Built-In Scanning Rules
Here is the list of vulnerabilities that are currently detected by Soteri's built-in scanning rules.
IT Services
Rule Name | Description |
|---|---|
| AWS Identity and Access Management Client IDs uniquely reference users, access keys. These unique IDs can provide access to your AWS instance by allowing users to get keys. |
| AWS Marketplace Web Service API Keys allow programmatic interfaces to Amazon Seller stores. |
| AWS Secret Access Keys allow for authenticated AWS CLI, SDK, and API access. |
| Azure Access Keys provide access to all data stored in Microsoft Azure. |
| Dynatrace Client Secrets allow for access to your Dynatrace instance API. |
| Elliptical Curve Private Keys - We detect many common SSH Private Key formats. |
| Facebook Application IDs |
| Facebook Application Secrets |
| Generic API Key - Contains logic to detect generic API Keys. |
| Generic Passwords - Contains logic to detect generic passwords. Note that this rule may generate many false positives, and is disabled by default. |
| Generic Secrets - Contains logic to detect generic secrets. |
| Github Authentication Tokens - This rule detects classic Github Authentication Tokens for personal use (both “classic” and “fine-grained”), as well as for Github Application OAuth. |
| Google API Keys |
| Google OAuth URLs |
| Google OAuth Tokens |
| Heroku API Keys |
| LinkedIn Client IDs |
| LinkedIn Client Secrets |
| Mailchimp API Key |
| Mailgun API Key |
| Generic Password in URL - Contains logic to detect passwords embedded in URLs |
| |
| PGP Private Keys |
| PKSC8 Private Keys - We detect many common SSH Private Key formats. |
| Python Package Index (PyPI) Upload Tokens allow verified publishing of python package to the global repository. |
| We detect many common SSH Private Key formats. |
| |
| Shopify Partner API access Tokens provide access to the a given store's API. |
| Shopify API Secrets give access to all aspects of the general Shopify API – this rule contains logic to detect Shared Secrets and Access Tokens for regular, Custom, and Private applications. |
| Slack API Tokens give access to various API features. |
| Slack Webhooks are secret URLs which give similar access as API Tokens. |
| Square Access Tokens |
| Square OAuth Secrets |
| Generic SSH Private Key - We detect many common SSH Private Key formats. |
| Public Key-half of key-based authentication. Weak public keys can be brute-force cracked by modern computers, and can represent equal vulnerability to the private-key half of the pair. Since properly-generated public keys are not a threat, this rule is disabled by default. |
| Trojan Source detects left-to-right and right-to-left unicode control characters which can be used to obscure malicious code. For more information, see the Trojan Source paper and CVE-2021-42574 in the NIST Database. Note: the homoglyph attack described in this paper, and tracked as CVE-2021-42694 in the NIST Database, is not detected by this rule, as it can generate a lot of false positives for non-English languages. See “Mitigating Trojan Source Attacks” for Soteri’s recommendations if you’re interested in detecting potential homoglyph attacks. |
| Stripe API Key |
| Twilio Account ID - part of the Twilio API |
| Twilio API Key - part of the Twilio API |
| Twitter Client ID |
| Twitter Secret Key |
Financial
Rule Name | Description |
|---|---|
| Detects bank account information like routing numbers, etc. which may accompany more sensitive information. |
| Detects credit card numbers. |
| Detects United States Social Security Numbers. |
Enabling and disabling built-in rules is an audited event.