Add a ton of detections

Author: ryanlabouve

detections/bank_iban.toml

@@ -0,0 +1,8 @@
+[secret_type]
+name = "bank_iban"
+regex = "[A-Z]{2}[0-9]{2}[A-Z0-9]{4}[0-9]{7}([A-Z0-9]?){0,16}"
+description = "Detects International Bank Account Numbers (IBAN)"
+
+examples = ["GB29NWBK60161331926819", "DE91100000000123456789"]
+
+false_positives = ["AB12CD34EF56GH78IJ90KL"]

detections/bank_switf.toml

@@ -0,0 +1,6 @@
+[secret_type]
+name = "bank_swift"
+regex = "^[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3})?$"
+description = "Detects bank SWIFT/BIC codes"
+examples = ["DEUTDEFF", "NEDSZAJJXXX", "DABADKKK", "UNCRIT2B912"]
+false_positives = ["SWIFT123", "BICCODE12XXX"]

detections/bitcoin_wallet.toml

@@ -0,0 +1,11 @@
+[secret_type]
+name = "bitcoin_wallet"
+regex = "([13][a-km-zA-HJ-NP-Z1-9]{25,34})"
+description = "Detects Bitcoin wallet addresses"
+
+examples = [
+    "1BoatSLRHtKNngkdXEeobR76b53LETtpyT",
+    "3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy",
+]
+
+false_positives = []

detections/credit_card.toml

@@ -0,0 +1,13 @@
+[secret_type]
+name = "credit_card"
+regex = "(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9]{2})[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})"
+description = "Detects credit card numbers"
+
+examples = [
+    "4111111111111111",
+    "5500000000000004",
+    "340000000000009",
+    "30000000000004",
+]
+
+false_positives = []

detections/db_connection_string.toml

@@ -0,0 +1,13 @@
+[secret_type]
+regex = "(jdbc:sqlserver|mysql|postgresql|oracle):\\/\\/[a-zA-Z0-9_\\-\\.]+:[a-zA-Z0-9_\\-\\.]*@[a-zA-Z0-9_\\-\\.]+:\\d{2,5}\\/[a-zA-Z0-9_\\-]+"
+name = "db_connection_string"
+description = "Detects database connection strings"
+
+examples = [
+    "jdbc:sqlserver://username:password@localhost:1433/databaseName",
+    "mysql://user:pass@db-host:3306/dbname",
+    "postgresql://admin:secret@db-server:5432/db_instance",
+    "oracle://dbuser:dbpass@oraclehost:1521/orcl",
+]
+
+false_positives = []

detections/digital_ocean.toml

@@ -0,0 +1,11 @@
+[secret_type]
+name = "digital_ocean_token"
+regex = "[a-fA-F0-9]{64}"
+description = "Detects Digital Ocean personal access tokens"
+
+examples = [
+    "b7d03a6947b217efb6f3ec3bd3504582b3e57f8e9a2a8aeae0988e1a46df7e2c",
+    "f3bb3b0cd2abc0d4b0b0e8e8c3f044c70c60ded4c8a204a8886fa8b75421255c",
+]
+
+false_positives = []

detections/drivers_license.toml

@@ -0,0 +1,8 @@
+[secret_type]
+name = "drivers_license"
+regex = "[A-Z]{1,2}[0-9]{6,9}"
+description = "Detects driver's license numbers"
+
+examples = ["S1234567", "AB123456789"]
+
+false_positives = []

detections/elasticsearch_connection_string.toml

@@ -0,0 +1,11 @@
+[secret_type]
+name = "elasticsearch_connection_string"
+regex = "https?://[a-zA-Z0-9\\-\\.]+:[a-zA-Z0-9\\-\\.]+@[a-zA-Z0-9\\-\\.]+:\\d{2,5}/[a-zA-Z0-9_\\-]+"
+description = "Detects Elasticsearch connection strings"
+
+examples = [
+    "http://username:password@localhost:9200/indexname",
+    "https://user:pass@es-domain:443/index",
+]
+
+false_positives = []

detections/eth_wallet.toml

@@ -0,0 +1,11 @@
+[secret_type]
+name = "eth_wallet"
+regex = "0x[a-fA-F0-9]{40}"
+description = "Detects Ethereum wallet addresses"
+
+examples = [
+    "0x27b1fdb04752bbc536007a920d24acb045561c26",
+    "0x4e83362442b8d1bec281594cea3050c8eb01311c",
+]
+
+false_positives = ["1x1234567890123456789012345678901234567890"]

detections/facebook_access_token.toml

@@ -0,0 +1,11 @@
+[secret_type]
+name = "facebook_access_token"
+regex = "EAACEdEose0cBA[0-9A-Za-z]+"
+description = "Detects Facebook Access Tokens"
+
+examples = [
+    "EAACEdEose0cBAKLsJZCZCZCZCZ",
+    "EAACEdEose0cBAPZAnZCqZDZDZDZ",
+    "EAACEdEose0cBAAZBnZCwZCZCZCZ",
+]
+false_positives = []