-
Notifications
You must be signed in to change notification settings - Fork 3
/
gitleaks.config
102 lines (87 loc) · 3.25 KB
/
gitleaks.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
title = "gitleaks config"
[[rules]]
description = "AWS Manager ID"
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules]]
description = "AWS cred file info"
regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'''
tags = ["AWS"]
[[rules]]
description = "AWS Secret Key"
regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
tags = ["key", "AWS"]
[[rules]]
description = "AWS MWS key"
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
tags = ["key", "AWS", "MWS"]
[[rules]]
description = "Github"
regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
tags = ["key", "Github"]
[[rules]]
description = "EC"
regex = '''-----BEGIN EC PRIVATE KEY-----'''
tags = ["key", "EC"]
[[rules]]
description = "Google API key"
regex = '''AIza[0-9A-Za-z\\-_]{35}'''
tags = ["key", "Google"]
[[rules]]
description = "Env Var"
regex = '''(?i)(apikey|password|pass|pw|host)=[0-9a-zA-Z-_.]{4,120}'''
[[rules]]
description = "Generic Credential"
regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|password|user|hostname|pw|auth)(=|:)(.{0,20})?['|"]([0-9a-zA-Z-_\/+!{}/=]{4,120})['|"]'''
tags = ["API", "generic"]
# ignore leaks with specific identifiers like slack and aws
[rules.allowlist]
description = "ignore slack, mailchimp, aws"
regexes = [
'''xox[baprs]-([0-9a-zA-Z]{10,48})''',
'''(?i)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]''',
'''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
]
[[rules]]
description = "Generic Credentials in JSON config"
regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|password|user|hostname|pw|auth)['|"](\s*)[=|:](\s*)['|"]'''
tags = ["key", "API", "generic"]
file = '''(.*?)(json)$'''
[[rules]]
description = "High Entropy"
regex = '''[0-9a-zA-Z-_!{}/=]{4,120}'''
file = '''(?i)(dump.sql|high-entropy-misc.txt)$'''
tags = ["entropy"]
[[rules.Entropies]]
Min = "4.3"
Max = "7.0"
[rules.allowlist]
description = "ignore ssh key and pems"
files = ['''(pem|ppk|env)$''']
paths = ['''(.*)?ssh''']
[[rules]]
description = "Potential bash var"
regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})'''
tags = ["key", "bash", "API", "generic"]
[[rules.Entropies]]
Min = "3.5"
Max = "4.5"
Group = "1"
[[rules]]
description = "WP-Config"
regex='''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"].{10,120}['|"]'''
tags = ["key", "API", "generic"]
[[rules]]
description = "Files with keys and credentials"
file = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|shadow)'''
# Global allowlist
[allowlist]
description = "image allowlists"
files = ['''(.*?)(jpg|gif|doc|pdf|bin|sln|cshtml)$''',
'''(.*?)(bin|debug|node_modules|.vs|public\\assets)(.*?)$''',
'''package-lock.json''',
'''gitleaks.toml''',
'''gitleaks.config''',
'''gitleaks-config.toml''']
paths = ['''(.*?)(bin|debug|node_modules|.vs|public\\assets)(.*?)$''']
commits = ["fec4dbb94995569ed438ded931e5eda5dc1ad3c4","a863d3a8d591b66e8e97c5dd1e2a44545564305e"]