Skip to content
/ secrets-patterns-db Public
forked from mazen160/secrets-patterns-db

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

mazinahmed.net/blog/secrets-patterns-db/

License

CC-BY-SA-4.0 license
0 stars 138 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fork-box/secrets-patterns-db

1 Branch0 Tags
This branch is up to date with mazen160/secrets-patterns-db:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

mazen160mazen160
fields update
Oct 17, 2023
123b5c4 Β· Oct 17, 2023

History

26 Commits
datasets
datasets
Oct 17, 2023
db
db
Oct 17, 2023
scripts
scripts
Oct 17, 2023
.gitignore
.gitignore
Feb 7, 2023
LICENSE.md
LICENSE.md
Feb 7, 2023
README.md
README.md
Jul 7, 2023

Repository files navigation

πŸ—„οΈ Secrets Patterns Database πŸ—„οΈ

The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets.

πŸš€ Features

  • Over 1600 regular expressions for detecting secrets, passwords, API keys, tokens, and more.
  • Format agnostic. A Single format that supports secret detection tools, including Trufflehog and Gitleaks.
  • Tested and reviewed Regular expressions.
  • Categorized by confidence levels of each pattern.
  • All regular expressions are tested against ReDos attacks.

❔ Why?

There are limited resources online for Regular Expressions patterns for secrets. TruffleHog offers ~700 as built-in rules. GitLeaks offers ~60 rules. While it's a good start, it's not enough. There's a lot of work that needs to be done for maintenance and keeping up with new secrets patterns.

I have collected and curated Regular Expressions Patterns for Secrets, API Tokens, Keys, and Passwords. I'm open-sourcing the database I built (Secrets-Patterns-DB), and hope that security teams contribute to it!

The Secrets-Patterns-DB contains over 1600 Regular Expressions. I have also written scripts to validate Regexes against ReDoS attacks, and CI jobs to load and validate Regexes, and I also manually cleaned-up invalid ones.

It's in Beta. There’s a lot of room for improvement on the project. I'm looking forward to your Pull Requests and Issues on Github to enhance Secrets-Patterns-DB for everyone.

Are you planning to enhance your secrets detection in your AppSec program? Please take some time to contribute to the project! πŸ™

πŸ’» Contribution

Contribution is always welcome! Please feel free to report issues on Github and create Pull Requestss for new features.

πŸ“Œ Ideas to Start on

Using

For Trufflehog v2 > . / c o n v e r t βˆ’ r u l e s . p y βˆ’ βˆ’ d b . . / d b / r u l e s βˆ’ s t a b l e . y m l βˆ’ βˆ’ t y p e t r u f f l e h o g F o r G i t l e a k s > ./convert-rules.py --db ../db/rules-stable.yml --type gitleaks

Optional: --export - Set filename, extension will be added by type (gitleaks = toml, trufflehog = json)

Would like to contribute to secrets-patterns-db? Here are some ideas that you may start with:

  • Support severity
  • Categorize patterns by type?
  • Categorize patterns by tags?
  • Support more tools?

πŸ“„ License

This work is licensed under a Creative Commons Attribution 4.0 International License.

πŸ’š Author

Mazin Ahmed

About

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

mazinahmed.net/blog/secrets-patterns-db/

Resources

Readme

License

CC-BY-SA-4.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 69.0%
  • PowerShell 28.5%
  • JavaScript 2.3%
  • Shell 0.2%