• Stars
    star
    865
  • Rank 52,730 (Top 2 %)
  • Language
    Python
  • License
    Creative Commons ...
  • Created almost 2 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

๐Ÿ—„๏ธ Secrets Patterns Database ๐Ÿ—„๏ธ

The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets.


๐Ÿš€ Features

  • Over 1600 regular expressions for detecting secrets, passwords, API keys, tokens, and more.
  • Format agnostic. A Single format that supports secret detection tools, including Trufflehog and Gitleaks.
  • Tested and reviewed Regular expressions.
  • Categorized by confidence levels of each pattern.
  • All regular expressions are tested against ReDos attacks.

โ” Why?

There are limited resources online for Regular Expressions patterns for secrets. TruffleHog offers ~700 as built-in rules. GitLeaks offers ~60 rules. While it's a good start, it's not enough. There's a lot of work that needs to be done for maintenance and keeping up with new secrets patterns.

I have collected and curated Regular Expressions Patterns for Secrets, API Tokens, Keys, and Passwords. I'm open-sourcing the database I built (Secrets-Patterns-DB), and hope that security teams contribute to it!

The Secrets-Patterns-DB contains over 1600 Regular Expressions. I have also written scripts to validate Regexes against ReDoS attacks, and CI jobs to load and validate Regexes, and I also manually cleaned-up invalid ones.

It's in Beta. Thereโ€™s a lot of room for improvement on the project. I'm looking forward to your Pull Requests and Issues on Github to enhance Secrets-Patterns-DB for everyone.

Are you planning to enhance your secrets detection in your AppSec program? Please take some time to contribute to the project! ๐Ÿ™


๐Ÿ’ป Contribution

Contribution is always welcome! Please feel free to report issues on Github and create Pull Requestss for new features.

๐Ÿ“Œ Ideas to Start on

Would like to contribute to secrets-patterns-db? Here are some ideas that you may start with:

  • Support severity
  • Categorize patterns by type?
  • Categorize patterns by tags?
  • Support more tools?

๐Ÿ“„ License

This work is licensed under a Creative Commons Attribution 4.0 International License.

๐Ÿ’š Author

Mazin Ahmed

More Repositories

1

bfac

BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source code.
Python
513
star
2

Firefox-Security-Toolkit

A tool that transforms Firefox browsers into a penetration testing suite
Shell
473
star
3

shennina

Automating Host Exploitation with AI
Python
433
star
4

struts-pwn

An exploit for Apache Struts CVE-2017-5638
Python
417
star
5

server-status_PWN

A script that monitors and extracts requested URLs and clients connected to the service by exploiting publicly accessible Apache server-status instances.
Python
407
star
6

GithubCloner

A script that clones Github repositories of users and organizations.
Python
381
star
7

tfquery

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Python
324
star
8

xless

The Serverless Blind XSS App
JavaScript
316
star
9

struts-pwn_CVE-2018-11776

An exploit for Apache Struts CVE-2018-11776
Python
299
star
10

jwt-pwn

Security Testing Scripts for JWT
Python
288
star
11

struts-pwn_CVE-2017-9805

An exploit for Apache Struts CVE-2017-9805
Python
247
star
12

public

PHP
36
star
13

go-random

๐ŸŒ go-random: A fast, clear, and cryptographically-secure random data generator for Golang
Go
27
star
14

whatsapp-chat-parser

WhatsApp Chat Parser
Python
17
star
15

Ubuntu-Desktop-Malware-Vector-Demo

Demo for http://blog.mazinahmed.net/2017/04/using-ubuntu-desktop-as-malware-vector.html
5
star
16

gronpy

Print JSON objects in a "Greppable" output.
Python
4
star
17

trufflehog-clone

Trufflehog v2 Clone
2
star
18

juice-shop

TypeScript
2
star
19

mazinahmed.net

mazinahmed.net
HTML
2
star
20

detect_passive_secrets

JavaScript
1
star