keyhog-scanner 0.5.40

keyhog-scanner: high-performance SIMD-accelerated secret detection engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

schema_version = 1
detector_id = "splitio-api-key"
service = "splitio"
severity = "high"







[[positive]]
text = "SPLITIO_API_KEY=Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Qx7Rm2Sn"
credential = "Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Qx7Rm2Sn"
reason = "Hand-tuned positive matching detector regex (R2-F adversarial batch)."

[[positive]]
text = "split_io_api_key=Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Qx7Rm2Sn"
credential = "Kp4Qx7Rm2Sn5Tb8Vw3YzKp4Qx7Rm2Sn"
reason = "Quoted-value variant of the canonical positive."

[[negative]]
text = "split_io_api_key=YOUR_API_KEY_HERE_PLACEHOLDER_VALUE"
reason = "Placeholder-keyword body — suppression gate matches PLACEHOLDER prefix."

[[negative]]
text = "split_io_api_key=YWJjZEXAMPLEEXAMPLEvcA=="
reason = "EXAMPLE token marker inside the body — suppression gate strips it."

[[evasion]]
text = "split_io_api_key=YWJjZGVmZ2hpamtsbW5vcA="
credential = "YWJjZGVmZ2hpamtsbW5vcA="
reason = "Adversarial env_cred envelope — credential must still surface under this detector."

[perf]
fixture_bytes = 4096
max_microseconds = 25000
note = "Standard single-file budget."

[scale]
fixture_bytes = 1048576
min_findings = 1
max_seconds = 2.0
note = "1 MiB filler + planted credential."

readme_claim = "900 service-specific detectors"