diff --git a/annam.env b/annam.env new file mode 100644 index 0000000..c1085a7 --- /dev/null +++ b/annam.env @@ -0,0 +1,43 @@ +# test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY + # These are fake values that match secret patterns + + # AWS Access Key (AKIA + 16 alphanumeric) + AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" + AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + + # GitHub Personal Access Token (classic - 40 chars after ghp_) + GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # GitHub Personal Access Token (fine-grained) + GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk" + + # Slack Bot Token + SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + + # Slack Webhook + SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" + + # Stripe Secret Key (live) + STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI" + + # SendGrid API Key + SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12" + + # NPM Access Token + NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # OpenAI API Key + OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD" + + # Google API Key + GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678" + + # Private RSA Key + PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr + stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst + uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv + -----END RSA PRIVATE KEY-----""" + + # Database connection string + DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production" diff --git a/connect.py b/connect.py new file mode 100644 index 0000000..83b7112 --- /dev/null +++ b/connect.py @@ -0,0 +1,46 @@ +import requests +import os +API_URL = "https://api.tomshein.com/v1/data" + +API_PASSWORD = "tG7$vP9&kL2#mZ5@_qR4!" +USERNAME = "erlis" + + +def make_api_call_basic_auth(): + print("--- Attempting Basic Auth API Call ---") + + try: + response = requests.get(API_URL, auth=(USERNAME, API_PASSWORD)) + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +def make_api_call_bearer_token(): + print("\n--- Attempting Bearer Token API Call ---") + headers = { + "Authorization": f"Bearer {API_PASSWORD}", + "Accept": "application/json" + } + + try: + response = requests.get(API_URL, headers=headers) + + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +if __name__ == "__main__": + make_api_call_basic_auth() + make_api_call_bearer_token() diff --git a/dummy_secrets.py b/dummy_secrets.py new file mode 100644 index 0000000..f0d39ea --- /dev/null +++ b/dummy_secrets.py @@ -0,0 +1,9 @@ +import os + +AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" +AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + +# Slack Bot Token +SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + +AWS_KEY := "AKIAIOSFODNN7EXAMPLE" diff --git a/dummy_secrets2.txt b/dummy_secrets2.txt new file mode 100644 index 0000000..3b435f6 --- /dev/null +++ b/dummy_secrets2.txt @@ -0,0 +1,9 @@ +import os + +AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" +AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYDUMMYYYKEY" + +# Slack Bot Token +SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-GfEdCbAhIjKlMnOpQrStUvWx" + +AWS_KEY := "AKIAIOSFODNN7EXAMPLE" diff --git a/genericsecrets.py b/genericsecrets.py new file mode 100644 index 0000000..bb779e3 --- /dev/null +++ b/genericsecrets.py @@ -0,0 +1,33 @@ +import os + +# ========================================== +# GENERIC SECRETS FOR TESTING +# ========================================== + +# 1. Generic High-Entropy API Key / Token +# GitHub's secret scanning looks for high-entropy strings assigned to variables like 'API_KEY' +GENERIC_API_KEY = "6b4f7e2d9a1c8b3f5e0d4c2b1a9e8f7d6c5b4a3" + +# 2. Generic Bearer Token +BEARER_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyN1c2VyIjoia2V2aW4ifQ.signature_here" + +# 3. RSA Private Key Block +# GitHub scanning looks for the standard BEGIN/END headers of private cryptographic keys +FAKE_PRIVATE_KEY = """ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0Y2F4G3...[TRUNCATED FAKE DATA]... +-----END RSA PRIVATE KEY----- +""" + +def connect_to_service(): + """ + A dummy function demonstrating how these secrets are often + accidentally referenced or exposed in code. + """ + print("Attempting connection with token...") + # Simulated usage + token = os.getenv("PROD_SECRET", GENERIC_API_KEY) + return token + +if __name__ == "__main__": + connect_to_service() diff --git a/moresecretjunk.py b/moresecretjunk.py new file mode 100644 index 0000000..6b1f70a --- /dev/null +++ b/moresecretjunk.py @@ -0,0 +1,43 @@ + # test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY + # These are fake values that match secret patterns + + # AWS Access Key (AKIA + 16 alphanumeric) + AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" + AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + + # GitHub Personal Access Token (classic - 40 chars after ghp_) + GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # GitHub Personal Access Token (fine-grained) + GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk" + + # Slack Bot Token + SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + + # Slack Webhook + SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" + + # Stripe Secret Key (live) + STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI" + + # SendGrid API Key + SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12" + + # NPM Access Token + NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # OpenAI API Key + OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD" + + # Google API Key + GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678" + + # Private RSA Key + PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr + stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst + uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv + -----END RSA PRIVATE KEY-----""" + + # Database connection string + DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production" diff --git a/passwords.txt b/passwords.txt new file mode 100644 index 0000000..2a4ddf4 --- /dev/null +++ b/passwords.txt @@ -0,0 +1,43 @@ + # test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY + # These are fake values that match secret patterns + + # AWS Access Key (AKIA + 16 alphanumeric) + AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" + AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + + # GitHub Personal Access Token (classic - 40 chars after ghp_) + GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # GitHub Personal Access Token (fine-grained) + GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk" + + # Slack Bot Token + SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + + # Slack Webhook + SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" + + # Stripe Secret Key (live) + STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI" + + # SendGrid API Key + SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12" + + # NPM Access Token + NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # OpenAI API Key + OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD" + + # Google API Key + GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678" + + # Private RSA Key + PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr + stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst + uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv + -----END RSA PRIVATE KEY-----""" + + # Database connection string + DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production" diff --git a/pwd.txt b/pwd.txt new file mode 100644 index 0000000..c98808b --- /dev/null +++ b/pwd.txt @@ -0,0 +1 @@ +password=X2ti5FlE80L_lydjmlf0UF6A diff --git a/script.py b/script.py new file mode 100644 index 0000000..a96407f --- /dev/null +++ b/script.py @@ -0,0 +1,46 @@ +import requests +import os +API_URL = "https://api.tomshein.com/v1/data" + +API_PASSWORD = "admin123" +USERNAME = "erlis" + + +def make_api_call_basic_auth(): + print("--- Attempting Basic Auth API Call ---") + + try: + response = requests.get(API_URL, auth=(USERNAME, API_PASSWORD)) + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +def make_api_call_bearer_token(): + print("\n--- Attempting Bearer Token API Call ---") + headers = { + "Authorization": f"Bearer {API_PASSWORD}", + "Accept": "application/json" + } + + try: + response = requests.get(API_URL, headers=headers) + + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +if __name__ == "__main__": + make_api_call_basic_auth() + make_api_call_bearer_token() diff --git a/secretscanningtest.js b/secretscanningtest.js new file mode 100644 index 0000000..2dbcff1 --- /dev/null +++ b/secretscanningtest.js @@ -0,0 +1,10 @@ +// ⚠️ FAKE TOKENS FOR TESTING GITHUB SECRET SCANNING - DO NOT USE ⚠️ + +// FAKE NPM token - completely invalid, for testing only +const NPM_TOKEN = "npm_1234567890abcdefghijklmnopqrstuvwxyz"; + +// FAKE Slack Bot token - completely invalid, for testing only +const SLACK_BOT_TOKEN = "xoxb-1234567890-1234567890123-abcdefghijklmnopqrstuvwx"; + +// All tokens above are FAKE and will not work anywhere +module.exports = { NPM_TOKEN, SLACK_BOT_TOKEN };