2016-03-29 15:40:00 -07:00
[
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A.*_rsa\\z" ,
"caption" : "Private SSH key" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A.*_dsa\\z" ,
"caption" : "Private SSH key" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A.*_ed25519\\z" ,
"caption" : "Private SSH key" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A.*_ecdsa\\z" ,
"caption" : "Private SSH key" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?ssh/config\\z" ,
"caption" : "SSH configuration file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "pem" ,
"caption" : "Potential cryptographic private key" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "regex" ,
"pattern" : "\\Akey(pair)?\\z" ,
"caption" : "Potential cryptographic private key" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "pkcs12" ,
"caption" : "Potential cryptographic key bundle" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "pfx" ,
"caption" : "Potential cryptographic key bundle" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "p12" ,
"caption" : "Potential cryptographic key bundle" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "asc" ,
"caption" : "Potential cryptographic key bundle" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "otr.private_key" ,
"caption" : "Pidgin OTR private key" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?(bash_|zsh_|z)?history\\z" ,
"caption" : "Shell command history file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?mysql_history\\z" ,
"caption" : "MySQL client command history file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?psql_history\\z" ,
"caption" : "PostgreSQL client command history file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?pgpass\\z" ,
"caption" : "PostgreSQL password file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?irb_history\\z" ,
"caption" : "Ruby IRB console history file" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?purple\\/accounts\\.xml\\z" ,
"caption" : "Pidgin chat client account configuration file" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?xchat2?\\/servlist_?\\.conf\\z" ,
"caption" : "Hexchat/XChat IRC client server list configuration file" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?irssi\\/config\\z" ,
"caption" : "Irssi IRC client configuration file" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?recon-ng\\/keys\\.db\\z" ,
"caption" : "Recon-ng web reconnaissance framework API key database" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?dbeaver-data-sources.xml\\z" ,
"caption" : "DBeaver SQL database manager configuration file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?muttrc\\z" ,
"caption" : "Mutt e-mail client configuration file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?s3cfg\\z" ,
"caption" : "S3cmd configuration file" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?aws/credentials\\z" ,
"caption" : "AWS CLI credentials file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?trc\\z" ,
"caption" : "T command-line Twitter client configuration file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "ovpn" ,
"caption" : "OpenVPN client configuration file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?gitrobrc\\z" ,
"caption" : "Well, this is awkward... Gitrob configuration file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?(bash|zsh)rc\\z" ,
"caption" : "Shell configuration file" ,
"description" : "Shell configuration files might contain information such as server hostnames, passwords and API keys."
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?(bash_|zsh_)?profile\\z" ,
"caption" : "Shell profile configuration file" ,
"description" : "Shell configuration files might contain information such as server hostnames, passwords and API keys."
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?(bash_|zsh_)?aliases\\z" ,
"caption" : "Shell command alias configuration file" ,
"description" : "Shell configuration files might contain information such as server hostnames, passwords and API keys."
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "secret_token.rb" ,
"caption" : "Ruby On Rails secret token configuration file" ,
"description" : "If the Rails secret token is known, it can allow for remote code execution. (http://www.exploit-db.com/exploits/27527/)"
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "omniauth.rb" ,
"caption" : "OmniAuth configuration file" ,
"description" : "The OmniAuth configuration file might contain client application secrets."
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "carrierwave.rb" ,
"caption" : "Carrierwave configuration file" ,
"description" : "Can contain credentials for online storage systems such as Amazon S3 and Google Storage."
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "schema.rb" ,
"caption" : "Ruby On Rails database schema file" ,
"description" : "Contains information on the database schema of a Ruby On Rails application."
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "database.yml" ,
"caption" : "Potential Ruby On Rails database configuration file" ,
"description" : "Might contain database credentials."
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "settings.py" ,
"caption" : "Django configuration file" ,
"description" : "Might contain database credentials, online storage system credentials, secret keys, etc."
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A(.*)?config(\\.inc)?\\.php\\z" ,
"caption" : "PHP configuration file" ,
"description" : "Might contain credentials and keys."
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "kdb" ,
"caption" : "KeePass password manager database file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "agilekeychain" ,
"caption" : "1Password password manager database file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "keychain" ,
"caption" : "Apple Keychain database file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "regex" ,
"pattern" : "\\Akey(store|ring)\\z" ,
"caption" : "GNOME Keyring database file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "log" ,
"caption" : "Log file" ,
"description" : "Log files might contain information such as references to secret HTTP endpoints, session IDs, user information, passwords and API keys."
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "pcap" ,
"caption" : "Network traffic capture file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "regex" ,
"pattern" : "\\Asql(dump)?\\z" ,
"caption" : "SQL dump file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "gnucash" ,
"caption" : "GnuCash database file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "backup" ,
"caption" : "Contains word: backup" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "dump" ,
"caption" : "Contains word: dump" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "password" ,
"caption" : "Contains word: password" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "credential" ,
"caption" : "Contains word: credential" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "secret" ,
"caption" : "Contains word: secret" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "private.*key" ,
"caption" : "Contains words: private, key" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml" ,
"caption" : "Jenkins publish over SSH plugin file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "credentials.xml" ,
"caption" : "Potential Jenkins credentials file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?htpasswd\\z" ,
"caption" : "Apache htpasswd file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A(\\.|_)?netrc\\z" ,
"caption" : "Configuration file for auto-login process" ,
"description" : "Might contain username and password."
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "kwallet" ,
"caption" : "KDE Wallet Manager database file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "LocalSettings.php" ,
"caption" : "Potential MediaWiki configuration file" ,
"description" : null
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "tblk" ,
"caption" : "Tunnelblick VPN configuration file" ,
"description" : null
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?gem/credentials\\z" ,
"caption" : "Rubygems credentials file" ,
"description" : "Might contain API key for a rubygems.org account."
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A*\\.pubxml(\\.user)?\\z" ,
"caption" : "Potential MSBuild publish profile" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "Favorites.plist" ,
"caption" : "Sequel Pro MySQL database manager bookmark file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "configuration.user.xpl" ,
"caption" : "Little Snitch firewall configuration file" ,
"description" : "Contains traffic rules for applications"
} ,
{
"part" : "extension" ,
"type" : "match" ,
"pattern" : "dayone" ,
"caption" : "Day One journal file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "journal.txt" ,
"caption" : "Potential jrnl journal file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?tugboat\\z" ,
"caption" : "Tugboat DigitalOcean management tool configuration" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?git-credentials\\z" ,
"caption" : "git-credential-store helper credentials file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?gitconfig\\z" ,
"caption" : "Git configuration file" ,
"description" : null
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "knife.rb" ,
"caption" : "Chef Knife configuration file" ,
"description" : "Might contain references to Chef servers"
} ,
{
"part" : "path" ,
"type" : "regex" ,
"pattern" : "\\.?chef/(.*)\\.pem\\z" ,
"caption" : "Chef private key" ,
"description" : "Can be used to authenticate against Chef servers"
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "proftpdpasswd" ,
"caption" : "cPanel backup ProFTPd credentials file" ,
"description" : "Contains usernames and password hashes for FTP accounts"
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "robomongo.json" ,
"caption" : "Robomongo MongoDB manager configuration file" ,
"description" : "Might contain credentials for MongoDB databases"
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "filezilla.xml" ,
"caption" : "FileZilla FTP configuration file" ,
"description" : "Might contain credentials for FTP servers"
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "recentservers.xml" ,
"caption" : "FileZilla FTP recent servers file" ,
"description" : "Might contain credentials for FTP servers"
} ,
{
"part" : "filename" ,
"type" : "match" ,
"pattern" : "ventrilo_srv.ini" ,
"caption" : "Ventrilo server configuration file" ,
"description" : "Might contain passwords"
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?dockercfg\\z" ,
"caption" : "Docker configuration file" ,
"description" : "Might contain credentials for public or private Docker registries"
} ,
{
"part" : "filename" ,
"type" : "regex" ,
"pattern" : "\\A\\.?npmrc\\z" ,
"caption" : "NPM configuration file" ,
"description" : "Might contain credentials for NPM registries"
}
]
2016-03-29 15:42:50 -07:00
f i l e n a m e : . n p m r c _ a u t h
f i l e n a m e : . d o c k e r c f g a u t h
e x t e n s i o n : p e m p r i v a t e
e x t e n s i o n : p p k p r i v a t e
f i l e n a m e : i d _ r s a o r f i l e n a m e : i d _ d s a
e x t e n s i o n : s q l m y s q l d u m p
e x t e n s i o n : s q l m y s q l d u m p p a s s w o r d
f i l e n a m e : c r e d e n t i a l s a w s _ a c c e s s _ k e y _ i d
f i l e n a m e : . s 3 c f g
f i l e n a m e : w p - c o n f i g . p h p
f i l e n a m e : . h t p a s s w d
f i l e n a m e : . e n v D B _ U S E R N A M E N O T h o m e s t e a d
f i l e n a m e : . e n v M A I L _ H O S T = s m t p . g m a i l . c o m
f i l e n a m e : . g i t - c r e d e n t i a l s
P T _ T O K E N l a n g u a g e : b a s h
f i l e n a m e : . b a s h r c p a s s w o r d
f i l e n a m e : . b a s h r c m a i l c h i m p
f i l e n a m e : . b a s h _ p r o f i l e a w s
r d s . a m a z o n a w s . c o m p a s s w o r d
e x t e n s i o n : j s o n a p i . f o r e c a s t . i o
e x t e n s i o n : j s o n m o n g o l a b . c o m
e x t e n s i o n : y a m l m o n g o l a b . c o m
j s f o r c e e x t e n s i o n : j s c o n n . l o g i n
S F _ U S E R N A M E "salesforce"
f i l e n a m e : . t u g b o a t N O T "_tugboat"
H E R O K U _ A P I _ K E Y l a n g u a g e : s h e l l
H E R O K U _ A P I _ K E Y l a n g u a g e : j s o n
f i l e n a m e : . n e t r c p a s s w o r d
f i l e n a m e : _ n e t r c p a s s w o r d
f i l e n a m e : h u b o a u t h _ t o k e n
f i l e n a m e : r o b o m o n g o . j s o n
f i l e n a m e : f i l e z i l l a . x m l P a s s
f i l e n a m e : r e c e n t s e r v e r s . x m l P a s s
f i l e n a m e : c o n f i g . j s o n a u t h s
f i l e n a m e : i d e a 14 . k e y
f i l e n a m e : c o n f i g i r c _ p a s s
f i l e n a m e : c o n n e c t i o n s . x m l
f i l e n a m e : e x p r e s s . c o n f p a t h : . o p e n s h i f t
f i l e n a m e : . p g p a s s
f i l e n a m e : p r o f t p d p a s s w d
f i l e n a m e : v e n t r i l o _ s r v . i n i
[ W F C l i e n t ] P a s s w o r d = e x t e n s i o n : i c a
f i l e n a m e : s e r v e r . c f g r c o n p a s s w o r d
J E K Y L L _ G I T H U B _ T O K E N
f i l e n a m e : . b a s h _ h i s t o r y
f i l e n a m e : . c s h r c
f i l e n a m e : . h i s t o r y
f i l e n a m e : . s h _ h i s t o r y
f i l e n a m e : s s h d _ c o n f i g
f i l e n a m e : d h c p d . c o n f
