keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# Docs: https://docs.fantom.foundation/
# Format: Fantom RPC endpoints use access tokens in URL or x-api-key header
# Verify: no public verification endpoint
# Prefix: none (requires context anchoring)

[detector]
id = "fantom-api-credentials"
name = "Fantom API Credentials"
service = "fantom"
severity = "high"
keywords = ["fantom", "FANTOM", "ftm", "FTM", "ftmscan", "fantom.network"]

[[detector.patterns]]
regex = '(?:fantom|FANTOM|ftm|FTM)[._-]?(?:rpc|RPC)[._-]?(?:url|URL|endpoint)[=:"	\s]+(https?://[a-zA-Z0-9._-]+\.fantom\.[a-z]+/[a-zA-Z0-9_-]+)'
description = "Fantom RPC URL with embedded access token"
group = 1

[[detector.patterns]]
regex = '(?:fantom|FANTOM|ftm|FTM)[._-]?(?:rpc|RPC)[._-]?(?:url|URL|endpoint)[=:"	\s]+(https?://[a-zA-Z0-9._-]+/v2/[a-zA-Z0-9_-]+)'
description = "Fantom RPC URL with API version and key"
group = 1

[[detector.patterns]]
regex = '(?:fantom|FANTOM|ftm|FTM)[._-]?(?:api|API)[._-]?key[=:"	\s]+([a-f0-9]{32})'
description = "Fantom API key (32 hex characters)"
group = 1