source_code_secrets

Code Repositories

The Source Code Secrets dataset is available to users who want to monitor Github, GitLab, and Bitbucket for accidental disclosure of sensitive information. Often times programmers post sensitive information in their code without realizing that access to the code is public. Users can search for Client IDs, usernames, potential cryptographic private keys, and more.

Field	Description
etl_date	date data was exported, transformed or loaded (ETL)
first_seen	when code repository data was first observed
git_account	code repository account username
git_host	website hosting the code repository (Github, Bitbucket, Gitlab)
last_seen	when code repository data was last observed
matches	sensitive information identified in code repository
matching_file	file containing sensitive information identified in code repository
reference	code repository URL
repository_name	name of code repository
signature_name	description of the sensitive information identified in code repository

List of signatures detected in source_code_secrets index:

1. 1Password password manager database file

2. AWS Access Key ID Value

3. AWS Access Key ID

4. AWS Account ID

5. AWS CLI credentials file

6. AWS Secret Access Key

7. AWS Session Token

8. AWS cred file info

9. Amazon MWS Auth Token

10. Apache htpasswd file

11. Apple Keychain database file

12. Artifactory

13. Azure service configuration schema file

14. Carrierwave configuration file

15. Chef Knife configuration file

16. Chef private key

17. CodeClimate

18. Configuration file for auto-login process

19. Contains a private key

20. Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not

21. encrypted!)

22. Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and

23. credentials

24. Created by sftp-deployment for Atom, contains server details and credentials

25. Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentials

26. DBeaver SQL database manager configuration file

27. Day One journal file

28. DigitalOcean doctl command-line client configuration file

29. Django configuration file

30. Docker configuration file

31. Docker registry authentication file

32. Environment configuration file

33. Facebook Client ID

34. Facebook Secret Key

35. Facebook access token

36. FileZilla FTP configuration file

37. FileZilla FTP recent servers file

38. Firefox saved password collection (can be decrypted using keys4.db)

39. GNOME Keyring database file

40. Git configuration file

41. GitHub Hub command-line client configuration file

42. Github Key

43. GnuCash database file

44. Google (GCM) Service account

45. Google Cloud API Key

46. Google OAuth Access Token

47. Google OAuth Key

48. Heroku API key

49. Heroku config file

50. Hexchat/XChat IRC client server list configuration file

51. HockeyApp

52. Irssi IRC client configuration file

53. Java keystore file

54. Jenkins publish over SSH plugin file

55. KDE Wallet Manager database file

56. KeePass password manager database file

57. LinkedIn Secret Key

58. Linkedin Client ID

59. Little Snitch firewall configuration file

60. Log file

61. MailChimp API Key

62. MailGun API Key

63. Microsoft BitLocker Trusted Platform Module password file

64. Microsoft BitLocker recovery key file

65. Microsoft SQL database file

66. Microsoft SQL server compact database file

67. Mongoid config file

68. Mutt e-mail client configuration file

69. MySQL client command history file

70. MySQL dump w/ bcrypt hashes

71. NPM configuration file

72. Network traffic capture file

73. NuGet API Key

74. OmniAuth configuration file

75. OpenVPN client configuration file

76. Outlook team

77. PHP configuration file

78. Password Safe database file

79. PayPal/Braintree Access Token

80. Picatic API key

81. Pidgin OTR private key

82. Pidgin chat client account configuration file

83. PostgreSQL client command history file

84. PostgreSQL password file

85. Potential Jenkins credentials file

86. Potential Linux passwd file

87. Potential Linux shadow file

88. Potential MediaWiki configuration file

89. Potential PuTTYgen private key

90. Potential Ruby On Rails database configuration file

91. Potential cryptographic key bundle

92. Potential cryptographic private key

93. Potential jrnl journal file

94. Private SSH key

95. Public ssh key

96. Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)

97. Recon-ng web reconnaissance framework API key database

98. Remote Desktop connection file

99. Robomongo MongoDB manager configuration file

100. Ruby IRB console history file

101. Ruby On Rails secret token configuration file

102. Ruby on rails secrets.yml file (contains passwords)

103. Rubygems credentials file

104. S3cmd configuration file

105. SFTP connection configuration file

106. SQL Data dump file

107. SQL dump file

108. SQLite database file

109. SQLite3 database file

110. SSH Password

111. SSH configuration file

112. Salesforce credentials in a nodejs project

113. Sauce Token

114. SendGrid API Key

115. Sequel Pro MySQL database manager bookmark file

116. Shell command alias configuration file

117. Shell command history file

118. Shell configuration file

119. Shell profile configuration file

120. Slack Token

121. Slack Webhook

122. SonarQube Docs API Key

123. Square Access Token

124. Square OAuth Secret

125. StackHawk API Key

126. Stripe API key

127. T command-line Twitter client configuration file

128. Terraform variable config file

129. Tugboat DigitalOcean management tool configuration

130. Tunnelblick VPN configuration file

131. Twilo API Key

132. Twitter Client ID

133. Twitter Secret Key

134. Username and password in URI

135. Ventrilo server configuration file

136. WP-Config

137. Windows BitLocker full volume encrypted data file

138. cPanel backup ProFTPd credentials file

139. esmtp configuration

140. git-credential-store helper credentials file

141. netrc with SMTP credentials