credential-free

patterns.py•17.3 kB

""" Secret Detection Patterns Based on h33tlit/secret-regex-list with enhancements """ import re from dataclasses import dataclass from typing import Pattern @dataclass class SecretPattern: """A secret detection pattern""" name: str pattern: Pattern category: str severity: str description: str # Compile all patterns SECRET_PATTERNS = [ # API Keys & Tokens SecretPattern( name="AWS Access Key", pattern=re.compile(r"AKIA[0-9A-Z]{16}"), category="cloud", severity="CRITICAL", description="AWS Access Key ID", ), SecretPattern( name="AWS Secret Key", pattern=re.compile(r"aws(.{0,20})?['\"][0-9a-zA-Z/+]{40}['\"]", re.IGNORECASE), category="cloud", severity="CRITICAL", description="AWS Secret Access Key", ), SecretPattern( name="GitHub Token", pattern=re.compile(r"ghp_[0-9a-zA-Z]{36}"), category="vcs", severity="HIGH", description="GitHub Personal Access Token", ), SecretPattern( name="GitHub OAuth", pattern=re.compile(r"gho_[0-9a-zA-Z]{36}"), category="vcs", severity="HIGH", description="GitHub OAuth Access Token", ), SecretPattern( name="GitLab Token", pattern=re.compile(r"glpat-[0-9a-zA-Z\-]{20}"), category="vcs", severity="HIGH", description="GitLab Personal Access Token", ), SecretPattern( name="Google API Key", pattern=re.compile(r"AIza[0-9A-Za-z\-_]{35}"), category="cloud", severity="HIGH", description="Google API Key", ), SecretPattern( name="Google OAuth", pattern=re.compile(r"[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com"), category="cloud", severity="MEDIUM", description="Google OAuth Client ID", ), SecretPattern( name="Stripe API Key", pattern=re.compile(r"sk_live_[0-9a-zA-Z]{24,}"), category="payment", severity="CRITICAL", description="Stripe Live API Key", ), SecretPattern( name="Stripe Test Key", pattern=re.compile(r"sk_test_[0-9a-zA-Z]{24,}"), category="payment", severity="MEDIUM", description="Stripe Test API Key", ), SecretPattern( name="Twilio API Key", pattern=re.compile(r"SK[0-9a-fA-F]{32}"), category="communication", severity="HIGH", description="Twilio API Key", ), SecretPattern( name="SendGrid API Key", pattern=re.compile(r"SG\.[0-9A-Za-z\-_]{22}\.[0-9A-Za-z\-_]{43}"), category="communication", severity="HIGH", description="SendGrid API Key", ), SecretPattern( name="Mailgun API Key", pattern=re.compile(r"key-[0-9a-zA-Z]{32}"), category="communication", severity="MEDIUM", description="Mailgun API Key", ), SecretPattern( name="Slack Token", pattern=re.compile(r"xox[baprs]-([0-9a-zA-Z]{10,48})"), category="communication", severity="HIGH", description="Slack API Token", ), SecretPattern( name="Slack Webhook", pattern=re.compile(r"https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,}/B[a-zA-Z0-9_]{8,}/[a-zA-Z0-9_]{24,}"), category="communication", severity="MEDIUM", description="Slack Webhook URL", ), SecretPattern( name="Discord Token", pattern=re.compile(r"[MN][A-Za-z\d]{23}\.[\w-]{6}\.[\w-]{27}"), category="communication", severity="HIGH", description="Discord Bot Token", ), SecretPattern( name="Discord Webhook", pattern=re.compile(r"https://discord(app)?\.com/api/webhooks/\d+/[\w-]+"), category="communication", severity="MEDIUM", description="Discord Webhook URL", ), SecretPattern( name="Heroku API Key", pattern=re.compile(r"[hH][eE][rR][oO][kK][uU].{0,20}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"), category="cloud", severity="HIGH", description="Heroku API Key (with context)", ), SecretPattern( name="DigitalOcean Token", pattern=re.compile(r"dop_v1_[0-9a-f]{64}"), category="cloud", severity="HIGH", description="DigitalOcean Personal Access Token", ), SecretPattern( name="Azure Storage Key", pattern=re.compile(r"DefaultEndpointsProtocol=https?;AccountName=.*;AccountKey=.{88}"), category="cloud", severity="CRITICAL", description="Azure Storage Connection String", ), SecretPattern( name="Docker Hub Token", pattern=re.compile(r"dckr_pat_[a-zA-Z0-9_]{32,}"), category="container", severity="HIGH", description="Docker Hub Personal Access Token", ), # SSH & Private Keys SecretPattern( name="SSH Private Key", pattern=re.compile(r"-----BEGIN (RSA |OPENSSH |DSA |EC |PGP )?PRIVATE KEY( BLOCK)?-----"), category="crypto", severity="CRITICAL", description="SSH/RSA Private Key", ), SecretPattern( name="PGP Private Key", pattern=re.compile(r"-----BEGIN PGP PRIVATE KEY BLOCK-----"), category="crypto", severity="CRITICAL", description="PGP Private Key Block", ), # Database Credentials SecretPattern( name="MySQL Connection", pattern=re.compile(r"mysql:\/\/[a-zA-Z0-9_]+:[a-zA-Z0-9_]+@[a-zA-Z0-9.-]+:\d+/[a-zA-Z0-9_]+"), category="database", severity="CRITICAL", description="MySQL Connection String", ), SecretPattern( name="PostgreSQL Connection", pattern=re.compile(r"postgres(ql)?:\/\/[a-zA-Z0-9_]+:[a-zA-Z0-9_]+@[a-zA-Z0-9.-]+:\d+/[a-zA-Z0-9_]+"), category="database", severity="CRITICAL", description="PostgreSQL Connection String", ), SecretPattern( name="MongoDB Connection", pattern=re.compile(r"mongodb(\+srv)?:\/\/[a-zA-Z0-9_]+:[a-zA-Z0-9_]+@[a-zA-Z0-9.-]+(:\d+)?/[a-zA-Z0-9_]+"), category="database", severity="CRITICAL", description="MongoDB Connection String", ), SecretPattern( name="Redis Connection", pattern=re.compile(r"redis:\/\/:[a-zA-Z0-9_]+@[a-zA-Z0-9.-]+(:\d+)?"), category="database", severity="HIGH", description="Redis Connection String with Password", ), # JWT Tokens SecretPattern( name="JWT Token", pattern=re.compile(r"eyJ[A-Za-z0-9-_=]+\.eyJ[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*"), category="authentication", severity="HIGH", description="JSON Web Token", ), # Generic Secrets SecretPattern( name="Generic API Key", pattern=re.compile(r"['\"]?api[_-]?key['\"]?\s*[:=]\s*['\"]([a-zA-Z0-9_\-]{20,})['\"]", re.IGNORECASE), category="generic", severity="MEDIUM", description="Generic API Key Pattern", ), SecretPattern( name="Generic Secret", pattern=re.compile(r"['\"]?secret[_-]?key['\"]?\s*[:=]\s*['\"]([a-zA-Z0-9_\-]{20,})['\"]", re.IGNORECASE), category="generic", severity="MEDIUM", description="Generic Secret Key Pattern", ), SecretPattern( name="Generic Token", pattern=re.compile(r"['\"]?token['\"]?\s*[:=]\s*['\"]([a-zA-Z0-9_\-]{20,})['\"]", re.IGNORECASE), category="generic", severity="MEDIUM", description="Generic Token Pattern", ), SecretPattern( name="Generic Password", pattern=re.compile(r"['\"]?password['\"]?\s*[:=]\s*['\"]([^\s'\"]{8,})['\"]", re.IGNORECASE), category="generic", severity="LOW", description="Generic Password Pattern", ), # Additional Cloud Providers SecretPattern( name="Cloudflare API Key", pattern=re.compile(r"[cC][lL][oO][uU][dD][fF][lL][aA][rR][eE].{0,20}['\"][a-f0-9]{37}['\"]"), category="cloud", severity="MEDIUM", description="Cloudflare API Key (with context)", ), SecretPattern( name="Alibaba Cloud Key", pattern=re.compile(r"LTAI[A-Za-z0-9]{12,20}"), category="cloud", severity="HIGH", description="Alibaba Cloud Access Key", ), SecretPattern( name="NPM Token", pattern=re.compile(r"npm_[A-Za-z0-9]{36}"), category="package", severity="HIGH", description="NPM Access Token", ), SecretPattern( name="PyPI Token", pattern=re.compile(r"pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{70,}"), category="package", severity="HIGH", description="PyPI API Token", ), SecretPattern( name="Shopify Token", pattern=re.compile(r"shpat_[a-fA-F0-9]{32}"), category="ecommerce", severity="HIGH", description="Shopify Private App Password", ), SecretPattern( name="Square Token", pattern=re.compile(r"sq0atp-[0-9A-Za-z\-_]{22}"), category="payment", severity="CRITICAL", description="Square Access Token", ), SecretPattern( name="Telegram Bot Token", pattern=re.compile(r"\d{8,10}:[A-Za-z0-9_-]{35}"), category="communication", severity="MEDIUM", description="Telegram Bot API Token", ), SecretPattern( name="Facebook Access Token", pattern=re.compile(r"EAACEdEose0cBA[0-9A-Za-z]+"), category="social", severity="HIGH", description="Facebook Access Token", ), SecretPattern( name="Twitter Bearer Token", pattern=re.compile(r"AAAAAAAAAAAAAAAAAAAAAA[A-Za-z0-9%]{80,}"), category="social", severity="HIGH", description="Twitter Bearer Token", ), # === NEW PATTERNS (from h33tlit + modern additions) === SecretPattern( name="Google OAuth Access Token", pattern=re.compile(r"ya29\.[0-9A-Za-z\-_]+"), category="cloud", severity="HIGH", description="Google OAuth Access Token", ), SecretPattern( name="Cloudinary URL", pattern=re.compile(r"cloudinary://[0-9]+:[a-zA-Z0-9_-]+@[a-zA-Z0-9_-]+"), category="cloud", severity="HIGH", description="Cloudinary Connection URL", ), SecretPattern( name="Firebase URL", pattern=re.compile(r"[a-z0-9-]+\.firebaseio\.com"), category="cloud", severity="MEDIUM", description="Firebase Database URL", ), SecretPattern( name="Password in URL", pattern=re.compile(r"[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@[^\s\"']+"), category="authentication", severity="CRITICAL", description="Credentials embedded in URL", ), SecretPattern( name="GCP Service Account", pattern=re.compile(r'"type"\s*:\s*"service_account"'), category="cloud", severity="CRITICAL", description="Google Cloud Service Account JSON", ), SecretPattern( name="Amazon MWS Auth Token", pattern=re.compile(r"amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"), category="cloud", severity="HIGH", description="Amazon Marketplace Web Service Token", ), SecretPattern( name="MailChimp API Key", pattern=re.compile(r"[0-9a-f]{32}-us[0-9]{1,2}"), category="communication", severity="HIGH", description="MailChimp API Key", ), SecretPattern( name="PayPal Braintree Token", pattern=re.compile(r"access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}"), category="payment", severity="CRITICAL", description="PayPal Braintree Access Token", ), SecretPattern( name="Stripe Restricted Key", pattern=re.compile(r"rk_live_[0-9a-zA-Z]{24}"), category="payment", severity="HIGH", description="Stripe Restricted API Key", ), SecretPattern( name="Square OAuth Secret", pattern=re.compile(r"sq0csp-[0-9A-Za-z\-_]{43}"), category="payment", severity="CRITICAL", description="Square OAuth Client Secret", ), # ==================== AI PATTERNS ==================== SecretPattern( name="OpenAI API Key (Legacy)", pattern=re.compile(r"sk-[a-zA-Z0-9]{48}"), category="ai", severity="HIGH", description="OpenAI API Key (legacy format)", ), SecretPattern( name="OpenAI API Key (Project)", pattern=re.compile(r"sk-proj-[a-zA-Z0-9]{48,}"), category="ai", severity="HIGH", description="OpenAI Project API Key", ), SecretPattern( name="OpenAI API Key (Org)", pattern=re.compile(r"sk-[a-zA-Z0-9]{20}-[a-zA-Z0-9]{20,}"), category="ai", severity="HIGH", description="OpenAI Organization API Key", ), SecretPattern( name="Anthropic API Key", pattern=re.compile(r"sk-ant-api\d{2}-[a-zA-Z0-9-_]{90,}"), category="ai", severity="HIGH", description="Anthropic/Claude API Key", ), SecretPattern( name="Anthropic API Key (Short)", pattern=re.compile(r"sk-ant-[a-zA-Z0-9-_]{40,}"), category="ai", severity="HIGH", description="Anthropic/Claude API Key (short format)", ), SecretPattern( name="Hugging Face Token", pattern=re.compile(r"hf_[a-zA-Z0-9]{34}"), category="ai", severity="HIGH", description="Hugging Face Access Token", ), SecretPattern( name="Cohere API Key", pattern=re.compile(r"[cC][oO][hH][eE][rR][eE].{0,20}['\"][a-zA-Z0-9]{40}['\"]"), category="ai", severity="HIGH", description="Cohere API Key", ), SecretPattern( name="Replicate API Token", pattern=re.compile(r"r8_[a-zA-Z0-9]{40}"), category="ai", severity="HIGH", description="Replicate API Token", ), SecretPattern( name="Mistral API Key", pattern=re.compile(r"[mM][iI][sS][tT][rR][aA][lL].{0,20}['\"][a-zA-Z0-9]{32}['\"]"), category="ai", severity="HIGH", description="Mistral AI API Key", ), SecretPattern( name="Together AI API Key", pattern=re.compile(r"[tT][oO][gG][eE][tT][hH][eE][rR].{0,20}['\"][a-zA-Z0-9]{64}['\"]"), category="ai", severity="HIGH", description="Together AI API Key", ), SecretPattern( name="Groq API Key", pattern=re.compile(r"gsk_[a-zA-Z0-9]{52}"), category="ai", severity="HIGH", description="Groq API Key", ), SecretPattern( name="Perplexity API Key", pattern=re.compile(r"pplx-[a-zA-Z0-9]{48}"), category="ai", severity="HIGH", description="Perplexity AI API Key", ), SecretPattern( name="Fireworks AI API Key", pattern=re.compile(r"fw_[a-zA-Z0-9]{40,}"), category="ai", severity="HIGH", description="Fireworks AI API Key", ), SecretPattern( name="Linear API Key", pattern=re.compile(r"lin_api_[a-zA-Z0-9]{40}"), category="productivity", severity="MEDIUM", description="Linear API Key", ), SecretPattern( name="Vercel Token", pattern=re.compile(r"[vV][eE][rR][cC][eE][lL].{0,20}['\"][a-zA-Z0-9]{24}['\"]"), category="cloud", severity="HIGH", description="Vercel Access Token", ), SecretPattern( name="Supabase Key", pattern=re.compile(r"sbp_[a-f0-9]{40}"), category="database", severity="HIGH", description="Supabase Service Key", ), SecretPattern( name="Datadog API Key", pattern=re.compile(r"[dD][aA][tT][aA][dD][oO][gG].{0,20}['\"][a-f0-9]{32}['\"]"), category="monitoring", severity="HIGH", description="Datadog API Key", ), SecretPattern( name="New Relic API Key", pattern=re.compile(r"NRAK-[A-Z0-9]{27}"), category="monitoring", severity="HIGH", description="New Relic API Key", ), SecretPattern( name="Doppler Token", pattern=re.compile(r"dp\.(?:st|sa|ct)\.[a-zA-Z0-9]{40,}"), category="secrets_management", severity="CRITICAL", description="Doppler Service Token", ), ] def get_patterns_by_category(category: str) -> list[SecretPattern]: """Get all patterns for a specific category""" return [p for p in SECRET_PATTERNS if p.category == category] def get_patterns_by_severity(severity: str) -> list[SecretPattern]: """Get all patterns for a specific severity level""" return [p for p in SECRET_PATTERNS if p.severity == severity] def get_all_categories() -> list[str]: """Get all unique categories""" return list(set(p.category for p in SECRET_PATTERNS)) def get_pattern_count() -> int: """Get total number of patterns""" return len(SECRET_PATTERNS)

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/skutry/credential-free'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

patterns.py•17.3 kB