1- name: SECRET_PAIR
2 severity: medium
3 type: pattern
4 values:
5 - (?P<variable>[`'\"]?(?i:token|secret|key|키|암호|암호화|토큰)[`'\"]?)((\s)*[=:](\s)*)(?P<quote>[`'\"(])?(?P<value>\S{4,})(?(quote)[)`'\"])
6 filter_type:
7 - ValueAllowlistCheck
8 min_line_len: 10
9 required_substrings:
10 - token
11 - secret
12 - key
13 - ":"
14 - "/"
15 - "="
16 - 키
17 - 암호
18 - 암호화
19 - 토큰
20 doc_only: true
21
22- name: PASSWD_PAIR
23 severity: medium
24 type: pattern
25 values:
26 - (?P<variable>[`'\"]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[`'\"]?)((\s)*[=:](\s)*)(?P<quote>[`'\"(])?(?P<value>\S{4,})(?(quote)[)`'\"])
27 filter_type:
28 - ValueAllowlistCheck
29 min_line_len: 10
30 required_substrings:
31 - pass
32 - sword
33 - ":"
34 - "/"
35 - "="
36 - 비밀번호
37 - 비번
38 - 패스워드
39 - 암호
40 doc_only: true
41
42- name: IP_ID_PASSWORD_TRIPLE
43 severity: medium
44 type: pattern
45 values:
46 - (^|(?P<variable>(?i:\bip[\s/]+id[\s/]+pw[\s/:]*))|(?P<url>://)|\s)(?P<ip>[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2})((?P<lpar>\s*\()?\s*|(?(variable)[\s,/]+|\s*(?(url)[,]|[,/])\s*))[\w.-]{3,}[\s,/]+(?P<value>(?(lpar)[^)\s/]{4,}|(?(url)[^\s/]{4,}|[^\s]{4,})))
47 filter_type:
48 - ValueAllowlistCheck
49 min_line_len: 10
50 required_substrings:
51 - "."
52 doc_only: true
53
54- name: ID_PAIR_PASSWD_PAIR
55 severity: medium
56 type: pattern
57 values:
58 - (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*?(?P<quote>[`'\"]+)?(?P<value>\S{3,}?)(?(quote)(?P=quote)|\b)
59 - (?P<ddash>--)?(?P<variable>(?i:user\s*)?(?i:id|login|account|root|admin|user|name|wifi|role|host|default|계정|아이디))\s*?(?(ddash)[ =]|[ :=])\s*?(?P<value>\S+)
60 filter_type:
61 - ValueAllowlistCheck
62 min_line_len: 10
63 required_substrings:
64 - pass
65 - sword
66 - p/w
67 - pw
68 - 비밀번호
69 - 비번
70 - 패스워드
71 - 암호
72 doc_only: true
73
74- name: ID_PASSWD_PAIR
75 severity: medium
76 type: pattern
77 values:
78 - (?P<variable>[\w.-]*(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]*(?(id)[ :(/]+|[:(/]+)(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]+|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,31})[ :\(/\"',]+(?P<value>[^\s}\])\"']{4,31})
79 filter_type:
80 - ValueAllowlistCheck
81 - ValueDictionaryKeywordCheck
82 min_line_len: 10
83 required_substrings:
84 - pw
85 - pass
86 - sword
87 - 비밀번호
88 - 비번
89 - 패스워드
90 - 암호
91 doc_only: true
92
93- name: PII
94 severity: info
95 type: keyword
96 values:
97 - birth
98 - name
99 - sex|gender
100 filter_type:
101 - ValuePIICheck
102 min_line_len: 11
103 required_substrings:
104 - birth
105 - name
106 - sex
107 - gender
108
109- name: Phone
110 severity: info
111 type: pattern
112 values:
113 - (^|[^0-9A-Za-z])(?P<value>\+[1-9][0-9]{6,14})([^=0-9A-Za-z]|$)
114 filter_type:
115 - ValuePhoneCheck
116 min_line_len: 10
117 required_substrings:
118 - "+"
119 doc_available: false
120
121- name: VIN
122 severity: info
123 type: pattern
124 values:
125 - (^|[^0-9A-Za-z])(?P<value>[A-HJ-NPR-Z0-9]{17})([^=0-9A-Za-z]|$)
126 filter_type:
127 - ValueVinCheck
128 - ValuePatternCheck
129 min_line_len: 16
130 required_regex: "[a-zA-Z0-9_/+-]{15,}"
131 doc_available: false
132
133- name: Credit card number
134 severity: info
135 type: pattern
136 values:
137 - (?<!([0-9]\.|[=*+\/\-] |.[=*+\/\-]))((?<![0-9A-Za-z_=*+\-\/.])(?P<value>[0-9]{16})(?![0-9A-Za-z_=*+\-\/.]))(?!(\.[0-9]| [=*+\/\-]|.[=*+\/\-]))
138 filter_type:
139 - ValueCardNumberCheck
140 min_line_len: 16
141 required_regex: "[a-zA-Z0-9_/+-]{15,}"
142 doc_available: false
143
144- name: IBAN
145 severity: info
146 type: pattern
147 values:
148 - (^|[^0-9A-Za-z])(?P<value>[A-Z]{2}[0-9]{2}[A-Z0-9]{12,30})([^=0-9A-Za-z]|$)
149 filter_type:
150 - ValueIbanCheck
151 min_line_len: 16
152 required_regex: "[a-zA-Z0-9_/+-]{15,}"
153 doc_available: false
154
155- name: API
156 severity: medium
157 type: keyword
158 values:
159 - api
160 filter_type: GeneralKeyword
161 use_ml: true
162 min_line_len: 11
163 required_substrings:
164 - api
165 doc_available: false
166
167- name: IPv4
168 severity: info
169 type: pattern
170 values:
171 - (^|[^.0-9a-zA-Z])(?P<value>[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2})(?!/([123]?[0-9])([^0-9]|$))([^.0-9a-zA-Z$]|$)
172 filter_type:
173 - ValueIPCheck
174 min_line_len: 10
175 required_substrings:
176 - "."
177 doc_available: false
178
179- name: IPv6
180 severity: info
181 type: pattern
182 values:
183 - (^|[^:0-9a-zA-Z])(?P<value>[0-9A-Fa-f]{0,4}:(:?[0-9A-Fa-f]{1,4}:?){0,6}:[0-9A-Fa-f]{1,4})([^:0-9a-zA-Z]|$)
184 filter_type:
185 - ValueIPCheck
186 min_line_len: 10
187 required_substrings:
188 - ":"
189 doc_available: false
190
191- name: AWS Client ID
192 severity: high
193 type: pattern
194 values:
195 - (^|[^.0-9A-Za-z_/+-])(?P<value>(ABIA|ACCA|AGPA|AIDA|AIPA|AKIA|ANPA|ANVA|AROA|APKA|ASCA|ASIA)[0-9A-Z]{16,17})([^=0-9A-Za-z_/+-]|$)
196 filter_type: GeneralPattern
197 use_ml: true
198 required_substrings:
199 - A
200 min_line_len: 20
201 required_regex: "[a-zA-Z0-9_/+-]{15,}"
202
203- name: AWS Multi
204 severity: high
205 type: multi
206 values:
207 - (^|[^.0-9A-Za-z_/+-])(?P<value>(AKIA|ASIA)[0-9A-Z]{16,17})([^=0-9A-Za-z_/+-]|$)
208 - (?P<value>[0-9a-zA-Z/+]{40})
209 filter_type: GeneralPattern
210 use_ml: true
211 required_substrings:
212 - AKIA
213 - ASIA
214 min_line_len: 20
215
216- name: AWS MWS Key
217 severity: high
218 type: pattern
219 values:
220 - (^|[^.0-9A-Za-z_/+-])(?P<value>amzn\.mws\.[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})([^=0-9A-Za-z_/+-]|$)
221 filter_type: GeneralPattern
222 use_ml: true
223 required_substrings:
224 - amzn
225 min_line_len: 30
226
227- name: Credential
228 severity: medium
229 type: keyword
230 values:
231 - credential
232 filter_type: GeneralKeyword
233 use_ml: true
234 min_line_len: 18
235 required_substrings:
236 - credential
237 doc_available: false
238
239- name: Dynatrace API Token
240 severity: high
241 type: pattern
242 values:
243 - (^|[^.0-9A-Za-z_/+-])(?P<value>dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})([^=0-9A-Za-z_/+-]|$)
244 filter_type: GeneralPattern
245 use_ml: true
246 required_substrings:
247 - dt0
248 min_line_len: 90
249
250- name: Facebook Access Token
251 severity: high
252 type: pattern
253 values:
254 - (^|[^.0-9A-Za-z_/+-])(?P<value>EAAC[0-9A-Za-z]{27,})
255 filter_type: GeneralPattern
256 use_ml: true
257 required_substrings:
258 - EAAC
259 min_line_len: 31
260
261- name: Github Old Token
262 severity: high
263 type: pattern
264 values:
265 - (?i)((git)[\w\-]*(token|key|api)[\w\-]*(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[a-z|\d]{40})(["']?))
266 filter_type: GeneralPattern
267 use_ml: true
268 validations:
269 - GithubTokenValidation
270 required_substrings:
271 - git
272 min_line_len: 47
273
274- name: Google API Key
275 severity: high
276 type: pattern
277 values:
278 - (^|[^.0-9A-Za-z_/+-])(?P<value>AIza[0-9A-Za-z_-]{35})([^=0-9A-Za-z_/+-]|$)
279 filter_type: GeneralPattern
280 use_ml: false
281 validations:
282 - GoogleApiKeyValidation
283 required_substrings:
284 - AIza
285 min_line_len: 39
286
287- name: Google Multi
288 severity: high
289 type: multi
290 values:
291 - (?P<value>[0-9]+\-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com)
292 - (?<![0-9a-zA-Z_-])(?P<value>[0-9a-zA-Z_-]{24})([^=0-9A-Za-z_/+-]|$)
293 filter_type: GeneralPattern
294 use_ml: false
295 validations:
296 - GoogleMultiValidation
297 required_substrings:
298 - .apps.googleusercontent.com
299 min_line_len: 40
300
301- name: Google OAuth Access Token
302 severity: high
303 type: pattern
304 values:
305 - (^|[^.0-9A-Za-z_/+-])(?P<value>ya29\.[0-9A-Za-z_-]{22,})
306 filter_type: GeneralPattern
307 use_ml: true
308 required_substrings:
309 - ya29.
310 min_line_len: 27
311
312- name: Heroku API Key
313 severity: high
314 type: pattern
315 values:
316 - (?i)(?P<value>heroku(.{0,20})?[0-9a-f]{8}(-[0-9a-f]{4})+-[0-9a-f]{12})([^=0-9A-Za-z_/+-]|$)
317 filter_type: GeneralPattern
318 use_ml: true
319 required_substrings:
320 - heroku
321 min_line_len: 24
322
323- name: Instagram Access Token
324 severity: high
325 type: pattern
326 values:
327 - (^|[^.0-9A-Za-z_/+-])(?P<value>IGQVJ[\w]{100,})
328 filter_type: GeneralPattern
329 use_ml: true
330 required_substrings:
331 - IGQVJ
332 min_line_len: 105
333
334- name: JSON Web Token
335 severity: medium
336 type: pattern
337 values:
338 - (^|[^.0-9A-Za-z_/+-])(?P<value>eyJ[A-Za-z0-9=_-]{13,}(\.[A-Za-z0-9-_.+\/=]+)?)
339 filter_type: GeneralPattern
340 use_ml: true
341 required_substrings:
342 - eyJ
343 min_line_len: 16
344
345- name: MailChimp API Key
346 severity: high
347 type: pattern
348 values:
349 - (^|[^.0-9A-Za-z_/+-])(?P<value>[0-9a-zA-Z]{32}-us[0-9]{1,2})([^=0-9A-Za-z_/+-]|$)
350 filter_type: GeneralPattern
351 use_ml: false
352 validations:
353 - MailChimpKeyValidation
354 required_substrings:
355 - -us
356 min_line_len: 35
357
358- name: MailGun API Key
359 severity: high
360 type: pattern
361 values:
362 - (^|[^.0-9A-Za-z_/+-])(?P<value>key-[0-9a-zA-Z]{32})([^=0-9A-Za-z_/+-]|$)
363 filter_type: GeneralPattern
364 use_ml: true
365 required_substrings:
366 - key-
367 min_line_len: 36
368
369- name: Password
370 severity: medium
371 type: keyword
372 values:
373 - (?<!by)pass(?!ed|ing|es)|pw(d|\b)
374 filter_type: PasswordKeyword
375 use_ml: true
376 min_line_len: 10
377 required_substrings:
378 - pass
379 - pw
380 doc_available: false
381
382- name: PayPal Braintree Access Token
383 severity: high
384 type: pattern
385 values:
386 - (?P<value>access_token\$production\$[0-9a-z]{16}\$[0-9a-z]{32})([^=0-9A-Za-z_/+-]|$)
387 filter_type: GeneralPattern
388 use_ml: false
389 required_substrings:
390 - access_token$production$
391 min_line_len: 72
392
393- name: PEM Private Key
394 severity: high
395 type: pem_key
396 values:
397 - (?P<value>-----BEGIN\s(?!ENCRYPTED|EC)[^-]*PRIVATE[^-]*KEY[^-]*-----(.+-----END[^-]+-----)?)
398 filter_type:
399 - LineSpecificKeyCheck
400 min_line_len: 27
401
402- name: Picatic API Key
403 severity: high
404 type: pattern
405 values:
406 - (?P<value>sk_live_[0-9a-z]{32})([^=0-9A-Za-z_/+-]|$)
407 filter_type: GeneralPattern
408 use_ml: false
409 required_substrings:
410 - sk_live_
411 min_line_len: 40
412
413- name: Secret
414 severity: medium
415 type: keyword
416 values:
417 - secret
418 filter_type: GeneralKeyword
419 use_ml: true
420 min_line_len: 14
421 required_substrings:
422 - secret
423 doc_available: false
424
425- name: SendGrid API Key
426 severity: high
427 type: pattern
428 values:
429 - (?P<value>SG\.[\w_]{16,32}\.[\w_]{16,64})
430 filter_type: GeneralPattern
431 use_ml: false
432 required_substrings:
433 - SG.
434 min_line_len: 34
435
436- name: Shopify Token
437 severity: high
438 type: pattern
439 values:
440 - (?P<value>shp(at|ca|pa|ss)_[a-fA-F0-9]{32})([^=0-9A-Za-z_/+-]|$)
441 filter_type: TokenPattern
442 required_substrings:
443 - shp
444 min_line_len: 38
445
446- name: Slack Token
447 severity: high
448 type: pattern
449 values:
450 - (^|[^.0-9A-Za-z_/+-])(?P<value>xox[a|b|p|r|o|s]\-[-a-zA-Z0-9]{10,250})
451 filter_type: GeneralPattern
452 use_ml: true
453 validations:
454 - SlackTokenValidation
455 required_substrings:
456 - xox
457 min_line_len: 15
458
459- name: Slack Webhook
460 severity: high
461 type: pattern
462 values:
463 - (?P<value>hooks\.slack\.com/services/T\w{8}/B\w{8}/\w{24})
464 filter_type: GeneralPattern
465 use_ml: true
466 required_substrings:
467 - hooks.slack.com/services/T
468 min_line_len: 61
469
470- name: Stripe Standard API Key
471 severity: high
472 type: pattern
473 values:
474 - (?P<value>sk_live_[0-9a-zA-Z]{24})([^=0-9A-Za-z_/+-]|$)
475 filter_type: GeneralPattern
476 use_ml: true
477 validations:
478 - StripeApiKeyValidation
479 required_substrings:
480 - sk_live_
481 min_line_len: 32
482
483- name: Stripe Restricted API Key
484 severity: high
485 type: pattern
486 values:
487 - (?P<value>rk_live_[0-9a-zA-Z]{24})([^=0-9A-Za-z_/+-]|$)
488 filter_type: GeneralPattern
489 use_ml: true
490 required_substrings:
491 - rk_live_
492 min_line_len: 32
493
494- name: Square Access Token
495 severity: high
496 type: pattern
497 values:
498 - (^|[^.0-9A-Za-z_/+-])(?P<value>EAAA[0-9A-Za-z_-]{60})([^=0-9A-Za-z_/+-]|$)
499 filter_type: GeneralPattern
500 use_ml: true
501 validations:
502 - SquareAccessTokenValidation
503 required_substrings:
504 - EAAA
505 min_line_len: 64
506
507- name: Square Client ID
508 severity: medium
509 type: pattern
510 values:
511 - (^|[^.0-9A-Za-z_/+-])(?P<value>sq0[a-z]{3}-[0-9A-Za-z_-]{22})([^=0-9A-Za-z_/+-]|$)
512 filter_type: GeneralPattern
513 use_ml: true
514 validations:
515 - SquareClientIdValidation
516 required_substrings:
517 - sq0
518 min_line_len: 29
519
520- name: Square OAuth Secret
521 severity: high
522 type: pattern
523 values:
524 - (?P<value>sq0csp-[0-9A-Za-z_-]{43})([^=0-9A-Za-z_/+-]|$)
525 filter_type: GeneralPattern
526 use_ml: false
527 required_substrings:
528 - sq0csp
529 min_line_len: 50
530
531- name: Token
532 severity: medium
533 type: keyword
534 values:
535 - token
536 filter_type: GeneralKeyword
537 use_ml: true
538 min_line_len: 13
539 required_substrings:
540 - token
541 doc_available: false
542
543- name: Twilio API Key
544 severity: high
545 type: pattern
546 values:
547 - (^|[^.0-9A-Za-z_/+-])(?P<value>SK[0-9a-fA-F]{32})([^=0-9A-Za-z_/+-]|$)
548 filter_type: GeneralPattern
549 use_ml: true
550 required_substrings:
551 - SK
552 min_line_len: 34
553
554- name: URL Credentials
555 severity: high
556 type: pattern
557 values:
558 - ://[^:\s]+(?P<separator>:)(?P<value>[^@\s]+)@
559 filter_type: UrlCredentialsGroup
560 use_ml: true
561 required_substrings:
562 - ://
563 min_line_len: 10
564 doc_available: false
565
566- name: Auth
567 severity: medium
568 type: keyword
569 values:
570 - auth(?!or)
571 filter_type: GeneralKeyword
572 use_ml: true
573 min_line_len: 12
574 required_substrings:
575 - auth
576 doc_available: false
577
578- name: Key
579 severity: medium
580 type: keyword
581 values:
582 - key(?!word)
583 filter_type: GeneralKeyword
584 use_ml: true
585 min_line_len: 11
586 required_substrings:
587 - key
588 doc_available: false
589
590- name: Telegram Bot API Token
591 severity: high
592 type: pattern
593 values:
594 - (?P<value>[0-9]{8,10}:[0-9A-Za-z_-]{35})([^=0-9A-Za-z_/+-]|$)
595 filter_type: GeneralPattern
596 required_substrings:
597 - :AA
598 min_line_len: 45
599
600- name: PyPi API Token
601 severity: high
602 type: pattern
603 values:
604 - (?P<value>pypi-[\w_\-]{150,})
605 filter_type: GeneralPattern
606 required_substrings:
607 - pypi-
608 min_line_len: 155
609
610- name: Github Token
611 severity: high
612 type: pattern
613 values:
614 - (^|[^.0-9A-Za-z_/+-])(?P<value>(ghr|gho|ghu|ghs)_[\w]{36,255})
615 filter_type: GeneralPattern
616 required_substrings:
617 - gh
618 min_line_len: 40
619
620- name: Github Personal Access Token
621 severity: high
622 type: pattern
623 values:
624 - (^|[^.0-9A-Za-z_/+-])(?P<value>ghp_[\w]{36,255})
625 filter_type: GeneralPattern
626 validations:
627 - GithubTokenValidation
628 required_substrings:
629 - ghp_
630 min_line_len: 40
631
632- name: Github Fine-granted Token
633 severity: high
634 type: pattern
635 values:
636 - (^|[^.0-9A-Za-z_/+-])(?P<value>github_pat_[0-9A-Za-z_]{80,255})
637 filter_type: GeneralPattern
638 validations:
639 - GithubTokenValidation
640 required_substrings:
641 - github_pat_
642 min_line_len: 90
643
644- name: Firebase Domain
645 severity: info
646 type: pattern
647 values:
648 - (?P<value>[a-z0-9.-]+\.firebaseio\.com|[a-z0-9.-]+\.firebaseapp\.com)
649 filter_type: GeneralPattern
650 required_substrings:
651 - .firebase
652 min_line_len: 16
653
654- name: AWS S3 Bucket
655 severity: info
656 type: pattern
657 values:
658 - (?P<value>[a-z0-9.-]+\.s3\.amazonaws\.com|[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn))
659 filter_type: GeneralPattern
660 required_substrings:
661 - .s3-website
662 - .s3.amazonaws.com
663 min_line_len: 14
664
665- name: Nonce
666 severity: medium
667 type: keyword
668 values:
669 - nonce
670 filter_type: GeneralKeyword
671 use_ml: true
672 min_line_len: 13
673 required_substrings:
674 - nonce
675 doc_available: false
676
677- name: Salt
678 severity: medium
679 type: keyword
680 values:
681 - salt
682 filter_type: GeneralKeyword
683 use_ml: true
684 min_line_len: 12
685 required_substrings:
686 - salt
687 doc_available: false
688
689- name: Certificate
690 severity: medium
691 type: keyword
692 values:
693 - cert
694 filter_type: GeneralKeyword
695 use_ml: true
696 min_line_len: 12
697 required_substrings:
698 - cert
699 doc_available: false
700
701- name: Azure Access Token
702 severity: high
703 type: pattern
704 values:
705 - (^|[^.0-9A-Za-z_/+-])(?P<value>eyJ[A-Za-z0-9_=-]{50,500}\.eyJ[A-Za-z0-9_=-]+\.[A-Za-z0-9_=-]+)
706 filter_type:
707 - ValueJsonWebTokenCheck
708 required_substrings:
709 - eyJ
710 min_line_len: 148
711
712- name: Azure Secret Value
713 severity: high
714 type: pattern
715 values:
716 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9_~.-]{3}8Q~[a-zA-Z0-9_~.-]{34})([^=0-9A-Za-z_/+-]|$)
717 filter_type: TokenPattern
718 min_line_len: 40
719 required_substrings:
720 - 8Q~
721
722- name: Bitbucket App Password
723 severity: high
724 type: pattern
725 values:
726 - (^|[^.0-9A-Za-z_/+-])(?P<value>ATBB[A-Za-z0-9]{24}[A-F0-9]{8})([^=0-9A-Za-z_/+-]|$)
727 filter_type: StructuredToken
728 min_line_len: 28
729 required_substrings:
730 - ATBB
731
732- name: Bitbucket Repository Access Token
733 severity: high
734 type: pattern
735 values:
736 - (^|[^.0-9A-Za-z_/+-])(?P<value>ATCTT3xFfGN0[a-zA-Z0-9-_]{171}=[A-F0-9]{8})([^=0-9A-Za-z_/+-]|$)
737 filter_type: TokenPattern
738 min_line_len: 183
739 required_substrings:
740 - ATCTT3xFfGN0
741
742- name: Bitbucket HTTP Access Token
743 severity: high
744 type: pattern
745 values:
746 - (^|[^.0-9A-Za-z_/+-])(?P<value>BBDC-[NMO][ADgjQTwz][A-Za-z0-9+/]{42})([^=0-9A-Za-z_/+-]|$)
747 filter_type: StructuredToken
748 min_line_len: 49
749 required_substrings:
750 - BBDC-
751
752- name: Bitbucket Client ID
753 severity: info
754 type: pattern
755 values:
756 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9]{18}([a-zA-Z0-9]{14})?)([^0-9A-Za-z.$_/+-]|$)
757 filter_type: WeirdBase64Token
758 min_line_len: 18
759 required_regex: "[a-zA-Z0-9_/+-]{15,}"
760
761- name: Bitbucket Client Secret
762 severity: info
763 type: pattern
764 values:
765 - (^|[^.0-9A-Za-z_/+-])(?P<value>([a-zA-Z0-9_-]{32}){1,2})([^0-9A-Za-z.$_/+-]|$)
766 filter_type: WeirdBase64Token
767 min_line_len: 32
768 required_regex: "[a-zA-Z0-9_/+-]{15,}"
769
770- name: Jira / Confluence PAT token
771 severity: high
772 type: pattern
773 values:
774 - (^|[^.0-9A-Za-z_/+-])(?P<value>[NMO][ADgjQTwz][a-zA-Z0-9+/]{42})([^=0-9A-Za-z_/+-]|$)
775 filter_type: StructuredToken
776 min_line_len: 44
777 required_substrings:
778 - M
779 - N
780 - O
781 required_regex: "[a-zA-Z0-9_/+-]{15,}"
782
783- name: Atlassian Old PAT token
784 severity: info
785 type: pattern
786 values:
787 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9]{24})([^=0-9A-Za-z.$_/+-]|$)
788 filter_type: WeirdBase64Token
789 min_line_len: 24
790 required_regex: "[a-zA-Z0-9_/+-]{15,}"
791
792- name: Atlassian PAT token
793 severity: high
794 type: pattern
795 values:
796 - (^|[^.0-9A-Za-z_/+-])(?P<value>ATATT3xFfGF0[a-zA-Z0-9-_]{171}=[A-F0-9]{8})([^=0-9A-Za-z_/+-]|$)
797 filter_type: TokenPattern
798 min_line_len: 191
799 required_substrings:
800 - ATATT3xFfGF0
801
802- name: Digital Ocean PAT
803 severity: high
804 type: pattern
805 values:
806 - (^|[^.0-9A-Za-z_/+-])(?P<value>dop_v1_[a-f0-9]{64})([^=0-9A-Za-z_/+-]|$)
807 filter_type: TokenPattern
808 min_line_len: 71
809 required_substrings:
810 - dop_v1_
811
812- name: Digital Ocean OAuth Access Token
813 severity: high
814 type: pattern
815 values:
816 - (^|[^.0-9A-Za-z_/+-])(?P<value>doo_v1_[a-f0-9]{64})([^=0-9A-Za-z_/+-]|$)
817 filter_type: TokenPattern
818 min_line_len: 71
819 required_substrings:
820 - doo_v1_
821
822- name: Dropbox OAuth2 API Access Token
823 severity: high
824 type: pattern
825 values:
826 - (^|[^.0-9A-Za-z_/+-])(?P<value>sl.[A-Za-z0-9_-]{135})([^=0-9A-Za-z_/+-]|$)
827 filter_type: TokenPattern
828 min_line_len: 138
829 required_substrings:
830 - sl.
831
832- name: NuGet API key
833 severity: high
834 type: pattern
835 values:
836 - (^|[^.0-9A-Za-z_/+-])(?P<value>oy2[a-z0-9]{43})([^=0-9A-Za-z_/+-]|$)
837 filter_type: TokenPattern
838 min_line_len: 46
839 required_substrings:
840 - oy2
841
842- name: Gitlab PAT
843 severity: high
844 type: pattern
845 values:
846 - (^|[^.0-9A-Za-z_/+-])(?P<value>glpat-[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
847 filter_type: TokenPattern
848 min_line_len: 26
849 required_substrings:
850 - glpat-
851
852- name: Gitlab Pipeline Trigger Token
853 severity: high
854 type: pattern
855 values:
856 - (^|[^.0-9A-Za-z_/+-])(?P<value>glptt-[a-f0-9]{40})([^=0-9A-Za-z_/+-]|$)
857 filter_type: TokenPattern
858 min_line_len: 46
859 required_substrings:
860 - glptt-
861
862- name: Gitlab Registration Runner Token
863 severity: high
864 type: pattern
865 values:
866 - (^|[^.0-9A-Za-z_/+-])(?P<value>GR1348941[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
867 filter_type: TokenPattern
868 min_line_len: 29
869 required_substrings:
870 - GR1348941
871
872- name: Gitlab Registration Runner Token 2023
873 severity: high
874 type: pattern
875 values:
876 - (^|[^.0-9A-Za-z_/+-])(?P<value>glrt-[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
877 filter_type: TokenPattern
878 min_line_len: 25
879 required_substrings:
880 - glrt-
881
882- name: Grafana Provisioned API Key
883 severity: high
884 type: pattern
885 values:
886 - (^|[^.0-9A-Za-z_/+-])(?P<value>eyJ[a-zA-Z0-9=/-]{64,360})([^=0-9A-Za-z_/+-]|$)
887 filter_type:
888 - ValueGrafanaCheck
889 min_line_len: 67
890 required_substrings:
891 - eyJ
892
893- name: Grafana Access Policy Token
894 severity: high
895 type: pattern
896 values:
897 - (^|[^.0-9A-Za-z_/+-])(?P<value>glc_eyJ[a-zA-Z0-9=/-]{80,360})([^=0-9A-Za-z_/+-]|$)
898 filter_type:
899 - ValueGrafanaCheck
900 min_line_len: 87
901 required_substrings:
902 - glc_eyJ
903
904- name: Dropbox API secret (long term)
905 severity: high
906 type: pattern
907 values:
908 - (^|[^.0-9A-Za-z_/+-])(?=[A-Za-z0-9]{64})(?P<value>[A-Za-z0-9]{10,12}[B-Za-z0-9]A{10,12}[B-Za-z0-9][A-Za-z0-9]{40,44})([^=0-9A-Za-z_/+-]|$)
909 filter_type: []
910 min_line_len: 43
911 required_substrings:
912 - AAAAAAAAAA
913
914- name: Dropbox App secret
915 severity: info
916 type: pattern
917 values:
918 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-z0-9]{15})([^=0-9A-Za-z_/+-]|$)
919 filter_type: WeirdBase36Token
920 min_line_len: 15
921 required_regex: "[a-zA-Z0-9_/+-]{15,}"
922
923- name: Gitlab Incoming Email Token
924 severity: info
925 type: pattern
926 values:
927 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-z0-9]{24,25})([^=0-9A-Za-z_/+-]|$)
928 filter_type: WeirdBase36Token
929 min_line_len: 24
930 required_regex: "[a-zA-Z0-9_/+-]{15,}"
931
932- name: Gitlab Feed Token
933 severity: info
934 type: pattern
935 values:
936 - (^|[^.0-9A-Za-z_/+-])(?P<value>[a-zA-Z0-9_-]{20})([^=0-9A-Za-z_/+-]|$)
937 filter_type: WeirdBase64Token
938 min_line_len: 20
939 required_regex: "[a-zA-Z0-9_/+-]{15,}"
940
941- name: Jira 2FA
942 severity: info
943 type: pattern
944 values:
945 - (^|[^.0-9A-Za-z_/+-])(?P<value>[A-Z2-7]{16})([^=0-9A-Za-z_/+-]|$)
946 filter_type:
947 - ValueCoupleKeywordCheck
948 - ValuePatternCheck
949 - ValueEntropyBase32Check
950 - ValueBase32DataCheck
951 - ValueTokenBase32Check
952 min_line_len: 16
953 required_regex: "[a-zA-Z0-9_/+-]{15,}"