heckyel/gitleaks-pre-commit-hook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gitleaks-pre-commit-hook/rules/gitleaks.toml
Astound e660b4676d
initial commit
2025-06-25 23:45:15 -05:00

3138 lines
92 KiB
TOML
Raw Permalink Blame History

# This file has been auto-generated. Do not edit manually.
# If you would like to contribute new rules, please use
# cmd/generate/config/main.go and follow the contributing guidelines
# at https://github.com/gitleaks/gitleaks/blob/master/CONTRIBUTING.md
#
# How the hell does secret scanning work? Read this:
# https://lookingatcomputer.substack.com/p/regex-is-almost-all-you-need
#
# This is the default gitleaks configuration file.
# Rules and allowlists are defined within this file.
# Rules instruct gitleaks on what should be considered a secret.
# Allowlists instruct gitleaks on what is allowed, i.e. not a secret.
title = "gitleaks config"
# TODO: change to [[allowlists]]
[allowlist]
description = "global allow lists"
paths = [
'''gitleaks\.toml''',
'''gitleaks-rules\.yml''',
'''GitleaksTerraform\.toml''',
'''GitleaksUdmCombo\.toml''',
'''UDMSecretChecksv8\.toml''',
'''(?i)\.(?:bmp|gif|jpe?g|png|svg|tiff?)$''',
'''(?i)\.(?:eot|[ot]tf|woff2?)$''',
'''(?i)\.(?:docx?|xlsx?|pdf|bin|socket|vsidx|v2|suo|wsuo|.dll|pdb|exe|gltf|zip)$''',
'''go\.(?:mod|sum|work(?:\.sum)?)$''',
'''(?:^|/)vendor/modules\.txt$''',
'''(?:^|/)vendor/(?:github\.com|golang\.org/x|google\.golang\.org|gopkg\.in|istio\.io|k8s\.io|sigs\.k8s\.io)(?:/.*)?$''',
'''(?:^|/)gradlew(?:\.bat)?$''',
'''(?:^|/)gradle\.lockfile$''',
'''(?:^|/)mvnw(?:\.cmd)?$''',
'''(?:^|/)\.mvn/wrapper/MavenWrapperDownloader\.java$''',
'''(?:^|/)node_modules(?:/.*)?$''',
'''(?:^|/)(?:deno\.lock|npm-shrinkwrap\.json|package-lock\.json|pnpm-lock\.yaml|yarn\.lock)$''',
'''(?:^|/)bower_components(?:/.*)?$''',
'''(?:^|/)(?:angular|bootstrap|jquery(?:-?ui)?|plotly|swagger-?ui)[a-zA-Z0-9.-]*(?:\.min)?\.js(?:\.map)?$''',
'''(?:^|/)javascript\.json$''',
'''(?:^|/)(?:Pipfile|poetry)\.lock$''',
'''(?i)(?:^|/)(?:v?env|virtualenv)/lib(?:64)?(?:/.*)?$''',
'''(?i)(?:^|/)(?:lib(?:64)?/python[23](?:\.\d{1,2})+|python/[23](?:\.\d{1,2})+/lib(?:64)?)(?:/.*)?$''',
'''(?i)(?:^|/)[a-z0-9_.]+-[0-9.]+\.dist-info(?:/.+)?$''',
'''(?:^|/)vendor/(?:bundle|ruby)(?:/.*?)?$''',
'''\.gem$''',
'''verification-metadata\.xml''',
'''Database.refactorlog''',
'''(?:^|/)\.git$''',
]
regexes = [
'''(?i)^true|false|null$''',
'''^(?i:a+|b+|c+|d+|e+|f+|g+|h+|i+|j+|k+|l+|m+|n+|o+|p+|q+|r+|s+|t+|u+|v+|w+|x+|y+|z+|\*+|\.+)$''',
'''^\$(?:\d+|{\d+})$''',
'''^\$(?:[A-Z_]+|[a-z_]+)$''',
'''^\${(?:[A-Z_]+|[a-z_]+)}$''',
'''^\{\{[ \t]*[\w ().|]+[ \t]*}}$''',
'''^\$\{\{[ \t]*(?:(?:env|github|secrets|vars)(?:\.[A-Za-z]\w+)+[\w "'&./=|]*)[ \t]*}}$''',
'''^%(?:[A-Z_]+|[a-z_]+)%$''',
'''^%[+\-# 0]?[bcdeEfFgGoOpqstTUvxX]$''',
'''^\{\d{0,2}}$''',
'''^@(?:[A-Z_]+|[a-z_]+)@$''',
'''^/Users/(?i)[a-z0-9]+/[\w .-/]+$''',
'''^/(?:bin|etc|home|opt|tmp|usr|var)/[\w ./-]+$''',
]
stopwords = [
"abcdefghijklmnopqrstuvwxyz",
"014df517-39d1-4453-b7b3-9930c563627c",
]
[[rules]]
id = "1password-secret-key"
description = "Uncovered a possible 1Password secret key, potentially compromising access to secrets in vaults."
regex = '''\bA3-[A-Z0-9]{6}-(?:(?:[A-Z0-9]{11})|(?:[A-Z0-9]{6}-[A-Z0-9]{5}))-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}\b'''
entropy = 3.8
keywords = ["a3-"]
[[rules]]
id = "1password-service-account-token"
description = "Uncovered a possible 1Password service account token, potentially compromising access to secrets in vaults."
regex = '''ops_eyJ[a-zA-Z0-9+/]{250,}={0,3}'''
entropy = 4
keywords = ["ops_"]
[[rules]]
id = "adafruit-api-key"
description = "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["adafruit"]
[[rules]]
id = "adobe-client-id"
description = "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:adobe)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["adobe"]
[[rules]]
id = "adobe-client-secret"
description = "Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation."
regex = '''\b(p8e-(?i)[a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["p8e-"]
[[rules]]
id = "age-secret-key"
description = "Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information."
regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
keywords = ["age-secret-key-1"]
[[rules]]
id = "airtable-api-key"
description = "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration."
regex = '''(?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{17})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["airtable"]
[[rules]]
id = "algolia-api-key"
description = "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms."
regex = '''(?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["algolia"]
[[rules]]
id = "alibaba-access-key-id"
description = "Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise."
regex = '''\b(LTAI(?i)[a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["ltai"]
[[rules]]
id = "alibaba-secret-key"
description = "Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud."
regex = '''(?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{30})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["alibaba"]
[[rules]]
id = "asana-client-id"
description = "Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information."
regex = '''(?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["asana"]
[[rules]]
id = "asana-client-secret"
description = "Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access."
regex = '''(?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["asana"]
[[rules]]
id = "atlassian-api-token"
description = "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality."
regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-zA-Z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3.5
keywords = [
"atlassian",
"confluence",
"jira",
"atatt3",
]
[[rules]]
id = "authress-service-client-access-key"
description = "Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data."
regex = '''\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.(?-i:acc)[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = [
"sc_",
"ext_",
"scauth_",
"authress_",
]
[[rules]]
id = "aws-access-token"
description = "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms."
regex = '''\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z2-7]{16})\b'''
entropy = 3
keywords = [
"a3t",
"akia",
"asia",
"abia",
"acca",
]
[[rules.allowlists]]
regexes = [
'''.+EXAMPLE$''',
]
[[rules]]
id = "azure-ad-client-secret"
description = "Azure AD Client Secret"
regex = '''(?:^|[\\'"\x60\s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"\x60\s<),])'''
entropy = 3
keywords = ["q~"]
[[rules]]
id = "beamer-api-token"
description = "Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates."
regex = '''(?i)[\w.-]{0,50}?(?:beamer)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(b_[a-z0-9=_\-]{44})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["beamer"]
[[rules]]
id = "bitbucket-client-id"
description = "Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure."
regex = '''(?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["bitbucket"]
[[rules]]
id = "bitbucket-client-secret"
description = "Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access."
regex = '''(?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["bitbucket"]
[[rules]]
id = "bittrex-access-key"
description = "Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss."
regex = '''(?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["bittrex"]
[[rules]]
id = "bittrex-secret-key"
description = "Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security."
regex = '''(?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["bittrex"]
[[rules]]
id = "cisco-meraki-api-key"
description = "Cisco Meraki is a cloud-managed IT solution that provides networking, security, and device management through an easy-to-use interface."
regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Mm]eraki|MERAKI))(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["meraki"]
[[rules]]
id = "clickhouse-cloud-api-secret-key"
description = "Identified a pattern that may indicate clickhouse cloud API secret key, risking unauthorized clickhouse cloud api access and data breaches on ClickHouse Cloud platforms."
regex = '''\b(4b1d[A-Za-z0-9]{38})\b'''
entropy = 3
keywords = ["4b1d"]
[[rules]]
id = "clojars-api-token"
description = "Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation."
regex = '''(?i)CLOJARS_[a-z0-9]{60}'''
entropy = 2
keywords = ["clojars_"]
[[rules]]
id = "cloudflare-api-key"
description = "Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security."
regex = '''(?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["cloudflare"]
[[rules]]
id = "cloudflare-global-api-key"
description = "Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security."
regex = '''(?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{37})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["cloudflare"]
[[rules]]
id = "cloudflare-origin-ca-key"
description = "Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security."
regex = '''\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = [
"cloudflare",
"v1.0-",
]
[[rules]]
id = "codecov-access-token"
description = "Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data."
regex = '''(?i)[\w.-]{0,50}?(?:codecov)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["codecov"]
[[rules]]
id = "cohere-api-token"
description = "Identified a Cohere Token, posing a risk of unauthorized access to AI services and data manipulation."
regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-zA-Z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = [
"cohere",
"co_api_key",
]
[[rules]]
id = "coinbase-access-token"
description = "Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions."
regex = '''(?i)[\w.-]{0,50}?(?:coinbase)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["coinbase"]
[[rules]]
id = "confluent-access-token"
description = "Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow."
regex = '''(?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["confluent"]
[[rules]]
id = "confluent-secret-key"
description = "Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services."
regex = '''(?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["confluent"]
[[rules]]
id = "contentful-delivery-api-token"
description = "Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity."
regex = '''(?i)[\w.-]{0,50}?(?:contentful)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{43})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["contentful"]
[[rules]]
id = "curl-auth-header"
description = "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."
regex = '''\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z)'''
entropy = 2.75
keywords = ["curl"]
[[rules]]
id = "curl-auth-user"
description = "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource."
regex = '''\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})("(:[^"]{3,}|[^:"]{3,}:|[^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z)'''
entropy = 2
keywords = ["curl"]
[[rules.allowlists]]
regexes = [
'''[^:]+:(?:change(?:it|me)|pass(?:word)?|pwd|test|token|\*+|x+)''',
'''['"]?<[^>]+>['"]?:['"]?<[^>]+>|<[^:]+:[^>]+>['"]?''',
'''[^:]+:\[[^]]+]''',
'''['"]?[^:]+['"]?:['"]?\$(?:\d|\w+|\{(?:\d|\w+)})['"]?''',
'''\$\([^)]+\):\$\([^)]+\)''',
'''['"]?\$?{{[^}]+}}['"]?:['"]?\$?{{[^}]+}}['"]?''',
'''['"]?[^:]+['"]?:['"]?\$\([^)]+\)['"]?''',
'''['"]?\$\([^)]+\):['"]?[^:]+['"]?''',
]
[[rules]]
id = "databricks-api-token"
description = "Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing."
regex = '''\b(dapi[a-f0-9]{32}(?:-\d)?)(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["dapi"]
[[rules]]
id = "datadog-access-token"
description = "Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation."
regex = '''(?i)[\w.-]{0,50}?(?:datadog)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["datadog"]
[[rules]]
id = "defined-networking-api-token"
description = "Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:dnkey)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["dnkey"]
[[rules]]
id = "digitalocean-access-token"
description = "Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise."
regex = '''\b(doo_v1_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["doo_v1_"]
[[rules]]
id = "digitalocean-pat"
description = "Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy."
regex = '''\b(dop_v1_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["dop_v1_"]
[[rules]]
id = "digitalocean-refresh-token"
description = "Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation."
regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["dor_v1_"]
[[rules]]
id = "discord-api-token"
description = "Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord."
regex = '''(?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["discord"]
[[rules]]
id = "discord-client-id"
description = "Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications."
regex = '''(?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{18})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["discord"]
[[rules]]
id = "discord-client-secret"
description = "Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks."
regex = '''(?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["discord"]
[[rules]]
id = "doppler-api-token"
description = "Discovered a Doppler API token, posing a risk to environment and secrets management security."
regex = '''dp\.pt\.(?i)[a-z0-9]{43}'''
entropy = 2
keywords = ["dp.pt."]
[[rules]]
id = "droneci-access-token"
description = "Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows."
regex = '''(?i)[\w.-]{0,50}?(?:droneci)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["droneci"]
[[rules]]
id = "dropbox-api-token"
description = "Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage."
regex = '''(?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{15})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["dropbox"]
[[rules]]
id = "dropbox-long-lived-api-token"
description = "Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data."
regex = '''(?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["dropbox"]
[[rules]]
id = "dropbox-short-lived-api-token"
description = "Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation."
regex = '''(?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(sl\.[a-z0-9\-=_]{135})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["dropbox"]
[[rules]]
id = "duffel-api-token"
description = "Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data."
regex = '''duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43}'''
entropy = 2
keywords = ["duffel_"]
[[rules]]
id = "dynatrace-api-token"
description = "Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure."
regex = '''dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}'''
entropy = 4
keywords = ["dt0c01."]
[[rules]]
id = "easypost-api-token"
description = "Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure."
regex = '''\bEZAK(?i)[a-z0-9]{54}\b'''
entropy = 2
keywords = ["ezak"]
[[rules]]
id = "easypost-test-api-token"
description = "Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data."
regex = '''\bEZTK(?i)[a-z0-9]{54}\b'''
entropy = 2
keywords = ["eztk"]
[[rules]]
id = "etsy-access-token"
description = "Found an Etsy Access Token, potentially compromising Etsy shop management and customer data."
regex = '''(?i)[\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["etsy"]
[[rules]]
id = "facebook-access-token"
description = "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
regex = '''(?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["facebook"]
[[rules]]
id = "facebook-page-access-token"
description = "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
regex = '''\b(EAA[MC](?i)[a-z0-9]{100,})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = [
"eaam",
"eaac",
]
[[rules]]
id = "facebook-secret"
description = "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:facebook)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["facebook"]
[[rules]]
id = "fastly-api-token"
description = "Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues."
regex = '''(?i)[\w.-]{0,50}?(?:fastly)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["fastly"]
[[rules]]
id = "finicity-api-token"
description = "Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations."
regex = '''(?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["finicity"]
[[rules]]
id = "finicity-client-secret"
description = "Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["finicity"]
[[rules]]
id = "finnhub-access-token"
description = "Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics."
regex = '''(?i)[\w.-]{0,50}?(?:finnhub)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["finnhub"]
[[rules]]
id = "flickr-access-token"
description = "Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage."
regex = '''(?i)[\w.-]{0,50}?(?:flickr)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["flickr"]
[[rules]]
id = "flutterwave-encryption-key"
description = "Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information."
regex = '''FLWSECK_TEST-(?i)[a-h0-9]{12}'''
entropy = 2
keywords = ["flwseck_test"]
[[rules]]
id = "flutterwave-public-key"
description = "Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations."
regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
entropy = 2
keywords = ["flwpubk_test"]
[[rules]]
id = "flutterwave-secret-key"
description = "Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches."
regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
entropy = 2
keywords = ["flwseck_test"]
[[rules]]
id = "flyio-access-token"
description = "Uncovered a Fly.io API key"
regex = '''\b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = [
"fo1_",
"fm1",
"fm2_",
]
[[rules]]
id = "frameio-api-token"
description = "Found a Frame.io API token, potentially compromising video collaboration and project management."
regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
keywords = ["fio-u-"]
[[rules]]
id = "freemius-secret-key"
description = "Detected a Freemius secret key, potentially exposing sensitive information."
regex = '''(?i)["']secret_key["']\s*=>\s*["'](sk_[\S]{29})["']'''
path = '''(?i)\.php$'''
keywords = ["secret_key"]
[[rules]]
id = "freshbooks-access-token"
description = "Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:freshbooks)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["freshbooks"]
[[rules]]
id = "gcp-api-key"
description = "Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches."
regex = '''\b(AIza[\w-]{35})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = ["aiza"]
[[rules.allowlists]]
regexes = [
'''AIzaSyabcdefghijklmnopqrstuvwxyz1234567''',
'''AIzaSyAnLA7NfeLquW1tJFpx_eQCxoX-oo6YyIs''',
'''AIzaSyCkEhVjf3pduRDt6d1yKOMitrUEke8agEM''',
'''AIzaSyDMAScliyLx7F0NPDEJi1QmyCgHIAODrlU''',
'''AIzaSyD3asb-2pEZVqMkmL6M9N6nHZRR_znhrh0''',
'''AIzayDNSXIbFmlXbIE6mCzDLQAqITYefhixbX4A''',
'''AIzaSyAdOS2zB6NCsk1pCdZ4-P6GBdi_UUPwX7c''',
'''AIzaSyASWm6HmTMdYWpgMnjRBjxcQ9CKctWmLd4''',
'''AIzaSyANUvH9H9BsUccjsu2pCmEkOPjjaXeDQgY''',
'''AIzaSyA5_iVawFQ8ABuTZNUdcwERLJv_a_p4wtM''',
'''AIzaSyA4UrcGxgwQFTfaI3no3t7Lt1sjmdnP5sQ''',
'''AIzaSyDSb51JiIcB6OJpwwMicseKRhhrOq1cS7g''',
'''AIzaSyBF2RrAIm4a0mO64EShQfqfd2AFnzAvvuU''',
'''AIzaSyBcE-OOIbhjyR83gm4r2MFCu4MJmprNXsw''',
'''AIzaSyB8qGxt4ec15vitgn44duC5ucxaOi4FmqE''',
'''AIzaSyA8vmApnrHNFE0bApF4hoZ11srVL_n0nvY''',
]
[[rules]]
id = "generic-api-key"
description = "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."
regex = '''(?i)[\w.-]{0,50}?(?:access|auth|(?-i:[Aa]pi[^Version]|API)|credential|creds|key|passw(?:or)?d|secret_key|token)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([\w.=-]{10,150}|[a-z0-9][a-z0-9+/]{11,}={0,3})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3.5
keywords = [
"access",
"api",
"auth",
"key",
"credential",
"creds",
"passwd",
"password",
"secret_key",
"token",
]
[[rules.allowlists]]
regexes = [
'''^[a-zA-Z_.-]+$''',
]
[[rules.allowlists]]
description = "Allowlist for Generic API Keys"
regexTarget = "match"
regexes = [
'''(?i)(?:access(?:ibility|or)|access[_.-]?id|random[_.-]?access|api[_.-]?(?:id|name|version)|rapid|capital|[a-z0-9-]*?api[a-z0-9-]*?:jar:|author|X-MS-Exchange-Organization-Auth|Authentication-Results|(?:credentials?[_.-]?id|withCredentials)|(?:bucket|foreign|hot|idx|natural|primary|pub(?:lic)?|schema|sequence)[_.-]?key|(?:turkey)|key[_.-]?(?:alias|board|code|frame|id|length|mesh|name|pair|press(?:ed)?|ring|selector|signature|size|stone|storetype|word|up|down|left|right)|key[_.-]?vault[_.-]?(?:id|name)|keyVaultToStoreSecrets|key(?:store|tab)[_.-]?(?:file|path)|issuerkeyhash|(?-i:[DdMm]onkey|[DM]ONKEY)|keying|(?:secret)[_.-]?(?:length|name|size)|UserSecretsId|(?:csrf)[_.-]?token|(?:io\.jsonwebtoken[ \t]?:[ \t]?[\w-]+)|(?:api|credentials|token)[_.-]?(?:endpoint|ur[il])|public[_.-]?token|(?:key|token)[_.-]?file|(?-i:(?:[A-Z_]+=\n[A-Z_]+=|[a-z_]+=\n[a-z_]+=)(?:\n|\z))|(?-i:(?:[A-Z.]+=\n[A-Z.]+=|[a-z.]+=\n[a-z.]+=)(?:\n|\z)))''',
]
stopwords = [
"000000",
"6fe4476ee5a1832882e326b506d14126",
"_ec2_",
"aaaaaa",
"about",
"abstract",
"academy",
"acces",
"account",
"act-",
"act.",
"act_",
"action",
"active",
"actively",
"activity",
"adapter",
"add-",
"add-on",
"add.",
"add_",
"addon",
"addres",
"admin",
"adobe",
"advanced",
"adventure",
"agent",
"agile",
"air-",
"air.",
"air_",
"ajax",
"akka",
"alert",
"alfred",
"algorithm",
"all-",
"all.",
"all_",
"alloy",
"alpha",
"amazon",
"amqp",
"analysi",
"analytic",
"analyzer",
"android",
"angular",
"angularj",
"animate",
"animation",
"another",
"ansible",
"answer",
"ant-",
"ant.",
"ant_",
"any-",
"any.",
"any_",
"apache",
"app-",
"app.",
"app_",
"apple",
"arch",
"archive",
"archived",
"arduino",
"array",
"art-",
"art.",
"art_",
"article",
"asp-",
"asp.",
"asp_",
"asset",
"async",
"atom",
"attention",
"audio",
"audit",
"aura",
"auth",
"author",
"authorize",
"auto",
"automated",
"automatic",
"awesome",
"aws_",
"azure",
"back",
"backbone",
"backend",
"backup",
"bar-",
"bar.",
"bar_",
"base",
"based",
"bash",
"basic",
"batch",
"been",
"beer",
"behavior",
"being",
"benchmark",
"best",
"beta",
"better",
"big-",
"big.",
"big_",
"binary",
"binding",
"bit-",
"bit.",
"bit_",
"bitcoin",
"block",
"blog",
"board",
"book",
"bookmark",
"boost",
"boot",
"bootstrap",
"bosh",
"bot-",
"bot.",
"bot_",
"bower",
"box-",
"box.",
"box_",
"boxen",
"bracket",
"branch",
"bridge",
"browser",
"brunch",
"buffer",
"bug-",
"bug.",
"bug_",
"build",
"builder",
"building",
"buildout",
"buildpack",
"built",
"bundle",
"busines",
"but-",
"but.",
"but_",
"button",
"cache",
"caching",
"cakephp",
"calendar",
"call",
"camera",
"campfire",
"can-",
"can.",
"can_",
"canva",
"captcha",
"capture",
"card",
"carousel",
"case",
"cassandra",
"cat-",
"cat.",
"cat_",
"category",
"center",
"cento",
"challenge",
"change",
"changelog",
"channel",
"chart",
"chat",
"cheat",
"check",
"checker",
"chef",
"ches",
"chinese",
"chosen",
"chrome",
"ckeditor",
"clas",
"classe",
"classic",
"clean",
"cli-",
"cli.",
"cli_",
"client",
"clojure",
"clone",
"closure",
"cloud",
"club",
"cluster",
"cms-",
"cms_",
"coco",
"code",
"coding",
"coffee",
"color",
"combination",
"combo",
"command",
"commander",
"comment",
"commit",
"common",
"community",
"compas",
"compiler",
"complete",
"component",
"composer",
"computer",
"computing",
"con-",
"con.",
"con_",
"concept",
"conf",
"config",
"connect",
"connector",
"console",
"contact",
"container",
"contao",
"content",
"contest",
"context",
"control",
"convert",
"converter",
"conway'",
"cookbook",
"cookie",
"cool",
"copy",
"cordova",
"core",
"couchbase",
"couchdb",
"countdown",
"counter",
"course",
"craft",
"crawler",
"create",
"creating",
"creator",
"credential",
"crm-",
"crm.",
"crm_",
"cros",
"crud",
"csv-",
"csv.",
"csv_",
"cube",
"cucumber",
"cuda",
"current",
"currently",
"custom",
"daemon",
"dark",
"dart",
"dash",
"dashboard",
"data",
"database",
"date",
"day-",
"day.",
"day_",
"dead",
"debian",
"debug",
"debugger",
"deck",
"define",
"del-",
"del.",
"del_",
"delete",
"demo",
"deploy",
"design",
"designer",
"desktop",
"detection",
"detector",
"dev-",
"dev.",
"dev_",
"develop",
"developer",
"device",
"devise",
"diff",
"digital",
"directive",
"directory",
"discovery",
"display",
"django",
"dns-",
"dns_",
"doc-",
"doc.",
"doc_",
"docker",
"docpad",
"doctrine",
"document",
"doe-",
"doe.",
"doe_",
"dojo",
"dom-",
"dom.",
"dom_",
"domain",
"don't",
"done",
"dot-",
"dot.",
"dot_",
"dotfile",
"download",
"draft",
"drag",
"drill",
"drive",
"driven",
"driver",
"drop",
"dropbox",
"drupal",
"dsl-",
"dsl.",
"dsl_",
"dynamic",
"easy",
"ecdsa",
"eclipse",
"edit",
"editing",
"edition",
"editor",
"element",
"emac",
"email",
"embed",
"embedded",
"ember",
"emitter",
"emulator",
"encoding",
"endpoint",
"engine",
"english",
"enhanced",
"entity",
"entry",
"env_",
"episode",
"erlang",
"error",
"espresso",
"event",
"evented",
"example",
"exchange",
"exercise",
"experiment",
"expire",
"exploit",
"explorer",
"export",
"exporter",
"expres",
"ext-",
"ext.",
"ext_",
"extended",
"extension",
"external",
"extra",
"extractor",
"fabric",
"facebook",
"factory",
"fake",
"fast",
"feature",
"feed",
"fewfwef",
"ffmpeg",
"field",
"file",
"filter",
"find",
"finder",
"firefox",
"firmware",
"first",
"fish",
"fix-",
"fix_",
"flash",
"flask",
"flat",
"flex",
"flexible",
"flickr",
"flow",
"fluent",
"fluentd",
"fluid",
"folder",
"font",
"force",
"foreman",
"fork",
"form",
"format",
"formatter",
"forum",
"foundry",
"framework",
"free",
"friend",
"friendly",
"front-end",
"frontend",
"ftp-",
"ftp.",
"ftp_",
"fuel",
"full",
"fun-",
"fun.",
"fun_",
"func",
"future",
"gaia",
"gallery",
"game",
"gateway",
"gem-",
"gem.",
"gem_",
"gen-",
"gen.",
"gen_",
"general",
"generator",
"generic",
"genetic",
"get-",
"get.",
"get_",
"getenv",
"getting",
"ghost",
"gist",
"git-",
"git.",
"git_",
"github",
"gitignore",
"gitlab",
"glas",
"gmail",
"gnome",
"gnu-",
"gnu.",
"gnu_",
"goal",
"golang",
"gollum",
"good",
"google",
"gpu-",
"gpu.",
"gpu_",
"gradle",
"grail",
"graph",
"graphic",
"great",
"grid",
"groovy",
"group",
"grunt",
"guard",
"gui-",
"gui.",
"gui_",
"guide",
"guideline",
"gulp",
"gwt-",
"gwt.",
"gwt_",
"hack",
"hackathon",
"hacker",
"hacking",
"hadoop",
"haml",
"handler",
"hardware",
"has-",
"has_",
"hash",
"haskell",
"have",
"haxe",
"hello",
"help",
"helper",
"here",
"hero",
"heroku",
"high",
"hipchat",
"history",
"home",
"homebrew",
"homepage",
"hook",
"host",
"hosting",
"hot-",
"hot.",
"hot_",
"house",
"how-",
"how.",
"how_",
"html",
"http",
"hub-",
"hub.",
"hub_",
"hubot",
"human",
"icon",
"ide-",
"ide.",
"ide_",
"idea",
"identity",
"idiomatic",
"image",
"impact",
"import",
"important",
"importer",
"impres",
"index",
"infinite",
"info",
"injection",
"inline",
"input",
"inside",
"inspector",
"instagram",
"install",
"installer",
"instant",
"intellij",
"interface",
"internet",
"interview",
"into",
"intro",
"ionic",
"iphone",
"ipython",
"irc-",
"irc_",
"iso-",
"iso.",
"iso_",
"issue",
"jade",
"jasmine",
"java",
"jbos",
"jekyll",
"jenkin",
"jetbrains",
"job-",
"job.",
"job_",
"joomla",
"jpa-",
"jpa.",
"jpa_",
"jquery",
"json",
"just",
"kafka",
"karma",
"kata",
"kernel",
"keyboard",
"kindle",
"kit-",
"kit.",
"kit_",
"kitchen",
"knife",
"koan",
"kohana",
"lab-",
"lab.",
"lab_",
"lambda",
"lamp",
"language",
"laravel",
"last",
"latest",
"latex",
"launcher",
"layer",
"layout",
"lazy",
"ldap",
"leaflet",
"league",
"learn",
"learning",
"led-",
"led.",
"led_",
"leetcode",
"les-",
"les.",
"les_",
"level",
"leveldb",
"lib-",
"lib.",
"lib_",
"librarie",
"library",
"license",
"life",
"liferay",
"light",
"lightbox",
"like",
"line",
"link",
"linked",
"linkedin",
"linux",
"lisp",
"list",
"lite",
"little",
"load",
"loader",
"local",
"location",
"lock",
"log-",
"log.",
"log_",
"logger",
"logging",
"logic",
"login",
"logstash",
"longer",
"look",
"love",
"lua-",
"lua.",
"lua_",
"mac-",
"mac.",
"mac_",
"machine",
"made",
"magento",
"magic",
"mail",
"make",
"maker",
"making",
"man-",
"man.",
"man_",
"manage",
"manager",
"manifest",
"manual",
"map-",
"map.",
"map_",
"mapper",
"mapping",
"markdown",
"markup",
"master",
"math",
"matrix",
"maven",
"md5",
"mean",
"media",
"mediawiki",
"meetup",
"memcached",
"memory",
"menu",
"merchant",
"message",
"messaging",
"meta",
"metadata",
"meteor",
"method",
"metric",
"micro",
"middleman",
"migration",
"minecraft",
"miner",
"mini",
"minimal",
"mirror",
"mit-",
"mit.",
"mit_",
"mobile",
"mocha",
"mock",
"mod-",
"mod.",
"mod_",
"mode",
"model",
"modern",
"modular",
"module",
"modx",
"money",
"mongo",
"mongodb",
"mongoid",
"mongoose",
"monitor",
"monkey",
"more",
"motion",
"moved",
"movie",
"mozilla",
"mqtt",
"mule",
"multi",
"multiple",
"music",
"mustache",
"mvc-",
"mvc.",
"mvc_",
"mysql",
"nagio",
"name",
"native",
"need",
"neo-",
"neo.",
"neo_",
"nest",
"nested",
"net-",
"net.",
"net_",
"nette",
"network",
"new-",
"new.",
"new_",
"next",
"nginx",
"ninja",
"nlp-",
"nlp.",
"nlp_",
"node",
"nodej",
"nosql",
"not-",
"not.",
"not_",
"note",
"notebook",
"notepad",
"notice",
"notifier",
"now-",
"now.",
"now_",
"number",
"oauth",
"object",
"objective",
"obsolete",
"ocaml",
"octopres",
"official",
"old-",
"old.",
"old_",
"onboard",
"online",
"only",
"open",
"opencv",
"opengl",
"openshift",
"openwrt",
"option",
"oracle",
"org-",
"org.",
"org_",
"origin",
"original",
"orm-",
"orm.",
"orm_",
"osx-",
"osx_",
"our-",
"our.",
"our_",
"out-",
"out.",
"out_",
"output",
"over",
"overview",
"own-",
"own.",
"own_",
"pack",
"package",
"packet",
"page",
"panel",
"paper",
"paperclip",
"para",
"parallax",
"parallel",
"parse",
"parser",
"parsing",
"particle",
"party",
"password",
"patch",
"path",
"pattern",
"payment",
"paypal",
"pdf-",
"pdf.",
"pdf_",
"pebble",
"people",
"perl",
"personal",
"phalcon",
"phoenix",
"phone",
"phonegap",
"photo",
"php-",
"php.",
"php_",
"physic",
"picker",
"pipeline",
"platform",
"play",
"player",
"please",
"plu-",
"plu.",
"plu_",
"plug-in",
"plugin",
"plupload",
"png-",
"png.",
"png_",
"poker",
"polyfill",
"polymer",
"pool",
"pop-",
"pop.",
"pop_",
"popcorn",
"popup",
"port",
"portable",
"portal",
"portfolio",
"post",
"power",
"powered",
"powerful",
"prelude",
"pretty",
"preview",
"principle",
"print",
"pro-",
"pro.",
"pro_",
"problem",
"proc",
"product",
"profile",
"profiler",
"program",
"progres",
"project",
"protocol",
"prototype",
"provider",
"proxy",
"public",
"pull",
"puppet",
"pure",
"purpose",
"push",
"pusher",
"pyramid",
"python",
"quality",
"query",
"queue",
"quick",
"rabbitmq",
"rack",
"radio",
"rail",
"railscast",
"random",
"range",
"raspberry",
"rdf-",
"rdf.",
"rdf_",
"react",
"reactive",
"read",
"reader",
"readme",
"ready",
"real",
"real-time",
"reality",
"realtime",
"recipe",
"recorder",
"red-",
"red.",
"red_",
"reddit",
"redi",
"redmine",
"reference",
"refinery",
"refresh",
"registry",
"related",
"release",
"remote",
"rendering",
"repo",
"report",
"request",
"require",
"required",
"requirej",
"research",
"resource",
"response",
"resque",
"rest",
"restful",
"resume",
"reveal",
"reverse",
"review",
"riak",
"rich",
"right",
"ring",
"robot",
"role",
"room",
"router",
"routing",
"rpc-",
"rpc.",
"rpc_",
"rpg-",
"rpg.",
"rpg_",
"rspec",
"ruby-",
"ruby.",
"ruby_",
"rule",
"run-",
"run.",
"run_",
"runner",
"running",
"runtime",
"rust",
"rvm-",
"rvm.",
"rvm_",
"salt",
"sample",
"sandbox",
"sas-",
"sas.",
"sas_",
"sbt-",
"sbt.",
"sbt_",
"scala",
"scalable",
"scanner",
"schema",
"scheme",
"school",
"science",
"scraper",
"scratch",
"screen",
"script",
"scroll",
"scs-",
"scs.",
"scs_",
"sdk-",
"sdk.",
"sdk_",
"sdl-",
"sdl.",
"sdl_",
"search",
"secure",
"security",
"see-",
"see.",
"see_",
"seed",
"select",
"selector",
"selenium",
"semantic",
"sencha",
"send",
"sentiment",
"serie",
"server",
"service",
"session",
"set-",
"set.",
"set_",
"setting",
"setup",
"sha1",
"sha2",
"sha256",
"share",
"shared",
"sharing",
"sheet",
"shell",
"shield",
"shipping",
"shop",
"shopify",
"shortener",
"should",
"show",
"showcase",
"side",
"silex",
"simple",
"simulator",
"single",
"site",
"skeleton",
"sketch",
"skin",
"slack",
"slide",
"slider",
"slim",
"small",
"smart",
"smtp",
"snake",
"snapshot",
"snippet",
"soap",
"social",
"socket",
"software",
"solarized",
"solr",
"solution",
"solver",
"some",
"soon",
"source",
"space",
"spark",
"spatial",
"spec",
"sphinx",
"spine",
"spotify",
"spree",
"spring",
"sprite",
"sql-",
"sql.",
"sql_",
"sqlite",
"ssh-",
"ssh.",
"ssh_",
"stack",
"staging",
"standard",
"stanford",
"start",
"started",
"starter",
"startup",
"stat",
"statamic",
"state",
"static",
"statistic",
"statsd",
"statu",
"steam",
"step",
"still",
"stm-",
"stm.",
"stm_",
"storage",
"store",
"storm",
"story",
"strategy",
"stream",
"streaming",
"string",
"stripe",
"structure",
"studio",
"study",
"stuff",
"style",
"sublime",
"sugar",
"suite",
"summary",
"super",
"support",
"supported",
"svg-",
"svg.",
"svg_",
"svn-",
"svn.",
"svn_",
"swagger",
"swift",
"switch",
"switcher",
"symfony",
"symphony",
"sync",
"synopsi",
"syntax",
"system",
"tab-",
"tab.",
"tab_",
"table",
"tag-",
"tag.",
"tag_",
"talk",
"target",
"task",
"tcp-",
"tcp.",
"tcp_",
"tdd-",
"tdd.",
"tdd_",
"team",
"tech",
"template",
"term",
"terminal",
"testing",
"tetri",
"text",
"textmate",
"theme",
"theory",
"three",
"thrift",
"time",
"timeline",
"timer",
"tiny",
"tinymce",
"tip-",
"tip.",
"tip_",
"title",
"todo",
"todomvc",
"token",
"tool",
"toolbox",
"toolkit",
"top-",
"top.",
"top_",
"tornado",
"touch",
"tower",
"tracker",
"tracking",
"traffic",
"training",
"transfer",
"translate",
"transport",
"tree",
"trello",
"try-",
"try.",
"try_",
"tumblr",
"tut-",
"tut.",
"tut_",
"tutorial",
"tweet",
"twig",
"twitter",
"type",
"typo",
"ubuntu",
"uiview",
"ultimate",
"under",
"unit",
"unity",
"universal",
"unix",
"update",
"updated",
"upgrade",
"upload",
"uploader",
"uri-",
"uri.",
"uri_",
"url-",
"url.",
"url_",
"usage",
"usb-",
"usb.",
"usb_",
"use-",
"use.",
"use_",
"used",
"useful",
"user",
"using",
"util",
"utilitie",
"utility",
"vagrant",
"validator",
"value",
"variou",
"varnish",
"version",
"via-",
"via.",
"via_",
"video",
"view",
"viewer",
"vim-",
"vim.",
"vim_",
"vimrc",
"virtual",
"vision",
"visual",
"vpn",
"want",
"warning",
"watch",
"watcher",
"wave",
"way-",
"way.",
"way_",
"weather",
"web-",
"web_",
"webapp",
"webgl",
"webhook",
"webkit",
"webrtc",
"website",
"websocket",
"welcome",
"what",
"what'",
"when",
"where",
"which",
"why-",
"why.",
"why_",
"widget",
"wifi",
"wiki",
"win-",
"win.",
"win_",
"window",
"wip-",
"wip.",
"wip_",
"within",
"without",
"wizard",
"word",
"wordpres",
"work",
"worker",
"workflow",
"working",
"workshop",
"world",
"wrapper",
"write",
"writer",
"writing",
"written",
"www-",
"www.",
"www_",
"xamarin",
"xcode",
"xml-",
"xml.",
"xml_",
"xmpp",
"xxxxxx",
"yahoo",
"yaml",
"yandex",
"yeoman",
"yet-",
"yet.",
"yet_",
"yii-",
"yii.",
"yii_",
"youtube",
"yui-",
"yui.",
"yui_",
"zend",
"zero",
"zip-",
"zip.",
"zip_",
"zsh-",
"zsh.",
"zsh_",
]
[[rules.allowlists]]
regexTarget = "line"
regexes = [
'''--mount=type=secret,''',
'''import[ \t]+{[ \t\w,]+}[ \t]+from[ \t]+['"][^'"]+['"]''',
]
[[rules.allowlists]]
condition = "AND"
paths = [
'''\.bb$''','''\.bbappend$''','''\.bbclass$''','''\.inc$''',
]
regexTarget = "line"
regexes = [
'''LICENSE[^=]*=\s*"[^"]+''',
'''LIC_FILES_CHKSUM[^=]*=\s*"[^"]+''',
'''SRC[^=]*=\s*"[a-zA-Z0-9]+''',
]
[[rules]]
id = "github-app-token"
description = "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security."
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
entropy = 3
keywords = [
"ghu_",
"ghs_",
]
[[rules.allowlists]]
paths = [
'''(?:^|/)@octokit/auth-token/README\.md$''',
]
[[rules]]
id = "github-fine-grained-pat"
description = "Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation."
regex = '''github_pat_\w{82}'''
entropy = 3
keywords = ["github_pat_"]
[[rules]]
id = "github-oauth"
description = "Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks."
regex = '''gho_[0-9a-zA-Z]{36}'''
entropy = 3
keywords = ["gho_"]
[[rules]]
id = "github-pat"
description = "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."
regex = '''ghp_[0-9a-zA-Z]{36}'''
entropy = 3
keywords = ["ghp_"]
[[rules.allowlists]]
paths = [
'''(?:^|/)@octokit/auth-token/README\.md$''',
]
[[rules]]
id = "github-refresh-token"
description = "Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services."
regex = '''ghr_[0-9a-zA-Z]{36}'''
entropy = 3
keywords = ["ghr_"]
[[rules]]
id = "gitlab-cicd-job-token"
description = "Identified a GitLab CI/CD Job Token, potential access to projects and some APIs on behalf of a user while the CI job is running."
regex = '''glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}'''
entropy = 3
keywords = ["glcbt-"]
[[rules]]
id = "gitlab-deploy-token"
description = "Identified a GitLab Deploy Token, risking access to repositories, packages and containers with write access."
regex = '''gldt-[0-9a-zA-Z_\-]{20}'''
entropy = 3
keywords = ["gldt-"]
[[rules]]
id = "gitlab-feature-flag-client-token"
description = "Identified a GitLab feature flag client token, risks exposing user lists and features flags used by an application."
regex = '''glffct-[0-9a-zA-Z_\-]{20}'''
entropy = 3
keywords = ["glffct-"]
[[rules]]
id = "gitlab-feed-token"
description = "Identified a GitLab feed token, risking exposure of user data."
regex = '''glft-[0-9a-zA-Z_\-]{20}'''
entropy = 3
keywords = ["glft-"]
[[rules]]
id = "gitlab-incoming-mail-token"
description = "Identified a GitLab incoming mail token, risking manipulation of data sent by mail."
regex = '''glimt-[0-9a-zA-Z_\-]{25}'''
entropy = 3
keywords = ["glimt-"]
[[rules]]
id = "gitlab-kubernetes-agent-token"
description = "Identified a GitLab Kubernetes Agent token, risking access to repos and registry of projects connected via agent."
regex = '''glagent-[0-9a-zA-Z_\-]{50}'''
entropy = 3
keywords = ["glagent-"]
[[rules]]
id = "gitlab-oauth-app-secret"
description = "Identified a GitLab OIDC Application Secret, risking access to apps using GitLab as authentication provider."
regex = '''gloas-[0-9a-zA-Z_\-]{64}'''
entropy = 3
keywords = ["gloas-"]
[[rules]]
id = "gitlab-pat"
description = "Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure."
regex = '''glpat-[\w-]{20}'''
entropy = 3
keywords = ["glpat-"]
[[rules]]
id = "gitlab-pat-routable"
description = "Identified a GitLab Personal Access Token (routable), risking unauthorized access to GitLab repositories and codebase exposure."
regex = '''\bglpat-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b'''
entropy = 4
keywords = ["glpat-"]
[[rules]]
id = "gitlab-ptt"
description = "Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security."
regex = '''glptt-[0-9a-f]{40}'''
entropy = 3
keywords = ["glptt-"]
[[rules]]
id = "gitlab-rrt"
description = "Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access."
regex = '''GR1348941[\w-]{20}'''
entropy = 3
keywords = ["gr1348941"]
[[rules]]
id = "gitlab-runner-authentication-token"
description = "Discovered a GitLab Runner Authentication Token, posing a risk to CI/CD pipeline integrity and unauthorized access."
regex = '''glrt-[0-9a-zA-Z_\-]{20}'''
entropy = 3
keywords = ["glrt-"]
[[rules]]
id = "gitlab-runner-authentication-token-routable"
description = "Discovered a GitLab Runner Authentication Token (Routable), posing a risk to CI/CD pipeline integrity and unauthorized access."
regex = '''\bglrt-t\d_[0-9a-zA-Z_\-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b'''
entropy = 4
keywords = ["glrt-"]
[[rules]]
id = "gitlab-scim-token"
description = "Discovered a GitLab SCIM Token, posing a risk to unauthorized access for a organization or instance."
regex = '''glsoat-[0-9a-zA-Z_\-]{20}'''
entropy = 3
keywords = ["glsoat-"]
[[rules]]
id = "gitlab-session-cookie"
description = "Discovered a GitLab Session Cookie, posing a risk to unauthorized access to a user account."
regex = '''_gitlab_session=[0-9a-z]{32}'''
entropy = 3
keywords = ["_gitlab_session="]
[[rules]]
id = "gitter-access-token"
description = "Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services."
regex = '''(?i)[\w.-]{0,50}?(?:gitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["gitter"]
[[rules]]
id = "gocardless-api-token"
description = "Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:gocardless)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(live_(?i)[a-z0-9\-_=]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"live_",
"gocardless",
]
[[rules]]
id = "grafana-api-key"
description = "Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics."
regex = '''(?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["eyjrijoi"]
[[rules]]
id = "grafana-cloud-api-token"
description = "Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure."
regex = '''(?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["glc_"]
[[rules]]
id = "grafana-service-account-token"
description = "Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity."
regex = '''(?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["glsa_"]
[[rules]]
id = "harness-api-key"
description = "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account."
regex = '''(?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}'''
keywords = [
"pat.",
"sat.",
]
[[rules]]
id = "hashicorp-tf-api-token"
description = "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches."
regex = '''(?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70}'''
entropy = 3.5
keywords = ["atlasv1"]
[[rules]]
id = "hashicorp-tf-password"
description = "Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches."
regex = '''(?i)[\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}("[a-z0-9=_\-]{8,20}")(?:[\x60'"\s;]|\\[nr]|$)'''
path = '''(?i)\.(?:tf|hcl)$'''
entropy = 2
keywords = [
"administrator_login_password",
"password",
]
[[rules]]
id = "heroku-api-key"
description = "Detected a Heroku API Key, potentially compromising cloud application deployments and operational security."
regex = '''(?i)[\w.-]{0,50}?(?:heroku)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["heroku"]
[[rules]]
id = "hubspot-api-key"
description = "Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations."
regex = '''(?i)[\w.-]{0,50}?(?:hubspot)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["hubspot"]
[[rules]]
id = "huggingface-access-token"
description = "Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data."
regex = '''\b(hf_(?i:[a-z]{34}))(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["hf_"]
[[rules]]
id = "huggingface-organization-api-token"
description = "Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data."
regex = '''\b(api_org_(?i:[a-z]{34}))(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["api_org_"]
[[rules]]
id = "infracost-api-token"
description = "Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data."
regex = '''\b(ico-[a-zA-Z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["ico-"]
[[rules]]
id = "intercom-api-key"
description = "Identified an Intercom API Token, which could compromise customer communication channels and data privacy."
regex = '''(?i)[\w.-]{0,50}?(?:intercom)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{60})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["intercom"]
[[rules]]
id = "intra42-client-secret"
description = "Found a Intra42 client secret, which could lead to unauthorized access to the 42School API and sensitive data."
regex = '''\b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = [
"intra",
"s-s4t2ud-",
"s-s4t2af-",
]
[[rules]]
id = "jfrpog-ai-key"
description = "Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines."
regex = '''(?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{73})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"jfrog",
"artifactory",
"bintray",
"xray",
]
[[rules]]
id = "jfrog-identity-token"
description = "Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts."
regex = '''(?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"jfrog",
"artifactory",
"bintray",
"xray",
]
[[rules]]
id = "jwt"
description = "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data."
regex = '''\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["ey"]
[[rules]]
id = "jwt-base64"
description = "Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information."
regex = '''\bZXlK(?:(?P<alg>aGJHY2lPaU)|(?P<apu>aGNIVWlPaU)|(?P<apv>aGNIWWlPaU)|(?P<aud>aGRXUWlPaU)|(?P<b64>aU5qUWlP)|(?P<crit>amNtbDBJanBi)|(?P<cty>amRIa2lPaU)|(?P<epk>bGNHc2lPbn)|(?P<enc>bGJtTWlPaU)|(?P<jku>cWEzVWlPaU)|(?P<jwk>cWQyc2lPb)|(?P<iss>cGMzTWlPaU)|(?P<iv>cGRpSTZJ)|(?P<kid>cmFXUWlP)|(?P<key_ops>clpYbGZiM0J6SWpwY)|(?P<kty>cmRIa2lPaUp)|(?P<nonce>dWIyNWpaU0k2)|(?P<p2c>d01tTWlP)|(?P<p2s>d01uTWlPaU)|(?P<ppt>d2NIUWlPaU)|(?P<sub>emRXSWlPaU)|(?P<svt>emRuUWlP)|(?P<tag>MFlXY2lPaU)|(?P<typ>MGVYQWlPaUp)|(?P<url>MWNtd2l)|(?P<use>MWMyVWlPaUp)|(?P<ver>MlpYSWlPaU)|(?P<version>MlpYSnphVzl1SWpv)|(?P<x>NElqb2)|(?P<x5c>NE5XTWlP)|(?P<x5t>NE5YUWlPaU)|(?P<x5ts256>NE5YUWpVekkxTmlJNkl)|(?P<x5u>NE5YVWlPaU)|(?P<zip>NmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2}'''
entropy = 2
keywords = ["zxlk"]
[[rules]]
id = "kraken-access-token"
description = "Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security."
regex = '''(?i)[\w.-]{0,50}?(?:kraken)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9\/=_\+\-]{80,90})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["kraken"]
[[rules]]
id = "kubernetes-secret-yaml"
description = "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"
regex = '''(?i)(?:\bkind:[ \t]*["']?\bsecret\b["']?(?s:.){0,200}?\bdata:(?s:.){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?s:.){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?s:.){0,200}?\bkind:[ \t]*["']?\bsecret\b["']?)'''
path = '''(?i)\.ya?ml$'''
keywords = ["secret"]
[[rules.allowlists]]
regexes = [
'''[\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:\{\{[ \t\w"|$:=,.-]+}}|""|'')''',
]
[[rules.allowlists]]
regexTarget = "match"
regexes = [
'''(kind:(?s:.)+\n---\n(?s:.)+\bdata:|data:(?s:.)+\n---\n(?s:.)+\bkind:)''',
]
[[rules]]
id = "kucoin-access-token"
description = "Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions."
regex = '''(?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{24})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["kucoin"]
[[rules]]
id = "kucoin-secret-key"
description = "Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["kucoin"]
[[rules]]
id = "launchdarkly-access-token"
description = "Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality."
regex = '''(?i)[\w.-]{0,50}?(?:launchdarkly)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["launchdarkly"]
[[rules]]
id = "linear-api-key"
description = "Detected a Linear API Token, posing a risk to project management tools and sensitive task data."
regex = '''lin_api_(?i)[a-z0-9]{40}'''
entropy = 2
keywords = ["lin_api_"]
[[rules]]
id = "linear-client-secret"
description = "Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data."
regex = '''(?i)[\w.-]{0,50}?(?:linear)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["linear"]
[[rules]]
id = "linkedin-client-id"
description = "Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{14})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = [
"linkedin",
"linked_in",
"linked-in",
]
[[rules]]
id = "linkedin-client-secret"
description = "Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data."
regex = '''(?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = [
"linkedin",
"linked_in",
"linked-in",
]
[[rules]]
id = "lob-api-key"
description = "Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services."
regex = '''(?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}((live|test)_[a-f0-9]{35})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"test_",
"live_",
]
[[rules]]
id = "lob-pub-api-key"
description = "Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations."
regex = '''(?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}((test|live)_pub_[a-f0-9]{31})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"test_pub",
"live_pub",
"_pub",
]
[[rules]]
id = "mailchimp-api-key"
description = "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data."
regex = '''(?i)[\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32}-us\d\d)(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["mailchimp"]
[[rules]]
id = "mailgun-private-api-token"
description = "Found a Mailgun private API token, risking unauthorized email service operations and data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(key-[a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["mailgun"]
[[rules]]
id = "mailgun-pub-key"
description = "Discovered a Mailgun public validation key, which could expose email verification processes and associated data."
regex = '''(?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(pubkey-[a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["mailgun"]
[[rules]]
id = "mailgun-signing-key"
description = "Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity."
regex = '''(?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["mailgun"]
[[rules]]
id = "mapbox-api-token"
description = "Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:mapbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["mapbox"]
[[rules]]
id = "mattermost-access-token"
description = "Identified a Mattermost Access Token, which may compromise team communication channels and data privacy."
regex = '''(?i)[\w.-]{0,50}?(?:mattermost)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{26})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["mattermost"]
[[rules]]
id = "maxmind-license-key"
description = "Discovered a potential MaxMind license key."
regex = '''\b([A-Za-z0-9]{6}_[A-Za-z0-9]{29}_mmk)(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = ["_mmk"]
[[rules]]
id = "messagebird-api-token"
description = "Found a MessageBird API token, risking unauthorized access to communication platforms and message data."
regex = '''(?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{25})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"messagebird",
"message-bird",
"message_bird",
]
[[rules]]
id = "messagebird-client-id"
description = "Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data."
regex = '''(?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"messagebird",
"message-bird",
"message_bird",
]
[[rules]]
id = "microsoft-teams-webhook"
description = "Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks."
regex = '''https://[a-z0-9]+\.webhook\.office\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}'''
keywords = [
"webhook.office.com",
"webhookb2",
"incomingwebhook",
]
[[rules]]
id = "netlify-access-token"
description = "Detected a Netlify Access Token, potentially compromising web hosting services and site management."
regex = '''(?i)[\w.-]{0,50}?(?:netlify)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40,46})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["netlify"]
[[rules]]
id = "new-relic-browser-api-token"
description = "Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics."
regex = '''(?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRJS-[a-f0-9]{19})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["nrjs-"]
[[rules]]
id = "new-relic-insert-key"
description = "Discovered a New Relic insight insert key, compromising data injection into the platform."
regex = '''(?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRII-[a-z0-9-]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["nrii-"]
[[rules]]
id = "new-relic-user-api-id"
description = "Found a New Relic user API ID, posing a risk to application monitoring services and data integrity."
regex = '''(?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"new-relic",
"newrelic",
"new_relic",
]
[[rules]]
id = "new-relic-user-api-key"
description = "Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring."
regex = '''(?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRAK-[a-z0-9]{27})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["nrak"]
[[rules]]
id = "npm-access-token"
description = "Uncovered an npm access token, potentially compromising package management and code repository access."
regex = '''(?i)\b(npm_[a-z0-9]{36})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["npm_"]
[[rules]]
id = "nuget-config-password"
description = "Identified a password within a Nuget config file, potentially compromising package management access."
regex = '''(?i)<add key=\"(?:(?:ClearText)?Password)\"\s*value=\"(.{8,})\"\s*/>'''
path = '''(?i)nuget\.config$'''
entropy = 1
keywords = ["<add key="]
[[rules.allowlists]]
regexes = [
'''33f!!lloppa''',
'''hal\+9ooo_da!sY''',
'''^\%\S.*\%$''',
]
[[rules]]
id = "nytimes-access-token"
description = "Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services."
regex = '''(?i)[\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"nytimes",
"new-york-times",
"newyorktimes",
]
[[rules]]
id = "octopus-deploy-api-key"
description = "Discovered a potential Octopus Deploy API key, risking application deployments and operational security."
regex = '''\b(API-[A-Z0-9]{26})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["api-"]
[[rules]]
id = "okta-access-token"
description = "Identified an Okta Access Token, which may compromise identity management services and user authentication data."
regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(00[\w=\-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = ["okta"]
[[rules]]
id = "openai-api-key"
description = "Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation."
regex = '''\b(sk-(?:proj|svcacct|admin)-(?:[A-Za-z0-9_-]{74}|[A-Za-z0-9_-]{58})T3BlbkFJ(?:[A-Za-z0-9_-]{74}|[A-Za-z0-9_-]{58})\b|sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["t3blbkfj"]
[[rules]]
id = "openshift-user-token"
description = "Found an OpenShift user token, potentially compromising an OpenShift/Kubernetes cluster."
regex = '''\b(sha256~[\w-]{43})(?:[^\w-]|\z)'''
entropy = 3.5
keywords = ["sha256~"]
[[rules]]
id = "perplexity-api-key"
description = "Detected a Perplexity API key, which could lead to unauthorized access to Perplexity AI services and data exposure."
regex = '''\b(pplx-[a-zA-Z0-9]{48})(?:[\x60'"\s;]|\\[nr]|$|\b)'''
entropy = 4
keywords = ["pplx-"]
[[rules]]
id = "pkcs12-file"
description = "Found a PKCS #12 file, which commonly contain bundled private keys."
path = '''(?i)(?:^|\/)[^\/]+\.p(?:12|fx)$'''
[[rules]]
id = "plaid-api-token"
description = "Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services."
regex = '''(?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["plaid"]
[[rules]]
id = "plaid-client-id"
description = "Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3.5
keywords = ["plaid"]
[[rules]]
id = "plaid-secret-key"
description = "Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data."
regex = '''(?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{30})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3.5
keywords = ["plaid"]
[[rules]]
id = "planetscale-api-token"
description = "Identified a PlanetScale API token, potentially compromising database management and operations."
regex = '''\b(pscale_tkn_(?i)[\w=\.-]{32,64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["pscale_tkn_"]
[[rules]]
id = "planetscale-oauth-token"
description = "Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity."
regex = '''\b(pscale_oauth_[\w=\.-]{32,64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["pscale_oauth_"]
[[rules]]
id = "planetscale-password"
description = "Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches."
regex = '''(?i)\b(pscale_pw_(?i)[\w=\.-]{32,64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["pscale_pw_"]
[[rules]]
id = "postman-api-token"
description = "Uncovered a Postman API token, potentially compromising API testing and development workflows."
regex = '''\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["pmak-"]
[[rules]]
id = "prefect-api-token"
description = "Detected a Prefect API token, risking unauthorized access to workflow management and automation services."
regex = '''\b(pnu_[a-zA-Z0-9]{36})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["pnu_"]
[[rules]]
id = "private-key"
description = "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."
regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]{64,}?KEY(?: BLOCK)?-----'''
keywords = ["-----begin"]
[[rules]]
id = "privateai-api-token"
description = "Identified a PrivateAI Token, posing a risk of unauthorized access to AI services and data manipulation."
regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:private[_-]?ai)(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = [
"privateai",
"private_ai",
"private-ai",
]
[[rules]]
id = "pulumi-api-token"
description = "Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management."
regex = '''\b(pul-[a-f0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["pul-"]
[[rules]]
id = "pypi-upload-token"
description = "Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity."
regex = '''pypi-AgEIcHlwaS5vcmc[\w-]{50,1000}'''
entropy = 3
keywords = ["pypi-ageichlwas5vcmc"]
[[rules]]
id = "rapidapi-access-token"
description = "Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services."
regex = '''(?i)[\w.-]{0,50}?(?:rapidapi)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{50})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["rapidapi"]
[[rules]]
id = "readme-api-token"
description = "Detected a Readme API token, risking unauthorized documentation management and content exposure."
regex = '''\b(rdme_[a-z0-9]{70})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["rdme_"]
[[rules]]
id = "rubygems-api-token"
description = "Identified a Rubygem API token, potentially compromising Ruby library distribution and package management."
regex = '''\b(rubygems_[a-f0-9]{48})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["rubygems_"]
[[rules]]
id = "scalingo-api-token"
description = "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security."
regex = '''\b(tk-us-[\w-]{48})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["tk-us-"]
[[rules]]
id = "sendbird-access-id"
description = "Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations."
regex = '''(?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["sendbird"]
[[rules]]
id = "sendbird-access-token"
description = "Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data."
regex = '''(?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["sendbird"]
[[rules]]
id = "sendgrid-api-token"
description = "Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure."
regex = '''\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["sg."]
[[rules]]
id = "sendinblue-api-token"
description = "Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy."
regex = '''\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["xkeysib-"]
[[rules]]
id = "sentry-access-token"
description = "Found a Sentry.io Access Token (old format), risking unauthorized access to error tracking services and sensitive application data."
regex = '''(?i)[\w.-]{0,50}?(?:sentry)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["sentry"]
[[rules]]
id = "sentry-org-token"
description = "Found a Sentry.io Organization Token, risking unauthorized access to error tracking services and sensitive application data."
regex = '''\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}(?:[^a-zA-Z0-9+/]|\z)'''
entropy = 4.5
keywords = ["sntrys_eyjpyxqio"]
[[rules]]
id = "sentry-user-token"
description = "Found a Sentry.io User Token, risking unauthorized access to error tracking services and sensitive application data."
regex = '''\b(sntryu_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3.5
keywords = ["sntryu_"]
[[rules]]
id = "settlemint-application-access-token"
description = "Found a Settlemint Application Access Token."
regex = '''\b(sm_aat_[a-zA-Z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["sm_aat"]
[[rules]]
id = "settlemint-personal-access-token"
description = "Found a Settlemint Personal Access Token."
regex = '''\b(sm_pat_[a-zA-Z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["sm_pat"]
[[rules]]
id = "settlemint-service-access-token"
description = "Found a Settlemint Service Access Token."
regex = '''\b(sm_sat_[a-zA-Z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["sm_sat"]
[[rules]]
id = "shippo-api-token"
description = "Discovered a Shippo API token, potentially compromising shipping services and customer order data."
regex = '''\b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = ["shippo_"]
[[rules]]
id = "shopify-access-token"
description = "Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches."
regex = '''shpat_[a-fA-F0-9]{32}'''
entropy = 2
keywords = ["shpat_"]
[[rules]]
id = "shopify-custom-access-token"
description = "Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security."
regex = '''shpca_[a-fA-F0-9]{32}'''
entropy = 2
keywords = ["shpca_"]
[[rules]]
id = "shopify-private-app-access-token"
description = "Identified a Shopify private app access token, risking unauthorized access to private app data and store operations."
regex = '''shppa_[a-fA-F0-9]{32}'''
entropy = 2
keywords = ["shppa_"]
[[rules]]
id = "shopify-shared-secret"
description = "Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security."
regex = '''shpss_[a-fA-F0-9]{32}'''
entropy = 2
keywords = ["shpss_"]
[[rules]]
id = "sidekiq-secret"
description = "Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = [
"bundle_enterprise__contribsys__com",
"bundle_gems__contribsys__com",
]
[[rules]]
id = "sidekiq-sensitive-url"
description = "Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details."
regex = '''(?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)'''
keywords = [
"gems.contribsys.com",
"enterprise.contribsys.com",
]
[[rules]]
id = "slack-app-token"
description = "Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data."
regex = '''(?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+'''
entropy = 2
keywords = ["xapp"]
[[rules]]
id = "slack-bot-token"
description = "Identified a Slack Bot token, which may compromise bot integrations and communication channel security."
regex = '''xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*'''
entropy = 3
keywords = ["xoxb"]
[[rules]]
id = "slack-config-access-token"
description = "Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access."
regex = '''(?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166}'''
entropy = 2
keywords = [
"xoxe.xoxb-",
"xoxe.xoxp-",
]
[[rules]]
id = "slack-config-refresh-token"
description = "Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings."
regex = '''(?i)xoxe-\d-[A-Z0-9]{146}'''
entropy = 2
keywords = ["xoxe-"]
[[rules]]
id = "slack-legacy-bot-token"
description = "Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure."
regex = '''xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26}'''
entropy = 2
keywords = ["xoxb"]
[[rules]]
id = "slack-legacy-token"
description = "Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data."
regex = '''xox[os]-\d+-\d+-\d+-[a-fA-F\d]+'''
entropy = 2
keywords = [
"xoxo",
"xoxs",
]
[[rules]]
id = "slack-legacy-workspace-token"
description = "Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features."
regex = '''xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48}'''
entropy = 2
keywords = [
"xoxa",
"xoxr",
]
[[rules]]
id = "slack-user-token"
description = "Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces."
regex = '''xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}'''
entropy = 2
keywords = [
"xoxp-",
"xoxe-",
]
[[rules]]
id = "slack-webhook-url"
description = "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels."
regex = '''(?:https?://)?hooks.slack.com/(?:services|workflows|triggers)/[A-Za-z0-9+/]{43,56}'''
keywords = ["hooks.slack.com"]
[[rules]]
id = "snyk-api-token"
description = "Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security."
regex = '''(?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["snyk"]
[[rules]]
id = "sonar-api-token"
description = "Uncovered a Sonar API token, potentially compromising software vulnerability scanning and code security."
regex = '''(?i)[\w.-]{0,50}?(?:sonar[_.-]?(login|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["sonar"]
[[rules]]
id = "sourcegraph-access-token"
description = "Sourcegraph is a code search and navigation engine."
regex = '''(?i)\b(\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\b)(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = [
"sgp_",
"sourcegraph",
]
[[rules]]
id = "square-access-token"
description = "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure."
regex = '''\b((?:EAAA|sq0atp-)[\w-]{22,60})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = [
"sq0atp-",
"eaaa",
]
[[rules]]
id = "squarespace-access-token"
description = "Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace."
regex = '''(?i)[\w.-]{0,50}?(?:squarespace)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["squarespace"]
[[rules]]
id = "stripe-access-token"
description = "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."
regex = '''\b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 2
keywords = [
"sk_test",
"sk_live",
"sk_prod",
"rk_test",
"rk_live",
"rk_prod",
]
[[rules]]
id = "sumologic-access-id"
description = "Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity."
regex = '''[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(su[a-zA-Z0-9]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["sumo"]
[[rules]]
id = "sumologic-access-token"
description = "Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights."
regex = '''(?i)[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3
keywords = ["sumo"]
[[rules]]
id = "telegram-bot-api-token"
description = "Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram."
regex = '''(?i)[\w.-]{0,50}?(?:telegr)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\-]{34})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["telegr"]
[[rules]]
id = "travisci-access-token"
description = "Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security."
regex = '''(?i)[\w.-]{0,50}?(?:travis)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{22})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["travis"]
[[rules]]
id = "twilio-api-key"
description = "Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data."
regex = '''SK[0-9a-fA-F]{32}'''
entropy = 3
keywords = ["sk"]
[[rules]]
id = "twitch-api-token"
description = "Discovered a Twitch API token, which could compromise streaming services and account integrations."
regex = '''(?i)[\w.-]{0,50}?(?:twitch)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{30})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["twitch"]
[[rules]]
id = "twitter-access-secret"
description = "Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches."
regex = '''(?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{45})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["twitter"]
[[rules]]
id = "twitter-access-token"
description = "Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure."
regex = '''(?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["twitter"]
[[rules]]
id = "twitter-api-key"
description = "Identified a Twitter API Key, which may compromise Twitter application integrations and user data security."
regex = '''(?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{25})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["twitter"]
[[rules]]
id = "twitter-api-secret"
description = "Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access."
regex = '''(?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{50})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["twitter"]
[[rules]]
id = "twitter-bearer-token"
description = "Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter."
regex = '''(?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["twitter"]
[[rules]]
id = "typeform-api-token"
description = "Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection."
regex = '''(?i)[\w.-]{0,50}?(?:typeform)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(tfp_[a-z0-9\-_\.=]{59})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["tfp_"]
[[rules]]
id = "vault-batch-token"
description = "Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data."
regex = '''\b(hvb\.[\w-]{138,300})(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 4
keywords = ["hvb."]
[[rules]]
id = "vault-service-token"
description = "Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials."
regex = '''\b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:[\x60'"\s;]|\\[nr]|$)'''
entropy = 3.5
keywords = [
"hvs.",
"s.",
]
[[rules.allowlists]]
regexes = [
'''s\.[A-Za-z]{24}''',
]
[[rules]]
id = "yandex-access-token"
description = "Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy."
regex = '''(?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["yandex"]
[[rules]]
id = "yandex-api-key"
description = "Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation."
regex = '''(?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["yandex"]
[[rules]]
id = "yandex-aws-access-token"
description = "Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud."
regex = '''(?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(YC[a-zA-Z0-9_\-]{38})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["yandex"]
[[rules]]
id = "zendesk-secret-key"
description = "Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data."
regex = '''(?i)[\w.-]{0,50}?(?:zendesk)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
keywords = ["zendesk"]
Reference in New Issue View Git Blame Copy Permalink