Updated README.md

aegilops · aegilops · commit f2d6c76061ac · 2023-11-16T17:18:08.000Z
diff --git a/README.md b/README.md
@@ -1,101 +1,139 @@
-# Secret Scanning Tools
+# custom-pattern-secrets
 
-> ℹ️ This is an _unofficial_ tool created by Field Security Services, and is not officially supported by GitHub.
+Custom Secret Scanning Patterns repository.
 
-This is a testing suite for GitHub Secret Scanning Custom Patterns.
+## Patterns
 
-It can be used in combination with GitHub Actions to test custom patterns before they are deployed.
 
-An example repository that uses this Action is [advanced-security/secret-scanning-custom-patterns](https://github.com/advanced-security/secret-scanning-custom-patterns).
 
-A sample custom patterns config file compatible with this tool suite is provided in [`examples/config/patterns.yml`](examples/config/patterns.yml).
+### [Commonly Used Secrets / Passwords](./common)
 
-## Usage in Actions
 
-```yaml
-- name: Secret Scanning Test Suite
-  uses: advanced-security/secret-scanning-tools@main
-```
 
-### Advanced Configuration
+- Common Passwords Shortlist
+  
 
-```yaml
-- name: Secret Scanning Test Suite
-  uses: advanced-security/secret-scanning-tools@main
-  with:
-    # Modes to run
-    # > 'validate' (default), 'all', 'snapshot', 'markdown'
-    mode: 'validate'
-```
+### [Configuration Secrets](./configs)
 
-### Using GitHub App Token
 
-```yaml
-- name: Get Token
-  id: get_workflow_token
-  uses: peter-murray/workflow-application-token-action@v1
-  with:
-    application_id: ${{ secrets.ADVANCED_SECURITY_APP_ID }}
-    application_private_key: ${{ secrets.ADVANCED_SECURITY_APP_KEY }}
 
-- name: Secret Scanning Test Suite
-  uses: advanced-security/secret-scanning-tools@main
-  with:
-    token: ${{ steps.get_workflow_token.outputs.token }}
-```
+- Hardcoded Database Passwords
 
-## Offline testing of Secret Scanning custom patterns
+- Hardcoded Spring SQL passwords
 
-We have a test Python script, `secretscanning/test.py` that uses Intel's `hyperscan` to test custom GitHub Advanced Security Secret Scanning patterns.
+- Django Secret Key
 
-This is useful for thorough testing of patterns before they are deployed, whereas the rest of the test suite is primarily designed to be run in GitHub Actions for testing in CI.
+- GitHub Actions SHA Checker
 
-### Local test script usage
+- .NET Configuration file
 
-Change directory to `secretscanning`.
+- .NET MachineKey
+  
 
-First run `make requirements` to install required dependencies.
+### [Database passwords](./database)
 
-``` bash
-./test.py
-```
 
-By default it searches the directory above the `testing` directory for `pattern.yml` files, and tests those patterns on the same directory that file was found in.
 
-or
+- Database Connection String (1)
 
-``` bash
-./test.py --tests <directory>
-```
+- Database Connection String (2)
 
-For full usage use `./test.py --help`
+- Database Connection String (3)
 
-### Local test script requirements
+- TSQL CREATE LOGIN/USER
+  
 
-This only works on Intel-compatible platforms, since `hyperscan` is an Intel application and written to use Intel-specific instructions.
+### [Generic Secrets / Passwords](./generic)
 
-* Python 3.9+
-* `hyperscan` module, which provides Python bindings to Intel's Hyperscan
-* `python-pcre` module, which provides Python bindings to libPCRE
 
-### Development notes
 
-Please run `make lint` after any changes
+- Generic Passwords
 
-## License
+- UUIDs
 
-This project is licensed under the terms of the MIT open source license. Please refer to the [LICENSE](LICENSE) for the full terms.
+- Bearer Tokens
+  
 
-## Maintainers
+### [JWT](./jwt)
 
-See [CODEOWNERS](CODEOWNERS) for the list of maintainers.
 
-## Support
 
-> ℹ️ This is an _unofficial_ tool created by Field Security Services, and is not officially supported by GitHub.
+- JWT
+  
 
-See the [SUPPORT](SUPPORT.md) file.
+### [Password stores](./password_store)
 
-## Background
 
-See the [CHANGELOG](CHANGELOG.md), [CONTRIBUTING](CONTRIBUTING.md), [SECURITY](SECURITY.md), [SUPPORT](SUPPORT.md), [CODE OF CONDUCT](CODE_OF_CONDUCT.md) and [PRIVACY](PRIVACY.md) files for more information.
+
+- Arc
+  
+
+### [Personally identifiable information (PII)](./pii)
+
+
+
+- Credit Cards
+
+- Credit Cards - Visa
+
+- Credit Cards - MasterCard
+
+- Credit Cards - American Express
+
+- Credit Cards - Discover
+
+- IBAN
+  
+
+### [RSA Keys](./rsa)
+
+
+
+- Generic RSA keys
+
+- SSH Private Keys
+
+- GPG Private Key
+  
+
+### [URI / URL Custom Patterns](./uri)
+
+
+
+- Hardcoded Internal Emails
+
+- Hardcoded Internal URLs
+
+- Hardcoded URI Passwords
+
+- Routable IPv4 Addresses
+
+- GitHub Container Registry typos
+  
+
+### [Vendors](./vendors)
+
+
+
+- Azure SQL Connection String
+
+- Grafana API token
+
+- SendGrid (deprecated)
+
+- Sentry Auth Token
+
+- Sentry API Key
+
+- Sentry DSN secret
+
+- Sentry webpack plugin token
+
+- Sentry Terraform provider token
+
+- Okta token
+
+- DataDog API key
+
+- DataDog APP key
+  
