From d8ba561bf232fbef080d4cbcb8a0b10d84239f2b Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Mon, 2 Feb 2026 13:53:31 +0200 Subject: [PATCH 01/16] Create passwords.txt --- passwords.txt | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 passwords.txt diff --git a/passwords.txt b/passwords.txt new file mode 100644 index 0000000..2a4ddf4 --- /dev/null +++ b/passwords.txt @@ -0,0 +1,43 @@ + # test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY + # These are fake values that match secret patterns + + # AWS Access Key (AKIA + 16 alphanumeric) + AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" + AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + + # GitHub Personal Access Token (classic - 40 chars after ghp_) + GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # GitHub Personal Access Token (fine-grained) + GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk" + + # Slack Bot Token + SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + + # Slack Webhook + SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" + + # Stripe Secret Key (live) + STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI" + + # SendGrid API Key + SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12" + + # NPM Access Token + NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # OpenAI API Key + OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD" + + # Google API Key + GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678" + + # Private RSA Key + PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr + stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst + uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv + -----END RSA PRIVATE KEY-----""" + + # Database connection string + DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production" From c987e8eafbf2d34e5c4603d927b8aa0a7d0a5de4 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Wed, 18 Mar 2026 12:02:45 +0200 Subject: [PATCH 02/16] Add files via upload --- dummy_secrets.py | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 dummy_secrets.py diff --git a/dummy_secrets.py b/dummy_secrets.py new file mode 100644 index 0000000..f41b71b --- /dev/null +++ b/dummy_secrets.py @@ -0,0 +1,2 @@ +AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" +AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" From 1d917843a82b840a26ef4f714f2d185195e61eb8 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Wed, 18 Mar 2026 12:05:13 +0200 Subject: [PATCH 03/16] Update dummy_secrets.py --- dummy_secrets.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dummy_secrets.py b/dummy_secrets.py index f41b71b..32194ab 100644 --- a/dummy_secrets.py +++ b/dummy_secrets.py @@ -1,2 +1,5 @@ AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + +# Slack Bot Token +SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" From c6a97772f298321e72411cdbc8b82a3eea343584 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Wed, 18 Mar 2026 12:07:07 +0200 Subject: [PATCH 04/16] Update dummy_secrets.py --- dummy_secrets.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dummy_secrets.py b/dummy_secrets.py index 32194ab..ceaa875 100644 --- a/dummy_secrets.py +++ b/dummy_secrets.py @@ -1,3 +1,5 @@ +import os + AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" From 3282a2dc56ad10631e83808e8344a8c1fb2eb1af Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Wed, 18 Mar 2026 12:39:57 +0200 Subject: [PATCH 05/16] Update dummy_secrets.py --- dummy_secrets.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dummy_secrets.py b/dummy_secrets.py index ceaa875..f0d39ea 100644 --- a/dummy_secrets.py +++ b/dummy_secrets.py @@ -5,3 +5,5 @@ # Slack Bot Token SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + +AWS_KEY := "AKIAIOSFODNN7EXAMPLE" From 33c035051d9f928bc2a9e1b86f93514068238f04 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Thu, 9 Apr 2026 19:13:26 +0300 Subject: [PATCH 06/16] Create dummy_secrets2.txt --- dummy_secrets2.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 dummy_secrets2.txt diff --git a/dummy_secrets2.txt b/dummy_secrets2.txt new file mode 100644 index 0000000..f0d39ea --- /dev/null +++ b/dummy_secrets2.txt @@ -0,0 +1,9 @@ +import os + +AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" +AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + +# Slack Bot Token +SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + +AWS_KEY := "AKIAIOSFODNN7EXAMPLE" From e7eadff4d7d54b5a9b6f6ea0751ec39db440de86 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Thu, 9 Apr 2026 21:46:08 +0300 Subject: [PATCH 07/16] Update dummy_secrets2.txt --- dummy_secrets2.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dummy_secrets2.txt b/dummy_secrets2.txt index f0d39ea..3b435f6 100644 --- a/dummy_secrets2.txt +++ b/dummy_secrets2.txt @@ -1,9 +1,9 @@ import os AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE" -AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" +AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYDUMMYYYKEY" # Slack Bot Token -SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" +SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-GfEdCbAhIjKlMnOpQrStUvWx" AWS_KEY := "AKIAIOSFODNN7EXAMPLE" From 9f8467b4f6825bc22435c0673a21586546ca976e Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Sun, 24 May 2026 12:23:49 +0300 Subject: [PATCH 08/16] Create pwd.txt --- pwd.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 pwd.txt diff --git a/pwd.txt b/pwd.txt new file mode 100644 index 0000000..568b0df --- /dev/null +++ b/pwd.txt @@ -0,0 +1 @@ +X2ti5FlE80L_lydjmlf0UF6A From 9d60522f7f7aeefa3ff1c1d82ccd1c1111f4de09 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Sun, 24 May 2026 12:27:29 +0300 Subject: [PATCH 09/16] Update pwd.txt --- pwd.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pwd.txt b/pwd.txt index 568b0df..c98808b 100644 --- a/pwd.txt +++ b/pwd.txt @@ -1 +1 @@ -X2ti5FlE80L_lydjmlf0UF6A +password=X2ti5FlE80L_lydjmlf0UF6A From fec0228f9fb7c0bfff26d265bb8b6b65f2179c55 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Sun, 24 May 2026 12:30:37 +0300 Subject: [PATCH 10/16] Create script.py --- script.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 script.py diff --git a/script.py b/script.py new file mode 100644 index 0000000..a7d3cbb --- /dev/null +++ b/script.py @@ -0,0 +1,46 @@ +import requests +import os +API_URL = "https://api.tomshein.com/v1/data" + +API_PASSWORD = "X2ti5FlE80L_lydjmlf0UF6A" +USERNAME = "erlis" + + +def make_api_call_basic_auth(): + print("--- Attempting Basic Auth API Call ---") + + try: + response = requests.get(API_URL, auth=(USERNAME, API_PASSWORD)) + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +def make_api_call_bearer_token(): + print("\n--- Attempting Bearer Token API Call ---") + headers = { + "Authorization": f"Bearer {API_PASSWORD}", + "Accept": "application/json" + } + + try: + response = requests.get(API_URL, headers=headers) + + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +if __name__ == "__main__": + make_api_call_basic_auth() + make_api_call_bearer_token() From 2ae97b3fe4e61c4b3e0cf3f50e24e64e450b8d9b Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Sun, 24 May 2026 12:33:04 +0300 Subject: [PATCH 11/16] Update script.py --- script.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script.py b/script.py index a7d3cbb..6e4797d 100644 --- a/script.py +++ b/script.py @@ -2,7 +2,7 @@ import os API_URL = "https://api.tomshein.com/v1/data" -API_PASSWORD = "X2ti5FlE80L_lydjmlf0UF6A" +API_PASSWORD = "tG7$vP9&kL2#mZ5@" USERNAME = "erlis" From 8a7d76019a7f9bec82d3efe3b4bab501ff3ac895 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Sun, 24 May 2026 12:34:39 +0300 Subject: [PATCH 12/16] Update script.py --- script.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script.py b/script.py index 6e4797d..a96407f 100644 --- a/script.py +++ b/script.py @@ -2,7 +2,7 @@ import os API_URL = "https://api.tomshein.com/v1/data" -API_PASSWORD = "tG7$vP9&kL2#mZ5@" +API_PASSWORD = "admin123" USERNAME = "erlis" From 01c86b8701e29ee6673900587969698897adb785 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Sun, 24 May 2026 12:38:11 +0300 Subject: [PATCH 13/16] Create connect.py --- connect.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 connect.py diff --git a/connect.py b/connect.py new file mode 100644 index 0000000..83b7112 --- /dev/null +++ b/connect.py @@ -0,0 +1,46 @@ +import requests +import os +API_URL = "https://api.tomshein.com/v1/data" + +API_PASSWORD = "tG7$vP9&kL2#mZ5@_qR4!" +USERNAME = "erlis" + + +def make_api_call_basic_auth(): + print("--- Attempting Basic Auth API Call ---") + + try: + response = requests.get(API_URL, auth=(USERNAME, API_PASSWORD)) + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +def make_api_call_bearer_token(): + print("\n--- Attempting Bearer Token API Call ---") + headers = { + "Authorization": f"Bearer {API_PASSWORD}", + "Accept": "application/json" + } + + try: + response = requests.get(API_URL, headers=headers) + + if response.status_code == 200: + print("Success! Data received:") + print(response.json()) + else: + print(f"Failed. Server responded with status code: {response.status_code}") + + except requests.exceptions.RequestException as e: + print(f"A network error occurred: {e}") + + +if __name__ == "__main__": + make_api_call_basic_auth() + make_api_call_bearer_token() From 39134a83e141083b1d9798a9f04323c154fa6622 Mon Sep 17 00:00:00 2001 From: annam-iyer <129521154+annam-iyer@users.noreply.github.com> Date: Wed, 27 May 2026 09:20:22 -0400 Subject: [PATCH 14/16] Add generic secrets for testing purposes Added generic secrets for testing, including an API key, bearer token, and RSA private key. --- genericsecrets.py | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 genericsecrets.py diff --git a/genericsecrets.py b/genericsecrets.py new file mode 100644 index 0000000..bb779e3 --- /dev/null +++ b/genericsecrets.py @@ -0,0 +1,33 @@ +import os + +# ========================================== +# GENERIC SECRETS FOR TESTING +# ========================================== + +# 1. Generic High-Entropy API Key / Token +# GitHub's secret scanning looks for high-entropy strings assigned to variables like 'API_KEY' +GENERIC_API_KEY = "6b4f7e2d9a1c8b3f5e0d4c2b1a9e8f7d6c5b4a3" + +# 2. Generic Bearer Token +BEARER_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyN1c2VyIjoia2V2aW4ifQ.signature_here" + +# 3. RSA Private Key Block +# GitHub scanning looks for the standard BEGIN/END headers of private cryptographic keys +FAKE_PRIVATE_KEY = """ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0Y2F4G3...[TRUNCATED FAKE DATA]... +-----END RSA PRIVATE KEY----- +""" + +def connect_to_service(): + """ + A dummy function demonstrating how these secrets are often + accidentally referenced or exposed in code. + """ + print("Attempting connection with token...") + # Simulated usage + token = os.getenv("PROD_SECRET", GENERIC_API_KEY) + return token + +if __name__ == "__main__": + connect_to_service() From bee8a2837293d92a45f1aedaff4b234f9229d240 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Thu, 28 May 2026 09:33:54 +0300 Subject: [PATCH 15/16] Add files via upload --- moresecretjunk.py | 43 +++++++++++++++++++++++++++++++++++++++++++ secretscanningtest.js | 10 ++++++++++ 2 files changed, 53 insertions(+) create mode 100644 moresecretjunk.py create mode 100644 secretscanningtest.js diff --git a/moresecretjunk.py b/moresecretjunk.py new file mode 100644 index 0000000..6b1f70a --- /dev/null +++ b/moresecretjunk.py @@ -0,0 +1,43 @@ + # test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY + # These are fake values that match secret patterns + + # AWS Access Key (AKIA + 16 alphanumeric) + AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" + AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + + # GitHub Personal Access Token (classic - 40 chars after ghp_) + GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # GitHub Personal Access Token (fine-grained) + GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk" + + # Slack Bot Token + SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + + # Slack Webhook + SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" + + # Stripe Secret Key (live) + STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI" + + # SendGrid API Key + SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12" + + # NPM Access Token + NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # OpenAI API Key + OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD" + + # Google API Key + GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678" + + # Private RSA Key + PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr + stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst + uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv + -----END RSA PRIVATE KEY-----""" + + # Database connection string + DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production" diff --git a/secretscanningtest.js b/secretscanningtest.js new file mode 100644 index 0000000..2dbcff1 --- /dev/null +++ b/secretscanningtest.js @@ -0,0 +1,10 @@ +// ⚠️ FAKE TOKENS FOR TESTING GITHUB SECRET SCANNING - DO NOT USE ⚠️ + +// FAKE NPM token - completely invalid, for testing only +const NPM_TOKEN = "npm_1234567890abcdefghijklmnopqrstuvwxyz"; + +// FAKE Slack Bot token - completely invalid, for testing only +const SLACK_BOT_TOKEN = "xoxb-1234567890-1234567890123-abcdefghijklmnopqrstuvwx"; + +// All tokens above are FAKE and will not work anywhere +module.exports = { NPM_TOKEN, SLACK_BOT_TOKEN }; From 1f15f935ae5d97b078af42f9cc96acf3c0465e11 Mon Sep 17 00:00:00 2001 From: "Tom (Artyom) Shein" Date: Thu, 28 May 2026 14:58:38 +0300 Subject: [PATCH 16/16] Create annam.env --- annam.env | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 annam.env diff --git a/annam.env b/annam.env new file mode 100644 index 0000000..c1085a7 --- /dev/null +++ b/annam.env @@ -0,0 +1,43 @@ +# test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY + # These are fake values that match secret patterns + + # AWS Access Key (AKIA + 16 alphanumeric) + AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE" + AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + + # GitHub Personal Access Token (classic - 40 chars after ghp_) + GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # GitHub Personal Access Token (fine-grained) + GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk" + + # Slack Bot Token + SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx" + + # Slack Webhook + SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX" + + # Stripe Secret Key (live) + STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI" + + # SendGrid API Key + SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12" + + # NPM Access Token + NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890" + + # OpenAI API Key + OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD" + + # Google API Key + GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678" + + # Private RSA Key + PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr + stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst + uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv + -----END RSA PRIVATE KEY-----""" + + # Database connection string + DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production"