feat: Add detection rules for SSH RSA keys

Signed-off-by: HAHWUL <[email protected]>
owasp-noir · Nov 14, 2024 · 175b1e4 · 175b1e4
1 parent de0bf9f
commit 175b1e4
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/secrets/ssh-rsa-key.yaml b/secrets/ssh-rsa-key.yaml
@@ -0,0 +1,18 @@
+id: ssh-rsa-key
+info:
+  name: Detect SSH_RSA_KEY
+  author: [hahwul]
+  severity: critical
+  description: Detects the presence of SSH RSA keys in the code
+  reference: ['']
+matchers-condition: or
+matchers:
+  - type: word
+    patterns: ['ssh-rsa']
+    condition: or
+  - type: regex
+    patterns:
+      - 'ssh-rsa\s+[A-Za-z0-9+/=]{100,}'
+    condition: or
+category: secret
+techs: ['*']