scan-config.toml

title = "gitleaks config"
[[regexes]]
    description = "Artifactory API Token"
    regex = '''(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'''
[[regexes]]
    description = "Artifactory Password"
    regex = '''(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'''
#[[regexes]]
#    description = "Authorization Basic"
#    regex = '''basic [a-zA-Z0-9_\\-:\\.=]+'''
[[regexes]]
    description = "Authorization Bearer"
    regex = '''bearer [a-zA-Z0-9_\\-\\.=]+'''
[[regexes]]
    description = "AWS Client ID"
    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
[[regexes]]
    description = "AWS MWS Key"
    regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
[[regexes]]
    description = "AWS Secret Key"
    regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
[[regexes]]
    description = "Base32"
    regex = '''(?:[A-Z2-7]{8})*(?:[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}=)?'''
[[regexes]]
    description = "Base64"
    regex = '''(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[a-zA-Z0-9+/]+={0,2}'''
#[[regexes]]
#    description = "Basic Auth Credentials"
#    regex = '''(?<=:\/\/)[a-zA-Z0-9]+:[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z]+'''
[[regexes]]
    description = "Cloudinary Basic Auth"
    regex = '''cloudinary:\/\/[0-9]{15}:[0-9A-Za-z]+@[a-z]+'''
[[regexes]]
    description = "Facebook Access Token"
    regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
[[regexes]]
    description = "Facebook Client ID"
    regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}'''
[[regexes]]
    description = "Facebook Oauth"
    regex = '''[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]'''
[[regexes]]
    description = "Facebook Secret Key"
    regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}'''
[[regexes]]
    description = "Github"
    regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}'''
[[regexes]]
    description = "Google API Key"
    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
[[regexes]]
    description = "Google Cloud Platform API Key"
    regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
[[regexes]]
    description = "Google Drive API Key"
    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
[[regexes]]
    description = "Google Drive Oauth"
    regex = '''[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com'''
[[regexes]]
    description = "Google Gmail API Key"
    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
[[regexes]]
    description = "Google Gmail Oauth"
    regex = '''[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com'''
[[regexes]]
    description = "Google Oauth Access Token"
    regex = '''ya29\\.[0-9A-Za-z\\-_]+'''
[[regexes]]
    description = "Google Youtube API Key"
    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
[[regexes]]
    description = "Google Youtube Oauth"
    regex = '''[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\\.com'''
[[regexes]]
    description = "RKCS8"
    regex = '''-----BEGIN PRIVATE KEY-----'''
[[regexes]]
    description = "RSA"
    regex = '''-----BEGIN RSA PRIVATE KEY-----'''
[[regexes]]
    description = "Github"
    regex = '''(?i)github.*['\"][0-9a-zA-Z]{35,40}['\"]'''
[[regexes]]
    description = "SSH"
    regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
[[regexes]]
    description = "Twitter"
    regex = '''(?i)twitter.*['\"][0-9a-zA-Z]{35,44}['\"]'''
[[regexes]]
    description = "PGP"
    regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
[[regexes]]
    description = "Slack token"
    regex = '''xox(?:a|b|p|o|s|r)-(?:\d+-)+[a-z0-9]+'''
[[regexes]]
    description = "Slack webhook"
    regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]+/B[a-zA-Z0-9_]+/[a-zA-Z0-9_]+'''
[[regexes]]
    description = "Strip API Key"
    regex = '''(?i)(sk|pk)_(test|live)_[0-9a-zA-Z]{10,32}'''
[[regexes]]
    description = "Heroku API Key"
    regex = '''[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}'''
[[regexes]]
    description = "IPv4"
    regex = '''\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\b'''
[[regexes]]
    description = "IPv6"
    regex = '''(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'''
[[regexes]]
    description = "LinkedIn Client ID"
    regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
[[regexes]]
    description = "LinkedIn Secret Key"
    regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
[[regexes]]
    description = "Mailchamp API Key"
    regex = '''[0-9a-f]{32}-us[0-9]{1,2}'''
[[regexes]]
    description = "Mailgun API Key"
    regex = '''key-[0-9a-zA-Z]{32}'''
#[[regexes]]
#    description = "Mailto:"
#    regex = '''(?<=mailto:)[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9.-]+'''
[[regexes]]
    description = "MD5 Hash"
    regex = '''[a-f0-9]{32}'''
[[regexes]]
    description = "Picatic API Key"
    regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
[[regexes]]
    description = "Square Access Token"
    regex = '''sqOatp-[0-9A-Za-z\\-_]{22}'''
[[regexes]]
    description = "Strip API Key"
    regex = '''(?:r|s)k_live_[0-9a-zA-Z]{24}'''
[[regexes]]
    description = "Square Oauth Secret"
    regex = '''sq0csp-[ 0-9A-Za-z\\-_]{43}'''
[[regexes]]
    description = "Twilio API Key"
    regex = '''SK[0-9a-fA-F]{32}'''
[[regexes]]
    description = "Twitter Client ID"
    regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}'''
[[regexes]]
    description = "Twitter Oauth"
    regex = '''[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]'''
[[regexes]]
    description = "Twitter Secret Key"
    regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}'''
#[[regexes]]
#    description = "URL Parameter"
#    regex = '''(?<=\?|\&)[a-zA-Z0-9_]+(?=\=)'''
#[[regexes]]
#    description = "URLs HTTP"
#    regex = '''https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)'''
#[[regexes]]
#    description = "URLs HTTPS"
#    regex = '''[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)'''

[whitelist]
    regexes = [
        # "AKIA.*EXAMPLE",
    ]
    files = [
        "(.*?)(jpg|gif|doc|pdf|bin)$"
    ]