keyhog-scanner 0.5.40

keyhog-scanner: high-performance SIMD-accelerated secret detection engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

schema_version = 1
detector_id = "github-pat-fine-grained"
service = "github"
severity = "critical"

[[positive]]
text = "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"
credential = "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"
reason = "GitHub fine-grained PAT: github_pat_ + 22 alnum + _ + 59 alnum."

[[positive]]
text = "GH_TOKEN=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"
credential = "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"
reason = "Env-var wrap around fine-grained PAT prefix detector."

[[negative]]
text = "github_pat_short"
reason = "Total length below 82 chars / missing 22+_+59 structure."

[[evasion]]
text = "Authorization: Bearer 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"
credential = "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"
reason = "Bearer-header wrap around prefix detector."

[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."

[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted GitHub fine-grained PAT."

readme_claim = "900 service-specific detectors"