Adding more regex to find sensitive data

Question

narayan8291 opened this issue 6 years ago · comments

Consider adding these regular expressions which are not part of the list,

.([a-zA-Z0-9]-[a-zA-Z0-9]){3,10}. => To find salts, nonce used in code.
([-]+(BEGIN\sRSA\sPRIVATE\sKEY)[-]+[A-Za-z\s0-9+/.=]{400}) => RSA Private keys
(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]) => AWS Secret Keys
[0-9a-f]{32} => FB Secret Keys
((xoxp)-[0-9]+-[A-Za-z0-9]+) => Slack Tokens

This list can also be extended to Twitter Keys, Tumblr keys.

Vincent Cox · Answer 1 · Tue Jun 26 2018 15:21:38 GMT+0800 (China Standard Time)

Thanks for the regex's, I will try to add them as soon as possible. I need to perform some tests on them first.

Vincent Cox · Answer 2 · Tue Jun 26 2018 16:23:58 GMT+0800 (China Standard Time)

About the salts, I think they can be longer than 10 characters?
Regex seems to work: https://regex101.com/r/xXPGNa/2
Reges seems to work: https://regex101.com/r/CD4fbR/1 (ToDo: Test on APK's before deploying because it can trigger false positives)*
(ToDo: Test on APK's before deploying because it can trigger false positives)*
(ToDo: Test on APK's before deploying because it can trigger false positives)*

*: I will do this asap