keyhog-scanner 0.5.39

keyhog-scanner: high-performance SIMD-accelerated secret detection engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

schema_version = 1
detector_id = "aws-lambda-function-url-secret"
service = "aws"
severity = "critical"

[[positive]]
text = "https://abcdef123456.lambda-url.us-east-1.on.aws/?token=Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Q"
credential = "Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Q"
reason = "AWS Lambda function URL with token in query string."

[[positive]]
text = "https://xyzwvu789012.lambda-url.eu-west-2.on.aws/api/v1?token=Vk9Bn3Lp7Qm2Rs5Tw8Vk9B"
credential = "Vk9Bn3Lp7Qm2Rs5Tw8Vk9B"
reason = "AWS Lambda function URL with path and token."

[[negative]]
text = "https://example.com/?token=short"
reason = "Not a lambda-url.on.aws URL."

[[evasion]]
text = "LAMBDA_URL=https://abcdef123456.lambda-url.us-east-1.on.aws/?token=Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Q"
credential = "Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Q"
reason = "Env-var wrap around Lambda URL detector."

[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."

[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted Lambda URL token."

readme_claim = "900 service-specific detectors"