1- name: PII
2 severity: info
3 type: keyword
4 values:
5 - birth
6 - name
7 - sex|gender
8 filter_type:
9 - ValuePIICheck
10 min_line_len: 11
11 required_substrings:
12 - birth
13 - name
14 - sex
15 - gender
16
17- name: Phone
18 severity: info
19 type: pattern
20 values:
21 - (^|[^0-9A-Za-z])(?P<value>\+[1-9][0-9]{6,14})([^=0-9A-Za-z]|$)
22 filter_type:
23 - ValuePhoneCheck
24 min_line_len: 10
25 required_substrings:
26 - "+"
27 doc_available: false
28
29- name: VIN
30 severity: info
31 type: pattern
32 values:
33 - (^|[^0-9A-Za-z])(?P<value>[A-HJ-NPR-Z0-9]{17})([^=0-9A-Za-z]|$)
34 filter_type:
35 - ValueVinCheck
36 - ValuePatternCheck
37 min_line_len: 16
38 required_regex: "[a-zA-Z0-9_/+-]{15,}"
39 doc_available: false
40
41- name: Credit card number
42 severity: info
43 type: pattern
44 values:
45 - (?<!([0-9]\.|[=*+\/\-] |.[=*+\/\-]))((?<![0-9A-Za-z_=*+\-\/.])(?P<value>[0-9]{16})(?![0-9A-Za-z_=*+\-\/.]))(?!(\.[0-9]| [=*+\/\-]|.[=*+\/\-]))
46 filter_type:
47 - ValueCardNumberCheck
48 min_line_len: 16
49 required_regex: "[a-zA-Z0-9_/+-]{15,}"
50 doc_available: false
51
52- name: IBAN
53 severity: info
54 type: pattern
55 values:
56 - (^|[^0-9A-Za-z])(?P<value>[A-Z]{2}[0-9]{2}[A-Z0-9]{12,30})([^=0-9A-Za-z]|$)
57 filter_type:
58 - ValueIbanCheck
59 min_line_len: 16
60 required_regex: "[a-zA-Z0-9_/+-]{15,}"
61 doc_available: false
62
63- name: API
64 severity: medium
65 type: keyword
66 values:
67 - api
68 filter_type: GeneralKeyword
69 use_ml: true
70 min_line_len: 11
71 required_substrings:
72 - api
73 doc_available: false
74
75- name: IPv4
76 severity: info
77 type: pattern
78 values:
79 - (^|[^.0-9a-zA-Z])(?P<value>[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2})(?!/([123]?[0-9])([^0-9]|$))([^.0-9a-zA-Z$]|$)
80 filter_type:
81 - ValueIPCheck
82 min_line_len: 10
83 required_substrings:
84 - "."
85 doc_available: false
86
87- name: IPv6
88 severity: info
89 type: pattern
90 values:
91 - (^|[^:0-9a-zA-Z])(?P<value>[0-9A-Fa-f]{0,4}:(:?[0-9A-Fa-f]{1,4}:?){0,6}:[0-9A-Fa-f]{1,4})([^:0-9a-zA-Z]|$)
92 filter_type:
93 - ValueIPCheck
94 min_line_len: 10
95 required_substrings:
96 - ":"
97 doc_available: false
98
99- name: AWS Client ID
100 severity: high
101 type: pattern
102 values:
103 - (^|[^.0-9A-Za-z_/+-])(?P<value>(ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16,17})([^=0-9A-Za-z_/+-]|$)
104 filter_type: GeneralPattern
105 use_ml: true
106 required_substrings:
107 - A
108 min_line_len: 20
109 required_regex: "[a-zA-Z0-9_/+-]{15,}"
110
111- name: AWS Multi
112 severity: high
113 type: multi
114 values:
115 - (^|[^.0-9A-Za-z_/+-])(?P<value>(AKIA|ASIA)[0-9A-Z]{16,17})([^=0-9A-Za-z_/+-]|$)
116 - (?P<value>[0-9a-zA-Z/+]{40})
117 filter_type: GeneralPattern
118 use_ml: true
119 required_substrings:
120 - AKIA
121 - ASIA
122 min_line_len: 20
123
124- name: AWS MWS Key
125 severity: high
126 type: pattern
127 values:
128 - (^|[^.0-9A-Za-z_/+-])(?P<value>amzn\.mws\.[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})([^=0-9A-Za-z_/+-]|$)
129 filter_type: GeneralPattern
130 use_ml: true
131 required_substrings:
132 - amzn
133 min_line_len: 30
134
135- name: Credential
136 severity: medium
137 type: keyword
138 values:
139 - credential
140 filter_type: GeneralKeyword
141 use_ml: true
142 min_line_len: 18
143 required_substrings:
144 - credential
145 doc_available: false
146
147- name: Dynatrace API Token
148 severity: high
149 type: pattern
150 values:
151 - (^|[^.0-9A-Za-z_/+-])(?P<value>dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})([^=0-9A-Za-z_/+-]|$)
152 filter_type: GeneralPattern
153 use_ml: true
154 required_substrings:
155 - dt0
156 min_line_len: 90
157
158- name: Facebook Access Token
159 severity: high
160 type: pattern
161 values:
162 - (^|[^.0-9A-Za-z_/+-])(?P<value>EAAC[0-9A-Za-z]{27,})
163 filter_type: GeneralPattern
164 use_ml: true
165 required_substrings:
166 - EAAC
167 min_line_len: 31
168
169- name: Github Old Token
170 severity: high
171 type: pattern
172 values:
173 - (?i)((git)[\w\-]*(token|key|api)[\w\-]*(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[a-z|\d]{40})(["']?))
174 filter_type: GeneralPattern
175 use_ml: true
176 validations:
177 - GithubTokenValidation
178 required_substrings:
179 - git
180 min_line_len: 47
181
182- name: Google API Key
183 severity: high
184 type: pattern
185 values:
186 - (^|[^.0-9A-Za-z_/+-])(?P<value>AIza[0-9A-Za-z_-]{35})([^=0-9A-Za-z_/+-]|$)
187 filter_type: GeneralPattern
188 use_ml: false
189 validations:
190 - GoogleApiKeyValidation
191 required_substrings:
192 - AIza
193 min_line_len: 39
194
195- name: Google Multi
196 severity: high
197 type: multi
198 values:
199 - (?P<value>[0-9]+\-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com)
200 - (?<![0-9a-zA-Z_-])(?P<value>[0-9a-zA-Z_-]{24})([^=0-9A-Za-z_/+-]|$)
201 filter_type: GeneralPattern
202 use_ml: false
203 validations:
204 - GoogleMultiValidation
205 required_substrings:
206 - .apps.googleusercontent.com
207 min_line_len: 40
208
209- name: Google OAuth Access Token
210 severity: high
211 type: pattern
212 values:
213 - (^|[^.0-9A-Za-z_/+-])(?P<value>ya29\.[0-9A-Za-z_-]{22,})
214 filter_type: GeneralPattern
215 use_ml: true
216 required_substrings:
217 - ya29.
218 min_line_len: 27
219
220- name: Heroku API Key
221 severity: high
222 type: pattern
223 values:
224 - (?i)(?P<value>heroku(.{0,20})?[0-9a-f]{8}(-[0-9a-f]{4})+-[0-9a-f]{12})([^=0-9A-Za-z_/+-]|$)
225 filter_type: GeneralPattern
226 use_ml: true
227 required_substrings:
228 - heroku
229 min_line_len: 24
230
231- name: Instagram Access Token
232 severity: high
233 type: pattern
234 values:
235 - (^|[^.0-9A-Za-z_/+-])(?P<value>IGQVJ[\w]{100,})
236 filter_type: GeneralPattern
237 use_ml: true
238 required_substrings:
239 - IGQVJ
240 min_line_len: 105
241
242- name: JSON Web Token
243 severity: medium
244 type: pattern
245 values:
246 - (^|[^.0-9A-Za-z_/+-])(?P<value>eyJ[A-Za-z0-9=_-]{13,}(\.[A-Za-z0-9-_.+\/=]+)?)
247 filter_type: GeneralPattern
248 use_ml: true
249 required_substrings:
250 - eyJ
251 min_line_len: 16
252
253- name: MailChimp API Key
254 severity: high
255 type: pattern
256 values:
257 - (^|[^.0-9A-Za-z_/+-])(?P<value>[0-9a-zA-Z]{32}-us[0-9]{1,2})([^=0-9A-Za-z_/+-]|$)
258 filter_type: GeneralPattern
259 use_ml: false
260 validations:
261 - MailChimpKeyValidation
262 required_substrings:
263 - -us
264 min_line_len: 35
265
266- name: MailGun API Key
267 severity: high
268 type: pattern
269 values:
270 - (^|[^.0-9A-Za-z_/+-])(?P<value>key-[0-9a-zA-Z]{32})([^=0-9A-Za-z_/+-]|$)
271 filter_type: GeneralPattern
272 use_ml: true
273 required_substrings:
274 - key-
275 min_line_len: 36
276
277- name: Password
278 severity: medium
279 type: keyword
280 values:
281 - (?<!by)pass(?!ed|ing|es)|pw(d|\b)
282 filter_type: PasswordKeyword
283 use_ml: true
284 min_line_len: 10
285 required_substrings:
286 - pass
287 - pw
288 doc_available: false
289
290- name: PayPal Braintree Access Token
291 severity: high
292 type: pattern
293 values:
294 - (?P<value>access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32})([^=0-9A-Za-z_/+-]|$)
295 filter_type: GeneralPattern
296 use_ml: false
297 required_substrings:
298 - access_token$production$
299 min_line_len: 72
300
301- name: PEM Private Key
302 severity: high
303 type: pem_key
304 values:
305 - (?P<value>-----BEGIN\s(?!ENCRYPTED|EC)[^-]*PRIVATE[^-]*KEY[^-]*-----(.+-----END[^-]+-----)?)
306 filter_type:
307 - LineSpecificKeyCheck
308 min_line_len: 27
309
310- name: Picatic API Key
311 severity: high
312 type: pattern
313 values:
314 - (?P<value>sk_live_[0-9a-z]{32})([^=0-9A-Za-z_/+-]|$)
315 filter_type: GeneralPattern
316 use_ml: false
317 required_substrings:
318 - sk_live_
319 min_line_len: 40
320
321- name: Secret
322 severity: medium
323 type: keyword
324 values:
325 - secret
326 filter_type: GeneralKeyword
327 use_ml: true
328 min_line_len: 14
329 required_substrings:
330 - secret
331 doc_available: false
332
333- name: SendGrid API Key
334 severity: high
335 type: pattern
336 values:
337 - (?P<value>SG\.[\w_]{16,32}\.[\w_]{16,64})
338 filter_type: GeneralPattern
339 use_ml: false
340 required_substrings:
341 - SG.
342 min_line_len: 34
343
344- name: Shopify Token
345 severity: high
346 type: pattern
347 values:
348 - (?P<value>shp(at|ca|pa|ss)_[a-fA-F0-9]{32})([^=0-9A-Za-z_/+-]|$)
349 filter_type: TokenPattern
350 required_substrings:
351 - shp
352 min_line_len: 38
353
354- name: Slack Token
355 severity: high
356 type: pattern
357 values:
358 - (^|[^.0-9A-Za-z_/+-])(?P<value>xox[a|b|p|r|o|s]\-[-a-zA-Z0-9]{10,250})
359 filter_type: GeneralPattern
360 use_ml: true
361 validations:
362 - SlackTokenValidation
363 required_substrings:
364 - xox
365 min_line_len: 15
366
367- name: Slack Webhook
368 severity: high
369 type: pattern
370 values:
371 - (?P<value>hooks\.slack\.com/services/T\w{8}/B\w{8}/\w{24})
372 filter_type: GeneralPattern
373 use_ml: true
374 required_substrings:
375 - hooks.slack.com/services/T
376 min_line_len: 61
377
378- name: Stripe Standard API Key
379 severity: high
380 type: pattern
381 values:
382 - (?P<value>sk_live_[0-9a-zA-Z]{24})([^=0-9A-Za-z_/+-]|$)
383 filter_type: GeneralPattern
384 use_ml: true
385 validations:
386 - StripeApiKeyValidation
387 required_substrings:
388 - sk_live_
389 min_line_len: 32
390
391- name: Stripe Restricted API Key
392 severity: high
393 type: pattern
394 values:
395 - (?P<value>rk_live_[0-9a-zA-Z]{24})([^=0-9A-Za-z_/+-]|$)
396 filter_type: GeneralPattern
397 use_ml: true
398 required_substrings:
399 - rk_live_
400 min_line_len: 32
401
402- name: Square Access Token
403 severity: high
404 type: pattern
405 values:
406 - (^|[^.0-9A-Za-z_/+-])(?P<value>EAAA[0-9A-Za-z_-]{60})([^=0-9A-Za-z_/+-]|$)
407 filter_type: GeneralPattern
408 use_ml: true
409 validations:
410 - SquareAccessTokenValidation
411 required_substrings:
412 - EAAA
413 min_line_len: 64
414
415- name: Square Client ID
416 severity: medium
417 type: pattern
418 values:
419 - (^|[^.0-9A-Za-z_/+-])(?P<value>sq0[a-z]{3}-[0-9A-Za-z_-]{22})([^=0-9A-Za-z_/+-]|$)
420 filter_type: GeneralPattern
421 use_ml: true
422 validations:
423 - SquareClientIdValidation
424 required_substrings:
425 - sq0
426 min_line_len: 29
427
428- name: Square OAuth Secret
429 severity: high
430 type: pattern
431 values:
432 - (?P<value>sq0csp-[0-9A-Za-z_-]{43})([^=0-9A-Za-z_/+-]|$)
433 filter_type: GeneralPattern
434 use_ml: false
435 required_substrings:
436 - sq0csp
437 min_line_len: 50
438
439- name: Token
440 severity: medium
441 type: keyword
442 values:
443 - token
444 filter_type: GeneralKeyword
445 use_ml: true
446 min_line_len: 13
447 required_substrings:
448 - token
449 doc_available: false
450
451- name: Twilio API Key
452 severity: high
453 type: pattern
454 values:
455 - (^|[^.0-9A-Za-z_/+-])(?P<value>SK[0-9a-fA-F]{32})([^=0-9A-Za-z_/+-]|$)
456 filter_type: GeneralPattern
457 use_ml: true
458 required_substrings:
459 - SK
460 min_line_len: 34
461
462- name: URL Credentials
463 severity: high
464 type: pattern
465 values:
466 - ://[^:\s]+(?P<separator>:)(?P<value>[^@\s]+)@
467 filter_type: UrlCredentialsGroup
468 use_ml: true
469 required_substrings:
470 - ://
471 min_line_len: 10
472 doc_available: false
473
474- name: Auth
475 severity: medium
476 type: keyword
477 values:
478 - auth(?!or)
479 filter_type: GeneralKeyword
480 use_ml: true
481 min_line_len: 12
482 required_substrings:
483 - auth
484 doc_available: false
485
486- name: Key
487 severity: medium
488 type: keyword
489 values:
490 - key(?!word)
491 filter_type: GeneralKeyword
492 use_ml: true
493 min_line_len: 11
494 required_substrings:
495 - key
496 doc_available: false
497
498- name: Telegram Bot API Token
499 severity: high
500 type: pattern
501 values:
502 - (?P<value>[0-9]{8,10}:[0-9A-Za-z_-]{35})([^=0-9A-Za-z_/+-]|$)
503 filter_type: GeneralPattern
504 required_substrings:
505 - :AA
506 min_line_len: 45
507
508- name: PyPi API Token
509 severity: high
510 type: pattern
511 values:
512 - (?P<value>pypi-[\w_\-]{150,})
513 filter_type: GeneralPattern
514 required_substrings:
515 - pypi-
516 min_line_len: 155
517
518- name: Github Token
519 severity: high
520 type: pattern
521 values:
522 - (^|[^.0-9A-Za-z_/+-])(?P<value>(ghr|gho|ghu|ghs)_[\w]{36,255})
523 filter_type: GeneralPattern
524 required_substrings:
525 - gh
526 min_line_len: 40
527
528- name: Github Personal Access Token
529 severity: high
530 type: pattern
531 values:
532 - (^|[^.0-9A-Za-z_/+-])(?P<value>ghp_[\w]{36,255})
533 filter_type: GeneralPattern
534 validations:
535 - GithubTokenValidation
536 required_substrings:
537 - ghp_
538 min_line_len: 40
539
540- name: Github Fine-granted Token
541 severity: high
542 type: pattern
543 values:
544 - (^|[^.0-9A-Za-z_/+-])(?P<value>github_pat_[0-9A-Za-z_]{80,255})
545 filter_type: GeneralPattern
546 validations:
547 - GithubTokenValidation
548 required_substrings:
549 - github_pat_
550 min_line_len: 90
551
552- name: Firebase Domain
553 severity: info
554 type: pattern
555 values:
556 - (?P<value>[a-z0-9.-]+\.firebaseio\.com|[a-z0-9.-]+\.firebaseapp\.com)
557 filter_type: GeneralPattern
558 required_substrings:
559 - .firebase
560 min_line_len: 16
561
562- name: AWS S3 Bucket
563 severity: info
564 type: pattern
565 values:
566 - (?P<value>[a-z0-9.-]+\.s3\.amazonaws\.com|[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn))
567 filter_type: GeneralPattern
568 required_substrings:
569 - .s3-website
570 - .s3.amazonaws.com
571 min_line_len: 14
572
573- name: Nonce
574 severity: medium
575 type: keyword
576 values:
577 - nonce
578 filter_type: GeneralKeyword
579 use_ml: true
580 min_line_len: 13
581 required_substrings:
582 - nonce
583 doc_available: false
584
585- name: Salt
586 severity: medium
587 type: keyword
588 values:
589 - salt
590 filter_type: GeneralKeyword
591 use_ml: true
592 min_line_len: 12
593 required_substrings:
594 - salt
595 doc_available: false
596
597- name: Certificate
598 severity: medium
599 type: keyword
600 values:
601 - cert
602 filter_type: GeneralKeyword
603 use_ml: true
604 min_line_len: 12
605 required_substrings:
606 - cert
607 doc_available: false
608
609- name: Azure Access Token
610 severity: high
611 type: pattern
612 values:
613 - (^|[^.0-9A-Za-z_/+-])(?P<value>eyJ[A-Za-z0-9_=-]{50,500}\.eyJ[A-Za-z0-9_=-]+\.[A-Za-z0-9_=-]+)
614 filter_type:
615 - ValueJsonWebTokenCheck
616 required_substrings:
617 - eyJ
618 min_line_len: 148
619
620- name: Azure Secret Value
621 severity: high
622 type: pattern
623 values:
624 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9_~.-]{3}8Q~[a-zA-Z0-9_~.-]{34})([^=0-9A-Za-z_/+-]|$)
625 filter_type: TokenPattern
626 min_line_len: 40
627 required_substrings:
628 - 8Q~
629
630- name: Bitbucket App Password
631 severity: high
632 type: pattern
633 values:
634 - (^|[^.0-9A-Za-z_/+-])(?P<value>ATBB[A-Za-z0-9]{24}[A-F0-9]{8})([^=0-9A-Za-z_/+-]|$)
635 filter_type: StructuredToken
636 min_line_len: 28
637 required_substrings:
638 - ATBB
639
640- name: Bitbucket Repository Access Token
641 severity: high
642 type: pattern
643 values:
644 - (^|[^.0-9A-Za-z_/+-])(?P<value>ATCTT3xFfGN0[a-zA-Z0-9-_]{171}=[A-F0-9]{8})([^=0-9A-Za-z_/+-]|$)
645 filter_type: TokenPattern
646 min_line_len: 183
647 required_substrings:
648 - ATCTT3xFfGN0
649
650- name: Bitbucket HTTP Access Token
651 severity: high
652 type: pattern
653 values:
654 - (^|[^.0-9A-Za-z_/+-])(?P<value>BBDC-[NMO][ADgjQTwz][A-Za-z0-9+/]{42})([^=0-9A-Za-z_/+-]|$)
655 filter_type: StructuredToken
656 min_line_len: 49
657 required_substrings:
658 - BBDC-
659
660- name: Bitbucket Client ID
661 severity: info
662 type: pattern
663 values:
664 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9]{18}([a-zA-Z0-9]{14})?)([^0-9A-Za-z.$_/+-]|$)
665 filter_type: WeirdBase64Token
666 min_line_len: 18
667 required_regex: "[a-zA-Z0-9_/+-]{15,}"
668
669- name: Bitbucket Client Secret
670 severity: info
671 type: pattern
672 values:
673 - (^|[^.0-9A-Za-z_/+-])(?P<value>([a-zA-Z0-9_-]{32}){1,2})([^0-9A-Za-z.$_/+-]|$)
674 filter_type: WeirdBase64Token
675 min_line_len: 32
676 required_regex: "[a-zA-Z0-9_/+-]{15,}"
677
678- name: Jira / Confluence PAT token
679 severity: high
680 type: pattern
681 values:
682 - (^|[^.0-9A-Za-z_/+-])(?P<value>[NMO][ADgjQTwz][a-zA-Z0-9+/]{42})([^=0-9A-Za-z_/+-]|$)
683 filter_type: StructuredToken
684 min_line_len: 44
685 required_substrings:
686 - M
687 - N
688 - O
689 required_regex: "[a-zA-Z0-9_/+-]{15,}"
690
691- name: Atlassian Old PAT token
692 severity: info
693 type: pattern
694 values:
695 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9]{24})([^=0-9A-Za-z.$_/+-]|$)
696 filter_type: WeirdBase64Token
697 min_line_len: 24
698 required_regex: "[a-zA-Z0-9_/+-]{15,}"
699
700- name: Atlassian PAT token
701 severity: high
702 type: pattern
703 values:
704 - (^|[^.0-9A-Za-z_/+-])(?P<value>ATATT3xFfGF0[a-zA-Z0-9-_]{171}=[A-F0-9]{8})([^=0-9A-Za-z_/+-]|$)
705 filter_type: TokenPattern
706 min_line_len: 191
707 required_substrings:
708 - ATATT3xFfGF0
709
710- name: Digital Ocean PAT
711 severity: high
712 type: pattern
713 values:
714 - (^|[^.0-9A-Za-z_/+-])(?P<value>dop_v1_[a-f0-9]{64})([^=0-9A-Za-z_/+-]|$)
715 filter_type: TokenPattern
716 min_line_len: 71
717 required_substrings:
718 - dop_v1_
719
720- name: Digital Ocean OAuth Access Token
721 severity: high
722 type: pattern
723 values:
724 - (^|[^.0-9A-Za-z_/+-])(?P<value>doo_v1_[a-f0-9]{64})([^=0-9A-Za-z_/+-]|$)
725 filter_type: TokenPattern
726 min_line_len: 71
727 required_substrings:
728 - doo_v1_
729
730- name: Dropbox OAuth2 API Access Token
731 severity: high
732 type: pattern
733 values:
734 - (^|[^.0-9A-Za-z_/+-])(?P<value>sl.[A-Za-z0-9_-]{135})([^=0-9A-Za-z_/+-]|$)
735 filter_type: TokenPattern
736 min_line_len: 138
737 required_substrings:
738 - sl.
739
740- name: NuGet API key
741 severity: high
742 type: pattern
743 values:
744 - (^|[^.0-9A-Za-z_/+-])(?P<value>oy2[a-z0-9]{43})([^=0-9A-Za-z_/+-]|$)
745 filter_type: TokenPattern
746 min_line_len: 46
747 required_substrings:
748 - oy2
749
750- name: Gitlab PAT
751 severity: high
752 type: pattern
753 values:
754 - (^|[^.0-9A-Za-z_/+-])(?P<value>glpat-[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
755 filter_type: TokenPattern
756 min_line_len: 26
757 required_substrings:
758 - glpat-
759
760- name: Gitlab Pipeline Trigger Token
761 severity: high
762 type: pattern
763 values:
764 - (^|[^.0-9A-Za-z_/+-])(?P<value>glptt-[a-f0-9]{40})([^=0-9A-Za-z_/+-]|$)
765 filter_type: TokenPattern
766 min_line_len: 46
767 required_substrings:
768 - glptt-
769
770- name: Gitlab Registration Runner Token
771 severity: high
772 type: pattern
773 values:
774 - (^|[^.0-9A-Za-z_/+-])(?P<value>GR1348941[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
775 filter_type: TokenPattern
776 min_line_len: 29
777 required_substrings:
778 - GR1348941
779
780- name: Gitlab Registration Runner Token 2023
781 severity: high
782 type: pattern
783 values:
784 - (^|[^.0-9A-Za-z_/+-])(?P<value>glrt-[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
785 filter_type: TokenPattern
786 min_line_len: 25
787 required_substrings:
788 - glrt-
789
790- name: Grafana Provisioned API Key
791 severity: high
792 type: pattern
793 values:
794 - (^|[^.0-9A-Za-z_/+-])(?P<value>eyJ[a-zA-Z0-9=/-]{64,360})([^=0-9A-Za-z_/+-]|$)
795 filter_type:
796 - ValueGrafanaCheck
797 min_line_len: 67
798 required_substrings:
799 - eyJ
800
801- name: Grafana Access Policy Token
802 severity: high
803 type: pattern
804 values:
805 - (^|[^.0-9A-Za-z_/+-])(?P<value>glc_eyJ[a-zA-Z0-9=/-]{80,360})([^=0-9A-Za-z_/+-]|$)
806 filter_type:
807 - ValueGrafanaCheck
808 min_line_len: 87
809 required_substrings:
810 - glc_eyJ
811
812- name: Dropbox API secret (long term)
813 severity: high
814 type: pattern
815 values:
816 - (^|[^.0-9A-Za-z_/+-])(?=[A-Za-z0-9]{64})(?P<value>[A-Za-z0-9]{10,12}[B-Za-z0-9]A{10,12}[B-Za-z0-9][A-Za-z0-9]{40,44})([^=0-9A-Za-z_/+-]|$)
817 filter_type: []
818 min_line_len: 43
819 required_substrings:
820 - AAAAAAAAAA
821
822- name: Dropbox App secret
823 severity: info
824 type: pattern
825 values:
826 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-z0-9]{15})([^=0-9A-Za-z_/+-]|$)
827 filter_type: WeirdBase36Token
828 min_line_len: 15
829 required_regex: "[a-zA-Z0-9_/+-]{15,}"
830
831- name: Gitlab Incoming Email Token
832 severity: info
833 type: pattern
834 values:
835 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-z0-9]{24,25})([^=0-9A-Za-z_/+-]|$)
836 filter_type: WeirdBase36Token
837 min_line_len: 24
838 required_regex: "[a-zA-Z0-9_/+-]{15,}"
839
840- name: Gitlab Feed Token
841 severity: info
842 type: pattern
843 values:
844 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
845 filter_type: WeirdBase64Token
846 min_line_len: 20
847 required_regex: "[a-zA-Z0-9_/+-]{15,}"
848
849- name: Jira 2FA
850 severity: info
851 type: pattern
852 values:
853 - (^|[^.0-9A-Za-z_/+-])(?P<value>[A-Z2-7]{16})([^=0-9A-Za-z_/+-]|$)
854 filter_type:
855 - ValueCoupleKeywordCheck
856 - ValuePatternCheck
857 - ValueEntropyBase32Check
858 - ValueBase32DataCheck
859 - ValueTokenBase32Check
860 min_line_len: 16
861 required_regex: "[a-zA-Z0-9_/+-]{15,}"