patterns: - pattern: name: times regex: \d{1,2}:\d{2} ?(?:[ap]\.?m\.?)?|\d[ap]\.?m\.? confidence: high - pattern: name: phones regex: ((?:(?\\s*?[\\S\\s]*?[\\S\\s]*?<\\/pwentry>\\s*?<\\/pwlist>" confidence: high - pattern: name: Large number of US Phone Numbers regex: "\\d{3}-\\d{3}-\\d{4}|\\(\\d{3}\\)\\ ?\\d{3}-?\\d{4}" confidence: high - pattern: name: Large number of US Zip Codes regex: "^(\\d{5}-\\d{4}|\\d{5})$" confidence: high - pattern: name: Lightweight Directory Access Protocol regex: "(?:dn|cn|dc|sn):\\s*[a-zA-Z0-9=, ]*" confidence: high - pattern: name: Metasploit Module regex: "require\\ 'msf/core'|class\\ Metasploit|include\\ Msf::Exploit::\\w+::\\w+" confidence: high - pattern: name: MySQL database dump regex: "DROP DATABASE IF EXISTS(?:.|\\n){5,300}CREATE DATABASE(?:.|\\n){5,300}DROP TABLE IF EXISTS(?:.|\\n){5,300}CREATE TABLE" confidence: high - pattern: name: MySQLite database dump regex: "DROP\\ TABLE\\ IF\\ EXISTS\\ \\[[a-zA-Z]*\\];|CREATE\\ TABLE\\ \\[[a-zA-Z]*\\];" confidence: high - pattern: name: Network Proxy Auto-Config regex: "proxy\\.pac|function\\ FindProxyForURL\\(\\w+,\\ \\w+\\)" confidence: high - pattern: name: Nmap Scan Report regex: "Nmap\\ scan\\ report\\ for\\ [a-zA-Z0-9.]+" confidence: high - pattern: name: PGP Header regex: "-{5}(?:BEGIN|END)\\ PGP\\ MESSAGE-{5}" confidence: high - pattern: name: PGP Private Key Block regex: "-----BEGIN PGP PRIVATE KEY BLOCK-----(?:.|\\s)+?-----END PGP PRIVATE KEY BLOCK-----" confidence: high - pattern: name: PKCS7 Encrypted Data regex: "(?:Signer|Recipient)Info(?:s)?\\ ::=\\ \\w+|[D|d]igest(?:Encryption)?Algorithm|EncryptedKey\\ ::= \\w+" confidence: high - pattern: name: Password etc passwd regex: "[a-zA-Z0-9\\-]+:[x|\\*]:\\d+:\\d+:[a-zA-Z0-9/\\- \"]*:/[a-zA-Z0-9/\\-]*:/[a-zA-Z0-9/\\-]+" confidence: high - pattern: name: Password etc shadow regex: "[a-zA-Z0-9\\-]+:(?:(?:!!?)|(?:\\*LOCK\\*?)|\\*|(?:\\*LCK\\*?)|(?:\\$.*\\$.*\\$.*?)?):\\d*:\\d*:\\d*:\\d*:\\d*:\\d*:" confidence: high - pattern: name: PlainText Private Key regex: "-----BEGIN PRIVATE KEY-----(?:.|\\s)+?-----END PRIVATE KEY-----" confidence: high - pattern: name: PuTTY SSH DSA Key regex: "PuTTY-User-Key-File-2: ssh-dss\\s*Encryption: none(?:.|\\s?)*?Private-MAC:" confidence: high - pattern: name: PuTTY SSH RSA Key regex: "PuTTY-User-Key-File-2: ssh-rsa\\s*Encryption: none(?:.|\\s?)*?Private-MAC:" confidence: high - pattern: name: Public Key Cryptography System (PKCS) regex: "protocol=\"application/x-pkcs[0-9]{0,2}-signature\"" confidence: high - pattern: name: Public encrypted key regex: "-----BEGIN PUBLIC KEY-----(?:.|\\s)+?-----END PUBLIC KEY-----" confidence: high - pattern: name: RSA Private Key regex: "-----BEGIN RSA PRIVATE KEY-----(?:[a-zA-Z0-9\\+\\=\\/\"']|\\s)+?-----END RSA PRIVATE KEY-----" confidence: high - pattern: name: SSL Certificate regex: "-----BEGIN CERTIFICATE-----(?:.|\\n)+?\\s-----END CERTIFICATE-----" confidence: high - pattern: name: SWIFT Codes regex: "[A-Za-z]{4}(?:GB|US|DE|RU|CA|JP|CN)[0-9a-zA-Z]{2,5}$" confidence: high - pattern: name: Samba Password config file regex: "[a-z]*:\\d{3}:[0-9a-zA-Z]*:[0-9a-zA-Z]*:\\[U\\ \\]:.*" confidence: high - pattern: name: Slack 2FA Backup Codes regex: "Two-Factor\\s*\\S*Authentication\\s*\\S*Backup\\s*\\S*Codes(?:.|\\n)*[Ss]lack(?:.|\\n)*\\d{9}" confidence: high - pattern: name: UK Drivers License Numbers regex: "[A-Z]{5}\\d{6}[A-Z]{2}\\d{1}[A-Z]{2}" confidence: high - pattern: name: UK Passport Number regex: "\\d{10}GB[RP]\\d{7}[UMF]{1}\\d{9}" confidence: high - pattern: name: USBank Routing Numbers - California regex: "^12(?:1122676|2235821)$" confidence: high - pattern: name: United Bank Routing Number - California regex: "^122243350$" confidence: high - pattern: name: Wells Fargo Routing Numbers - California regex: "^121042882$" confidence: high - pattern: name: aws_access_key regex: "((access[-_]?key[-_]?id)|(ACCESS[-_]?KEY[-_]?ID)|([Aa]ccessKeyId)|(access[_-]?id)).{0,20}AKIA[a-zA-Z0-9+/]{16}[^a-zA-Z0-9+/]" confidence: high - pattern: name: aws_credentials_context regex: "access_key_id|secret_access_key|AssetSync.configure" confidence: high - pattern: name: aws_secret_key regex: "((secret[-_]?access[-_]?key)|(SECRET[-_]?ACCESS[-_]?KEY|(private[-_]?key))|([Ss]ecretAccessKey)).{0,20}[^a-zA-Z0-9+/][a-zA-Z0-9+/]{40}\\b" confidence: high - pattern: name: facebook_secret regex: "(facebook_secret|FACEBOOK_SECRET|facebook_app_secret|FACEBOOK_APP_SECRET)[a-z_ =\\s\"'\\:]{0,5}[^a-zA-Z0-9][a-f0-9]{32}[^a-zA-Z0-9]" confidence: high - pattern: name: github_key regex: "(GITHUB_SECRET|GITHUB_KEY|github_secret|github_key|github_token|GITHUB_TOKEN|github_api_key|GITHUB_API_KEY)[a-z_ =\\s\"'\\:]{0,10}[^a-zA-Z0-9][a-zA-Z0-9]{40}[^a-zA-Z0-9]" confidence: high - pattern: name: google_two_factor_backup regex: "(?:BACKUP VERIFICATION CODES|SAVE YOUR BACKUP CODES)[\\s\\S]{0,300}@" confidence: high - pattern: name: heroku_key regex: "(heroku_api_key|HEROKU_API_KEY|heroku_secret|HEROKU_SECRET)[a-z_ =\\s\"'\\:]{0,10}[^a-zA-Z0-9-]\\w{8}(?:-\\w{4}){3}-\\w{12}[^a-zA-Z0-9\\-]" confidence: high - pattern: name: microsoft_office_365_oauth_context regex: "https://login.microsoftonline.com/common/oauth2/v2.0/token|https://login.windows.net/common/oauth2/token" confidence: high - pattern: name: pgSQL Connection Information regex: "(?:postgres|pgsql)\\:\\/\\/" confidence: high - pattern: name: slack_api_key regex: "(slack_api_key|SLACK_API_KEY|slack_key|SLACK_KEY)[a-z_ =\\s\"'\\:]{0,10}[^a-f0-9][a-f0-9]{32}[^a-f0-9]" confidence: high - pattern: name: slack_api_token regex: "(xox[pb](?:-[a-zA-Z0-9]+){4,})" confidence: high - pattern: name: ssh_dss_public regex: "ssh-dss [0-9A-Za-z+/]+[=]{2}" confidence: high - pattern: name: ssh_rsa_public regex: "ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3} [^@]+@[^@]+" confidence: high - pattern: name: IBAN regex: '[a-zA-Z]{2}[0-9]{2}[a-zA-Z0-9]{4}[0-9]{7}([a-zA-Z0-9]?){0,16}' confidence: high - pattern: name: GPS Data regex: '^([-+]?)([\d]{1,2})(((\.)(\d+)(,)))(\s*)(([-+]?)([\d]{1,3})((\.)(\d+))?)' confidence: high - pattern: name: Blood Type regex: '^(A|B|AB|O)[-+]$' confidence: high - pattern: name: Date of Birth - 2 regex: '^([1-9]|[12][0-9]|3[01])(\/?\.\-?\-?\s?)(0[1-9]|1[12])(\/?\.?\-?\s?)(19[0-9][0-9]|20[0][0-9]|20[1][0-8])$' confidence: high - pattern: name: Tax Number regex: '^[0-9]{10}$' confidence: high - pattern: name: Bitcoin Address regex: '^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$' confidence: high