# secrets-patterns-db **Repository Path**: best0912/secrets-patterns-db ## Basic Information - **Project Name**: secrets-patterns-db - **Description**: https://github.com/mazen160/secrets-patterns-db.githttps://github.com/mazen160/secrets-patterns-db.git - **Primary Language**: Unknown - **License**: CC-BY-SA-4.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2023-07-21 - **Last Updated**: 2023-07-21 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # πŸ—„οΈ Secrets Patterns Database πŸ—„οΈ The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets. --- # πŸš€ Features - Over 1600 regular expressions for detecting secrets, passwords, API keys, tokens, and more. - Format agnostic. A Single format that supports secret detection tools, including Trufflehog and Gitleaks. - Tested and reviewed Regular expressions. - Categorized by confidence levels of each pattern. - All regular expressions are tested against ReDos attacks. # ❔ Why? There are limited resources online for Regular Expressions patterns for secrets. TruffleHog offers ~700 as built-in rules. GitLeaks offers ~60 rules. While it's a good start, it's not enough. There's a lot of work that needs to be done for maintenance and keeping up with new secrets patterns. I have collected and curated Regular Expressions Patterns for Secrets, API Tokens, Keys, and Passwords. I'm open-sourcing the database I built (Secrets-Patterns-DB), and hope that security teams contribute to it! The Secrets-Patterns-DB contains over 1600 Regular Expressions. I have also written scripts to validate Regexes against ReDoS attacks, and CI jobs to load and validate Regexes, and I also manually cleaned-up invalid ones. It's in Beta. There’s a lot of room for improvement on the project. I'm looking forward to your Pull Requests and Issues on Github to enhance Secrets-Patterns-DB for everyone. Are you planning to enhance your secrets detection in your AppSec program? Please take some time to contribute to the project! :pray: --- # πŸ’» Contribution Contribution is always welcome! Please feel free to report issues on Github and create Pull Requestss for new features. ## πŸ“Œ Ideas to Start on Would like to contribute to secrets-patterns-db? Here are some ideas that you may start with: - Support severity - Categorize patterns by type? - Categorize patterns by tags? - Support more tools? --- # πŸ“„ License This work is licensed under a Creative Commons Attribution 4.0 International License. # πŸ’š Author **Mazin Ahmed** - **Website**: [https://mazinahmed.net](https://mazinahmed.net) - **Email**: `mazin [at] mazinahmed [dot] net` - **Twitter**: [https://twitter.com/mazen160](https://twitter.com/mazen160) - **Linkedin**: [http://linkedin.com/in/infosecmazinahmed](http://linkedin.com/in/infosecmazinahmed)