Asymmetric Private Keys

• Link

-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----

AWS Secret Key Regex

• Link

(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]

Email Address Finder

This regex will find any email address within the source

\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b

Curl Example:

curl -sk https://example.com/contact-us/ | grep -oE "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" | sort | uniq

Header Finder

Finding the important headers may be a bit tricky within BurpSuite and therefore this regex may help highlighting the important headers to lookout for.

Content-Security-Policy|X-Content-Type-Options|X-Frame-Options|Strict-Transport-Security

10 requests Bash

Sends 10 requests and greps for Server header. Perfect to note version differences which may indicate Load Balancers. Change Accordingly!

for i in {1..10}; do curl -sI "https://example.com/" | grep -i "Server:"; done

IP Address Finder

• Find IPv4 Addresses

\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b

• Searches for Private IPv4 addresses only

(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)

• Searches for Private IPv4 addresses and IPv6

/(^127\.)|(^192\.168\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^::1$)|(^[fF][cCdD])/

• Finds any IP Address

curl -s https://www.example.com/ | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"

Path Finder

This regex will find any path within a file. For example within [[JS Files]] where paths may hide. It's tedious and neither fun to read thousands of JavaScript code. This is why Regex is used to speed up the process!

(?:"|')(?:((?:[a-zA-Z]{1,10}:\/\/|\/\/)[^\"'\/]{1,}\.[a-zA-Z]{2,}[^\"']{0,})|((?:\/|\.\.\/|\.\/)[^\"'><,;| *()(%%$^\/\\\[\]][^\"'><,;|()]{1,})|([a-zA-Z0-9_\-\/]{1,}\/[a-zA-Z0-9_\-\/]{1,}\.[a-z]{1,4}(?:[\?|\/][^\"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp)(?:\?[^\"|']{0,}|)))(?:"|')

(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;| *()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:[\?|#][^"|']{0,}|)))(?:"|')

Source Code Identifiers

These regexes will attempt to grep for source code disclosures within given file or endpoint. Reason why I made this, is because in burp, I got a source code disclosure in a JS file response that was over 20 million bytes (160MB) large. This made burp bail out and say This message is too large to display. This is why I already made these regexes to find the source codes.

• PHP Source Code PHP begins with <?php and ends with ?>

curl -sk https://example.com/path/to/file.js | grep -ioP "<\?php(.*?)\?>"

• ASP & ASPX Source Code ASP begins with <% and ends with %>

curl -sk https://example.com/path/to/file.js | grep -ioP "<%(.*?)%>"

WebPack Paths

I have honestly not researched what WebPack is, all I know is that you may find it used on some websites. Such as in Developers Console within the Debugger menu. With some cleanup, it may be used as additional output

curl -sk https://example.com/_nuxt/f06eb3d.js.map | grep -oE 'webpack://[a-zA-Z0-9&./?=_%:-]*'