Skip to content

Instantly share code, notes, and snippets.

@wperron
Last active Apr 15, 2022
Embed
What would you like to do?
Detecting secrets in source code with RegEx
# Credit to https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
# For the different secret key patterns
#
# Usage: awk -f secrets.awk path/to/your/project/**/*.(js|ts)
/(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Slack Token
/-----BEGIN RSA PRIVATE KEY-----/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # RSA private key
/-----BEGIN DSA PRIVATE KEY-----/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # SSH (DSA) private key
/-----BEGIN EC PRIVATE KEY-----/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # SSH (EC) private key
/-----BEGIN PGP PRIVATE KEY BLOCK-----/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # PGP private key block
/amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Amazon MWS Auth Token
/AKIA[0-9A-Z]{16}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # AWS API Key
/da2-[a-z0-9]{26}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # AWS AppSync GraphQL Token
/EAACEdEose0cBA[0-9A-Za-z]+/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Facebook Auth Token
/[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"]/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Facebook OAuth
/[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # GitHub
/[aA][pP][iI]_?[kK][eE][yY].*['|\"][0-9a-zA-Z]{32,45}['|\"]/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Generic API Key
/[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Generic Secret
/AIza[0-9A-Za-z\\-_]{35}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google API Key
/AIza[0-9A-Za-z\\-_]{35}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google Cloud Platform API Key
/[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google Cloud Platform OAuth
/AIza[0-9A-Za-z\\-_]{35}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google Drive API Key
/[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google Drive OAuth
/\"type\": \"service_account\"/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile}# Google (GCP) service account
/AIza[0-9A-Za-z\\-_]{35}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google Gmail API Key
/[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google Gmail OAuth
/ya29\\.[0-9A-Za-z\\-_]+/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google OAuth Access Token
/AIza[0-9A-Za-z\\-_]{35}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google YouTube API Key
/[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Google YouTube OAuth
/[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Heroku API Key
/[0-9a-f]{32}-us[0-9]{1,2}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # MailChimp API Key
/key-[0-9a-zA-Z]{32}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Mailgun API Key
/[a-zA-Z]{3,10}:\/\/[^\/\\s:@]{3,20}:[^\/\\s:@]{3,20}@.{1,100}[\"'\\s]/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Password In URL
/access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # PayPal Braintree Access Token
/sk_live_[0-9a-z]{32}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Picatic API Key
/https:\/\/hooks\\.slack\\.com\/services\/T[a-zA-Z0-9_]{8}\/B[a-zA-Z0-9_]{8}\/[a-zA-Z0-9_]{24}"/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Slack Webhook
/sk_live_[0-9a-zA-Z]{24}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Stripe API Key
/rk_live_[0-9a-zA-Z]{24}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Stripe Restricted API Key
/sq0atp-[0-9A-Za-z\\-_]{22}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Square Access Token
/sq0csp-[0-9A-Za-z\\-_]{43}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Square Oauth Secret
/[0-9]+:AA[0-9A-Za-z\\-_]{33}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Telegram Bot API Key
/SK[0-9a-fA-F]{32}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Twilio API Key
/[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Twitter Access Token
/[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"]/ {printf "%s:%s %s", FILENAME, NR, $0; nextfile} # Twitter Oauth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment