From 7efd53adb66183351d6104f0bc2b4a134def7ecc Mon Sep 17 00:00:00 2001 From: Daniel Miessler Date: Tue, 29 Mar 2016 15:40:00 -0700 Subject: [PATCH] Added public repo content. --- Miscellaneous/PublicSourceRepoIssues.txt | 542 +++++++++++++++++++++++ 1 file changed, 542 insertions(+) create mode 100644 Miscellaneous/PublicSourceRepoIssues.txt diff --git a/Miscellaneous/PublicSourceRepoIssues.txt b/Miscellaneous/PublicSourceRepoIssues.txt new file mode 100644 index 0000000..cd469f0 --- /dev/null +++ b/Miscellaneous/PublicSourceRepoIssues.txt @@ -0,0 +1,542 @@ +[ + { + "part": "filename", + "type": "regex", + "pattern": "\\A.*_rsa\\z", + "caption": "Private SSH key", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A.*_dsa\\z", + "caption": "Private SSH key", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A.*_ed25519\\z", + "caption": "Private SSH key", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A.*_ecdsa\\z", + "caption": "Private SSH key", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?ssh/config\\z", + "caption": "SSH configuration file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "pem", + "caption": "Potential cryptographic private key", + "description": null + }, + { + "part": "extension", + "type": "regex", + "pattern": "\\Akey(pair)?\\z", + "caption": "Potential cryptographic private key", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "pkcs12", + "caption": "Potential cryptographic key bundle", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "pfx", + "caption": "Potential cryptographic key bundle", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "p12", + "caption": "Potential cryptographic key bundle", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "asc", + "caption": "Potential cryptographic key bundle", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "otr.private_key", + "caption": "Pidgin OTR private key", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?(bash_|zsh_|z)?history\\z", + "caption": "Shell command history file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?mysql_history\\z", + "caption": "MySQL client command history file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?psql_history\\z", + "caption": "PostgreSQL client command history file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?pgpass\\z", + "caption": "PostgreSQL password file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?irb_history\\z", + "caption": "Ruby IRB console history file", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?purple\\/accounts\\.xml\\z", + "caption": "Pidgin chat client account configuration file", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?xchat2?\\/servlist_?\\.conf\\z", + "caption": "Hexchat/XChat IRC client server list configuration file", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?irssi\\/config\\z", + "caption": "Irssi IRC client configuration file", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?recon-ng\\/keys\\.db\\z", + "caption": "Recon-ng web reconnaissance framework API key database", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?dbeaver-data-sources.xml\\z", + "caption": "DBeaver SQL database manager configuration file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?muttrc\\z", + "caption": "Mutt e-mail client configuration file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?s3cfg\\z", + "caption": "S3cmd configuration file", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?aws/credentials\\z", + "caption": "AWS CLI credentials file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?trc\\z", + "caption": "T command-line Twitter client configuration file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "ovpn", + "caption": "OpenVPN client configuration file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?gitrobrc\\z", + "caption": "Well, this is awkward... Gitrob configuration file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?(bash|zsh)rc\\z", + "caption": "Shell configuration file", + "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys." + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?(bash_|zsh_)?profile\\z", + "caption": "Shell profile configuration file", + "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys." + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?(bash_|zsh_)?aliases\\z", + "caption": "Shell command alias configuration file", + "description": "Shell configuration files might contain information such as server hostnames, passwords and API keys." + }, + { + "part": "filename", + "type": "match", + "pattern": "secret_token.rb", + "caption": "Ruby On Rails secret token configuration file", + "description": "If the Rails secret token is known, it can allow for remote code execution. (http://www.exploit-db.com/exploits/27527/)" + }, + { + "part": "filename", + "type": "match", + "pattern": "omniauth.rb", + "caption": "OmniAuth configuration file", + "description": "The OmniAuth configuration file might contain client application secrets." + }, + { + "part": "filename", + "type": "match", + "pattern": "carrierwave.rb", + "caption": "Carrierwave configuration file", + "description": "Can contain credentials for online storage systems such as Amazon S3 and Google Storage." + }, + { + "part": "filename", + "type": "match", + "pattern": "schema.rb", + "caption": "Ruby On Rails database schema file", + "description": "Contains information on the database schema of a Ruby On Rails application." + }, + { + "part": "filename", + "type": "match", + "pattern": "database.yml", + "caption": "Potential Ruby On Rails database configuration file", + "description": "Might contain database credentials." + }, + { + "part": "filename", + "type": "match", + "pattern": "settings.py", + "caption": "Django configuration file", + "description": "Might contain database credentials, online storage system credentials, secret keys, etc." + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A(.*)?config(\\.inc)?\\.php\\z", + "caption": "PHP configuration file", + "description": "Might contain credentials and keys." + }, + { + "part": "extension", + "type": "match", + "pattern": "kdb", + "caption": "KeePass password manager database file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "agilekeychain", + "caption": "1Password password manager database file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "keychain", + "caption": "Apple Keychain database file", + "description": null + }, + { + "part": "extension", + "type": "regex", + "pattern": "\\Akey(store|ring)\\z", + "caption": "GNOME Keyring database file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "log", + "caption": "Log file", + "description": "Log files might contain information such as references to secret HTTP endpoints, session IDs, user information, passwords and API keys." + }, + { + "part": "extension", + "type": "match", + "pattern": "pcap", + "caption": "Network traffic capture file", + "description": null + }, + { + "part": "extension", + "type": "regex", + "pattern": "\\Asql(dump)?\\z", + "caption": "SQL dump file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "gnucash", + "caption": "GnuCash database file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "backup", + "caption": "Contains word: backup", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "dump", + "caption": "Contains word: dump", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "password", + "caption": "Contains word: password", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "credential", + "caption": "Contains word: credential", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "secret", + "caption": "Contains word: secret", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "private.*key", + "caption": "Contains words: private, key", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml", + "caption": "Jenkins publish over SSH plugin file", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "credentials.xml", + "caption": "Potential Jenkins credentials file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?htpasswd\\z", + "caption": "Apache htpasswd file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A(\\.|_)?netrc\\z", + "caption": "Configuration file for auto-login process", + "description": "Might contain username and password." + }, + { + "part": "extension", + "type": "match", + "pattern": "kwallet", + "caption": "KDE Wallet Manager database file", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "LocalSettings.php", + "caption": "Potential MediaWiki configuration file", + "description": null + }, + { + "part": "extension", + "type": "match", + "pattern": "tblk", + "caption": "Tunnelblick VPN configuration file", + "description": null + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?gem/credentials\\z", + "caption": "Rubygems credentials file", + "description": "Might contain API key for a rubygems.org account." + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A*\\.pubxml(\\.user)?\\z", + "caption": "Potential MSBuild publish profile", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "Favorites.plist", + "caption": "Sequel Pro MySQL database manager bookmark file", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "configuration.user.xpl", + "caption": "Little Snitch firewall configuration file", + "description": "Contains traffic rules for applications" + }, + { + "part": "extension", + "type": "match", + "pattern": "dayone", + "caption": "Day One journal file", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "journal.txt", + "caption": "Potential jrnl journal file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?tugboat\\z", + "caption": "Tugboat DigitalOcean management tool configuration", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?git-credentials\\z", + "caption": "git-credential-store helper credentials file", + "description": null + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?gitconfig\\z", + "caption": "Git configuration file", + "description": null + }, + { + "part": "filename", + "type": "match", + "pattern": "knife.rb", + "caption": "Chef Knife configuration file", + "description": "Might contain references to Chef servers" + }, + { + "part": "path", + "type": "regex", + "pattern": "\\.?chef/(.*)\\.pem\\z", + "caption": "Chef private key", + "description": "Can be used to authenticate against Chef servers" + }, + { + "part": "filename", + "type": "match", + "pattern": "proftpdpasswd", + "caption": "cPanel backup ProFTPd credentials file", + "description": "Contains usernames and password hashes for FTP accounts" + }, + { + "part": "filename", + "type": "match", + "pattern": "robomongo.json", + "caption": "Robomongo MongoDB manager configuration file", + "description": "Might contain credentials for MongoDB databases" + }, + { + "part": "filename", + "type": "match", + "pattern": "filezilla.xml", + "caption": "FileZilla FTP configuration file", + "description": "Might contain credentials for FTP servers" + }, + { + "part": "filename", + "type": "match", + "pattern": "recentservers.xml", + "caption": "FileZilla FTP recent servers file", + "description": "Might contain credentials for FTP servers" + }, + { + "part": "filename", + "type": "match", + "pattern": "ventrilo_srv.ini", + "caption": "Ventrilo server configuration file", + "description": "Might contain passwords" + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?dockercfg\\z", + "caption": "Docker configuration file", + "description": "Might contain credentials for public or private Docker registries" + }, + { + "part": "filename", + "type": "regex", + "pattern": "\\A\\.?npmrc\\z", + "caption": "NPM configuration file", + "description": "Might contain credentials for NPM registries" + } +] +