This repo is dedicated to all the regexes which I searched and found on multiple blogs/repos/articles for scraping sensitive data out of a page/site.
Reference :- https://github.com/dxa4481/truffleHogRegexes
|
Slack Token |
(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32}) |
|
RSA private key |
-----BEGIN RSA PRIVATE KEY----- |
|
SSH (OPENSSH) private key |
-----BEGIN OPENSSH PRIVATE KEY----- |
|
SSH (DSA) private key |
-----BEGIN DSA PRIVATE KEY----- |
|
SSH (EC) private key |
-----BEGIN EC PRIVATE KEY----- |
|
PGP private key block |
-----BEGIN PGP PRIVATE KEY BLOCK----- |
| Putty Key | PuTTY-User-Key-File-2 |
| SSH2 private key | -----BEGIN SSH2 ENCRYPTED PRIVATE KEY----- |
|
Generic Private Key block |
BEGIN.*PRIVATE KEY |
|
Username Password combo |
^[a-z]+://.*:.*@ |
|
Facebook Oauth |
[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"] |
|
Twitter Oauth |
[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"] |
|
GitHub |
[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"] |
|
Google Oauth |
(\"client_secret\":\"[a-zA-Z0-9-_]{24}\") |
|
AWS API Key |
AKIA[0-9A-Z]{16} |
|
Heroku API Key |
[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12} |
|
Generic API Key |
[aA][pP][iI]_?[kK][eE][yY].*['|\"][0-9a-zA-Z]{32,45}['|\"] |
|
Generic Secret |
[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"] |
|
Slack Webhook |
https://hooks[.]slack[.]com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24} |
|
Google (GCP) Service-account |
\"type\": \"service_account\" |
|
Twilio API Key |
SK[a-z0-9]{32} |
|
Password in URL |
[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s] |
|
Amazon MWS Auth Token |
(amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) |
|
Facebook Access Token |
(EAACEdEose0cBA[0-9A-Za-z]+) |
|
Google API Key |
(AIza[0-9A-Za-z\\-_]{35}) |
|
Google Cloud Platform API Key |
(AIza[0-9A-Za-z\\-_]{35}) |
|
Password in URL |
[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s] |
|
Google Cloud Platform OAuth |
([0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com) |
|
Google Drive API Key |
(AIza[0-9A-Za-z\\-_]{35}) |
|
Google Drive OAuth |
([0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com) |
|
Google (GCP) Service-account |
("type": "service_account".*) |
|
Google Gmail API Key |
(AIza[0-9A-Za-z\\-_]{35}) |
|
Google Gmail OAuth |
([0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com) |
|
Google OAuth Access Token |
(ya29\\.[0-9A-Za-z\\-_]+) |
|
Google YouTube API Key |
(AIza[0-9A-Za-z\\-_]{35}) |
|
Google YouTube OAuth |
([0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com) |
|
MailChimp API Key |
([0-9a-f]{32}-us[0-9]{1,2}) |
|
Mailgun API Key |
(key-[0-9a-zA-Z]{32}) |
|
PayPal Braintree Access Token |
(access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}) |
|
Picatic API Key |
(sk_live_[0-9a-z]{32}) |
|
Stripe API Key |
(sk_live_[0-9a-zA-Z]{24}) |
|
Stripe Restricted API Key |
(rk_live_[0-9a-zA-Z]{24}) |
|
Square Access Token |
(sq0atp-[0-9A-Za-z\\-_]{22}) |
|
Square OAuth Secret |
(sq0csp-[0-9A-Za-z\\-_]{43}) |
|
Twitter Access Token |
[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40} |
|
apikey |
|---|
|
api_key |
|
aws_secret_access_key |
|
db_pass |
|
password |
|
passwd |
|
private_key |
|
secret |
|
secrete |
|
"" |
|
""): |
|
"\' |
|
") |
|
#pass |
|
#password |
|
$(shell |
|
'\" |
|
'' |
|
''): |
|
') |
|
'this |
|
(nsstring |
|
-default} |
|
<a |
|
<aws_secret_access_key> |
|
<input |
|
<password> |
|
= |
|
\\"$(shell |
|
\\k.*" |
|
\\k.*' |
|
`grep |
|
dummy_secret |
|
false |
|
false): |
|
false, |
|
false; |
|
none |
|
none, |
|
none} |
|
not |
|
null |
|
null, |
|
null; |
|
password |
|
password) |
|
password, |
|
password}, |
|
redacted |
|
some_key |
|
string, |
|
string? |
|
string} |
|
string}} |
|
test-access-key |
|
todo |
|
true |
|
true): |
|
true, |
|
true; |
|
{ |
|
Something followed by Colon Eg. secret_key: foo |
({})(("|\')?):(\s*?)(("|\')?)([^\s]+)(\5) |
|
Something followed by Colon & Quotes Eg. secret_key: "foo" |
({})(("|\')?):(\s*?)(("|\'))([^\s]+)(\5) |
|
Something followed by Equal signs Eg. password = bar |
({})((\'|")])?()(\s*?)=(\s*?)(("|\')?)([^\s]+)(\7) |
|
Something followed by Equal signs & Quotes Eg. password = "bar" |
({})((\'|")])?()(\s*?)=(\s*?)(("|\'))([^\s]+)(\7) |
|
Something followed by Quotes & Semicolon Eg. private_key "something"; |
({})([^\s]*?)(\s*?)("|\')([^\s]+)(\4); |