Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed #231 Datadog API #235

Merged
3 commits merged into from Dec 2, 2021
Merged

Fixed #231 Datadog API #235

3 commits merged into from Dec 2, 2021

Conversation

nodtem66
Copy link
Contributor

Prerequisites

Why do we need this pull request?

  • The old rarity of Datadog regexp was too high

What GitHub issues does this fix?

  • reduced rarity to 0
  • add Datalog Application API and Datadog Client key
  • add valid and invalid examples
  • remove a junk space in pyproject.toml

Copy / paste of output

API Key

shell:~$ poetry run what -r 0:1 68ec0cbd7d0da6770545614dfa573eec
Matched on: 6770545614
Name: Phone Number

Matched on: 677054561
Name: American Social Security Number
Description: An American Identification Number

Matched on: 68ec0cbd7d0da6770545614dfa573eec
Name: Datadog API Key
Description: An Datadog API Key
Exploit: Use the command below to verify that the API key is valid:
  $ curl -X GET https://api.datadoghq.com/api/v1/validate -H "Content-Type: application/json" -H "DD-API-KEY:
68ec0cbd7d0da6770545614dfa573eec"

Application Key

shell:~$ poetry run what -r 0:1 ba36266055c7495ce26bb12e86c7536b4a5e00cd
Matched on: ba36266055c7495ce26bb12e86c7536b4a5e00cd
Name: Bitly Secret Key
Exploit: Use the command below to verify that the secret key is valid:
  $ curl "https://api-ssl.bitly.com/v3/shorten?access_token=ba36266055c7495ce26bb12e86c7536b4a5e00cd&longUrl=https://www
.google.com"


Matched on: ba36266055c7495ce26bb12e86c7536b4a5e00cd
Name: Visual Studio App Center API Token

Matched on: ba36266055c7495ce26bb12e86c7536b4a5e00cd
Name: Amazon Web Services Secret Access Key
Exploit: Install awscli (https://aws.amazon.com/cli/), set the access key and secret to environment variables, and
execute the following command: $ AWS_ACCESS_KEY_ID=[ACCESS_KEY] AWS_SECRET_ACCESS_KEY=SECRET_KEY_HERE aws sts
get-caller-identity
 AWS credentials' permissions can be determined using enumerate-IAM (https://github.com/andresriancho/enumerate-iam).
 This gives broader view of the discovered AWS credentials privileges instead of just checking S3 buckets.
 $ git clone https://github.com/andresriancho/enumerate-iam
  cd  enumerate-iam
  ./enumerate-iam.py --access-key [ACCESS_KEY] --secret-key SECRET_KEY_HERE


Matched on: ba36266055c7495ce26bb12e86c7536b4a5e00cd
Name: Datadog Application Key
Description: An Datadog Application Key

Client Key

shell:~$ poetry run what -r 0:1 pub68ec0cbd7d0da6770545614dfa573eec
Matched on: 6770545614
Name: Phone Number

Matched on: 677054561
Name: American Social Security Number
Description: An American Identification Number

Matched on: pub68ec0cbd7d0da6770545614dfa573eec
Name: Datadog Client Token
Description: An Datadog client token

@nodtem66
Fixed bee-san#231 Datadog API
cc2a8a2 
- reduced rarity to 0
- add Datalog Application API and Datadog Client key
- add valid and invalid examples
- remove a junk space in `pyproject.toml`
@codecov-commenter
Copy link

codecov-commenter commented Nov 30, 2021
edited

Codecov Report

Merging #235 (c40c24a) into main (69da611) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #235   +/-   ##
=======================================
  Coverage   92.60%   92.60%           
=======================================
  Files          15       15           
  Lines        1217     1217           
=======================================
  Hits         1127     1127           
  Misses         90       90

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 69da611...c40c24a. Read the comment docs.

@nodtem66
Copy link
Contributor Author

nodtem66 commented Nov 30, 2021
edited

Ahh! CI errors on python 3.6 macos:

Error: Version 3.6 with arch x64 not found.

Is it the same as #217?

@ghost
Copy link

ghost commented Nov 30, 2021

Ahh! CI errors on python 3.6 macos:

Error: Version 3.6 with arch x64 not found.

Is it the same as #217?

Seems so

ghost
ghost reviewed Nov 30, 2021
View reviewed changes
pywhat/Data/regex.json Outdated Show resolved Hide resolved
ghost
ghost reviewed Nov 30, 2021
View reviewed changes
pywhat/Data/regex.json Outdated Show resolved Hide resolved
@nodtem66
Minor fixed bee-san#231
c40c24a 
- change the rarity of Datadog Client Key to 0.3
- remove `"Description"` of all Datadog RegExp
@ghost ghost merged commit d5ea9ce into bee-san:main Dec 2, 2021
@nodtem66 nodtem66 deleted the patch-231 branch December 3, 2021 06:23
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amadejpapez amadejpapez amadejpapez left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nodtem66 @codecov-commenter @amadejpapez