forked from Plazmaz/leaky-repo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecrets.csv
We can make this file beautiful and searchable if this error is corrected: Any value after quoted field isn't allowed in line 2.
87 lines (76 loc) · 2.53 KB
/
secrets.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#########################################################################################################
# We break secrets into two categories, "risk" and "informative".
# Lines that are "risk" presents an actual risk, "informative" discloses potentially sensitive or useful information.
# The CSV counts any line containing risk as "Risk", and lines with Informatives as "Informative".
# Lines with both risk and informative are treated as a single line of risk to simplify counting.
# Lines with multiple risks or informatives are still counted as 1.
#########################################################################################################
# name,num_risk,num_informative
.bash_profile,6,5
.bashrc,3,3
# Here the users are informative, the auth is risk.
# The URLs may be informative in rare cases, but will likely
# just be docker hub in most cases.
.docker/.dockercfg,2,2
# Same as above
.docker/config.json,2,2
# For all 4 firefox profiles:
# Risk: encryptedUsername, encryptedPassword
# Informative: hostname, timeCreated, timeLastUsed, timePasswordChanged, timesUsed
.mozilla/firefox/logins.json,8,20
.ssh/id_rsa,1,0
.ssh/id_rsa.pub,0,1
cloud/.credentials,2,2
cloud/.s3cfg,1,2
cloud/.tugboat,1,2
cloud/heroku.json,1,1
db/dump.sql,10,0
db/mongoid.yml,1,0
etc/shadow,1,0
filezilla/recentservers.xml,3,3
filezilla/filezilla.xml,2,1
high-entropy-misc.txt,0,2
misc-keys/cert-key.pem,1,0
# Putty has both public and private keys
misc-keys/putty-example.ppk,1,1
proftpdpasswd,1,0
web/ruby/config/master.key,1,0
web/ruby/secrets.yml,3,0
web/var/www/.env,6,4
.npmrc,2,1
web/var/www/public_html/wp-config.php,9,3
web/var/www/public_html/.htpasswd,1,0
.git-credentials,1,0
# Risk: userPassword, sshPassphrase, sshUserPassword
# Informative: serverHost, sshHost, sshUserName, userName
db/robomongo.json,3,4
web/js/salesforce.js,1,0
.netrc,2,0
hub,1,1
config,1,3
db/.pgpass,1,0
ventrilo_srv.ini,2,0
web/var/www/public_html/config.php,1,3
db/dbeaver-data-sources.xml,1,0
# Risk: password
# Informative: hostname, username
.esmtprc,2,1
web/django/settings.py,1,0
# Risk: password
# Informative: host, username, remotePath
deployment-config.json,3,1
# Risk: password, passphrase (for private key)
# Informative: host, user, remote
.ftpconfig,3,2
# Risk: password
# Informative: hostname, username
.remote-sync.json,1,2
# Risk: password
# Informative: host, remotePath, username
.vscode/sftp.json,1,3
# Risk: password
# Informative: host, remote_path, user
sftp-config.json,1,3
# Risk: fileTransfer password
# Informative: webServer name+url
.idea/WebServers.xml,1,1