keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# Docs: https://docs.base.org/
# Format: Base chain RPC endpoints use API keys in URL path or Authorization header
# Verify: no public verification endpoint
# Prefix: none (requires context anchoring)

[detector]
id = "base-api-credentials"
name = "Base Chain API Credentials"
service = "base"
severity = "high"
keywords = ["base", "BASE", "base.org", "basescan", "base-mainnet"]

[[detector.patterns]]
regex = '(?:base|BASE)[._-]?(?:rpc|RPC)[._-]?(?:url|URL|endpoint)[=:"	\s]+(https?://[a-zA-Z0-9._-]+\.g\.alchemy\.com/v2/[a-zA-Z0-9_-]+)'
description = "Base chain RPC URL with Alchemy API key"
group = 1

[[detector.patterns]]
regex = '(?:base|BASE)[._-]?(?:rpc|RPC)[._-]?(?:url|URL|endpoint)[=:"	\s]+(https?://[a-zA-Z0-9._-]+/base/[a-zA-Z0-9_-]+)'
description = "Base chain RPC URL with embedded access token"
group = 1

[[detector.patterns]]
regex = '(?:base|BASE)[._-]?(?:rpc|RPC)[._-]?(?:url|URL|endpoint)[=:"	\s]+(https?://[a-zA-Z0-9._-]+/8453/[a-zA-Z0-9_-]+)'
description = "Base chain RPC URL with chain ID and API key"
group = 1

[[detector.patterns]]
regex = '(?:base|BASE)[._-]?(?:api|API)[._-]?key[=:"	\s]+([a-f0-9]{32})'
description = "Base chain API key (32 hex characters)"
group = 1