-
-
Notifications
You must be signed in to change notification settings - Fork 794
/
flash-regexp.txt
61 lines (61 loc) · 6.69 KB
/
flash-regexp.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Flash XSS (HIGH);;getURL XSS;;geturl\([^\)]*\)
Flash XSS (HIGH);;navigateToURL XSS;;navigateToURL\([^\)]*\)
Flash XSS (HIGH);;ExternalInterface.call XSS;;ExternalInterface\.call\([^\)]*\)
Flash XSS (HIGH);;htmlText Property XSS;;\.html(Text)?\s*=\s*
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bloadVariables\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bloadMovie(Num)?\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bFScrollPane\.loadScrollContent\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bLoadVars\.load\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bLoadVars\.send(AndLoad)?\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bMovieClip\.(getURL|loadMovie)\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bNetConnection\.connect\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bNetServices\.createGatewayConnection\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bNetSteam\.play\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bSound\.loadSound\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bXML\.load\([^\)]*\)
Flash XSS (HIGH);;Possible XSS Global Variable to URL;;\bXML\.send(AndLoad)?\([^\)]*\)
Insecure Programming Practices (HIGH);;Insecure Security.allowInsecureDomain() usage;;Security\.allowInsecureDomain\([^\)]*\)
Insecure Programming Practices (HIGH);;Insecure Security.allowDomain() usage;;Security\.allowDomain\([^\)]*\)
Insecure Programming Practices (HIGH);;Insecure LocalConnection.allowDomain() usage;;LocalConnection\.allowDomain\([^\)]*\)
Insecure Programming Practices (HIGH);;Insecure Flash Storage Object (Flash Cookie);;SharedObject\.getLocal\([^\)]*\)
Insecure Programming Practices (HIGH);;Insecure FlashVar use in System.security.loadPolicyFile;;System\.security\.loadPolicyFile\([^\)]*\)
Insecure Programming Practices (MED);;LoadBytes Usage;;\.loadbytes\([^\)]*\)
Insecure Programming Practices (MED);;Debug Information (trace function);;\btrace\([^\)]*\)
Sensitive Data;;Buckets/Takeovers;;amazonaws|azurewebsites|cloudapp|trafficmanager|herokuapp|cloudfront|digitaloceanspace|storage\.(cloud|google)|firebaseio\.com
Sensitive Data;;PGP Private Key Block;;PGP\sPRIVATE\sKEY\sBLOCK.*END\sPGP\sPRIVATE\sKEY\sBLOCK
Sensitive Data;;PGP Public Key Block;;PGP\sPUBLIC\sKEY\sBLOCK.*END\sPGP\sPUBLIC\sKEY\sBLOCK
Sensitive Data;;RSA Private Key Block;;RSA\sPRIVATE\sKEY.*END\sRSA\sPRIVATE\sKEY
Sensitive Data;;SQL Query Detected;;"(SELECT(\s|\+|(%20))+[\w\*\)\(;\s]+(\s|\+|(%20))+FROM(\s|\+|(%20))+[\w]+)|(UPDATE(\s|\+|(%20))+[\w]+(\s|\+|(%20))+SET(\s|\+|(%20))+[\w;\'\=]+)|(INSERT(\s|\+|(%20))+INTO(\s|\+|(%20))+[\d\w]+[\s\w\d\)\(;]*(\s|\+|(%20))+VALUES(\s|\+|(%20))+\([\d\w\';\)]+)|(DELETE(\s|\+|(%20))+FROM(\s|\+|(%20))+[\d\w\'\=]+)"
Sensitive Data;;IP adress;;([0-9]{1,3}\s*,\s*){3,})
Sensitive Data;;MD5 Hash Detected;;\b[a-fA-F0-9]{32}\b
Sensitive Data;;Possible Credit Card Number Disclosure;;[^0-9a-f\-](?:4\d{3}|5[1-5]\d{2}|6011|3\d{3})(?:\d{12}|-\d{4}-\d{4}-\d{4})[^0-9a-f\.]
Sensitive Data;;Possible Credit Card Number Disclosure;;[^0-9a-f\-](?:3[47]\d{2}|2131|1800)(?:\d{11}|-\d{6}-\d{5})[^0-9a-f\.]
Sensitive Data;;Possible Credit Card Number Disclosure;;[^0-9a-f\-]2(?:014|149)(?:\d{11}|-\d{7}-\d{4})[^0-9a-f\.]
Sensitive Data;;Possible Credit Card Number Disclosure;;[^0-9a-f\-]3(?:[68]\d{2}|0[0-5]\d)(?:\d{10}|-\d{6}-\d{4})[^0-9a-f\.]
Sensitive Data;;Possible Credit Card Number Disclosure;;[^0-9a-f\-]4\d{3}(?:\d{9}|-\d{3}-\d{3}-\d{3})[^0-9a-f\.]
Sensitive Data;;Possible LDAP Query;;"((LDAP:///?[\w/=;%:$?()!&*|~<>]+)|((o|ou|dc|cn|uid|dn|sn|objectclass|objectcategory|st|mail|(given)?name|description|displayname|telephonenumber|memberuid|postalcode|streetaddress|targetaddress|userpassword)\s*=\s*[\w\x20()?~!:/]+;?){2,})"
Sensitive Data;;Possible Server Path Disclosure (unix);;"(?:(?<![/\w""']))(?:/usr/(?:share|lib|local|s?bin)/|/etc/(?!(?:master\.)?passwd)|/var/|/tmp/|/Users/|/s?bin/|/opt/|/root/|/home/)[\w/\.]+ AND NOT (?:href|src|dynsrc|lowsrc|link|url|action|data|codebase|classid|archive|background|pluginspage|profile|usemap|cite|longdesc|path)\s*=\s*['""]?(?:(?<![/\w""']))(?:/usr/(?:share|lib|local|s?bin)/|/etc/(?!(?:master\.)?passwd)|/var/|/tmp/|/Users/|/s?bin/|/opt/|/root/|/home/)[\w/\.]+"
Sensitive Data;;Possible Server Path Disclosure (win32);;(?:>|\s|=)[c-zC-Z]:[\\/][a-zA-Z0-9]
Sensitive Data;;Possible Social Security Number;;(?:[0-5][0-9][0-9]|6[0-4][0-9])-\d{2}-\d{4}]]
Sensitive Data;;Possible Social Security Number;;^(?:[0-5][0-9][0-9]|6[0-4][0-9])-\d{2}-\d{4}$
Sensitive Data;;Possible XPath Query;;"(/{0,2}[\w\d\-]+(\[[^/\]]+\])*/(([\w\-\*]+/)*[\w\-]*\[[<>\w\d\-\.@!=()\x20\""\']+\](/[\w\-\*]+)*)+)|(//[\w\d\-]+(\[[^/\]]+\])+)"
Sensitive Data;;SHA-0/SHA-1 Hash Detected;;\b[a-fA-F0-9]{40}\b
Keywords;;User Account Info;;\baccesse[sd]\b
Keywords;;User Account Info;;\badmin(istrator)?(s)?\b
Keywords;;User Account Info;;\bauth(enticate|orization)?(s)?\b
Keywords;;User Account Info;;\bauthenticat(ing|ed|ion){1}\b
Keywords;;User Account Info;;\bcred(ential)?(s)?\b
Keywords;;User Account Info;;\blog(i|o){1}n(s)?\b
Keywords;;User Account Info;;\b((passw(or)?d(s)?)|pwd)\b
Keywords;;User Account Info;;\b((user(name)?(s)?)|uname|uid|usr)\b
Keywords;;Passwd Assignment;;\b((passw(or)?d(s)?)|pwd)\b\s{0,4}[=:]{1,2}\s{0,3}[A-Za-z0-9_!@#$~%\/.><^&*();:-]+\b
Keywords;;Potentially Interesting;;\b((secur((e(s|d)?){1}|ing))|ssl|privacy|master)\b
Keywords;;Application;;\b(coded|config(uration)?(s)?|database|db|debug(ging)?|host(s)?|licens(e(d|s)?|ing){1}|log(file)?(s)?|quer(ie|y)(s)?|sql(s)?)\b
Keywords;;Personal;;\b(birth|dob|ein|email(s|ed)?|employe(e|es|r)|ident(ification|ity)?|maiden|personal|salar(ie|y)(s)?|ssn)\b
Keywords;;Cryptographic Data;;\b(aes|blowfish|cert(ificate)?(s)?|(de|en)?crypt(ed|o|ography|ing|s|ion)?|enc(ode(s|d)?)?|hash(ed|(e)?s)|hmac|pgp|secret(s)?|sha|md5|tea)\b
Keywords;;Commerce Info;;\b(account(s)?|cost(s)?|csc|currency|cv(c|v){1}|dollar(s)?|euro(s)?|income|loan(s)?)\b
Database Connection String;;ALL DB Connection Strings;;(server|host)=.*;.*database=.*;|data\ssource=.*;|ConnectionString
Database Connection String;;ALL DB Connection Strings Muliline;;(server|host)=.*;(.|\n|\r){0,4}.*database=.*;|data\ssource=.*;|ConnectionString
Custom;;External parameters;;root.loaderInfo\)+.parameters|_root\.|flashVars
Custom;;Sensitive functions;;XMLLoader|AMFService|SWFLoader|loadVariables|loadMovie|loadMovieNum|LoadVars\.load|LoadVars\.send|NetStream\.play|getDefinition|getDefinition|FScrollPane\.loadScrollContent|XML\.load|Sound\.loadSound|NetStream\.play|URLRequest|URLLoader|URLStream|LocalConnection|SharedObject
Custom;;Interesting keywords;;allowInsecureDomain|allowDomain|ExternalInterface|load|xml|sql|url|flashvar|pass|TextField|encr