keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

# Docs: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens
# Format: github_pat_ prefix followed by alphanumeric pattern with underscore separator (82+ chars total)
# Verify: HTTP GET to /user with Bearer token and User-Agent header
# Prefix: github_pat_

[detector]
id = "github-pat-fine-grained"
name = "GitHub Fine-Grained PAT"
service = "github"
severity = "critical"
keywords = ["github_pat_"]

[[detector.patterns]]
regex = 'github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}'
description = "GitHub fine-grained personal access token"

[detector.verify]
method = "GET"
url = "https://api.github.com/user"

[detector.verify.auth]
type = "bearer"
field = "match"

[[detector.verify.headers]]
name = "User-Agent"
value = "keyhog-secret-scanner/{{version}}"

[detector.verify.success]
status = 200

[[detector.verify.metadata]]
name = "login"
json_path = "login"

[[detector.verify.metadata]]
name = "name"
json_path = "name"