Skip to content

annam generic secrets test #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
annam-iyer wants to merge 22 commits into
base: main
Choose a base branch
from
Open

annam generic secrets test #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
d8ba561
Create passwords.txt
erl1s Feb 2, 2026
c987e8e
Add files via upload
erl1s Mar 18, 2026
16e2203
Merge pull request #1 from erl1s/feature-1
erl1s Mar 18, 2026
1d91784
Update dummy_secrets.py
erl1s Mar 18, 2026
d41d4ed
Merge pull request #2 from erl1s/feature-2
erl1s Mar 18, 2026
c6a9777
Update dummy_secrets.py
erl1s Mar 18, 2026
4a3b177
Merge pull request #3 from erl1s/feature-3
erl1s Mar 18, 2026
3282a2d
Update dummy_secrets.py
erl1s Mar 18, 2026
33c0350
Create dummy_secrets2.txt
erl1s Apr 9, 2026
e7eadff
Update dummy_secrets2.txt
erl1s Apr 9, 2026
9f8467b
Create pwd.txt
erl1s May 24, 2026
9d60522
Update pwd.txt
erl1s May 24, 2026
fec0228
Create script.py
erl1s May 24, 2026
2ae97b3
Update script.py
erl1s May 24, 2026
8a7d760
Update script.py
erl1s May 24, 2026
1e051ce
Merge pull request #4 from erl1s/erl1s-patch-1
erl1s May 24, 2026
01c86b8
Create connect.py
erl1s May 24, 2026
2d67455
Merge pull request #5 from erl1s/erl1s-patch-2
erl1s May 24, 2026
39134a8
Add generic secrets for testing purposes
annam-iyer May 27, 2026
f38e48a
Merge pull request #6 from erl1s/annam-generic-secrets
erl1s May 27, 2026
bee8a28
Add files via upload
erl1s May 28, 2026
1f15f93
Create annam.env
erl1s May 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions annam.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY
# These are fake values that match secret patterns

# AWS Access Key (AKIA + 16 alphanumeric)
AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE"
AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

# GitHub Personal Access Token (classic - 40 chars after ghp_)
GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890"

# GitHub Personal Access Token (fine-grained)
GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk"

# Slack Bot Token
SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx"

# Slack Webhook
SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"

# Stripe Secret Key (live)
STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI"

# SendGrid API Key
SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12"

# NPM Access Token
NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890"

# OpenAI API Key
OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD"

# Google API Key
GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678"

# Private RSA Key
PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr
stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst
uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv
-----END RSA PRIVATE KEY-----"""

# Database connection string
DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production"
46 changes: 46 additions & 0 deletions connect.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
import requests
import os
API_URL = "https://api.tomshein.com/v1/data"

API_PASSWORD = "tG7$vP9&kL2#mZ5@_qR4!"
USERNAME = "erlis"


def make_api_call_basic_auth():
print("--- Attempting Basic Auth API Call ---")

try:
response = requests.get(API_URL, auth=(USERNAME, API_PASSWORD))
if response.status_code == 200:
print("Success! Data received:")
print(response.json())
else:
print(f"Failed. Server responded with status code: {response.status_code}")

except requests.exceptions.RequestException as e:
print(f"A network error occurred: {e}")


def make_api_call_bearer_token():
print("\n--- Attempting Bearer Token API Call ---")
headers = {
"Authorization": f"Bearer {API_PASSWORD}",
"Accept": "application/json"
}

try:
response = requests.get(API_URL, headers=headers)

if response.status_code == 200:
print("Success! Data received:")
print(response.json())
else:
print(f"Failed. Server responded with status code: {response.status_code}")

except requests.exceptions.RequestException as e:
print(f"A network error occurred: {e}")


if __name__ == "__main__":
make_api_call_basic_auth()
make_api_call_bearer_token()
9 changes: 9 additions & 0 deletions dummy_secrets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import os

AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"
AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

# Slack Bot Token
SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx"

AWS_KEY := "AKIAIOSFODNN7EXAMPLE"
9 changes: 9 additions & 0 deletions dummy_secrets2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import os

AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"
AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYDUMMYYYKEY"

# Slack Bot Token
SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-GfEdCbAhIjKlMnOpQrStUvWx"

AWS_KEY := "AKIAIOSFODNN7EXAMPLE"
33 changes: 33 additions & 0 deletions genericsecrets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
import os

# ==========================================
# GENERIC SECRETS FOR TESTING
# ==========================================

# 1. Generic High-Entropy API Key / Token
# GitHub's secret scanning looks for high-entropy strings assigned to variables like 'API_KEY'
GENERIC_API_KEY = "6b4f7e2d9a1c8b3f5e0d4c2b1a9e8f7d6c5b4a3"

# 2. Generic Bearer Token
BEARER_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyN1c2VyIjoia2V2aW4ifQ.signature_here"

# 3. RSA Private Key Block
# GitHub scanning looks for the standard BEGIN/END headers of private cryptographic keys
FAKE_PRIVATE_KEY = """
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA0Y2F4G3...[TRUNCATED FAKE DATA]...
-----END RSA PRIVATE KEY-----
"""

def connect_to_service():
"""
A dummy function demonstrating how these secrets are often
accidentally referenced or exposed in code.
"""
print("Attempting connection with token...")
# Simulated usage
token = os.getenv("PROD_SECRET", GENERIC_API_KEY)
return token

if __name__ == "__main__":
connect_to_service()
43 changes: 43 additions & 0 deletions moresecretjunk.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# test_secrets.py - FOR EDUCATIONAL PURPOSES ONLY
# These are fake values that match secret patterns

# AWS Access Key (AKIA + 16 alphanumeric)
AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE"
AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

# GitHub Personal Access Token (classic - 40 chars after ghp_)
GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890"

# GitHub Personal Access Token (fine-grained)
GITHUB_FG_TOKEN = "github_pat_11ABCDEFG0123456789012_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcdefghijk"

# Slack Bot Token
SLACK_BOT_TOKEN = "xoxb-123456789012-9876543210987-AbCdEfGhIjKlMnOpQrStUvWx"

# Slack Webhook
SLACK_WEBHOOK = "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"

# Stripe Secret Key (live)
STRIPE_SECRET_KEY = "sk_live_51HxRABCDEFGhIjKlMnOpQrS0tUvWxYz1234567890AbCdEfGhI"

# SendGrid API Key
SENDGRID_API_KEY = "SG.abcdefghijklmnop.qrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ12"

# NPM Access Token
NPM_TOKEN = "npm_aBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890"

# OpenAI API Key
OPENAI_API_KEY = "sk-proj-abcdefghijklmnopqrstuvwxyz1234567890ABCD"

# Google API Key
GOOGLE_API_KEY = "AIzaSyAbCdEfGhIjKlMnOpQrStUvWxYz12345678"

# Private RSA Key
PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2Z3qX2BTLS4e3Iw4cXctK1234567890abcdefghijklmnopqr
stuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrst
uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuv
-----END RSA PRIVATE KEY-----"""

# Database connection string
DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd123@db.example.com:5432/production"
Loading