RegHex is a collection of regexes for every use.
I have also made every regex ready to use with gf, so that you can copy them into your ~/.gf
directory.
If you don't like the grep flags I use, you can simply replace the flags with change_flags.sh
.
Therefore, go in your .gf
directory with the .json
files. Now simply run: bash /path/to/change_flags.sh -MyFlags
.
- Artifactory API Token
- Artifactory Password
- Authorization Basic
- Authorization Bearer
- AWS Client ID
- AWS MWS Key
- AWS Secret Key
- Base32
- Base64
- Basic Auth Credentials
- Cloudinary Basic Auth
- Facebook Access Token
- Facebook Client ID
- Facebook Oauth
- Facebook Secret Key
- Github
- Google API Key
- Google Cloud Platform API Key
- Google Drive API Key
- Goole Drive Oauth
- Google Gmail API Key
- Google Gmail Oauth
- Google OAuth Access Token
- Google Youtube API Key
- Google Youtube Oauth
- Heroku API Key
- IPv4
- IPv6
- Javascript Variables
- LinkedIn Client ID
- LinkedIn Secret Key
- Mailchamp API Key
- Mailgun API Key
- MailTo:
- MD5 Hash
- Picatic API Key
- Slack Token
- Slack Webhook
- Square Access Token
- Square Oauth Secret
- Stripe API Key
- Twilio API Key
- Twitter Client ID
- Twitter Oauth
- Twitter Secret Key
- URL Parameter
- URLs
- Vault Token
- Credits
(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}
(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}
basic [a-zA-Z0-9_\\-:\\.=]+
bearer [a-zA-Z0-9_\\-\\.=]+
(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]
(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?
(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[a-zA-Z0-9+/]+={0,2}
(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z]+
cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+
EAACEdEose0cBA[0-9A-Za-z]+
(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}
[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]
(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}
(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}
AIza[0-9A-Za-z\\-_]{35}
(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]
AIza[0-9A-Za-z\\-_]{35}
[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com
AIza[0-9A-Za-z\\-_]{35}
[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com
ya29\\.[0-9A-Za-z\\-_]+
AIza[0-9A-Za-z\\-_]{35}
[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\\.com
[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}
\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\b
(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))
(?:const|let|var)\s+\K(\w+?)(?=[;.=\s])
(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]
(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]
[0-9a-f]{32}-us[0-9]{1,2}
key-[0-9a-zA-Z]{32}
(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9.-]+
[a-f0-9]{32}
sk_live_[0-9a-z]{32}
xox[baprs]-([0-9a-zA-Z]{10,48})?
https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}
(?:r|s)k_live_[0-9a-zA-Z]{24}
sqOatp-[0-9A-Za-z\\-_]{22}
sq0csp-[ 0-9A-Za-z\\-_]{43}
SK[0-9a-fA-F]{32}
(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}
[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]
(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}
[sb]\.[a-zA-Z0-9]{24}
(?<=\?|\&)[a-zA-Z0-9_]+(?=\=)
With HTTP Protocol:
https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)
Without Protocol:
[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)
- TomNomNom and his repo gf
- gitleaks
- truffleHog
- https://stackoverflow.com/questions/53497/regular-expression-that-matches-valid-ipv6-addresses
- https://stackoverflow.com/questions/3809401/what-is-a-good-regular-expression-to-match-a-url
- https://stackoverflow.com/questions/44654809/regex-to-match-ip-addresses