11// Regex derived from TruffleHog https://github.com/trufflesecurity/trufflehog
2- const key_regex = [ '\\b(aio\\_[a-zA-Z0-9]{28})\\b' , '\\b(sk-ant-(?:admin01|api03)-[\\w\\-]{93}AA)\\b' , '\\b(apify\\_api\\_[a-zA-Z-0-9]{36})\\b' , '\\b(v1\\.0-[A-Za-z0-9-]{171})\\b' , '\\b(CFPAT-[a-zA-Z0-9_\\-]{43})\\b' , '\\b([a-z0-9-]+(?:\\.[a-z0-9-]+)*\\.(cloud\\.databricks\\.com|gcp\\.databricks\\.com|azuredatabricks\\.net))\\b' , '\\b(web\\_[0-9a-z]{32})\\b' , '\\b((?:dop|doo|dor)_v1_[a-f0-9]{64})\\b' , '(https:\\/\\/discord\\.com\\/api\\/webhooks\\/[0-9]{18,19}\\/[0-9a-zA-Z-]{68})' , '\\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\\b' , '\\b(dp\\.pt\\.[a-zA-Z0-9]{43})\\b' , '\\b(API_KEY[0-9A-Z]{32})\\b' , '\\b(flb_live_[0-9a-zA-Z]{20})\\b' , '\\b(shltm_[0-9a-zA-Z-_]{40})' , '\\b(FLWSECK-[0-9a-z]{32}-X)\\b' , '\\b(fio-u-[0-9a-zA-Z_-]{64})\\b' , '\\bftp://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b' , '\\{[^{]+auth_provider_x509_cert_url[^}]+\\}' , '\\{[^{]+client_secret[^}]+\\}' , '\\b((?:master-|account-)[0-9A-Za-z]{20})\\b' , '\\b(live_[0-9A-Za-z\\_\\-]{40}[ "\'\\r\\n]{1})' , '\\b(glc_eyJ[A-Za-z0-9+\\/=]{60,160})' , '\\b(glsa_[0-9a-zA-Z_]{41})\\b' , '\\b(gsk_[a-zA-Z0-9]{52})\\b' , '\\b(?:hf_|api_org_)[a-zA-Z0-9]{34}\\b' , '\\b(s-s4t2(?:ud|af)-[a-f0-9]{64})\\b' , 'jdbc:[\\w]{3,10}:[^\\s"\'<>,(){}[\\]&]{10,512}' , '\\b(pk_[a-zA-Z0-9]{34})\\b' , '\\b((?:api|sdk)-[a-z0-9]{8}-[a-z0-9]{4}-4[a-z0-9]{3}-[a-z0-9]{4}-[a-z0-9]{12})\\b' , '\\b(lin_api_[0-9A-Za-z]{40})\\b' , '\\b(pk\\.[a-zA-Z-0-9]{32})\\b' , '[0-9a-f]{32}-us[0-9]{1,2}' , '(https:\\/\\/[a-zA-Z-0-9]+\\.webhook\\.office\\.com\\/webhookb2\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\\/IncomingWebhook\\/[a-zA-Z-0-9]{32}\\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})' , '\\b(NF\\-[a-zA-Z0-9]{32})\\b' , '\\b(secret_[A-Za-z0-9]{43})\\b' , '(npm_[0-9a-zA-Z]{36})' , '\\b(nvapi-[a-zA-Z0-9_-]{64})\\b' , '\\b(sk-[a-zA-Z0-9_-]+T3BlbkFJ[a-zA-Z0-9_-]+)\\b' , '\\b(ak_live_[a-zA-Z0-9]{30})\\b' , '\\b(sk\\_[a-z]{1,}\\_[A-Za-z0-9]{40})\\b' , '\\b(phx_[a-zA-Z0-9_]{43})\\b' , '\\b(PMAK-[a-zA-Z-0-9]{59})\\b' , '\\b(pnu_[a-zA-Z0-9]{36})\\b' , '-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\\s*?-----[\\s\\S]*?----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY\\s*?-----' , '\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b' , '\\b(pul-[a-z0-9]{40})\\b' , '\\b(?:amqps?):\\/\\/[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b' , '\\b(ramp_id_[a-zA-Z0-9]{40})\\b' , '\\brzp_live_[A-Za-z0-9]{14}\\b' , '(rdme_[a-z0-9]{70})' , '\\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\\b' , '\\bredi[s]{1,2}://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b' , '\\b(r8_[0-9A-Za-z-_]{37})\\b' , '\\b(rh-api-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\\b' , '\\b(rubygems_[a-zA0-9]{48})\\b' , '\\bSG\\.[\\w\\-]{20,24}\\.[\\w\\-]{39,50}\\b' , '\\b(xkeysib\\-[A-Za-z0-9_-]{81})\\b' , '\\b(shppa_|shpat_)([0-9A-Fa-f]{32})\\b' , '\\b(slk_[a-f0-9]{64})\\b' , '(?:sandbox-)?sq0i[a-z]{2}-[0-9A-Za-z_-]{22,43}' , '\\b(sq0idp-[0-9A-Za-z]{22})\\b' , '\\b(sbp_[a-z0-9]{40})\\b' , '\\btskey-[a-z]+-[0-9A-Za-z_]+-[0-9A-Za-z_]+\\b' , '\\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\\b' , '(https://[\\w-]+\\.tines\\.com/webhook/[a-z0-9]{32}/[a-z0-9]{32})' , '\\bthog-key-[0-9a-f]{16}\\b' , '\\bAC[0-9a-f]{32}\\b' , '\\b(BBFF-[0-9a-zA-Z]{30})\\b' , '\\bhttps?:\\/\\/[\\w!#$%&()*+,\\-./;<=>?@[\\\\\\]^_{|}~]{0,50}:([\\w!#$%&()*+,\\-./:;<=>?[\\\\\\]^_{|}~]{3,50})@[a-zA-Z0-9.-]+(?:\\.[a-zA-Z]{2,})?(?::\\d{1,5})?[\\w/]+\\b' , '\\b(VF\\.(?:(?:DM|WS)\\.)?[a-fA-F0-9]{24}\\.[a-zA-Z0-9]{16})\\b' , '\\b(xai-[0-9a-zA-Z_]{80})\\b' , '(https:\\/\\/hooks\\.zapier\\.com\\/hooks\\/catch\\/[A-Za-z0-9\\/]{16})' , '\\b(1000\\.[a-f0-9]{32}\\.[a-f0-9]{32})\\b' ]
3- const key_providers = [ 'adafruitio' , 'anthropic' , 'apify' , 'cloudflarecakey' , 'contentfulpersonalaccesstoken' , 'databrickstoken' , 'dfuse' , 'digitaloceanv2' , 'discordwebhook' , 'documo' , 'doppler' , 'finage' , 'fleetbase' , 'flexport' , 'flutterwave' , 'frameio' , 'ftp' , 'gcp' , 'gcpapplicationdefaultcredentials' , 'gemini' , 'gocardless' , 'grafana' , 'grafanaserviceaccount' , 'groq' , 'huggingface' , 'intra42' , 'jdbc' , 'klaviyo' , 'launchdarkly' , 'linearapi' , 'locationiq' , 'mailchimp' , 'microsoftteamswebhook' , 'nightfall' , 'notion' , 'npmtokenv2' , 'nvapi' , 'openai' , 'pagarme' , 'paystack' , 'posthog' , 'postman' , 'prefect' , 'privatekey' , 'pubnubsubscriptionkey' , 'pulumi' , 'rabbitmq' , 'ramp' , 'razorpay' , 'readme' , 'reallysimplesystems' , 'redis' , 'replicate' , 'robinhoodcrypto' , 'rubygems' , 'sendgrid' , 'sendinbluev2' , 'shopify' , 'sourcegraphcody' , 'squareapp' , 'squareup' , 'supabasetoken' , 'tailscale' , 'terraformcloudpersonaltoken' , 'tineswebhook' , 'trufflehogenterprise' , 'twilio' , 'ubidots' , 'uri' , 'voiceflow' , 'xai' , 'zapierwebhook' , 'zohocrm' ]
4-
2+ const keyMap = {
3+ adafruitio : '\\b(aio\\_[a-zA-Z0-9]{28})\\b' ,
4+ anthropic : '\\b(sk-ant-(?:admin01|api03)-[\\w\\-]{93}AA)\\b' ,
5+ apify : '\\b(apify\\_api\\_[a-zA-Z-0-9]{36})\\b' ,
6+ cloudflarecakey : '\\b(v1\\.0-[A-Za-z0-9-]{171})\\b' ,
7+ contentfulpersonalaccesstoken : '\\b(CFPAT-[a-zA-Z0-9_\\-]{43})\\b' ,
8+ databrickstoken : '\\b([a-z0-9-]+(?:\\.[a-z0-9-]+)*\\.(cloud\\.databricks\\.com|gcp\\.databricks\\.com|azuredatabricks\\.net))\\b' ,
9+ dfuse : '\\b(web\\_[0-9a-z]{32})\\b' ,
10+ digitaloceanv2 : '\\b((?:dop|doo|dor)_v1_[a-f0-9]{64})\\b' ,
11+ discordwebhook : '(https:\\/\\/discord\\.com\\/api\\/webhooks\\/[0-9]{18,19}\\/[0-9a-zA-Z-]{68})' ,
12+ documo : '\\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\\b' ,
13+ doppler : '\\b(dp\\.pt\\.[a-zA-Z0-9]{43})\\b' ,
14+ finage : '\\b(API_KEY[0-9A-Z]{32})\\b' ,
15+ fleetbase : '\\b(flb_live_[0-9a-zA-Z]{20})\\b' ,
16+ flexport : '\\b(shltm_[0-9a-zA-Z-_]{40})' ,
17+ flutterwave : '\\b(FLWSECK-[0-9a-z]{32}-X)\\b' ,
18+ frameio : '\\b(fio-u-[0-9a-zA-Z_-]{64})\\b' ,
19+ ftp : '\\bftp://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b' ,
20+ gcp : '\\{[^{]+auth_provider_x509_cert_url[^}]+\\}' ,
21+ gcpapplicationdefaultcredentials : '\\{[^{]+client_secret[^}]+\\}' ,
22+ gemini : '\\b((?:master-|account-)[0-9A-Za-z]{20})\\b' ,
23+ gocardless : '\\b(live_[0-9A-Za-z\\_\\-]{40}[ "\'\\r\\n]{1})' ,
24+ grafana : '\\b(glc_eyJ[A-Za-z0-9+\\/=]{60,160})' ,
25+ grafanaserviceaccount : '\\b(glsa_[0-9a-zA-Z_]{41})\\b' ,
26+ groq : '\\b(gsk_[a-zA-Z0-9]{52})\\b' ,
27+ huggingface : '\\b(?:hf_|api_org_)[a-zA-Z0-9]{34}\\b' ,
28+ intra42 : '\\b(s-s4t2(?:ud|af)-[a-f0-9]{64})\\b' ,
29+ jdbc : 'jdbc:[\\w]{3,10}:[^\\s"\'<>,(){}[\\]&]{10,512}' ,
30+ klaviyo : '\\b(pk_[a-zA-Z0-9]{34})\\b' ,
31+ launchdarkly : '\\b((?:api|sdk)-[a-z0-9]{8}-[a-z0-9]{4}-4[a-z0-9]{3}-[a-z0-9]{4}-[a-z0-9]{12})\\b' ,
32+ linearapi : '\\b(lin_api_[0-9A-Za-z]{40})\\b' ,
33+ locationiq : '\\b(pk\\.[a-zA-Z-0-9]{32})\\b' ,
34+ mailchimp : '[0-9a-f]{32}-us[0-9]{1,2}' ,
35+ microsoftteamswebhook : '(https:\\/\\/[a-zA-Z-0-9]+\\.webhook\\.office\\.com\\/webhookb2\\/[a-zA-Z0-9-@\\/]{136,}/IncomingWebhook\\/[a-zA-Z0-9]{32}\\/[a-zA-Z0-9-]{36})' ,
36+ nightfall : '\\b(NF\\-[a-zA-Z0-9]{32})\\b' ,
37+ notion : '\\b(secret_[A-Za-z0-9]{43})\\b' ,
38+ npmtokenv2 : '(npm_[0-9a-zA-Z]{36})' ,
39+ nvapi : '\\b(nvapi-[a-zA-Z0-9_-]{64})\\b' ,
40+ openai : '\\b(sk-[a-zA-Z0-9_-]+T3BlbkFJ[a-zA-Z0-9_-]+)\\b' ,
41+ pagarme : '\\b(ak_live_[a-zA-Z0-9]{30})\\b' ,
42+ paystack : '\\b(sk\\_[a-z]{1,}\\_[A-Za-z0-9]{40})\\b' ,
43+ posthog : '\\b(phx_[a-zA-Z0-9_]{43})\\b' ,
44+ postman : '\\b(PMAK-[a-zA-Z-0-9]{59})\\b' ,
45+ prefect : '\\b(pnu_[a-zA-Z0-9]{36})\\b' ,
46+ privatekey : '-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\\s*?-----[\\s\\S]*?----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY\\s*?-----' ,
47+ pubnubsubscriptionkey : '\\b(sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\\b' ,
48+ pulumi : '\\b(pul-[a-z0-9]{40})\\b' ,
49+ rabbitmq : '\\b(?:amqps?):\\/\\/[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b' ,
50+ ramp : '\\b(ramp_id_[a-zA-Z0-9]{40})\\b' ,
51+ razorpay : '\\brzp_live_[A-Za-z0-9]{14}\\b' ,
52+ readme : '(rdme_[a-z0-9]{70})' ,
53+ reallysimplesystems : '\\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\\b' ,
54+ redis : '\\bredi[s]{1,2}://[\\S]{3,50}:([\\S]{3,50})@[-.%\\w\\/:]+\\b' ,
55+ replicate : '\\b(r8_[0-9A-Za-z-_]{37})\\b' ,
56+ robinhoodcrypto : '\\b(rh-api-[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\\b' ,
57+ rubygems : '\\b(rubygems_[a-zA0-9]{48})\\b' ,
58+ sendgrid : '\\bSG\\.[\\w\\-]{20,24}\\.[\\w\\-]{39,50}\\b' ,
59+ sendinbluev2 : '\\b(xkeysib\\-[A-Za-z0-9_-]{81})\\b' ,
60+ shopify : '\\b(shppa_|shpat_)([0-9A-Fa-f]{32})\\b' ,
61+ sourcegraphcody : '\\b(slk_[a-f0-9]{64})\\b' ,
62+ squareapp : '(?:sandbox-)?sq0i[a-z]{2}-[0-9A-Za-z_-]{22,43}' ,
63+ squareup : '\\b(sq0idp-[0-9A-Za-z]{22})\\b' ,
64+ supabasetoken : '\\b(sbp_[a-z0-9]{40})\\b' ,
65+ tailscale : '\\btskey-[a-z]+-[0-9A-Za-z_]+-[0-9A-Za-z_]+\\b' ,
66+ terraformcloudpersonaltoken : '\\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\\b' ,
67+ tineswebhook : '(https://[\\w-]+\\.tines\\.com/webhook/[a-z0-9]{32}/[a-z0-9]{32})' ,
68+ trufflehogenterprise : '\\bthog-key-[0-9a-f]{16}\\b' ,
69+ twilio : '\\bAC[0-9a-f]{32}\\b' ,
70+ ubidots : '\\b(BBFF-[0-9a-zA-Z]{30})\\b' ,
71+ uri : '\\bhttps?:\\/\\/[\\w!#$%&()*+,\\-./;<=>?@[\\\\\\]^_{|}~]{0,50}:([\\w!#$%&()*+,\\-./:;<=>?[\\\\\\]^_{|}~]{3,50})@[a-zA-Z0-9.-]+(?:\\.[a-zA-Z]{2,})?(?::\\d{1,5})?[\\w/]+\\b' ,
72+ voiceflow : '\\b(VF\\.(?:(?:DM|WS)\\.)?[a-fA-F0-9]{24}\\.[a-zA-Z0-9]{16})\\b' ,
73+ xai : '\\b(xai-[0-9a-zA-Z_]{80})\\b' ,
74+ zapierwebhook : '(https:\\/\\/hooks\\.zapier\\.com\\/hooks\\/catch\\/[A-Za-z0-9\\/]{16})' ,
75+ zohocrm : '\\b(1000\\.[a-f0-9]{32}\\.[a-f0-9]{32})\\b'
76+ } ;
577const scripts = Array . from ( document . scripts ) ;
6-
778function fetchWithTimeout ( url ) {
879 var controller = new AbortController ( ) ;
980 setTimeout ( ( ) => { controller . abort ( ) } , 5000 ) ;
@@ -43,6 +114,7 @@ function parseResponse(url, parser) {
43114 return [ url , { 'error' : error . message } ] ;
44115 } ) ;
45116}
117+
46118return Promise . all (
47119 scripts . map ( script => {
48120 if ( script . src ) {
@@ -52,24 +124,24 @@ return Promise.all(
52124 }
53125 } )
54126) . then ( ( all_data ) => {
55- let combinedScripts = all_data . reduce ( ( acc , data ) => {
127+ const combinedScripts = all_data . reduce ( ( acc , data ) => {
56128 if ( Array . isArray ( data ) ) {
57- return acc + data [ 1 ] . data + '\n' ;
129+ return acc + data [ 1 ] . data + '\n' ;
58130 } else {
59- return acc + data ;
131+ return acc + data ;
60132 }
61133 } , '' ) ;
62- console . log ( combinedScripts )
63- let matched_keys = [ ] ;
64- for ( let i = 0 ; i < key_providers . length ; i ++ ) {
65- const regex = new RegExp ( key_regex [ i ] , 'g' ) ;
66- const matches = combinedScripts . match ( regex ) ;
67- if ( matches ) {
68- matched_keys . push ( key_providers [ i ] ) ;
134+
135+ const matched_keys = [ ] ;
136+ for ( const [ provider , pattern ] of Object . entries ( keyMap ) ) {
137+ const regex = new RegExp ( pattern , 'g' ) ;
138+ if ( regex . test ( combinedScripts ) ) {
139+ matched_keys . push ( provider ) ;
140+ }
69141 }
70- }
142+
71143 return matched_keys ;
72144} ) . catch ( error => {
73- return JSON . stringify ( { message : error . message , error : error } ) ;
145+ return JSON . stringify ( { message : error . message , error } ) ;
74146} ) ;
75147
0 commit comments