Add new RegEx for facebook tokens #225
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add new RegEx and tests for facebook app tokens and access token based on v12 API https://developers.facebook.com/docs/facebook-login/access-tokens/
|
@amadejpapez @piatrashkakanstantinass Those false positives though |
ghost
suggested changes
Nov 2, 2021
|
@bee-san I feel the same. |
- Remove testcases from fixtures/file and test_click.py - Adjust the rarity of Access token and App token to 0.2 and 0.3, respectively
|
We have discussed this PR with the team, and it seems that your regexes can be improved. The access token regex should be |
|
@bee-san @piatrashkakanstantinass Done
App token > poetry run pywhat '1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w'
Matched on: 1201566843289
Name: Phone Number
Matched on: 120156684
Name: American Social Security Number
Description: An American Identification Number
Matched on: 1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w
Name: Facebook App Token
Link:
https://developers.facebook.com/tools/debug/accesstoken/?access_token=1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w
Matched on: 12015668432
Name: Turkish Identification NumberAccess token > poetry run pywhat --disable-boundaryless 'EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc'
Matched on: EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ
4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc
Name: Facebook Access Token
Link: https://developers.facebook.com/tools/debug/accesstoken/?access_token=EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJu
OSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbq
ttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc> poetry run pywhat 'EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc'
Matched on: PjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZC
Name: Bitcoin Cash (BCH) Wallet Address
Link: https://www.blockchain.com/bch/address/PjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZC
Matched on: pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIg
Name: Bitcoin Cash (BCH) Wallet Address
Link: https://www.blockchain.com/bch/address/pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIg
Matched on: qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgB
Name: Bitcoin Cash (BCH) Wallet Address
Link: https://www.blockchain.com/bch/address/qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgB
Matched on: S95
Name: Latitude & Longitude Coordinates
Link: https://www.google.com/maps/place/S95
Matched on: m2L2aWdtNXOSscOnMYktEPYJuOSrteSQZC
Name: Litecoin (LTC) Wallet Address
Link: https://live.blockcypher.com/ltc/address/m2L2aWdtNXOSscOnMYktEPYJuOSrteSQZC
Matched on: mEnju6XItaRhija3pA7LFPHquTbi4IDZC8
Name: Litecoin (LTC) Wallet Address
Link: https://live.blockcypher.com/ltc/address/mEnju6XItaRhija3pA7LFPHquTbi4IDZC8
Matched on: MByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZ
Name: Litecoin (LTC) Wallet Address
Link: https://live.blockcypher.com/ltc/address/MByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZ
Matched on: Mf7S95X6nnqCUVw2iS0DRDbqttxauxIDgB
Name: Litecoin (LTC) Wallet Address
Link: https://live.blockcypher.com/ltc/address/Mf7S95X6nnqCUVw2iS0DRDbqttxauxIDgB
Matched on: RE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYk
Name: Ripple (XRP) Wallet Address
Link: https://xrpscan.com/account/RE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYk
Matched on: rteSQZCh9VWVVKnhSSYNumEnju6XItaRhi
Name: Ripple (XRP) Wallet Address
Link: https://xrpscan.com/account/rteSQZCh9VWVVKnhSSYNumEnju6XItaRhi
Matched on: RDbqttxauxIDgBRYJ7zZABXe9V0CY872DU
Name: Ripple (XRP) Wallet Address
Link: https://xrpscan.com/account/RDbqttxauxIDgBRYJ7zZABXe9V0CY872DU
Matched on: 6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJ
Name: Google ReCaptcha API Key
Exploit: Use the command below to verify that API key is valid:
$ curl -X POST -d "secret=6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJ&response=RESPONSE_TO_VERIFY"
https://www.google.com/recaptcha/api/siteverify
Matched on: 6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgB
Name: Google ReCaptcha API Key
Exploit: Use the command below to verify that API key is valid:
$ curl -X POST -d "secret=6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgB&response=RESPONSE_TO_VERIFY"
https://www.google.com/recaptcha/api/siteverify
Matched on: EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ
4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc
Name: Facebook Access Token
Link: https://developers.facebook.com/tools/debug/accesstoken/?access_token=EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJu
OSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbq
ttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc |
Codecov Report
@@ Coverage Diff @@
## main #225 +/- ##
=======================================
Coverage 92.60% 92.60%
=======================================
Files 15 15
Lines 1217 1217
=======================================
Hits 1127 1127
Misses 90 90 Continue to review full report at Codecov.
|
ghost
enabled auto-merge
ghost
disabled auto-merge
ghost
approved these changes
Nov 10, 2021
|
The regexes clearly have some false positives, so we should improve the output order, add interactive mode or something like that. @bee-san @amadejpapez thoughts? |
ghost
mentioned this pull request
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prerequisites
Why do we need this pull request?
based on v12 API
https://developers.facebook.com/docs/facebook-login/access-tokens/
What GitHub issues does this fix?
Copy / paste of output
Please copy and paste the output of PyWhat with your new addition using an example that tests this addition below: