keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# Docs: https://docs.etherscan.io/
# Format: 32 character hexadecimal string (no distinctive prefix)
# Verify: GET /api with apikey parameter returns JSON with status "1" if valid
# Prefix: none (32 hex chars, requires context keywords)

[detector]
id = "etherscan-api-key"
name = "Etherscan API Key"
service = "etherscan"
severity = "high"
keywords = ["etherscan", "ETHERSCAN", "ETHERSCAN_API_KEY", "etherscan_api_key", "etherscan.io", "api.etherscan.io"]

[[detector.patterns]]
regex = "(?:ETHERSCAN|etherscan)[_\\-\\.]?(?:API[_\\-\\.]?KEY|api[_\\-\\.]?key)[=:\\s\\\"']+([a-f0-9]{32})"
description = "Etherscan API key with context anchor"
group = 1

[[detector.patterns]]
regex = "apikey[=:\\s\\\"']+([a-f0-9]{32})"
description = "Etherscan API key in apikey parameter"
group = 1

[detector.verify]
method = "GET"
url = "https://api.etherscan.io/v2/api?chainid=1&module=stats&action=ethprice&apikey={{match}}"

[detector.verify.auth]
type = "none"

[detector.verify.success]
status = 200