Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Blynk rules #117

Merged
merged 1 commit into from
Jan 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- New rules have been added (thank you @gemesa!):

- Adafruit IO Key ([#114](https://github.com/praetorian-inc/noseyparker/pull/114))
- Blynk Device Access Token ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Blynk Organization Access Token (URL first) ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Blynk Organization Access Token (URL last) ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Blynk Organization Client ID (URL first) ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Blynk Organization Client ID (URL last) ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Blynk Organization Client Secret (URL first) ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Blynk Organization Client Secret (URL last) ([#117](https://github.com/praetorian-inc/noseyparker/pull/117))
- Docker Hub Personal Access Token ([#108](https://github.com/praetorian-inc/noseyparker/pull/108))
- Doppler CLI Token ([#111](https://github.com/praetorian-inc/noseyparker/pull/111))
- Doppler Personal Token ([#111](https://github.com/praetorian-inc/noseyparker/pull/111))
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Nosey Parker is a command-line tool that finds secrets and sensitive information

**Key features:**
- It supports scanning files, directories, and the entire history of Git repositories
- It uses regular expression matching with a set of 132 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
- It uses regular expression matching with a set of 139 patterns chosen for high signal-to-noise based on experience and feedback from offensive security engagements
- It groups matches together that share the same secret, further emphasizing signal over noise
- It is fast: it can scan at hundreds of megabytes per second on a single core, and is able to scan 100GB of Linux kernel source history in less than 2 minutes on an older MacBook Pro

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
source: crates/noseyparker-cli/tests/rules/mod.rs
expression: stdout
---
132 rules and 3 rulesets: no issues detected
139 rules and 3 rulesets: no issues detected

Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,34 @@ expression: stdout
"id": "np.azure.2",
"name": "Azure App Configuration Connection String"
},
{
"id": "np.blynk.1",
"name": "Blynk Device Access Token"
},
{
"id": "np.blynk.2",
"name": "Blynk Organization Access Token (URL first)"
},
{
"id": "np.blynk.3",
"name": "Blynk Organization Access Token (URL last)"
},
{
"id": "np.blynk.4",
"name": "Blynk Organization Client ID (URL first)"
},
{
"id": "np.blynk.5",
"name": "Blynk Organization Client ID (URL last)"
},
{
"id": "np.blynk.6",
"name": "Blynk Organization Client Secret (URL first)"
},
{
"id": "np.blynk.7",
"name": "Blynk Organization Client Secret (URL last)"
},
{
"id": "np.codeclimate.1",
"name": "CodeClimate Reporter ID"
Expand Down Expand Up @@ -537,7 +565,7 @@ expression: stdout
{
"id": "default",
"name": "Nosey Parker default rules",
"num_rules": 112
"num_rules": 119
},
{
"id": "np.assets",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,13 @@ expression: stdout
np.aws.5 Amazon MWS Auth Token
np.azure.1 Azure Connection String
np.azure.2 Azure App Configuration Connection String
np.blynk.1 Blynk Device Access Token
np.blynk.2 Blynk Organization Access Token (URL first)
np.blynk.3 Blynk Organization Access Token (URL last)
np.blynk.4 Blynk Organization Client ID (URL first)
np.blynk.5 Blynk Organization Client ID (URL last)
np.blynk.6 Blynk Organization Client Secret (URL first)
np.blynk.7 Blynk Organization Client Secret (URL last)
np.codeclimate.1 CodeClimate Reporter ID
np.cratesio.1 crates.io API Key
np.digitalocean.1 DigitalOcean Application Access Token
Expand Down Expand Up @@ -140,7 +147,7 @@ expression: stdout

Ruleset ID Ruleset Name Rules
─────────────────────────────────────────────────────────
default Nosey Parker default rules 112
default Nosey Parker default rules 119
np.assets Nosey Parker asset detection rules 15
np.hashes Nosey Parker password hash rules 5

139 changes: 139 additions & 0 deletions crates/noseyparker/data/default/builtin/rules/blynk.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
rules:

- name: Blynk Device Access Token
id: np.blynk.1

pattern: |
(?x)
https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/external/api/[a-zA-Z0-9/]*\?token=
([a-zA-Z0-9_\-]{32})
&

examples:
- curl "https://blynk.cloud/external/api/get?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&V1"
# region can be: fra1/lon1/ny3/sgp1/blr1, see https://docs.blynk.io/en/blynk.cloud/device-https-api/troubleshooting
- curl "https://fra1.blynk.cloud/external/api/get?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&V1"
- curl "https://lon1.blynk.cloud/external/api/get?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&V1"
- curl "https://blynk.cloud/external/api/update/property?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&pin=v1&isDisabled=true"

references:
- https://blynk.io/
- https://docs.blynk.io/en/blynk.cloud/device-https-api
- https://docs.blynk.io/en/blynk.cloud/device-https-api/get-datastream-value
- https://docs.blynk.io/en/blynk.cloud/device-https-api/troubleshooting
- https://docs.blynk.io/en/getting-started/activating-devices/manual-device-activation#step-3-getting-auth-token

- name: Blynk Organization Access Token (URL first)
id: np.blynk.2

pattern: |
(?x)
https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/api/[a-zA-Z0-9_\-\s/\\]*
-H\s*"Authorization:\s*Bearer\s*
([a-zA-Z0-9_\-]{40})
"

examples:
- 'curl https://fra1.blynk.cloud/api/organization/profile -H "Authorization: Bearer eIdWHQqRfFmvP5LDDh-IGxPUzi7I27HthzCPAVmS"'
- |
curl https://fra1.blynk.cloud/api/organization/profile \
-H "Authorization: Bearer eIdWHQqRfFmvP5LDDh-IGxPUzi7I27HthzCPAVmS"

references:
- https://docs.blynk.io/en/blynk.cloud/organization-https-api/get-organization-info

- name: Blynk Organization Access Token (URL last)
id: np.blynk.3

pattern: |
(?x)
-H\s*"Authorization:\s*Bearer\s*
([a-zA-Z0-9_\-]{40})
"[\s\\]*https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/api

examples:
- 'curl -H "Authorization: Bearer eIdWHQqRfFmvP5LDDh-IGxPUzi7I27HthzCPAVmS" https://fra1.blynk.cloud/api/organization/profile'
- |
curl -H "Authorization: Bearer eIdWHQqRfFmvP5LDDh-IGxPUzi7I27HthzCPAVmS" \
https://fra1.blynk.cloud/api/organization/profile

references:
- https://docs.blynk.io/en/blynk.cloud/organization-https-api/get-organization-info

- name: Blynk Organization Client ID (URL first)
id: np.blynk.4

pattern: |
(?x)
https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/oauth2/[a-zA-Z0-9_\-\s/\\?=&]*
(oa2-client-id_[a-zA-Z0-9_\-]{32})
(?::|&client_secret=)
(?:[a-zA-Z0-9_\-]{40})

examples:
- 'curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp'
- |
curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials \
-u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp
- 'curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials&client_id=oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-&client_secret=5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp'

references:
- https://docs.blynk.io/en/blynk.cloud/organization-https-api/authentication

- name: Blynk Organization Client ID (URL last)
id: np.blynk.5

pattern: |
(?x)
\b
(oa2-client-id_[a-zA-Z0-9_\-]{32})
:(?:[a-zA-Z0-9_\-]{40})
[\s\\]*https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/oauth2

examples:
- 'curl -X POST -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials'
- |
curl -X POST -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp \
https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials

references:
- https://docs.blynk.io/en/blynk.cloud/organization-https-api/authentication

- name: Blynk Organization Client Secret (URL first)
id: np.blynk.6

pattern: |
(?x)
https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/oauth2/[a-zA-Z0-9_\-\s/\\?=&]*
(?:oa2-client-id_[a-zA-Z0-9_\-]{32})
(?::|&client_secret=)
([a-zA-Z0-9_\-]{40})

examples:
- 'curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp'
- |
curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials \
-u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp
- 'curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials&client_id=oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-&client_secret=5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp'

references:
- https://docs.blynk.io/en/blynk.cloud/organization-https-api/authentication

- name: Blynk Organization Client Secret (URL last)
id: np.blynk.7

pattern: |
(?x)
\b
(?:oa2-client-id_[a-zA-Z0-9_\-]{32})
:([a-zA-Z0-9_\-]{40})
[\s\\]*https://(?:fra1\.|lon1\.|ny3\.|sgp1\.|blr1\.)*blynk\.cloud/oauth2

examples:
- 'curl -X POST -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials'
- |
curl -X POST -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp \
https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials

references:
- https://docs.blynk.io/en/blynk.cloud/organization-https-api/authentication
7 changes: 7 additions & 0 deletions crates/noseyparker/data/default/builtin/rulesets/default.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,13 @@ rulesets:
- np.aws.5 # Amazon MWS Auth Token
- np.azure.1 # Azure Connection String
- np.azure.2 # Azure App Configuration Connection String
- np.blynk.1 # Blynk Device Access Token
- np.blynk.2 # Blynk Organization Access Token (URL first)
- np.blynk.3 # Blynk Organization Access Token (URL last)
- np.blynk.4 # Blynk Organization Client ID (URL first)
- np.blynk.5 # Blynk Organization Client ID (URL last)
- np.blynk.6 # Blynk Organization Client Secret (URL first)
- np.blynk.7 # Blynk Organization Client Secret (URL last)
- np.codeclimate.1 # CodeClimate
- np.cratesio.1 # crates.io API Key
- np.dtrack.1 # Dependency-Track API Key
Expand Down