From b03f82d1fcd0e5f04a14409504958ac283ca934c Mon Sep 17 00:00:00 2001 From: PabloLec Date: Tue, 12 Oct 2021 11:19:24 +0200 Subject: [PATCH 1/4] Fix type in name capitalization test --- tests/test_regex_formatting.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_regex_formatting.py b/tests/test_regex_formatting.py index f657611..65b5cc2 100644 --- a/tests/test_regex_formatting.py +++ b/tests/test_regex_formatting.py @@ -19,7 +19,7 @@ def test_name_capitalization(): assert word.title() == word, ( f'Wrong capitalization in regex name: "{entry_name}"\n' f'Expected: "{entry_name.title()}"\n' - "Please capitalize every the first letter of each word." + "Please capitalize the first letter of each word." ) From 756ceab6f0bfba725c5730824843398d4aa21e3d Mon Sep 17 00:00:00 2001 From: PabloLec Date: Tue, 12 Oct 2021 11:43:16 +0200 Subject: [PATCH 2/4] Add mount and fstab entries --- pywhat/Data/regex.json | 26 +++++++++++++++++++++++++- tests/test_regex_identifier.py | 26 ++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) diff --git a/pywhat/Data/regex.json b/pywhat/Data/regex.json index e01426d..ac8a920 100644 --- a/pywhat/Data/regex.json +++ b/pywhat/Data/regex.json @@ -1026,6 +1026,30 @@ "Bug Bounty" ] }, + { + "Name": "Mount Command With Clear Credentials", + "Regex": "^(mount(.cifs)?[ ]+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", + "plural_name": false, + "Description": null, + "Rarity": 1, + "URL": null, + "Tags": [ + "Credentials", + "Bug Bounty" + ] + }, + { + "Name": "CIFS Fstab Entry With Clear Credentials", + "Regex": "^(cifs[ ]+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", + "plural_name": false, + "Description": null, + "Rarity": 1, + "URL": null, + "Tags": [ + "Credentials", + "Bug Bounty" + ] + }, { "Name": "Google Cloud Platform API Key", "Regex": "(?i)^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$", @@ -1783,7 +1807,7 @@ "ObjectID" ] }, - + { "Name": "Recent Unix Timestamp", "Regex": "^([0-9]{10})$", diff --git a/tests/test_regex_identifier.py b/tests/test_regex_identifier.py index ea51253..52a1de6 100644 --- a/tests/test_regex_identifier.py +++ b/tests/test_regex_identifier.py @@ -1035,3 +1035,29 @@ def test_sshpass(): def test_sshpass_multiple_args(): res = r.check(["sshpass -P 'Please enter your password' -p MyPassw0RD!"]) _assert_match_first_item("SSHPass Clear Password Argument", res) + + +def test_mount_command(): + res = r.check(["mount -o username=myuser,password=password"]) + _assert_match_first_item("Mount Command With Clear Credentials", res) + + +def test_mountcifs_command(): + res = r.check(["mount.cifs -o username=myuser,password=password"]) + _assert_match_first_item("Mount Command With Clear Credentials", res) + + +def test_complex_mount_command(): + res = r.check( + [ + "mount -t cifs -osec=ntlmv2,password=S3cUr3D!,domain=mydomain,noserverino,username=H4x0r" + ] + ) + _assert_match_first_item("Mount Command With Clear Credentials", res) + + +def test_cifs_fstab_entry(): + res = r.check( + ["cifs uid=1000,password=password,gid=1000,noperm,nofail,username=myuser"] + ) + _assert_match_first_item("CIFS Fstab Entry With Clear Credentials", res) From 1b22e2db968c00acb6679f3c4a979cb042bf134f Mon Sep 17 00:00:00 2001 From: Pablo Lecolinet Date: Tue, 12 Oct 2021 14:54:38 +0200 Subject: [PATCH 3/4] Replace `[ ]+` by `\s+` --- pywhat/Data/regex.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pywhat/Data/regex.json b/pywhat/Data/regex.json index ac8a920..d580755 100644 --- a/pywhat/Data/regex.json +++ b/pywhat/Data/regex.json @@ -1015,7 +1015,7 @@ }, { "Name": "SSHPass Clear Password Argument", - "Regex": "^(sshpass [^\\n]*-p[ ]+[^ ]+)$", + "Regex": "^(sshpass [^\\n]*-p\s+[^ ]+)$", "plural_name": false, "Description": null, "Rarity": 1, @@ -1028,7 +1028,7 @@ }, { "Name": "Mount Command With Clear Credentials", - "Regex": "^(mount(.cifs)?[ ]+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", + "Regex": "^(mount(.cifs)?\s+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", "plural_name": false, "Description": null, "Rarity": 1, @@ -1040,7 +1040,7 @@ }, { "Name": "CIFS Fstab Entry With Clear Credentials", - "Regex": "^(cifs[ ]+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", + "Regex": "^(cifs\s+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", "plural_name": false, "Description": null, "Rarity": 1, From 9cf1a57d9474b1de29db53f77fe04eda41bc77af Mon Sep 17 00:00:00 2001 From: PabloLec Date: Tue, 12 Oct 2021 15:01:26 +0200 Subject: [PATCH 4/4] Fix regex --- pywhat/Data/regex.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pywhat/Data/regex.json b/pywhat/Data/regex.json index d580755..0d06164 100644 --- a/pywhat/Data/regex.json +++ b/pywhat/Data/regex.json @@ -1015,7 +1015,7 @@ }, { "Name": "SSHPass Clear Password Argument", - "Regex": "^(sshpass [^\\n]*-p\s+[^ ]+)$", + "Regex": "^(sshpass [^\\n]*-p\\s+[^ ]+)$", "plural_name": false, "Description": null, "Rarity": 1, @@ -1028,7 +1028,7 @@ }, { "Name": "Mount Command With Clear Credentials", - "Regex": "^(mount(.cifs)?\s+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", + "Regex": "^(mount(.cifs)?\\s+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", "plural_name": false, "Description": null, "Rarity": 1, @@ -1040,7 +1040,7 @@ }, { "Name": "CIFS Fstab Entry With Clear Credentials", - "Regex": "^(cifs\s+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", + "Regex": "^(cifs\\s+[^\\n]*(username=[^, \\n]+[^\\n ]*password=[^, \\n]+|password=[^, \\n]+[^\\n ]*username=[^, \\n]+))$", "plural_name": false, "Description": null, "Rarity": 1,