STRLCPY/extractify

upload scanner forlder
Sharo_k_h committed 4 months ago

dc06a951

1 parent 635659b6

■ ■ ■ ■ ■ ■

scanner/parameter.go

1	+	package scanner
2	+
3	+	import (
4	+	"regexp"
5	+	"strings"
6	+	"sync"
7	+	)
8	+
9	+	var quotes = regexp.MustCompile(`["'](\w+(?:-\w+)*)["']`)
10	+	var words = regexp.MustCompile(`(\s)?(\w{1,50})(\s)?:`)
11	+	var variable = regexp.MustCompile(`(?:var\|let\|const)\s*(\w{1,50})`)
12	+	var equal = regexp.MustCompile(`(\w{1,50})\s*=`)
13	+	var queryParams = regexp.MustCompile(`\?(\w{1,50})=[^&\s]+`)
14	+	var function = regexp.MustCompile(`$(['"]?)(\w+)(['"]?)$`)
15	+
16	+	func ParameterMatch(input string) []string {
17	+	data := strings.Split(input, "\n")
18	+
19	+	var wg sync.WaitGroup
20	+	var mu sync.Mutex
21	+
22	+	output := make([]string, 0, len(data))
23	+
24	+	for _, v := range data {
25	+	wg.Add(1)
26	+
27	+	go func(v string) {
28	+	defer wg.Done()
29	+
30	+	matches := make([]string, 0, 6)
31	+
32	+	if quotesMatches := quotes.FindAllStringSubmatch(v, -1); len(quotesMatches) > 0 {
33	+	for _, match := range quotesMatches {
34	+	matches = append(matches, match[1])
35	+	}
36	+	}
37	+	if wordMatches := words.FindAllStringSubmatch(v, -1); len(wordMatches) > 0 {
38	+	for _, match := range wordMatches {
39	+	match[0] = strings.ReplaceAll(match[0], ":", "")
40	+	match[0] = strings.TrimSpace(match[0])
41	+	matches = append(matches, match[0])
42	+	}
43	+	}
44	+	if variableMatches := variable.FindAllStringSubmatch(v, -1); len(variableMatches) > 0 {
45	+	for _, match := range variableMatches {
46	+	matches = append(matches, match[1])
47	+	}
48	+	}
49	+	if equalMatches := equal.FindAllStringSubmatch(v, -1); len(equalMatches) > 0 {
50	+	for _, match := range equalMatches {
51	+	match[0] = strings.ReplaceAll(match[0], "=", "")
52	+	matches = append(matches, match[0])
53	+	}
54	+	}
55	+	if queryParamsMatches := queryParams.FindAllStringSubmatch(v, -1); len(queryParamsMatches) > 0 {
56	+	for _, match := range queryParamsMatches {
57	+	matches = append(matches, match[1])
58	+	}
59	+	}
60	+	if functionMatches := function.FindAllStringSubmatch(v, -1); len(functionMatches) > 0 {
61	+	for _, match := range functionMatches {
62	+	match[0] = strings.ReplaceAll(match[0], "(", "")
63	+	match[0] = strings.ReplaceAll(match[0], ")", "")
64	+	match[0] = strings.ReplaceAll(match[0], "\"", "")
65	+	match[0] = strings.ReplaceAll(match[0], "'", "")
66	+	matches = append(matches, match[0])
67	+	}
68	+	}
69	+
70	+	mu.Lock()
71	+	output = append(output, matches...)
72	+	mu.Unlock()
73	+	}(v)
74	+	}
75	+
76	+	wg.Wait()
77	+
78	+	return output
79	+	}
80	+

■ ■ ■ ■ ■ ■

scanner/paths.go

1	+	package scanner
2	+
3	+	import (
4	+	"github.com/projectdiscovery/gologger"
5	+	"regexp"
6	+	"strings"
7	+	)
8	+
9	+	func EndpointsMatch(Body []byte) []string {
10	+
11	+	// Regex from https://github.com/GerbenJavado/LinkFinder/blob/master/linkfinder.py#L29
12	+	regexPattern := `(?:"\|'\|\n\|\r)(((?:[a-zA-Z]{1,10}:\/\/\|\/\/)[^"'\/]{1,}\.[a-zA-Z]{2,}[^"']{0,})\|((?:\/\|\.\.\/\|\.\/)[^"'><,;\| *()(%%$^\/\\\[\]][^"'><,;\|()]{1,})\|([a-zA-Z0-9_\-\/]{1,}\/[a-zA-Z0-9_\-\/]{1,}\.(?:[a-zA-Z]{1,4}\|action)(?:[\?\|\/][^"\|']{0,}\|))\|([a-zA-Z0-9_\-]{1,}\.(?:php\|asp\|aspx\|cfm\|pl\|jsp\|json\|js\|action\|html\|htm\|bak\|do\|txt\|xml\|xls\|xlsx\|key\|env\|pem\|git\|ovpn\|log\|secret\|secrets\|access\|dat\|db\|sql\|pwd\|passwd\|gitignore\|properties\|dtd\|conf\|cfg\|config\|configs\|apk\|cgi\|sh\|py\|java\|rb\|rs\|go\|yml\|yaml\|toml\|php4\|zip\|tar\|tar.bz2\|tar.gz\|rar\|7z\|gz\|dochtml\|doc\|docx\|csv\|odt\|ts\|phtml\|php5\|pdf)(?:\?[^"\|^']{0,}\|)))(?:"\|'\|\n\|\r)`
13	+
14	+	ExcludeExt := []string{"svg", "png", "jpg"}
15	+
16	+	// Compile the regular expression
17	+	re, err := regexp.Compile(regexPattern)
18	+	if err != nil {
19	+	gologger.Fatal().Msgf("Error compiling regex: %s", err)
20	+	}
21	+
22	+	matches := re.FindAllString(string(Body), -1)
23	+
24	+	var cleanedMatches []string
25	+	seenLines := make(map[string]bool)
26	+
27	+	for _, match := range matches {
28	+	// Ensure the length of match is sufficient
29	+	if len(match) > 2 {
30	+	// Trim the leading "./"
31	+	cleanedMatch := strings.TrimPrefix(match[1:len(match)-1], "./")
32	+
33	+	// Check if the cleanedMatch has an excluded extension
34	+	include := true
35	+	for _, ext := range ExcludeExt {
36	+	if strings.HasSuffix(cleanedMatch, "."+ext) {
37	+	include = false
38	+	break
39	+	}
40	+	}
41	+
42	+	// Check for duplicates
43	+	if include && !seenLines[cleanedMatch] {
44	+	cleanedMatches = append(cleanedMatches, cleanedMatch)
45	+	seenLines[cleanedMatch] = true
46	+	}
47	+	}
48	+	}
49	+
50	+	return cleanedMatches
51	+	}
52	+

■ ■ ■ ■ ■ ■

scanner/scan.go

1	+	// https://github.com/edoardottt/cariddi
2	+
3	+	package scanner
4	+
5	+	import (
6	+	"regexp"
7	+	"strings"
8	+	)
9	+
10	+	func SecretsMatch(url string, body []byte) []SecretMatched {
11	+	var secrets []SecretMatched
12	+
13	+	regexes := GetSecretRegexes()
14	+
15	+	for _, secret := range regexes {
16	+	if matched, err := regexp.Match(secret.Regex, body); err == nil && matched {
17	+	re := regexp.MustCompile(secret.Regex)
18	+	matches := re.FindAllStringSubmatch(string(body), -1)
19	+
20	+	// Avoiding false positives
21	+	var isFalsePositive = false
22	+
23	+	for _, match := range matches {
24	+	for _, falsePositive := range secret.FalsePositives {
25	+	if strings.Contains(strings.ToLower(match[0]), falsePositive) {
26	+	isFalsePositive = true
27	+	break
28	+	}
29	+	}
30	+
31	+	if !isFalsePositive {
32	+	secretFound := SecretMatched{Secret: secret, URL: url, Match: match[0]}
33	+	secrets = append(secrets, secretFound)
34	+	}
35	+	}
36	+	}
37	+	}
38	+
39	+	secrets = RemoveDuplicateSecrets(secrets)
40	+	return secrets
41	+	}
42	+

■ ■ ■ ■ ■ ■

scanner/secrets.go

1	+	// https://github.com/edoardottt/cariddi/blob/main/pkg/scanner/secrets.go
2	+
3	+	package scanner
4	+
5	+	type Secret struct {
6	+	Name string
7	+	Description string
8	+	Regex string
9	+	FalsePositives []string
10	+	Poc string
11	+	}
12	+
13	+	type SecretMatched struct {
14	+	Secret Secret
15	+	URL string
16	+	Match string
17	+	}
18	+
19	+	// GetSecretRegexes returns a slice of all
20	+	func GetSecretRegexes() []Secret {
21	+
22	+	// Regexes from https://github.com/edoardottt/cariddi/blob/main/pkg/scanner/secrets.go
23	+	var regexes = []Secret{
24	+	{
25	+	"AWS Access Key",
26	+	"AWS Access Key",
27	+	"(A3T[A-Z0-9]\|AKIA\|ACCA\|AGPA\|AIDA\|AROA\|AIPA\|ANPA\|ANVA\|ASIA\|ASCA\|APKA)[A-Z0-9]{16}",
28	+	[]string{},
29	+	"?",
30	+	},
31	+	{
32	+	"AWS Secret Key",
33	+	"AWS Secret Key",
34	+	`(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]`,
35	+	[]string{},
36	+	"?",
37	+	},
38	+	{
39	+	"AWS MWS Key",
40	+	"AWS MWS Key",
41	+	`amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`,
42	+	[]string{},
43	+	"?",
44	+	},
45	+	{
46	+	"Amazon SNS topic",
47	+	"Amazon SNS topic",
48	+	`arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+`,
49	+	[]string{},
50	+	"?",
51	+	},
52	+	{
53	+	"Facebook Access Token",
54	+	"Facebook Access Token",
55	+	`EAACEdEose0cBA[0-9A-Za-z]+`,
56	+	[]string{},
57	+	"?",
58	+	},
59	+	{
60	+	"Facebook Secret Key",
61	+	"Facebook Secret Key",
62	+	`(?i)(facebook\|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]`,
63	+	[]string{"facebook.com", "facebook.svg"},
64	+	"?",
65	+	},
66	+	{
67	+	"Facebook Client ID",
68	+	"Facebook Client ID",
69	+	`(?i)(facebook\|fb)(.{0,20})?['\"][0-9]{13,17}['\"]`,
70	+	[]string{"facebook.com", "facebook.svg"},
71	+	"?",
72	+	},
73	+	{
74	+	"Cloudinary Basic Auth",
75	+	"Cloudinary Basic Auth",
76	+	`cloudinary://[0-9]{15}:[0-9A-Za-z\-_]+@[0-9A-Za-z\-_]+`,
77	+	[]string{},
78	+	"?",
79	+	},
80	+	{
81	+	"Firebase Database",
82	+	"Firebase Database",
83	+	`([a-z0-9.-]+\.firebaseio\.com\|[a-z0-9.-]+\.firebaseapp\.com)`,
84	+	[]string{},
85	+	"?",
86	+	},
87	+	{
88	+	"Twitter Secret Key",
89	+	"Twitter Secret Key",
90	+	`(?i)twitter(.{0,20})?[0-9a-z]{35,44}`,
91	+	[]string{"twitter.com"},
92	+	"?",
93	+	},
94	+	{
95	+	"Twitter Client ID",
96	+	"Twitter Client ID",
97	+	`(?i)twitter(.{0,20})?[0-9a-z]{18,25}`,
98	+	[]string{"twitter.com"},
99	+	"?",
100	+	},
101	+	{
102	+	"Github Personal Access Token",
103	+	"Github Personal Access Token",
104	+	`ghp_.{36}`,
105	+	[]string{},
106	+	"?",
107	+	},
108	+	{
109	+	"Github Personal Access Token",
110	+	"Github Personal Access Token",
111	+	`github_pat_.{82}`,
112	+	[]string{},
113	+	"?",
114	+	},
115	+	{
116	+	"Github OAuth Access Token",
117	+	"Github OAuth Access Token",
118	+	`gho_.{36}`,
119	+	[]string{},
120	+	"?",
121	+	},
122	+	{
123	+	"Github App Token",
124	+	"Github App Token",
125	+	`(ghu\|ghs)_.{36}`,
126	+	[]string{},
127	+	"?",
128	+	},
129	+	{
130	+	"Github Refresh Token",
131	+	"Github Refresh Token",
132	+	`ghr_.{76}`,
133	+	[]string{},
134	+	"?",
135	+	},
136	+	{
137	+	"LinkedIn Client ID",
138	+	"LinkedIn Client ID",
139	+	`(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}`,
140	+	[]string{"linkedin.com", "linkedin.svg"},
141	+	"?",
142	+	},
143	+	{
144	+	"LinkedIn Secret Key",
145	+	"LinkedIn Secret Key",
146	+	`(?i)linkedin(.{0,20})?[0-9a-z]{16}`,
147	+	[]string{"linkedin.com", "linkedin.svg"},
148	+	"?",
149	+	},
150	+	{
151	+	"Slack",
152	+	"Slack",
153	+	`xox[baprs]-([0-9a-zA-Z]{10,48})?`,
154	+	[]string{},
155	+	"?",
156	+	},
157	+	{
158	+	"Asymmetric Private Key",
159	+	"Asymmetric Private Key",
160	+	`-----BEGIN ((EC\|PGP\|DSA\|RSA\|OPENSSH) )?PRIVATE KEY( BLOCK)?-----`,
161	+	[]string{},
162	+	"?",
163	+	},
164	+	{
165	+	"Google API key",
166	+	"Google API key",
167	+	`AIza[0-9A-Za-z\-_]{35}`,
168	+	[]string{},
169	+	"?",
170	+	},
171	+	{
172	+	"Google (GCP) Service Account",
173	+	"Google (GCP) Service Account",
174	+	`"type": "service_account"`,
175	+	[]string{},
176	+	"?",
177	+	},
178	+	{
179	+	"Heroku API key",
180	+	"Heroku API key",
181	+	`(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`,
182	+	[]string{},
183	+	"?",
184	+	},
185	+	{
186	+	"MailChimp API key",
187	+	"MailChimp API key",
188	+	`[0-9a-f]{32}-us[0-9]{1,2}`,
189	+	[]string{},
190	+	"?",
191	+	},
192	+	{
193	+	"Mailgun API key",
194	+	"Mailgun API key",
195	+	`key\-[0-9a-zA-Z]{32}`,
196	+	[]string{},
197	+	"?",
198	+	},
199	+	{
200	+	"PayPal Braintree access token",
201	+	"PayPal Braintree access token",
202	+	`access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}`,
203	+	[]string{},
204	+	"?",
205	+	},
206	+	{
207	+	"Picatic API key",
208	+	"Picatic API key",
209	+	`sk\_live\_[0-9a-z]{32}`,
210	+	[]string{},
211	+	"?",
212	+	},
213	+	{
214	+	"SendGrid API Key",
215	+	"SendGrid API Key",
216	+	`SG\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{43}`,
217	+	[]string{},
218	+	"?",
219	+	},
220	+	{
221	+	"Slack Webhook",
222	+	"Slack Webhook",
223	+	`https\:\/\/hooks\.slack\.com/services/T[0-9A-Za-z\-_]{8}/B[0-9A-Za-z\-_]{8}/[0-9A-Za-z\-_]{24}`,
224	+	[]string{},
225	+	"?",
226	+	},
227	+	{
228	+	"Stripe API key",
229	+	"Stripe API key",
230	+	`(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}`,
231	+	[]string{},
232	+	"?",
233	+	},
234	+	{
235	+	"Square access token",
236	+	"Square access token",
237	+	`sq0atp\-[0-9A-Za-z\-_]{22}\|EAAAE[a-zA-Z0-9\-_]{59}`,
238	+	[]string{},
239	+	"?",
240	+	},
241	+	{
242	+	"Square OAuth secret",
243	+	"Square OAuth secret",
244	+	`sq0csp\-[0-9A-Za-z\-_]{43}`,
245	+	[]string{},
246	+	"?",
247	+	},
248	+	{
249	+	"Twilio API key",
250	+	"Twilio API key",
251	+	`(?i)twilio(.{0,20})?SK[0-9a-f]{32}`,
252	+	[]string{},
253	+	"?",
254	+	},
255	+	{
256	+	"Dynatrace token",
257	+	"Dynatrace token",
258	+	`dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}`,
259	+	[]string{},
260	+	"?",
261	+	},
262	+	{
263	+	"Shopify shared secret",
264	+	"Shopify shared secret",
265	+	`shpss\_[a-fA-F0-9]{32}`,
266	+	[]string{},
267	+	"?",
268	+	},
269	+	{
270	+	"Shopify access token",
271	+	"Shopify access token",
272	+	`shpat\_[a-fA-F0-9]{32}`,
273	+	[]string{},
274	+	"?",
275	+	},
276	+	{
277	+	"Shopify custom app access token",
278	+	"Shopify custom app access token",
279	+	`shpca\_[a-fA-F0-9]{32}`,
280	+	[]string{},
281	+	"?",
282	+	},
283	+	{
284	+	"Shopify private app access token",
285	+	"Shopify private app access token",
286	+	`shppa\_[a-fA-F0-9]{32}`,
287	+	[]string{},
288	+	"?",
289	+	},
290	+	{
291	+	"Seen in the past tokens",
292	+	"Seen in the past tokens",
293	+	`(?i)['\|"](DISCOVERY_IAM_APIKEY\|appPassword\|slackToken\|slack_signing_secret\|watson_assistant_api_key\|pythonPassword)['\|"]`,
294	+	[]string{},
295	+	"?",
296	+	},
297	+	{
298	+	"Secret indicator with _",
299	+	"Secret indicator with _",
300	+	`(?i)['\|"][a-zA-Z0-9\-]+[\.\|\-\|_](access-key\|password\|apikey\|secret\|access_key\|secret-key\|pwd\|passwd\|appsecret\|app_secret)['\|"](\s?):(\s?)['\|"].?['\|"](\s?)`,
301	+	[]string{},
302	+	"?",
303	+	},
304	+	{
305	+	"Escaped credentials",
306	+	"Escaped credentials",
307	+	`(?im)\\['\|"](admin\|user\|client\|users\|)[_\.]?(pass\|password\|passwd\|secret\|credentials\|token)\\['\|"]\s?:\s?\\['\|"].*?\\['\|"]`,
308	+	[]string{},
309	+	"?",
310	+	},
311	+	{
312	+	"API Tokens with high entropy",
313	+	"API Tokens with high entropy",
314	+	`(?i)token:\s*?['\|"][a-zA-Z0-9]+['\|"]`,
315	+	[]string{},
316	+	"?",
317	+	},
318	+	{
319	+	"PyPI upload token",
320	+	"PyPI upload token",
321	+	`pypi\-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}`,
322	+	[]string{},
323	+	"?",
324	+	},
325	+	{
326	+	"Bugsnag API Key",
327	+	"Bugsnag API Key",
328	+	`(?i)(bs\|bugsnag)(.{0,20})?[0-9a-f]{32}`,
329	+	[]string{},
330	+	"?",
331	+	},
332	+	{
333	+	"AWS cognito pool",
334	+	"AWS Cognito pool",
335	+	`(us-east-1\|us-east-2\|us-west-1\|us-west-2\|sa-east-1):[0-9A-Za-z]{8}-[0-9A-Za-z]{4}` +
336	+	`-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}`,
337	+	[]string{},
338	+	"?",
339	+	},
340	+	{
341	+	"S3 Bucket",
342	+	"S3 Bucket",
343	+	`(?:[a-zA-Z0-9_-]+s3\.amazonaws\.com\|[a-zA-Z0-9_.-]+amazonaws\.com\|` +
344	+	`[a-zA-Z0-9-\.\_]+\.s3\.amazonaws\.com\|s3\:\/\/[a-zA-Z0-9-\.\_]+\|` +
345	+	`s3\.amazonaws\.com/[a-zA-Z0-9-\.\_]+)`,
346	+	[]string{},
347	+	"?",
348	+	},
349	+	{
350	+	"Discord Webhook",
351	+	"Discord Webhook",
352	+	`https\:\/\/discordapp\.com\/api\/webhooks\/[0-9]+/[A-Za-z0-9\-]+`,
353	+	[]string{},
354	+	"?",
355	+	},
356	+	{
357	+	"Google Calendar URI",
358	+	"Google Calendar URI",
359	+	`https\:\/\/(.*)calendar\.google\.com\/calendar\/[0-9a-z\/]+\/embed\?src=[A-Za-z0-9%@&;=\-_\.\/]+`,
360	+	[]string{},
361	+	"?",
362	+	},
363	+	{
364	+	"Google OAuth Access Key",
365	+	"Google OAuth Access Key",
366	+	`ya29\.[0-9A-Za-z\-_]+`,
367	+	[]string{},
368	+	"?",
369	+	},
370	+	{
371	+	"Mapbox Token Disclosure",
372	+	"Mapbox Token Disclosure",
373	+	`(pk\|sk)\.eyJ1Ijoi\w+\.[\w-]*`,
374	+	[]string{},
375	+	"?",
376	+	},
377	+	{
378	+	"Microsoft Teams Webhook",
379	+	"Microsoft Teams Webhook",
380	+	`https\:\/\/outlook\.office\.com\/webhook\/[A-Za-z0-9\-@]+\/IncomingWebhook\/[A-Za-z0-9\-]+\/[A-Za-z0-9\-]+`,
381	+	[]string{},
382	+	"?",
383	+	},
384	+	{
385	+	"Generic Keys",
386	+	"Generic Keys",
387	+	`(?i)(?:(?:access_key\|access_token\|admin_pass\|admin_user\|algolia_admin_key\|algolia_api_key\|alias_pass\|alicloud_access_key\|ansible_vault_password\|aos_key\|api_key\|api_key_secret\|api_key_sid\|api_secret\|apidocs\|apikey\|apiSecret\|app_debug\|app_id\|app_key\|app_log_level\|app_secret\|appkey\|appkeysecret\|application_key\|appsecret\|appspot\|auth_token\|authorizationToken\|authsecret\|aws_access\|aws_access_key_id\|aws_bucket\|aws_key\|aws_secret\|aws_secret_key\|aws_token\|AWSSecretKey\|b2_app_key\|bashrc password\|bintray_apikey\|bintray_gpg_password\|bintray_key\|bintraykey\|bluemix_api_key\|bluemix_pass\|browserstack_access_key\|bucket_password\|bucketeer_aws_access_key_id\|bucketeer_aws_secret_access_key\|built_branch_deploy_key\|bx_password\|cache_driver\|cache_s3_secret_key\|cattle_access_key\|cattle_secret_key\|certificate_password\|ci_deploy_password\|client_secret\|client_zpk_secret_key\|clojars_password\|cloud_api_key\|cloud_watch_aws_access_key\|cloudant_password\|cloudflare_api_key\|cloudflare_auth_key\|cloudinary_api_secret\|cloudinary_name\|codecov_token\|config\|conn.login\|connectionstring\|consumer_key\|consumer_secret\|credentials\|cypress_record_key\|database_password\|database_schema_test\|datadog_api_key\|datadog_app_key\|db_password\|db_server\|db_username\|dbpasswd\|dbpassword\|dbuser\|deploy_password\|digitalocean_ssh_key_body\|digitalocean_ssh_key_ids\|docker_hub_password\|docker_key\|docker_pass\|docker_passwd\|docker_password\|dockerhub_password\|dockerhubpassword\|dot-files\|dotfiles\|droplet_travis_password\|dynamoaccesskeyid\|dynamosecretaccesskey\|elastica_host\|elastica_port\|elasticsearch_password\|encryption_key\|encryption_password\|env.heroku_api_key\|env.sonatype_password\|eureka.awssecretkey)[a-z0-9_.\-,]{0,25})[:<>=\|]{1,2}.{0,5}['"]([0-9a-zA-Z\-_=]{8,64})['"]`,
388	+	[]string{},
389	+	"?",
390	+	},
391	+	{
392	+	"Secrets From js miner",
393	+	"Check Keys in keyhacks",
394	+	`['"` + "`]?(\\w*)" + // Starts with a quote then a word / white spaces
395	+	`(\s*)` +
396	+	`(secret\|token\|password\|passwd\|authorization\|bearer\|aws_access_key_id\|aws_secret_access_key\|irc_pass\|SLACK_BOT_TOKEN\|id_dsa\|` +
397	+	`secret[_-]?(key\|token\|secret)\|` +
398	+	`api[_-]?(key\|token\|secret)\|` +
399	+	`access[_-]?(key\|token\|secret)\|` +
400	+	`auth[_-]?(key\|token\|secret)\|` +
401	+	`session[_-]?(key\|token\|secret)\|` +
402	+	`consumer[_-]?(key\|token\|secret)\|` +
403	+	`public[_-]?(key\|token\|secret)\|` +
404	+	`client[_-]?(id\|token\|key)\|` +
405	+	`ssh[_-]?key\|` +
406	+	`encrypt[_-]?(secret\|key)\|` +
407	+	`decrypt[_-]?(secret\|key)\|` +
408	+	`github[_-]?(key\|token\|secret)\|` +
409	+	`slack[_-]?token)` +
410	+	`(\w*)` + // in case there are any characters / white spaces
411	+	`(\s*)` +
412	+	`['"` + "`]?" + // closing quote for variable name
413	+	`(\s*)` + // white spaces
414	+	`[:=]+[:=>]?` + // assignments operation
415	+	`(\s*)` +
416	+	`['"` + "`]" + // opening quote for secret
417	+	`(\s*)` +
418	+	`([\w\-/~!@#$%^&*+]+)` + // Assuming secrets will be alphanumeric with some special characters
419	+	`(\s*)` +
420	+	`['"` + "`]",
421	+	[]string{},
422	+	"?",
423	+	},
424	+	}
425	+	return regexes
426	+	}
427	+
428	+	// RemoveDuplicateSecrets removes duplicates from secrets found.
429	+	func RemoveDuplicateSecrets(input []SecretMatched) []SecretMatched {
430	+	keys := make(map[string]bool)
431	+	list := []SecretMatched{}
432	+
433	+	for _, entry := range input {
434	+	if _, value := keys[entry.Match]; !value {
435	+	keys[entry.Match] = true
436	+	list = append(list, entry)
437	+	}
438	+	}
439	+
440	+	return list
441	+	}
442	+

upload scanner forlder