-
Notifications
You must be signed in to change notification settings - Fork 22
/
extract.yaml
101 lines (100 loc) · 2.96 KB
/
extract.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
- name: js
regexps:
- "(https{0,1}:[^\\s'’\"”><()|*\\[]{2,250}?[^=*\\s'’><:;|()[]\\.js)"
- "=\\s{0,6}[\"']{0,1}\\s{0,6}([^\\s^'’,+><;()|*\\[]{2,250}?\\.js)[\"']"
- "=([^\\s^'’,+><;()|*\\[]{2,250}?\\.js)"
- "[\"']([^\\s',’\"”><;()|*:\\[]{2,250}?\\.js)[\"']"
- name: url
regexps:
- "=\\s{0,6}(https{0,1}:[^\\s'\"><()|*\\[]{2,250})"
- "[\"'](/[^\\s',’\":”><@$;()|*\\[]{2,250})[\"']"
- "[\"'](https?:[^\\s'\"><()@|*\\[]{2,250}?\\.[^\\s',’\"”><;()|*\\[]{2,250}?)[\"']"
# - "[\"']\\s{0,6}([#,.]{0,2}/[^\\s'\",><;@$()|*\\[]{2,250}?)\\s{0,6}[\"']"
- "\\x20href\\s{0,6}=\\s{0,6}[\"'‘“]{0,1}\\s{0,6}([^\\s',><$@;()|*\\[]{2,250})"
- name: jwt
tags:
- pentest
regexps:
- (eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}|eyJ[A-Za-z0-9_\/+-]{10,}\.[A-Za-z0-9._\/+-]{10,})
- name: mail
regexps:
- '([A-Za-z0-9\\u4e00-\\u9fa5_.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,8})'
tags:
- info
- pentest
cases:
- 测试@123.com
- name: idcard
tags:
- info
- pentest
regexps:
- '[^0-9]((\d{8}(0\d|10|11|12)([0-2]\d|30|31)\d{3}$)|(\d{6}(18|19|20)\d{2}(0[1-9]|10|11|12)([0-2]\d|30|31)\d{3}(\d|X|x)))[^0-9]'
- name: mobile
tags:
- info
- pentest
regexps:
- '(\+?0?86\-?)?1[3-9]\d{9}'
- name: ip
tags:
- info
- pentest
regexps:
- ((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}
- name: inter-ip
tags:
- pentest
regexps:
- '[^0-9]((127\.0\.0\.1)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3}))'
- name: oss
tags:
- pentest
regexps:
- ([A|a]ccess[K|k]ey[I|i][d|D]|[A|a]ccess[K|k]ey[S|s]ecret)
- name: s3
tags:
- pentest
regexps:
- (((([a-zA-Z0-9._-]+\.s3|s3)(\.|\-)+[a-zA-Z0-9._-]+|[a-zA-Z0-9._-]+\.s3|s3)\.amazonaws\.com)|(s3:\/\/[a-zA-Z0-9-\.\_]+)|(s3.console.aws.amazon.com\/s3\/buckets\/[a-zA-Z0-9-\.\_]+)|(amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})|(ec2-[0-9-]+.cd-[a-z0-9-]+.compute.amazonaws.com)|(us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com))
- name: aws-ak
tags:
- pentest
regexps:
- '[^0-9]((aws(.{0,20})?(?-i)[''\"][0-9a-zA-Z\/+]{40}[''\"])|((A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[a-zA-Z0-9]{16}))[^0-9]'
- name: rsa-key
tags:
- pentest
regexps:
- ([-]+BEGIN [^\s]+ PRIVATE KEY[-])
- name: windows-file
tags:
- pentest
regexps:
- '[^\w](([a-zA-Z]:\\(?:\w+\\?)*)|([a-zA-Z]:\\(?:\w+\\)*\w+\.\w+))'
- name: password
tags:
- pentest
regexps:
- ([p](ass|wd|asswd|assword))[\s="':]+.{3,20}["']
- name: username
tags:
- info
regexps:
- ([u](ser|name|ame|sername))[\s="':]+.{3,20}[\s"']
- name: wecom-key
tags:
- pentest
regexps:
- ([c|C]or[p|P]id|[c|C]orp[s|S]ecret)
- name: jdbc
tags:
- pentest
regexps:
- 'jdbc://[a-z0-9\.\-_:;=\/@?,&]+'
- name: github-token
tags:
- pentest
regexps:
- ([a-z0-9_-]*:[a-z0-9_\-]+@github\.com*)