chg: [password_leak] add the rule from PasteHunter to find password_leak

TODO: compare with the built-in credentials module in AIL
ail-project · Jul 12, 2024 · 09c09d4 · 09c09d4
1 parent 3ccbec3
commit 09c09d4
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/rules/password/password_leak.yar b/rules/password/password_leak.yar
@@ -0,0 +1,22 @@
+/*
+    These rules attempt to find password leaks / dumps
+*/
+
+rule password_list
+{
+    meta:
+        author = "@KevTheHermit and @Plazmaz"
+        info = "Part of PasteHunter"
+        reference = "https://github.com/kevthehermit/PasteHunter"
+
+    strings:
+        // Email validation---------------------------------------------------V
+        // Optional quotes -----------------------------------------------------v
+        // Seperator char (:|,) ------------------------------------------------------v
+        // Continue until word boundary or space ----------------------------------------------v
+        $data_format = /\b[\w-]+(\.[\w-]+)*@[\w-]+(\.[\w-]+)*\.[a-zA-Z-]+[\w-]["|']?(:|\|)[^\b\s]+\b/
+
+    condition:
+        #data_format > 10
+
+}