credsweeper.filters package

Submodules

credsweeper.filters.filter module

class credsweeper.filters.filter.Filter(config: Config, *args)[source]

Bases: object

Base class for all filters that operates on ‘line_data’ objects.

abstract run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.line_git_binary_check module

class credsweeper.filters.line_git_binary_check.LineGitBinaryCheck(config: Config | None = None)[source]

Bases: Filter

Checks that line is not a part of git binary patch

base85string = re.compile('^[A-Za-z][0-9A-Za-z!#$%&()*+;<=>?@^_`{|}~-]{6,65}$')

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.line_specific_key_check module

class credsweeper.filters.line_specific_key_check.LineSpecificKeyCheck(config: Config | None = None)[source]

Bases: Filter

Check that values from list below is not in candidate line.

NOT_ALLOWED = ['example', '\\benc[\\(\\[]', '\\btrue\\b', '\\bfalse\\b']

NOT_ALLOWED_PATTERN = re.compile('(?:example|\\benc[\\(\\[]|\\btrue\\b|\\bfalse\\b)', re.IGNORECASE)

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.line_uue_part_check module

class credsweeper.filters.line_uue_part_check.LineUUEPartCheck(config: Config | None = None)[source]

Bases: Filter

Checks that line is not a part of UU encoding only for maximal line

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

uue_string = re.compile('^M[!-`]{60}$')

credsweeper.filters.value_allowlist_check module

class credsweeper.filters.value_allowlist_check.ValueAllowlistCheck(config: Config | None = None)[source]

Bases: Filter

Check that patterns from the list is not present in the candidate value.

ALLOWED = ['ENC\$.*\$', 'ENC\\[.*\\]', '\\$\\{(\\*|[0-9]+|[a-z_].*)\\}', '\\$([0-9]+\\b|[a-z_]+[0-9a-z_]*)', '\\$\\$[a-z_]+(\\^%[0-9a-z_]+)?', '#\\{.*\\}', '\\{\\{.+\\}\\}', '\\S{0,5}\\*{5,}', '.*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@']

ALLOWED_PATTERN = re.compile('(?:ENC\$.*\$|ENC\\[.*\\]|\\$\\{(\\*|[0-9]+|[a-z_].*)\\}|\\$([0-9]+\\b|[a-z_]+[0-9a-z_]*)|\\$\\$[a-z_]+(\\^%[0-9a-z_]+)?|#\\{.*\\}|\\{\\{.+\\}\\}|\\S{0,5}\\*{5,}|.*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@, re.IGNORECASE)

ALLOWED_UNQUOTED_PATTERN = re.compile('[~a-z0-9_]+((\\.|->)[a-z0-9_]+)+\\(.*$', re.IGNORECASE)

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_array_dictionary_check module

class credsweeper.filters.value_array_dictionary_check.ValueArrayDictionaryCheck(config: Config | None = None)[source]

Bases: Filter

Match call to dictionary or array element.

This filter checks only calls, not declarations:: token = values[i] would be filtered token = {‘root’} would be kept

PATTERN = re.compile('\\[(\'|\\")?.+(\'|\\")?\\]')

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_atlassian_token_check module

class credsweeper.filters.value_atlassian_token_check.ValueAtlassianTokenCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate have a known structure

static check_atlassian_struct(value: str) → bool[source]: Returns False if value is valid for atlassian structure ‘integer:bytes’

static check_crc32_struct(value: str) → bool[source]: Returns False if value is valid for bitbucket app password structure ‘payload:crc32’

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_azure_token_check module

class credsweeper.filters.value_azure_token_check.ValueAzureTokenCheck(config: Config | None = None)[source]

Bases: Filter

Azure tokens contains header, payload and signature https://learn.microsoft.com/en-us/azure/active-directory-b2c/access-tokens

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_base32_data_check module

class credsweeper.filters.value_base32_data_check.ValueBase32DataCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate is NOT an ascii encoded string with entropy check

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received weird base32 token which must be a random string

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_base64_data_check module

class credsweeper.filters.value_base64_data_check.ValueBase64DataCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate is NOT an ascii encoded string with entropy check

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received weird base64 token which must be a random string

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_base64_encoded_pem_check module

class credsweeper.filters.value_base64_encoded_pem_check.ValueBase64EncodedPem(config: Config | None = None)[source]

Bases: Filter

Check that candidate contains base64 encoded pem private key

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_base64_key_check module

class credsweeper.filters.value_base64_key_check.ValueBase64KeyCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate contains base64 encoded private key

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_base64_part_check module

class credsweeper.filters.value_base64_part_check.ValueBase64PartCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate is NOT a part of base64 long line

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received weird base64 token which must be a random string

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_blocklist_check module

class credsweeper.filters.value_blocklist_check.ValueBlocklistCheck(config: Config | None = None)[source]

Bases: Filter

Check that words from block list is lest that 70% of candidate value length.

NOT_ALLOWED = ['true', 'false', 'null', 'bearer', 'string']

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_camel_case_check module

class credsweeper.filters.value_camel_case_check.ValueCamelCaseCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate is not written in camel case.

CAMEL_CASE = ['^([a-z]+([A-Z][a-z]+)+)$', '^([A-Z][a-z]+([A-Z][a-z]+)+)$']

CAMEL_CASE_PATTERN = re.compile('(?:^([a-z]+([A-Z][a-z]+)+)$|^([A-Z][a-z]+([A-Z][a-z]+)+)$)')

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_couple_keyword_check module

class credsweeper.filters.value_couple_keyword_check.ValueCoupleKeywordCheck(config: Config | None = None, threshold=1)[source]

Bases: Filter

Check value if TWO words from morphemes checklist exists in value

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_dictionary_keyword_check module

class credsweeper.filters.value_dictionary_keyword_check.ValueDictionaryKeywordCheck(config: Config | None = None)[source]

Bases: Filter

Check that no word from dictionary present in the candidate value.

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_dictionary_value_length_check module

class credsweeper.filters.value_dictionary_value_length_check.ValueDictionaryValueLengthCheck(config: Config | None = None, min_len: int = 4, max_len: int = 31)[source]

Bases: Filter

Check that candidate length is between 5 and 30.

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_discord_bot_check module

class credsweeper.filters.value_discord_bot_check.ValueDiscordBotCheck(config: Config | None = None)[source]

Bases: Filter

Discord bot Token

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_entropy_base32_check module

class credsweeper.filters.value_entropy_base32_check.ValueEntropyBase32Check(config: Config | None = None)[source]

Bases: Filter

Check that candidate have Shanon Entropy (for [a-z0-9])

static get_min_data_entropy(x: int) → float[source]: Returns average entropy for size of random data. Precalculated data is applied for speedup

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_entropy_base36_check module

class credsweeper.filters.value_entropy_base36_check.ValueEntropyBase36Check(config: Config | None = None)[source]

Bases: Filter

Check that candidate have Shanon Entropy (for [a-z0-9])

static get_min_data_entropy(x: int) → float[source]: Returns minimal entropy for size of random data. Precalculated data is applied for speedup

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_entropy_base64_check module

class credsweeper.filters.value_entropy_base64_check.ValueEntropyBase64Check(config: Config | None = None)[source]

Bases: Filter

Check that candidate have Shanon Entropy > 3 (for HEX_CHARS or BASE36_CHARS) or > 4.5 (for BASE64_CHARS).

static get_min_data_entropy(x: int) → float[source]: Returns minimal average entropy for size of random data. Precalculated round data is applied for speedup

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_file_path_check module

class credsweeper.filters.value_file_path_check.ValueFilePathCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate value is a path or not.

Check if a value contains either ‘/’ or ‘:’ separators (but not both) and do not have any special characters ( !$@`&*()+)

base64_possible_set = {'+', '-', '/', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '=', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '_', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'}

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

unusual_linux_symbols_in_path = '\t\n\r !$@`&*()[]{}<>+=;,~^:\\'

unusual_windows_symbols_in_path = '\t\n\r !$@`&*()[]{}<>+=;,~^'

credsweeper.filters.value_first_word_check module

class credsweeper.filters.value_first_word_check.ValueFirstWordCheck(config: Config | None = None)[source]

Bases: Filter

Check that secret doesn’t starts with special character.

NOT_ALLOWED = ['\\=', '\\{', '\\)', '\\<', '\\>', '\\#', '\\:', '\\\\\\\\', '\\\\/\\\\/', '\\_', '\\/\\*', '\\%[deflspuvxz]']

NOT_ALLOWED_PATTERN = re.compile('^(?:\\=|\\{|\\)|\\<|\\>|\\#|\\:|\\\\\\\\|\\\\/\\\\/|\\_|\\/\\*|\\%[deflspuvxz])', re.IGNORECASE)

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_github_check module

class credsweeper.filters.value_github_check.ValueGitHubCheck(config: Config | None = None)[source]

Bases: Filter

GitHub Classic Token validation

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_grafana_check module

class credsweeper.filters.value_grafana_check.ValueGrafanaCheck(config: Config | None = None)[source]

Bases: Filter

Grafana Provisioned API Key and Access Policy Token

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_grafana_service_check module

class credsweeper.filters.value_grafana_service_check.ValueGrafanaServiceCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate have a known structure

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_hex_number_check module

class credsweeper.filters.value_hex_number_check.ValueHexNumberCheck(config: Config | None = None)[source]

Bases: Filter

Check value if it a value in 32 or 64 bits hex representation

HEX_32_64_VALUE_REGEX = re.compile('^0x([0-9a-f]{8}){1,2}$')

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_jfrog_token_check module

class credsweeper.filters.value_jfrog_token_check.ValueJfrogTokenCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate have a known structure JFROG token

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_json_web_token_check module

class credsweeper.filters.value_json_web_token_check.ValueJsonWebTokenCheck(config: Config | None = None)[source]

Bases: Filter

Check that candidate is JWT which starts usually from ‘eyJ’ registered keys are checked to be in the JWT parts https://www.iana.org/assignments/jose/jose.xhtml

header_keys = {'alg', 'apu', 'apv', 'aud', 'b64', 'crit', 'cty', 'enc', 'epk', 'iss', 'iv', 'jku', 'jwk', 'kid', 'nonce', 'p2c', 'p2s', 'ppt', 'sub', 'svt', 'tag', 'typ', 'url', 'x5c', 'x5t', 'x5t#S256', 'x5u', 'zip'}

payload_keys = {'alg', 'aud', 'crit', 'crv', 'd', 'dp', 'dq', 'e', 'enc', 'exp', 'ext', 'iat', 'id', 'iss', 'jku', 'jti', 'jwk', 'k', 'key_ops', 'keys', 'kid', 'kty', 'n', 'nbf', 'nonce', 'oth', 'p', 'password', 'q', 'qi', 'role', 'secret', 'sub', 'token', 'use', 'x', 'x5c', 'x5t', 'x5t#S256', 'x5u', 'y', 'zip'}

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received token which might be structured.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, when need to filter candidate and False if left

credsweeper.filters.value_last_word_check module

class credsweeper.filters.value_last_word_check.ValueLastWordCheck(config: Config | None = None)[source]

Bases: Filter

Check that secret is not short value that ends with :.

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_method_check module

class credsweeper.filters.value_method_check.ValueMethodCheck(config: Config | None = None)[source]

Bases: Filter

Check if potential candidate value is a function.

Check if potential candidate value is a function by looking for ‘(’, ‘)’ or ‘function’ sub-strings in it

PATTERN = re.compile('^[~.\\->:0-9A-Za-z_]+\$.*\$')

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_not_allowed_pattern_check module

class credsweeper.filters.value_not_allowed_pattern_check.ValueNotAllowedPatternCheck(config: Config | None = None)[source]

Bases: Filter

Check that secret doesn’t open or closes brackets or a new line.

NOT_ALLOWED = ['[<>\\[\\]{}]\\s+', '\\\\u00(26|3c)gt;?(\\s|\\\\+[nrt])?', '^\\s*\\\\', '^\\s*\\\\n\\s*']

NOT_ALLOWED_PATTERN = re.compile('(?:[<>\\[\\]{}]\\s+|\\\\u00(26|3c)gt;?(\\s|\\\\+[nrt])?|^\\s*\\\\|^\\s*\\\\n\\s*)$', re.IGNORECASE)

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_not_part_encoded_check module

class credsweeper.filters.value_not_part_encoded_check.ValueNotPartEncodedCheck(config: Config | None = None)[source]

Bases: Filter

Check that token is not a part of encoded data.

BASE64_ENCODED_DATA_PATTERN_AFTER = re.compile('(^|[^A-Za-z0-9]+)(?P<val>(([A-Za-z0-9=_-]{4}){4,64})|(([A-Za-z0-9=+/]{4}){4,64}))([^=A-Za-z0-9]+|$)')

BASE64_ENCODED_DATA_PATTERN_BEFORE = re.compile('(^|[^A-Za-z0-9]+)(?P<val>(([A-Za-z0-9_-]{4}){16,64})|(([A-Za-z0-9+/]{4}){16,64}))([^=A-Za-z0-9]+|$)')

static check_line_target_fit(line_data: LineData, target: AnalysisTarget) → bool[source]: Verifies whether line data fit to be a part of many lines

static check_val(line: str, pattern: Pattern) → bool | None[source]: Verifies whether the line looks like a pattern

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_number_check module

class credsweeper.filters.value_number_check.ValueNumberCheck(config: Config | None = None)[source]

Bases: Filter

Check value if it a value in hex or decimal representation

DEC_VALUE_REGEX = re.compile('^-?[0-9]{1,20}[ul]{0,3}$')

HEX_VALUE_REGEX = re.compile('^(0x)?[0-9a-f]{1,128}[ul]{0,3}$')

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_pattern_check module

class credsweeper.filters.value_pattern_check.ValuePatternCheck(config: Config)[source]

Bases: Filter

Check if candidate value contain specific pattern.

Similar to linguistic sequences of characters, random strings shouldn’t contain math sequences of characters. Based on “How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories”, details: https://www.ndss-symposium.org/ndss-paper/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/ PatternCheck checks the occurrence in “line_data.value” of three types of sequence:

N or more identical characters in sequence, example: “AAAA”, “1111” …
N or more increasing characters sequentially, example: “abcd”, “1234” …
N or more decreasing characters sequentially, example: “dcba”, “4321” …

Default pattern LEN is 4

ascending_pattern_check(line_data_value: str) → bool[source]

Check if candidate value contain 4 and more ascending chars or numbers sequences.

Arg:: line_data_value: credential candidate value

Returns:: True if contain and False if not

descending_pattern_check(line_data_value: str) → bool[source]

Check if candidate value contain 4 and more descending chars or numbers sequences.

Arg:: line_data_value: string variable, credential candidate value

Returns:: boolean variable. True if contain and False if not

equal_pattern_check(line_data_value: str) → bool[source]

Check if candidate value contain 4 and more same chars or numbers sequences.

Parameters:: line_data_value – string variable, credential candidate value
Returns:: True if contain and False if not

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Arg:: line_data: LineData object, credential candidate data target: multiline target from which line data was obtained

Returns:: boolean variable. True, if need to filter candidate and False if left

credsweeper.filters.value_similarity_check module

class credsweeper.filters.value_similarity_check.ValueSimilarityCheck(config: Config | None = None)[source]

Bases: Filter

Check if candidate value is at least 70% same as candidate keyword. Like: secret = “mysecret”.

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_split_keyword_check module

class credsweeper.filters.value_split_keyword_check.ValueSplitKeywordCheck(config: Config | None = None)[source]

Bases: Filter

Check value by splitting with standard whitespace separators and any word is not matched in checklist.

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_string_type_check module

class credsweeper.filters.value_string_type_check.ValueStringTypeCheck(config: Config)[source]

Bases: Filter

Check if line_data is in source code file that require quotes for string declaration.

If it is, then checks if line_data really have string literal declaration. Comment rows in source files (start with //, /*, etc) ignored.

True if:

line_data have no value
line_data have no path
line_data is in source code file (.cpp, .py, etc.) and is not comment and contain no quotes (so no string literal declared)

False otherwise

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_base32_check module

class credsweeper.filters.value_token_base32_check.ValueTokenBase32Check(config: Config | None = None)[source]

Bases: Filter

Check that candidate have good randomization

static get_min_strength(x: int) → float[source]: Returns minimal strength. Precalculated data is applied for speedup

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_base36_check module

class credsweeper.filters.value_token_base36_check.ValueTokenBase36Check(config: Config | None = None)[source]

Bases: Filter

Check that candidate have good randomization

static get_min_strength(x: int) → float[source]: Returns minimal strength. Precalculated data is applied for speedup

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_base64_check module

class credsweeper.filters.value_token_base64_check.ValueTokenBase64Check(config: Config | None = None)[source]

Bases: Filter

Check that candidate have good randomization

static get_min_strength(x: int) → float[source]: Returns minimal strength. Precalculated rounded data is applied for speedup

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters.value_token_check module

class credsweeper.filters.value_token_check.ValueTokenCheck(config: Config | None = None)[source]

Bases: Filter

Check if first substring of token is shorter than 5.

Split candidate value into substrings using ` ;`{})(<>[]` separators. Check if first substring is shorter than 5

Examples

“my password” “12);password”

SPLIT_PATTERN = ' |;|\\)|\\(|{|}|<|>|\\[|\\]|`'

run(line_data: LineData, target: AnalysisTarget) → bool[source]

Run filter checks on received credential candidate data ‘line_data’.

Parameters:

line_data – credential candidate data
target – multiline target from which line data was obtained

Returns:

True, if need to filter candidate and False if left

credsweeper.filters package

Subpackages

Submodules

credsweeper.filters.filter module

credsweeper.filters.line_git_binary_check module

credsweeper.filters.line_specific_key_check module

credsweeper.filters.line_uue_part_check module

credsweeper.filters.value_allowlist_check module

credsweeper.filters.value_array_dictionary_check module

credsweeper.filters.value_atlassian_token_check module

credsweeper.filters.value_azure_token_check module

credsweeper.filters.value_base32_data_check module

credsweeper.filters.value_base64_data_check module

credsweeper.filters.value_base64_encoded_pem_check module

credsweeper.filters.value_base64_key_check module

credsweeper.filters.value_base64_part_check module

credsweeper.filters.value_blocklist_check module

credsweeper.filters.value_camel_case_check module

credsweeper.filters.value_couple_keyword_check module

credsweeper.filters.value_dictionary_keyword_check module

credsweeper.filters.value_dictionary_value_length_check module

credsweeper.filters.value_discord_bot_check module

credsweeper.filters.value_entropy_base32_check module

credsweeper.filters.value_entropy_base36_check module

credsweeper.filters.value_entropy_base64_check module

credsweeper.filters.value_file_path_check module

credsweeper.filters.value_first_word_check module

credsweeper.filters.value_github_check module

credsweeper.filters.value_grafana_check module

credsweeper.filters.value_grafana_service_check module

credsweeper.filters.value_hex_number_check module

credsweeper.filters.value_jfrog_token_check module

credsweeper.filters.value_json_web_token_check module

credsweeper.filters.value_last_word_check module

credsweeper.filters.value_method_check module

credsweeper.filters.value_not_allowed_pattern_check module

credsweeper.filters.value_not_part_encoded_check module

credsweeper.filters.value_number_check module

credsweeper.filters.value_pattern_check module

credsweeper.filters.value_similarity_check module

credsweeper.filters.value_split_keyword_check module

credsweeper.filters.value_string_type_check module

credsweeper.filters.value_token_base32_check module

credsweeper.filters.value_token_base36_check module

credsweeper.filters.value_token_base64_check module

credsweeper.filters.value_token_check module

Module contents