key
453 severity: medium
454 confidence: strong
455 type: pattern
456 values:
457 - (?P<value>\b(e(yJ|yAi|woi|wog|w0K)|W(yJ|3si|wp7|wog|w0K|3sK))[0-9A-Za-z_+/-]{60,8000})
458 filter_type:
459 - ValueJsonWebKeyCheck
460 required_substrings:
461 - eyJ
462 - eyAi
463 - ewoi
464 - ewog
465 - ew0K
466 - WyJ
467 - W3si
468 - Wwp7
469 - Wwog
470 - Ww0K
471 - W3sK
472 min_line_len: 64
473 target:
474 - code
475 - doc
476
477- name: JWK
478 severity: medium
479 confidence: moderate
480 type: multi
481 values:
482 - (?P<value>['"]?\b(?P<variable>kty)[^0-9A-Za-z_-]{1,8}(RSA|EC|oct)\b['"]?)
483 - (?P<variable>\b[dk])[^0-9A-Za-z_-]{1,8}(?P<value>[0-9A-Za-z_-]{22,8000})(?![=0-9A-Za-z_-])
484 filter_type:
485 - ValuePatternCheck
486 - ValueMorphemesCheck
487 required_substrings:
488 - kty
489 min_line_len: 8
490 target:
491 - code
492 - doc
493
494- name: MailChimp API Key
495 severity: high
496 confidence: moderate
497 type: pattern
498 values:
499 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_-]{32}-us[0-9]{1,2})(?![0-9A-Za-z_-])
500 filter_type: TokenPattern
501 required_substrings:
502 - -us
503 min_line_len: 35
504 target:
505 - code
506 - doc
507
508- name: MailGun API Key
509 severity: high
510 confidence: moderate
511 type: pattern
512 values:
513 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>key-[0-9a-z]{32}|[0-9a-f]{32}-[0-9a-f]{8}-[0-9a-f]{8})(?![0-9A-Za-z_-])
514 filter_type: TokenPattern
515 required_regex: "[0-9A-Za-z_/+-]{15}"
516 min_line_len: 36
517 target:
518 - code
519 - doc
520
521- name: PayPal Braintree Access Token
522 severity: high
523 confidence: strong
524 type: pattern
525 values:
526 - (?P<value>access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32})(?![0-9A-Za-z_-])
527 filter_type: GeneralPattern
528 required_substrings:
529 - access_token$production$
530 min_line_len: 72
531 target:
532 - code
533 - doc
534
535- name: PEM Private Key
536 severity: high
537 confidence: strong
538 type: pem_key
539 values:
540 - (?P<value>-----BEGIN(?![^-]*ENCRYPTED)[^-]*PRIVATE[^-]*KEY[^-]*-----)
541 min_line_len: 27
542 target:
543 - code
544 - doc
545
546- name: BASE64 encoded PEM Private Key
547 severity: high
548 confidence: strong
549 type: pattern
550 values:
551 - (?P<value>[0-9A-Za-z_/+-]{0,8000}LS0t(LS1CRUdJTiB|LUJFR0lOI|QkVHSU4g)[0-9A-Za-z_/+-]{0,11}(UFJJVkFURSBLRVkt|QUklWQVRFIEtFWS0t|FBSSVZBVEUgS0VZ)[0-9A-Za-z_/+-]{1,8000}LS0t[0-9A-Za-z_/+-]{1,8000})
552 filter_type:
553 - ValueBase64EncodedPem
554 min_line_len: 300
555 required_substrings:
556 - UFJJVkFURSBLRVkt
557 - QUklWQVRFIEtFWS0t
558 - FBSSVZBVEUgS0VZ
559 target:
560 - code
561 - doc
562
563- name: BASE64 Private Key
564 severity: high
565 confidence: strong
566 type: pattern
567 values:
568 - (?P<value>MII[A-Za-f][0-9A-Za-z/+]{8}(?s:[^!#$&()*\-.:;<=>?@\[\]^_{|}~]{8,8000}))
569 filter_type:
570 - ValueBase64KeyCheck
571 min_line_len: 160
572 required_substrings:
573 - MII
574 target:
575 - code
576 - doc
577
578- name: Picatic API Key
579 severity: high
580 confidence: strong
581 type: pattern
582 values:
583 - (?P<value>sk_live_[0-9a-z]{32})(?![0-9A-Za-z_-])
584 filter_type: GeneralPattern
585 required_substrings:
586 - sk_live_
587 min_line_len: 40
588 target:
589 - code
590 - doc
591
592- name: SendGrid API Key
593 severity: high
594 confidence: moderate
595 type: pattern
596 values:
597 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>SG\.[0-9A-Za-z_-]{16,32}\.[0-9A-Za-z_-]{16,64})
598 filter_type: TokenPattern
599 required_substrings:
600 - SG.
601 min_line_len: 34
602 target:
603 - code
604 - doc
605
606- name: Shopify Token
607 severity: high
608 confidence: strong
609 type: pattern
610 values:
611 - (?P<value>shp(at|ca|pa|ss|tka)_[0-9A-Fa-f]{32})(?![0-9A-Za-z_-])
612 filter_type: TokenPattern
613 required_substrings:
614 - shp
615 min_line_len: 38
616 target:
617 - code
618 - doc
619
620- name: Slack Token
621 severity: high
622 confidence: strong
623 type: pattern
624 values:
625 - (?P<value>(xapp|xox[a-z])\-[0-9A-Za-z-]{10,250})(?![0-9A-Za-z_-])
626 filter_type: TokenPattern
627 required_substrings:
628 - xox
629 - xapp
630 min_line_len: 15
631 target:
632 - code
633 - doc
634
635- name: Slack Webhook
636 severity: medium
637 confidence: strong
638 type: pattern
639 values:
640 - (?P<variable>hooks\.slack\.com/services)(?P<value>/T[0-9A-Z]{8,16}/B[0-9A-Z]{8,16}/[0-9A-Za-z_]{24})
641 filter_type: GeneralPattern
642 required_substrings:
643 - hooks.slack.com/services/T
644 min_line_len: 61
645 target:
646 - code
647 - doc
648
649- name: Stripe Credentials
650 severity: high
651 confidence: strong
652 type: pattern
653 values:
654 - (?P<value>(whsec|[prs]k_(test|live))_[0-9A-Za-z]{24,160})
655 filter_type: GeneralPattern
656 required_substrings:
657 - k_live_
658 - k_test_
659 - whsec_
660 min_line_len: 32
661 target:
662 - code
663 - doc
664
665- name: Square Access Token
666 severity: high
667 confidence: moderate
668 type: pattern
669 values:
670 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>EAAA[0-9A-Za-z_-]{60})(?![0-9A-Za-z_-])
671 filter_type:
672 - ValuePatternCheck
673 - ValueBase64PartCheck
674 required_substrings:
675 - EAAA
676 min_line_len: 64
677 target:
678 - code
679 - doc
680
681- name: Square Credentials
682 severity: medium
683 confidence: strong
684 type: pattern
685 values:
686 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sq0[a-z]{3}-[0-9A-Za-z_-]{22}([0-9A-Za-z_-]{21})?)(?![0-9A-Za-z_-])
687 filter_type: TokenPattern
688 required_substrings:
689 - sq0
690 min_line_len: 29
691 target:
692 - code
693 - doc
694
695- name: Twilio Credentials
696 severity: high
697 confidence: moderate
698 type: pattern
699 values:
700 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(AC|AD|AL|CA|CF|CL|CN|CR|FW|IP|KS|MM|NO|PK|PN|QU|RE|SC|SD|SK|SM|TR|UT|XE|XR)[0-9A-Fa-f]{32})(?![0-9A-Za-z_+-])
701 filter_type: TokenPattern
702 required_substrings:
703 - AC
704 - AD
705 - AL
706 - CA
707 - CF
708 - CL
709 - CN
710 - CR
711 - FW
712 - IP
713 - KS
714 - MM
715 - "NO"
716 - PK
717 - PN
718 - QU
719 - RE
720 - SC
721 - SD
722 - SK
723 - SM
724 - TR
725 - UT
726 - XE
727 - XR
728 min_line_len: 34
729 target:
730 - code
731 - doc
732
733- name: Telegram Bot API Token
734 severity: high
735 confidence: moderate
736 type: pattern
737 values:
738 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9]{8,10}:[0-9A-Za-z_-]{35})(?![0-9A-Za-z_-])
739 filter_type: TokenPattern
740 required_substrings:
741 - :AA
742 min_line_len: 45
743 target:
744 - code
745 - doc
746
747- name: PyPi API Token
748 severity: high
749 confidence: strong
750 type: pattern
751 values:
752 - (?P<value>pypi-[0-9A-Za-z_-]{150,255})
753 filter_type: TokenPattern
754 required_substrings:
755 - pypi-
756 min_line_len: 155
757 target:
758 - code
759 - doc
760
761- name: NPM Token
762 severity: high
763 confidence: strong
764 type: pattern
765 values:
766 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>npm_[0-9A-Za-z_-]{36,255})
767 filter_type:
768 - ValueGitHubCheck
769 required_substrings:
770 - npm_
771 min_line_len: 40
772 target:
773 - code
774 - doc
775
776- name: Github App Installation Token
777 severity: high
778 confidence: strong
779 type: pattern
780 values:
781 - (?P<value>ghs_[0-9]{1,20}_eyJ[0-9A-Za-z_-]{15,800}(\.[0-9A-Za-z_-]{0,800}){2,8})
782 filter_type:
783 - ValuePatternCheck
784 required_substrings:
785 - ghs_
786 min_line_len: 40
787 target:
788 - code
789 - doc
790
791- name: Github Classic Token
792 severity: high
793 confidence: strong
794 type: pattern
795 values:
796 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>gh[pousr]_[0-9A-Za-z_-]{36,255})
797 filter_type:
798 - ValueGitHubCheck
799 required_substrings:
800 - ghp_
801 - gho_
802 - ghu_
803 - ghs_
804 - ghr_
805 min_line_len: 40
806 target:
807 - code
808 - doc
809
810- name: Github Fine-granted Token
811 severity: high
812 confidence: strong
813 type: pattern
814 values:
815 - (?P<value>github_pat_[0-9A-Za-z_]{80,255})
816 filter_type: GeneralPattern
817 required_substrings:
818 - github_pat_
819 min_line_len: 90
820 target:
821 - code
822 - doc
823
824- name: Firebase Domain
825 severity: info
826 confidence: moderate
827 type: pattern
828 values:
829 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9.-]{1,80}\.firebaseio\.com|[a-z0-9.-]{1,80}\.firebaseapp\.com)
830 filter_type: GeneralPattern
831 required_substrings:
832 - .firebase
833 min_line_len: 16
834 target:
835 - code
836 - doc
837
838- name: AWS S3 Bucket
839 severity: info
840 confidence: moderate
841 type: pattern
842 values:
843 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9.-]{3,63}\.s3\.amazonaws\.com|[a-z0-9.-]{3,63}\.s3-website[.-](eu|ap|us|ca|sa|cn))
844 filter_type: GeneralPattern
845 required_substrings:
846 - .s3-website
847 - .s3.amazonaws.com
848 min_line_len: 14
849 target:
850 - code
851 - doc
852
853- name: Jfrog Token
854 severity: high
855 confidence: strong
856 type: pattern
857 values:
858 - (?P<value>(cmVmdGtuO[0-9A-Za-z_-]{55}|AKCp[0-9A-Za-z_-]{69}))(?![0-9A-Za-z_-])
859 filter_type:
860 - ValueJfrogTokenCheck
861 required_substrings:
862 - cmVmdGtuO
863 - AKCp
864 min_line_len: 64
865 target:
866 - code
867 - doc
868
869- name: Azure Access Token
870 severity: high
871 confidence: strong
872 type: pattern
873 values:
874 - (?P<value>eyJ[=0-9A-Za-z_-]{50,500}\.eyJ[=0-9A-Za-z_-]{8,8000}\.[=0-9A-Za-z_-]{18,800})
875 filter_type:
876 - ValueAzureTokenCheck
877 required_substrings:
878 - eyJ
879 min_line_len: 148
880 target:
881 - code
882 - doc
883
884- name: Azure Secret Value
885 severity: high
886 confidence: moderate
887 type: pattern
888 values:
889 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_~.-]{3}8Q~[0-9A-Za-z_~.-]{34})(?![0-9A-Za-z_-])
890 filter_type: TokenPattern
891 min_line_len: 40
892 required_substrings:
893 - 8Q~
894 target:
895 - code
896 - doc
897
898- name: Azure Storage Account Key
899 severity: high
900 confidence: moderate
901 type: pattern
902 values:
903 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z]{52}JQQJ9[9DH][0-9A-Za-z]{26}([0-9A-Za-z=]{4})?)(?![0-9A-Za-z_/+-])
904 min_line_len: 80
905 filter_type:
906 - ValuePatternCheck(17)
907 required_substrings:
908 - JQQJ99
909 - JQQJ9D
910 - JQQJ9H
911 target:
912 - code
913 - doc
914
915- name: Bitbucket App Password
916 severity: high
917 confidence: strong
918 type: pattern
919 values:
920 - (?P<value>ATBB[0-9A-Za-z]{24}[A-F0-9]{8})(?![0-9A-Za-z_])
921 filter_type:
922 - ValueAtlassianTokenCheck
923 min_line_len: 28
924 required_substrings:
925 - ATBB
926 target:
927 - code
928 - doc
929
930- name: Bitbucket Repository Access Token
931 severity: high
932 confidence: strong
933 type: pattern
934 values:
935 - (?P<value>ATCTT3xFfGN0[0-9A-Za-z_-]{80,800}(\\?=|%3[dD])[A-F0-9]{8})
936 filter_type:
937 - ValueAtlassianTokenCheck
938 min_line_len: 160
939 required_substrings:
940 - ATCTT3xFfGN0
941 target:
942 - code
943 - doc
944
945- name: Bitbucket HTTP Access Token
946 severity: high
947 confidence: strong
948 type: pattern
949 values:
950 - (?P<value>BBDC-[MNO][ADQTgjwz][AEIMQUYcgk][012345wxyz][0-9A-Za-z_-]{40})
951 filter_type:
952 - ValueAtlassianTokenCheck
953 min_line_len: 49
954 required_substrings:
955 - BBDC-
956 target:
957 - code
958 - doc
959
960- name: Jira / Confluence PAT token
961 severity: high
962 confidence: strong
963 type: pattern
964 values:
965 - (?<!BBDC-)(?P<value>[MNO][ADQTgjwz][AEIMQUYcgk][012345wxyz][0-9A-Za-z_-]{40})(?![0-9A-Za-z_-])
966 filter_type:
967 - ValueAtlassianTokenCheck
968 min_line_len: 44
969 required_substrings:
970 - M
971 - N
972 - O
973 required_regex: "[0-9A-Za-z_/+-]{15}"
974 target:
975 - code
976 - doc
977
978- name: Atlassian PAT token
979 severity: high
980 confidence: strong
981 type: pattern
982 values:
983 - (?P<value>ATATT3xFfGF0[0-9A-Za-z_-]{80,800}(\\?=|%3[dD])[A-F0-9]{8})
984 filter_type:
985 - ValueAtlassianTokenCheck
986 min_line_len: 160
987 required_substrings:
988 - ATATT3xFfGF0
989 target:
990 - code
991 - doc
992
993- name: Digital Ocean Token
994 severity: high
995 confidence: strong
996 type: pattern
997 values:
998 - (?P<value>do[opr]_v1_[a-f0-9]{64})(?![0-9A-Za-z_-])
999 filter_type: TokenPattern
1000 min_line_len: 71
1001 required_substrings:
1002 - doo_v1_
1003 - dop_v1_
1004 - dor_v1_
1005 target:
1006 - code
1007 - doc
1008
1009- name: Dropbox OAuth2 API Access Token
1010 severity: high
1011 confidence: moderate
1012 type: pattern
1013 values:
1014 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sl\.(u\.)?[0-9A-Za-z_-]{77,177})(?![0-9A-Za-z_-])
1015 filter_type: TokenPattern
1016 min_line_len: 80
1017 required_substrings:
1018 - sl.
1019 target:
1020 - code
1021 - doc
1022
1023- name: NuGet API key
1024 severity: high
1025 confidence: moderate
1026 type: pattern
1027 values:
1028 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>oy2[a-z0-9]{43})(?![0-9A-Za-z_-])
1029 filter_type: TokenPattern
1030 min_line_len: 46
1031 required_substrings:
1032 - oy2
1033 target:
1034 - code
1035 - doc
1036
1037- name: Gitlab Prefix Token
1038 severity: high
1039 confidence: strong
1040 type: pattern
1041 values:
1042 - (?P<value>(_gitlab_session=|GR1348941|gl(agent|soat|ffct|p[at]t|oas|cbt|imt|rtr|[dfrw]t)-)[0-9A-Za-z_-]{20,64}(\.[0-9A-Za-z_-]{2,16}){0,2})(?![0-9A-Za-z_-])
1043 filter_type:
1044 - ValuePatternCheck
1045 min_line_len: 25
1046 required_substrings:
1047 - _gitlab_session=
1048 - GR1348941
1049 - glagent-
1050 - glsoat-
1051 - glffct-
1052 - glpat-
1053 - gloas-
1054 - glptt-
1055 - glcbt-
1056 - glimt-
1057 - gldt-
1058 - glft-
1059 - glrt-
1060 - glrtr-
1061 - glwt-
1062 target:
1063 - code
1064 - doc
1065
1066- name: Grafana Provisioned API Key
1067 severity: high
1068 confidence: strong
1069 type: pattern
1070 values:
1071 - (?P<value>eyJ[=0-9A-Za-z_-]{64,360})(?![=0-9A-Za-z_-])
1072 filter_type:
1073 - ValueGrafanaCheck
1074 min_line_len: 67
1075 required_substrings:
1076 - eyJ
1077 target:
1078 - code
1079 - doc
1080
1081- name: Grafana Access Policy Token
1082 severity: high
1083 confidence: strong
1084 type: pattern
1085 values:
1086 - (?P<value>glc_eyJ[0-9A-Za-z_-]{80,360})(?![0-9A-Za-z_-])
1087 filter_type:
1088 - ValueGrafanaCheck
1089 min_line_len: 87
1090 required_substrings:
1091 - glc_eyJ
1092 target:
1093 - code
1094 - doc
1095
1096- name: Grafana Service Account Token
1097 severity: high
1098 confidence: strong
1099 type: pattern
1100 values:
1101 - (?P<value>glsa_[0-9A-Za-z_-]{32}_[0-9A-Fa-f]{8})
1102 min_line_len: 46
1103 filter_type:
1104 - ValueGrafanaServiceCheck
1105 required_substrings:
1106 - glsa_
1107 target:
1108 - code
1109 - doc
1110
1111- name: Dropbox API secret (long term)
1112 severity: high
1113 confidence: weak
1114 type: pattern
1115 values:
1116 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?=[0-9A-Za-z]{64})(?P<value>[0-9A-Za-z]{10,12}[B-Za-z0-9]A{10,12}[B-Za-z0-9][0-9A-Za-z]{40,44})(?![=0-9A-Za-z_/+-])
1117 filter_type: [ ]
1118 min_line_len: 43
1119 required_substrings:
1120 - AAAAAAAAAA
1121 target:
1122 - code
1123 - doc
1124
1125- name: Dropbox App secret
1126 severity: info
1127 confidence: weak
1128 type: pattern
1129 values:
1130 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9]{15})(?![=0-9A-Za-z_/+-])
1131 filter_type: WeirdBase36Token
1132 min_line_len: 15
1133 required_regex: "[0-9A-Za-z_/+-]{15}"
1134 target:
1135 - code
1136 - doc
1137
1138- name: Hashicorp Vault Token
1139 severity: high
1140 confidence: strong
1141 type: pattern
1142 values:
1143 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>hv[brs]\.[0-9A-Za-z_-]{80,160})
1144 filter_type:
1145 - ValuePatternCheck
1146 - ValueEntropyBase64Check
1147 min_line_len: 90
1148 required_substrings:
1149 - hvb.
1150 - hvr.
1151 - hvs.
1152 target:
1153 - code
1154 - doc
1155
1156- name: Hashicorp Terraform Token
1157 severity: high
1158 confidence: strong
1159 type: pattern
1160 values:
1161 - (?P<value>[0-9A-Za-z_-]{14}\.atlasv1\.[0-9A-Za-z_-]{67})(?![0-9A-Za-z_-])
1162 filter_type:
1163 - ValuePatternCheck
1164 - ValueMorphemesCheck
1165 min_line_len: 90
1166 required_substrings:
1167 - .atlasv1.
1168 target:
1169 - code
1170 - doc
1171
1172- name: NKEY Seed
1173 severity: high
1174 confidence: weak
1175 type: pattern
1176 values:
1177 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>S[ACNOPUX][A-Z2-7]{40,200})(?![=0-9A-Za-z_+-])
1178 min_line_len: 42
1179 filter_type:
1180 - ValueMorphemesCheck
1181 - ValuePatternCheck
1182 - ValueEntropyBase32Check
1183 - ValueBase32DataCheck
1184 - ValueTokenBase32Check
1185 required_substrings:
1186 - SA
1187 - SC
1188 - SN
1189 - SO
1190 - SP
1191 - SU
1192 - SX
1193 required_regex: "[0-9A-Za-z_/+-]{15}"
1194 target:
1195 - code
1196 - doc
1197
1198- name: OTP / 2FA Secret
1199 severity: info
1200 confidence: weak
1201 type: pattern
1202 values:
1203 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>([A-Z2-7]{16}){1,2})(?![=0-9A-Za-z_+-])
1204 filter_type:
1205 - ValueMorphemesCheck
1206 - ValuePatternCheck
1207 - ValueEntropyBase32Check
1208 - ValueBase32DataCheck
1209 - ValueTokenBase32Check
1210 - ValueBase64PartCheck
1211 min_line_len: 16
1212 required_regex: "[0-9A-Za-z_/+-]{15}"
1213 target:
1214 - code
1215 - doc
1216
1217- name: OpenAI Token
1218 severity: high
1219 confidence: strong
1220 type: pattern
1221 values:
1222 - (?P<value>sk-[0-9A-Za-z_-]{16,160}(T3BlbkFJ|9wZW5BS|PcGVuQU)[0-9A-Za-z_-]{16,160})
1223 min_line_len: 51
1224 filter_type:
1225 - ValuePatternCheck
1226 - ValueMorphemesCheck
1227 required_substrings:
1228 - T3BlbkFJ
1229 - 9wZW5BS
1230 - PcGVuQU
1231 target:
1232 - code
1233 - doc
1234
1235- name: Docker Access Token
1236 severity: high
1237 confidence: strong
1238 type: pattern
1239 values:
1240 - (?P<value>dckr_[op]at_[0-9A-Za-z_-]{27,32})
1241 min_line_len: 36
1242 filter_type:
1243 - ValuePatternCheck
1244 - ValueMorphemesCheck
1245 required_substrings:
1246 - dckr_pat_
1247 - dckr_oat_
1248 target:
1249 - code
1250 - doc
1251
1252- name: Docker Swarm Token
1253 severity: high
1254 confidence: strong
1255 type: pattern
1256 values:
1257 - (?P<value>SWMTKN-1-[0-9a-z]{50}-[0-9a-z]{25})
1258 min_line_len: 85
1259 filter_type:
1260 - ValuePatternCheck
1261 - ValueMorphemesCheck
1262 required_substrings:
1263 - SWMTKN-1-
1264 target:
1265 - code
1266 - doc
1267
1268- name: Docker Swarm Key
1269 severity: high
1270 confidence: strong
1271 type: pattern
1272 values:
1273 - (?P<value>SWMKEY-1-[0-9A-Za-z]{43})
1274 min_line_len: 52
1275 filter_type:
1276 - ValuePatternCheck
1277 - ValueMorphemesCheck
1278 required_substrings:
1279 - SWMKEY-1-
1280 target:
1281 - code
1282 - doc
1283
1284- name: Groq API Key
1285 severity: high
1286 confidence: strong
1287 type: pattern
1288 values:
1289 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>gsk_[0-9A-Za-z_-]{8,40}(WGdyb3FY|hncm9xW|YZ3JvcV)[0-9A-Za-z_-]{8,40})(?![0-9A-Za-z_-])
1290 min_line_len: 56
1291 filter_type:
1292 - ValuePatternCheck
1293 required_substrings:
1294 - WGdyb3FY
1295 - hncm9xW
1296 - YZ3JvcV
1297 target:
1298 - code
1299 - doc
1300
1301- name: X AI API Key
1302 severity: high
1303 confidence: moderate
1304 type: pattern
1305 values:
1306 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>xai-[0-9A-Za-z_-]{80})(?![0-9A-Za-z_-])
1307 min_line_len: 84
1308 filter_type:
1309 - ValuePatternCheck
1310 - ValueEntropyBase64Check
1311 required_substrings:
1312 - xai-
1313 target:
1314 - code
1315 - doc
1316
1317- name: Notion Integration Token
1318 severity: high
1319 confidence: strong
1320 type: pattern
1321 values:
1322 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>ntn_[0-9]{9}[0-9A-Za-z_-]{36,255})
1323 filter_type:
1324 - ValuePatternCheck
1325 - ValueEntropyBase64Check
1326 required_substrings:
1327 - ntn_
1328 min_line_len: 50
1329 target:
1330 - code
1331 - doc
1332
1333- name: Hugging Face User Access Token
1334 severity: high
1335 confidence: moderate
1336 type: pattern
1337 values:
1338 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>hf_[0-9A-Za-z_-]{34})(?![0-9A-Za-z_-])
1339 min_line_len: 37
1340 filter_type:
1341 - ValuePatternCheck
1342 - ValueEntropyBase64Check
1343 required_substrings:
1344 - hf_
1345 target:
1346 - code
1347 - doc
1348
1349- name: Anthropic API Key
1350 severity: high
1351 confidence: strong
1352 type: pattern
1353 values:
1354 - (?P<value>sk-ant-api03-[0-9A-Za-z_-]{64,128})(?![0-9A-Za-z_-])
1355 min_line_len: 77
1356 filter_type:
1357 - ValuePatternCheck
1358 required_substrings:
1359 - sk-ant-api03-
1360 target:
1361 - code
1362 - doc
1363
1364- name: Perplexity API Key
1365 severity: high
1366 confidence: strong
1367 type: pattern
1368 values:
1369 - (?P<value>pplx-[0-9A-Za-z_-]{40,64})(?![0-9A-Za-z_-])
1370 min_line_len: 45
1371 filter_type:
1372 - ValuePatternCheck
1373 required_substrings:
1374 - pplx-
1375 target:
1376 - code
1377 - doc
1378
1379- name: DeepSeek API Key
1380 severity: high
1381 confidence: moderate
1382 type: pattern
1383 values:
1384 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sk-[0-9a-f]{32,64})(?![0-9A-Za-z_-])
1385 min_line_len: 35
1386 filter_type:
1387 - ValuePatternCheck
1388 required_substrings:
1389 - sk-
1390 target:
1391 - code
1392 - doc
1393
1394- name: Tavily API Key
1395 severity: high
1396 confidence: strong
1397 type: pattern
1398 values:
1399 - (?P<value>tvly-[0-9A-Za-z_-]{32,40})(?![0-9A-Za-z_-])
1400 min_line_len: 37
1401 filter_type:
1402 - ValuePatternCheck
1403 required_substrings:
1404 - tvly-
1405 target:
1406 - code
1407 - doc
1408
1409- name: Figma Personal Access Token
1410 severity: high
1411 confidence: strong
1412 type: pattern
1413 values:
1414 - (?P<value>figd_[0-9A-Za-z_-]{40})(?![0-9A-Za-z_-])
1415 min_line_len: 45
1416 filter_type:
1417 - ValuePatternCheck
1418 required_substrings:
1419 - figd_
1420 target:
1421 - code
1422 - doc
1423
1424- name: 1Password Account Token
1425 severity: high
1426 confidence: strong
1427 type: pattern
1428 values:
1429 - (?P<value>ops_eyJ[0-9A-Za-z_-]{168,8000})
1430 min_line_len: 192
1431 filter_type:
1432 - ValuePatternCheck
1433 required_substrings:
1434 - InNlY3JldEtleSI6
1435 - JzZWNyZXRLZXkiO
1436 - ic2VjcmV0S2V5Ij
1437 target:
1438 - code
1439 - doc
1440
1441- name: Brevo API Key
1442 severity: high
1443 confidence: strong
1444 type: pattern
1445 values:
1446 - (?P<value>xkeysib-[0-9a-f]{64}-[0-9A-Za-z_-]{16})
1447 min_line_len: 89
1448 filter_type:
1449 - ValuePatternCheck
1450 required_substrings:
1451 - xkeysib-
1452 target:
1453 - code
1454 - doc
1455
1456- name: Together AI API Key
1457 severity: high
1458 confidence: strong
1459 type: pattern
1460 values:
1461 - (?P<value>tgp_v1_[0-9A-Za-z_-]{43})
1462 min_line_len: 50
1463 filter_type:
1464 - ValuePatternCheck
1465 required_substrings:
1466 - tgp_v1_
1467 target:
1468 - code
1469 - doc
1470
1471- name: LLAMA API Key
1472 severity: high
1473 confidence: strong
1474 type: pattern
1475 values:
1476 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>llx-[0-9A-Za-z_-]{48})
1477 min_line_len: 52
1478 filter_type:
1479 - ValuePatternCheck
1480 required_substrings:
1481 - llx-
1482 target:
1483 - code
1484 - doc
1485
1486- name: SonarQube Credentials
1487 severity: medium
1488 confidence: moderate
1489 type: pattern
1490 values:
1491 - (?P<value>sq[apu]_[0-9a-f]{40})(?![0-9A-Za-z_-])
1492 min_line_len: 44
1493 filter_type:
1494 - ValuePatternCheck
1495 required_substrings:
1496 - sqa_
1497 - sqp_
1498 - squ_
1499 target:
1500 - code
1501 - doc
1502
1503- name: Sentry Organization Auth Token
1504 severity: high
1505 confidence: strong
1506 type: pattern
1507 values:
1508 - (?P<value>sntrys_eyJ[0-9A-Za-z_-]{80,8000}=*([0-9A-Za-z_-]{32,256})?)(?![0-9A-Za-z_-])
1509 min_line_len: 37
1510 filter_type:
1511 - ValuePatternCheck
1512 required_substrings:
1513 - sntrys_eyJ
1514 target:
1515 - code
1516 - doc
1517
1518- name: Sentry User Auth Token
1519 severity: high
1520 confidence: strong
1521 type: pattern
1522 values:
1523 - (?P<value>sntryu_[0-9a-f]{64})(?![0-9A-Za-z_-])
1524 min_line_len: 37
1525 filter_type:
1526 - ValuePatternCheck
1527 required_substrings:
1528 - sntryu_
1529 target:
1530 - code
1531 - doc
1532
1533- name: Discord Bot Token
1534 severity: high
1535 confidence: strong
1536 type: pattern
1537 values:
1538 - (?P<value>[MNO][ADQTgjwz][AEIMQUYcgk][012345wxyz][0-9A-Za-z_-]{20,24}\.[0-9A-Za-z_-]{6}\.[0-9A-Za-z_-]{30,40})(?![0-9A-Za-z_-])
1539 min_line_len: 62
1540 filter_type:
1541 - ValueDiscordBotCheck
1542 required_substrings:
1543 - M
1544 - N
1545 - O
1546 required_regex: "[0-9A-Za-z_/+-]{15}"
1547 target:
1548 - code
1549 - doc
1550
1551- name: Discord Webhook
1552 severity: medium
1553 confidence: strong
1554 type: pattern
1555 values:
1556 - (?P<variable>discord(?:app)?\.com/api/webhooks)(?P<value>/[0-9]{16,22}/[0-9A-Za-z_-]{40,100})
1557 filter_type:
1558 - ValueMorphemesCheck
1559 required_substrings:
1560 - discordapp.com/api/webhooks
1561 - discord.com/api/webhooks
1562 min_line_len: 61
1563 target:
1564 - code
1565 - doc
1566
1567- name: Vercel Token
1568 severity: medium
1569 confidence: weak
1570 type: pattern
1571 values:
1572 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>vcp_[0-9A-Za-z]{56})(?![0-9A-Za-z_-])
1573 min_line_len: 60
1574 filter_type: TokenPattern
1575 required_substrings:
1576 - vcp_
1577 target:
1578 - code
1579 - doc
1580
1581- name: Netlify Token
1582 severity: medium
1583 confidence: weak
1584 type: pattern
1585 values:
1586 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>nfp_[0-9A-Za-z]{36})(?![0-9A-Za-z_-])
1587 min_line_len: 40
1588 filter_type: TokenPattern
1589 required_substrings:
1590 - nfp_
1591 target:
1592 - code
1593 - doc
1594
1595- name: PostHog Credentials
1596 severity: medium
1597 confidence: weak
1598 type: pattern
1599 values:
1600 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>ph[acrsx]_[0-9A-Za-z]{40,60})(?![0-9A-Za-z_-])
1601 min_line_len: 44
1602 filter_type: TokenPattern
1603 required_substrings:
1604 - phx_
1605 - phs_
1606 - phr_
1607 - pha_
1608 - phc_
1609 target:
1610 - code
1611 - doc
1612
1613- name: RubyGems API Key
1614 severity: medium
1615 confidence: strong
1616 type: pattern
1617 values:
1618 - (?P<value>rubygems_[0-9a-f]{48})
1619 min_line_len: 57
1620 filter_type: TokenPattern
1621 required_substrings:
1622 - rubygems_
1623 target:
1624 - code
1625 - doc
1626
1627- name: Tencent WeChat API App ID
1628 severity: medium
1629 confidence: weak
1630 type: pattern
1631 values:
1632 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>wx[0-9a-f]{16})(?![0-9A-Za-z_-])
1633 min_line_len: 18
1634 filter_type: TokenPattern
1635 required_substrings:
1636 - wx
1637 target:
1638 - code
1639 - doc
1640
1641- name: Salesforce Credentials
1642 severity: medium
1643 confidence: weak
1644 type: pattern
1645 values:
1646 - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>(3MVG[0-9A-Za-z_.]{24,200}|00D[0-9A-Za-z]{9,15}(![0-9A-Za-z_.]{24,200})?))(?![0-9A-Za-z_.])
1647 min_line_len: 12
1648 filter_type:
1649 - ValuePatternCheck(9)
1650 - ValueNumberCheck
1651 - ValueBase64PartCheck
1652 required_substrings:
1653 - 00D
1654 - 3MVG
1655 target:
1656 - code
1657 - doc
1658
1659- name: Postman Credentials
1660 severity: medium
1661 confidence: moderate
1662 type: pattern
1663 values:
1664 - (?P<value>(PMAK-[0-9a-f]{24}-[0-9a-f]{34}|PMAT-[0-9A-Z]{26}))
1665 min_line_len: 29
1666 filter_type:
1667 - ValuePatternCheck
1668 required_substrings:
1669 - PMAK-
1670 - PMAT-
1671 target:
1672 - code
1673 - doc
1674
1675- name: NTLM Token
1676 severity: medium
1677 confidence: strong
1678 type: pattern
1679 values:
1680 - (?P<value>TlRMTVNTUAADAAAA[=0-9A-Za-z_/+-]{8,8000})(?![0-9A-Za-z_/+-])
1681 filter_type:
1682 - ValueMorphemesCheck(2)
1683 - ValuePatternCheck
1684 min_line_len: 160
1685 required_substrings:
1686 - TlRMTVNTUAADAAAA
1687 target:
1688 - doc
1689 - code
1690
1691- name: Basic Authorization
1692 severity: medium
1693 confidence: strong
1694 type: pattern
1695 values:
1696 - (?P<variable>(?i:basic))(?P<separator>\s+)(?P<value>[=0-9A-Za-z_/+-]{8,8000})(?![0-9A-Za-z_/+-])
1697 min_line_len: 18
1698 filter_type:
1699 - ValueBasicAuthCheck
1700 required_substrings:
1701 - basic
1702 target:
1703 - code
1704 - doc
1705
1706- name: Bearer Authorization
1707 severity: medium
1708 confidence: moderate
1709 type: pattern
1710 values:
1711 - (?P<variable>(?i:bearer|ntlm))(?P<separator>\s+)(?P<value>[.0-9A-Za-z_/+-]{32,8000}=*)(?![0-9A-Za-z_/+-])
1712 min_line_len: 37
1713 filter_type: GeneralKeyword
1714 required_substrings:
1715 - bearer
1716 - ntlm
1717 target:
1718 - code
1719 - doc
1720
1721- name: SQL Password
1722 severity: medium
1723 confidence: weak
1724 type: pattern
1725 values:
1726 - (\\[nrt]|\b)(?i:(?P<variable>(CREATE|ALTER|SET\s{1,8}PASSWORD|INSERT(\s{1,8}IGNORE)?|UPDATE\s{1,8}[^\s;]{1,80})\s{1,8}(LOGIN|USER|ROLE|FOR|INTO|SET)\s{1,8}((?!IDENTIFIED|PASSWORD)[^\s;]{1,80}\s{1,8}|VALUES\s{0,8}\(){1,8}(IDENTIFIED((\s{1,8}WITH\s{1,8}\S{1,80})?\s{1,8}(BY|AS))|(=|WITH)?\s{0,8}PASSWORD\b(\s{0,8}=)?)))\s{0,8}(?P<wrap>[(]\s{0,8})?(?P<value_leftquote>((?P<esq>\\{1,8})?([\"'`]|&(quot|apos|#3[49]);)){1,4})?(?P<value>(?(value_leftquote)((?!(?P=value_leftquote))(?(esq)((?!(?P=esq)([\"'`]|&(quot|apos|#3[49]);)).)|((?!(?P=value_leftquote)).)))|(?!&(quot|apos|#3[49]);)(\\{1,8}([ tnr]|[^\s\"'`])|[^\s\"'`,;\\])){3,80})(?(value_leftquote)(?P<value_rightquote>(?<!\\)(?P=value_leftquote))|(?(wrap)[)]|[\s\"'`,;]))
1727 filter_type:
1728 - ValueAllowlistCheck
1729 - ValuePatternCheck
1730 use_ml: true
1731 min_line_len: 8
1732 required_substrings:
1733 - password
1734 - identified
1735 target:
1736 - doc
1737 - code
1738
1739- name: CURL User Password
1740 severity: high
1741 confidence: moderate
1742 type: pattern
1743 values:
1744 - (?P<variable>curl)\s.*(-[uU]|--(proxy-)?user)\s\s*(?P<value_leftquote>(\\*[\"']){1,3})?(?(value_leftquote)[^\"'\\:]|[^\s\"'\\:]){0,64}:(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,64})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1745 filter_type: GeneralKeyword
1746 use_ml: true
1747 required_substrings:
1748 - curl
1749 min_line_len: 16
1750 target:
1751 - doc
1752 - code
1753
1754- name: CMD ConvertTo-SecureString
1755 severity: high
1756 confidence: moderate
1757 type: pattern
1758 values:
1759 - (?P<variable>ConvertTo-SecureString(\s\s*-(String|AsPlainText|Force))*)\s\s*(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,800})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1760 filter_type: GeneralKeyword
1761 use_ml: true
1762 required_substrings:
1763 - convertto-securestring
1764 min_line_len: 27
1765 target:
1766 - doc
1767 - code
1768
1769- name: CMD Password
1770 severity: high
1771 confidence: moderate
1772 type: pattern
1773 values:
1774 - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:pass(in|out|word|phrase)))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,80})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1775 filter_type: GeneralKeyword
1776 use_ml: true
1777 required_substrings:
1778 - pass
1779 min_line_len: 12
1780 target:
1781 - doc
1782 - code
1783
1784- name: CMD Token
1785 severity: high
1786 confidence: moderate
1787 type: pattern
1788 values:
1789 - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:token|oauth2-bearer))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1790 filter_type: GeneralKeyword
1791 use_ml: true
1792 required_substrings:
1793 - token
1794 - oauth2-bearer
1795 min_line_len: 12
1796 target:
1797 - doc
1798 - code
1799
1800- name: CMD Secret
1801 severity: high
1802 confidence: moderate
1803 type: pattern
1804 values:
1805 - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:secret)[A-Za-z_-]*)(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
1806 filter_type: GeneralKeyword
1807 use_ml: true
1808 required_substrings:
1809 - secret
1810 min_line_len: 12
1811 target:
1812 - doc
1813 - code
1814
1815- name: URL Credentials
1816 severity: high
1817 confidence: moderate
1818 type: pattern
1819 values:
1820 - (?P<value_leftquote>[\"'])?(?P<variable>[+0-9A-Za-z-]{2,80}://)([^\s\'"<>\[\]^~`{|}:/]{0,80}:){1,3}(?P<value>[^\s\'"<>\[\]^~`{|}@:/]{3,80})@[^\s\'"<>\[\]^~`{|}@:/]{1,800}\\{0,8}(?P<value_rightquote>[\"'])?
1821 filter_type: UrlCredentialsGroup
1822 use_ml: true
1823 required_substrings:
1824 - ://
1825 min_line_len: 10
1826 target:
1827 - doc
1828 - code
1829
1830- name: API
1831 severity: low
1832 confidence: moderate
1833 type: keyword
1834 values:
1835 - api(?!tal)
1836 filter_type: GeneralKeyword
1837 use_ml: true
1838 min_line_len: 11
1839 required_substrings:
1840 - api
1841 target:
1842 - code
1843
1844- name: Auth
1845 severity: medium
1846 confidence: moderate
1847 type: keyword
1848 values:
1849 - auth(?!ors?(?!i[tz]))
1850 filter_type: GeneralKeyword
1851 use_ml: true
1852 min_line_len: 12
1853 required_substrings:
1854 - auth
1855 target:
1856 - code
1857
1858- name: Credential
1859 severity: medium
1860 confidence: moderate
1861 type: keyword
1862 values:
1863 - credential
1864 filter_type: GeneralKeyword
1865 use_ml: true
1866 min_line_len: 18
1867 required_substrings:
1868 - credential
1869 target:
1870 - code
1871
1872- name: Key
1873 severity: high
1874 confidence: moderate
1875 type: keyword
1876 values:
1877 - key(?!word|board|pad|name)
1878 filter_type: GeneralKeyword
1879 use_ml: true
1880 min_line_len: 11
1881 required_substrings:
1882 - key
1883 target:
1884 - code
1885
1886- name: Nonce
1887 severity: low
1888 confidence: moderate
1889 type: keyword
1890 values:
1891 - (?<!\\)nonce
1892 filter_type: GeneralKeyword
1893 use_ml: true
1894 min_line_len: 13
1895 required_substrings:
1896 - nonce
1897 target:
1898 - code
1899
1900- name: Password
1901 severity: high
1902 confidence: moderate
1903 type: keyword
1904 values:
1905 - (?<!by)pass(?!e[dns]|ing|ion|age|\s+[a-z]{3,80})|pw(d|\b)
1906 filter_type: PasswordKeyword
1907 use_ml: true
1908 min_line_len: 10
1909 required_substrings:
1910 - pass
1911 - pw
1912 target:
1913 - code
1914
1915- name: Salt
1916 severity: low
1917 confidence: moderate
1918 type: keyword
1919 values:
1920 - salt
1921 filter_type: GeneralKeyword
1922 use_ml: true
1923 min_line_len: 12
1924 required_substrings:
1925 - salt
1926 target:
1927 - code
1928
1929- name: Secret
1930 severity: medium
1931 confidence: moderate
1932 type: keyword
1933 values:
1934 - secret
1935 filter_type: GeneralKeyword
1936 use_ml: true
1937 min_line_len: 14
1938 required_substrings:
1939 - secret
1940 target:
1941 - code
1942
1943- name: Token
1944 severity: high
1945 confidence: moderate
1946 type: keyword
1947 values:
1948 - token(?!ize)
1949 filter_type: GeneralKeyword
1950 use_ml: true
1951 min_line_len: 13
1952 required_substrings:
1953 - token
1954 target:
1955 - code