Merge pull request #33 from scooterhanson/additional-content-patterns

Additional patterns in contents module
hawkeyesec · Nov 29, 2017 · 947c222 · 947c222
2 parents f95a1fd + c3ad239
commit 947c222
Showing 1 changed file with 76 additions and 2 deletions.
diff --git a/lib/modules/content/data.js b/lib/modules/content/data.js
@@ -4,12 +4,86 @@ module.exports = [
     code: 1,
     content: /(['|"]?password['|"]?\ ?[:|=]\ ?['|"].*['|"])/,
     caption: 'Potential password in file',
-    level: 'medium'
+    level: 'high'
   },
   {
     code: 2,
     content: /(BEGIN\ RSA\ PRIVATE\ KEY)/,
     caption: 'Private key in file',
     level: 'critical'
-  }
+  },
+  {
+    code: 3,
+    content: /(['|"|_]?password['|"]?\ *[:|=])^[,|;]{8,}/i,
+    caption: 'Potential password in file',
+    level: 'high'
+  },
+  {
+    code: 4,
+    content: /(['|"|_]?password['|"]?\ *[:|=])^[,|;]{8,}/i,
+    caption: 'Potential password in file',
+    level: 'high'
+  },
+  {
+    code: 5,
+    content: /(['|"|_]?pw['|"]?\ *[:|=])^[,|;]{8,}/i,
+    caption: 'Potential password in file',
+    level: 'high'
+  },
+  {
+    code: 6,
+    content: /(['|"|_]?pass['|"]?\ *[:|=])^[,|;]{8,}/i,
+    caption: 'Potential password in file',
+    level: 'high'
+  },
+  {
+    code: 7,
+    content: /(['|"|_]?pword['|"]?\ *[:|=])^[,|;]{8,}/i,
+    caption: 'Potential password in file',
+    level: 'high'
+  },
+  {
+    code: 8,
+    content: /(['|"|_]?passphrase['|"]?\ *[:|=])^[,|;]{8,}/i,
+    caption: 'Potential passphrase in file',
+    level: 'high'
+  },
+  {
+    code: 9,
+    content: /(<[^(><.)]+password[^(><.)]+>[^(><.)]+<\/[^(><.)]+password[^(><.)]+>)/i,
+    caption: 'Potential password in file',
+    level: 'high'
+  },
+  {
+    code: 10,
+    content: /(<[^(><.)]+passphrase[^(><.)]+>[^(><.)]+<\/[^(><.)]+passphrase[^(><.)]+>)/i,
+    caption: 'Potential passphrase in file',
+    level: 'high'
+  },
+  {
+    code: 11,
+    content: /(<ConsumerKey>\S*<\/ConsumerKey>)/i,
+    caption: 'Potential Apigee Key in file',
+    level: 'high'
+  },
+  {
+    code: 12,
+    content: /(<ConsumerSecret>\S*<\/ConsumerSecret>)/i,
+    caption: 'Potential Apigee Secret in file',
+    level: 'critical'
+  },
+  {
+    code: 13,
+    content: /(AWS[ |\w]+key[ |\w]+[:|=])/i,
+    caption: 'Potential AWS Key in file',
+    level: 'high'
+  },
+  {
+    code: 14,
+    content: /(AWS[ |\w]+secret[ |\w]+[:|=])/i,
+    caption: 'Potential AWS Secret in file',
+    level: 'critical'
+  },
+
+
 ];