-
-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathnoseyparker.txt
96 lines (96 loc) · 6.13 KB
/
noseyparker.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)
\bage1[0-9a-z]{58}\b
\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b
(?i)artifactory.{0,50}\b([a-z0-9]{73})\b
\b((?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})\b
(?i)\baws_?(?:secret)?_?(?:access)?_?(?:key)?["'']?\s{0,30}(?::|=>|=)\s{0,30}["'']?([a-z0-9/+=]{40})\b
(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})
(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]
(?i)amzn\.mws\.([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
(?i)(?:AccountName|SharedAccessKeyName|SharedSecretIssuer)\s*=\s*([^;]{1,80})\s*;\s*.{0,10}\s*(?:AccountKey|SharedAccessKey|SharedSecretValue)\s*=\s*([^;]{1,100})(?:;|$)
(https://[a-zA-Z0-9-]+\.azconfig\.io);Id=(.{4}-.{2}-.{2}:[a-zA-Z0-9+/]{18,22});Secret=([a-zA-Z0-9+/]{36,50}=)
(?i)codeclima.{0,50}\b([a-f0-9]{64})\b
\bcio[a-zA-Z0-9]{32}\b
(?i)\b(doo_v1_[a-f0-9]{64})\b
(?i)\b(dop_v1_[a-f0-9]{64})\b
(?i)\b(dor_v1_[a-f0-9]{64})\b
\b(dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})\b
(?i)\b(?:facebook|fb).?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{32})\b
\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b
(?i)figma.{0,20}\b([0-9a-f]{4}-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b
(?i)secret.{0,20}\b([0-9a-z]{32,64})\b
(?i)(?:api_key|apikey|access_key|accesskey).{0,3}[ \t]*(?::|=|:=|=>|,|'|")[ \t]*.{0,3}\b([0-9a-z][0-9a-z\-._/+]{30,62}[0-9a-z])\b
(?:username|USERNAME|user|USER)[ \t]*=[ \t]*["']([a-zA-Z0-9.@_\-+]{3,30})["']\s*[,;]?\s*(?:\s*(?:\#|//)[^\n\r]*[\n\r])*(?:password|pass|PASSWORD|PASS)[ \t]*=[ \t]*["']([^"']{5,30})["']
(?:username|USERNAME|user|USER)[ \t]*=[ \t]*([a-zA-Z0-9.@_\-+]{3,30})\s*;?\s*(?:\s*(?:\#|//)[^\n\r]*[\n\r])*(?:password|pass|PASSWORD|PASS)[ \t]*=[ \t]*(\S{5,30})(?:\s|$)
\b(ghp_[a-zA-Z0-9]{36})\b
\b(gho_[a-zA-Z0-9]{36})\b
\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b
\b(ghr_[a-zA-Z0-9]{76})\b
(?i)(?:github).?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{20})\b
(?i)github.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{40})\b
\b(github_pat_[0-9a-zA-Z_]{82})\b
\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)
\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)
\b(glptt-[0-9a-f]{40})\b
(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com
\b(GOCSPX-[a-zA-Z0-9_-]{28})(?:[^a-zA-Z0-9_-]|$)
(?i)client.?secret.{0,10}\b([a-z0-9_-]{24})(?:[^a-z0-9_-]|$)
\b(ya29\.[0-9A-Za-z_-]{20,1024})(?:[^0-9A-Za-z_-]|$)
\b(AIza[0-9A-Za-z_-]{35})\b
(?i)credentials\s*\{(?:\s*//.*)*\s*(?:username|password)\s+['"]([^'"]{1,60})['"](?:\s*//.*)*\s*(?:username|password)\s+['"]([^'"]{1,60})['"]
\b(eyJrIjoi[A-Za-z0-9]{60,100})\b
\b(glc_eyJrIjoi[A-Za-z0-9]{60,100})\b
\b(glsa_[a-zA-Z0-9]{32}_[a-fA-F0-9]{8})\b
(\$1\$[./A-Za-z0-9]{8}\$[./A-Za-z0-9]{22})
(\$2[abxy]\$\d+\$[./A-Za-z0-9]{53})
(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b
(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b
\b(ey[a-zA-Z0-9_-]+\.ey[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+)(?:[^a-zA-Z0-9_-]|$)
(?i)linkedin.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{12,14})\b
(?i)linkedin.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{16})\b
(?i)(?:mailchimp|mc).{0,20}\b([a-f0-9]{32}-us[0-9]{1,3})\b
(?i)(?:mailgun|mg).{0,20}key-([a-z0-9]{32})\b
(?i)(?s)mapbox.{0,30}(pk\.[a-z0-9\-+/=]{32,128}\.[a-z0-9\-+/=]{20,30})(?:[^a-z0-9\-+/=]|$)
(?i)(?s)mapbox.{0,30}([st]k\.[a-z0-9\-+/=]{32,128}\.[a-z0-9\-+/=]{20,30})(?:[^a-z0-9\-+/=]|$)
(?i)outlook\.office\.com/webhook/([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}@[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/IncomingWebhook/([a-f0-9]{32})/([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})
(?:(machine\s+[^\s]+)|default)\s+login\s+([^\s]+)\s+password\s+([^\s]+)
(?i)\b([a-z0-9]{6}[a-f0-9]{30}nral)\b
(?i)associated with your New Relic account\.\s+license_key:\s*([a-f0-9]{40})\b
(?i)\b(nrak-[a-z0-9]{27})\b
(?i)\b(nraa-[a-f0-9]{27})\b
(?i)\b(nrii-[a-z0-9_-]{32})(?:[^a-z0-9_-]|$)
(?i)\b(nriq-[a-z0-9_-]{32})(?:[^a-z0-9_-]|$)
(?i)\b(nrra-[a-f0-9]{42})\b
(?i)\b(px-api-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})\b
(?i)\b(px-dep-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})\b
\b(npm_[A-Za-z0-9]{36})\b
\b(oy2[a-z0-9]{43})\b
(?i)(?:User|User Id|UserId|Uid)\s*=\s*([^\s;]{3,100})\s*;[ \t]*.{0,10}[ \t]*(?:Password|Pwd)\s*=\s*([^\s;]{3,100})\s*(?:[;"']|$)
(?i)(?s)(?:okta|ssws).{0,40}\b(00[a-z0-9_-]{39})[a-z0-9_]\b
\b(sk-[a-zA-Z0-9]{48})\b
-----BEGIN .{0,20} ?PRIVATE KEY ?.{0,20}-----\s*((?:[a-zA-Z0-9+/=\s"',]|\r|\n){50,})\s*-----END .{0,20} ?PRIVATE KEY ?.{0,20}-----
\b(PMAK-[a-zA-Z0-9]{24}-[a-zA-Z0-9]{34})\b
(?i)psexec.{0,100}-u\s*(\S+)\s+-p\s*(\S+)
\b(pypi-AgEIcHlwaS5vcmc[a-zA-Z0-9_-]{50,})(?:[^a-zA-Z0-9_-]|$)
(?i)\b(rubygems_[a-f0-9]{48})\b
(?i)sauce.{0,50}\b([a-f0-9-]{36})\b
\b(sgp_[a-zA-Z0-9]{64})\b
\b(SG\.[0-9A-Za-z_-]{22}\.[0-9A-Za-z_-]{43})\b
\b((?:[a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.myshopify\.com)\b
\b(shpss_[a-fA-F0-9]{32})\b
\b(shpat_[a-fA-F0-9]{32})\b
\b(shpca_[a-fA-F0-9]{32})\b
\b(shppa_[a-fA-F0-9]{32})\b
\b(xox[baprs]-[a-zA-Z0-9]{10,48})\b
\b(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})\b
(?i)https://hooks.slack.com/services/(T[a-z0-9_]{8}/B[a-z0-9_]{8,12}/[a-z0-9_]{24})
(?i)sonar.{0,5}login.{0,5}\s*\b([a-f0-9]{40})\b
(?i)\b(sq0atp-[a-z0-9_-]{22})\b
(?i)\b(sq0csp-[a-z0-9_-]{43})\b
\b(hawk\.[0-9A-Za-z_-]{20}\.[0-9A-Za-z_-]{20})\b
(?i)\b((?:sk|rk)_live_[a-z0-9]{24})\b
(?i)\b((?:sk|rk)_test_[a-z0-9]{24})\b
\b(\d+:AA[a-zA-Z0-9_-]{32,33})(?:[^a-zA-Z0-9_-]|$)
(?i)twilio.{0,20}\b(sk[a-f0-9]{32})\b
(?i)\btwitter.?(?:api|app|application|client|consumer|customer)?.?(?:id|identifier|key).{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{18,25})\b
(?i)twitter.?(?:api|app|application|client|consumer|customer|secret|key).?(?:key|oauth|sec|secret)?.{0,2}\s{0,20}.{0,2}\s{0,20}.{0,2}\b([a-z0-9]{35,44})\b