Adding more regex to find sensitive data
narayan8291 opened this issue · comments
Narayan Gowraj commented
Consider adding these regular expressions which are not part of the list,
- .([a-zA-Z0-9]-[a-zA-Z0-9]){3,10}. => To find salts, nonce used in code.
- ([-]+(BEGIN\sRSA\sPRIVATE\sKEY)[-]+[A-Za-z\s0-9+/.=]{400}) => RSA Private keys
- (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]) => AWS Secret Keys
- [0-9a-f]{32} => FB Secret Keys
- ((xoxp)-[0-9]+-[A-Za-z0-9]+) => Slack Tokens
This list can also be extended to Twitter Keys, Tumblr keys.
Vincent Cox commented
Thanks for the regex's, I will try to add them as soon as possible. I need to perform some tests on them first.
Vincent Cox commented
- About the salts, I think they can be longer than 10 characters?
- Regex seems to work: https://regex101.com/r/xXPGNa/2
- Reges seems to work: https://regex101.com/r/CD4fbR/1 (ToDo: Test on APK's before deploying because it can trigger false positives)*
- (ToDo: Test on APK's before deploying because it can trigger false positives)*
- (ToDo: Test on APK's before deploying because it can trigger false positives)*
*: I will do this asap