"Slack Token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})",
"RSA private key": "-----BEGIN RSA PRIVATE KEY-----",
"SSH (OPENSSH) private key": "-----BEGIN OPENSSH PRIVATE KEY-----",
"SSH (DSA) private key": "-----BEGIN DSA PRIVATE KEY-----",
"SSH (EC) private key": "-----BEGIN EC PRIVATE KEY-----",
"PGP private key block": "-----BEGIN PGP PRIVATE KEY BLOCK-----",
"Facebook Oauth": "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].{0,30}['\"\\s][0-9a-f]{32}['\"\\s]",
"Twitter Oauth": "[t|T][w|W][i|I][t|T][t|T][e|E][r|R].{0,30}['\"\\s][0-9a-zA-Z]{35,44}['\"\\s]",
"Google Oauth": '("client_secret":"[a-zA-Z0-9-_]{24}")',
"AWS API Key": "AKIA[0-9A-Z]{16}",
"Heroku API Key": "[h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}",
"Generic Secret": "[s|S][e|E][c|C][r|R][e|E][t|T].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]",
"Generic API Key": "[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].{0,30}['\"\\s][0-9a-zA-Z]{32,45}['\"\\s]",
"Slack Webhook": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}",
"Twilio API Key": "SK[a-z0-9]{32}",
"Password in URL": "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]",
"SlackInternal": "slack-corp",
"Github Tokens": "^w{1,40}|.*ghp_.*$"
Last active
March 1, 2023 11:31
-
-
Save sht/ff0af7ebb372ab25acb0bf7419cb1c37 to your computer and use it in GitHub Desktop.
regex including new github tokens pattern for secrets scanning
With this prefix alone, anticipate that the false positive rate for secret scanning will be down to 0.5%.
Other prefixes in use at GitHub are:
ghu
for user-to-server tokensghs
for server-to-server tokens, andghr
for refresh tokens
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
github news token example format
ghp_L4qEUdTliQ0tBgLh0xY8VECXAdGV7943oFkV
Length
40