Search code examples
regexpasswords

Regex to scan a password with only alphabets and numbers and not any special character enclosed within double quotes or space

I am using trufflehog for secret scanning.I need a regex that will scan for the password in a directory.

Regex must cover sample secrets mentioned below:

  1. docker login -u "username" -p "AKCp5budTFpbypBqQbGJPz3pGCi28pPiJhWczqjfYb9drAmd9LbRZbj6UpKFxJXA8ksWGc9fM" docker.net
  2. BcClOi9FKdx77snJ36VC
  3. helm registry login -u "username" -p "j2o7zfkZ1d074Hgfklj7cwR3ghDj3sI4" registry.net

I tried with the below regex and it is detecting the third password mentioned from above 3, but without a space after the password.(Does not detect if I give the entire line as mentioned in option 3, but works if I remove space and registry.net)

\\b(?=.*[0-9]{2,})(?=.*[a-z]{2,})(?=.*[A-Z]{2,})(?=\\S+$)[^-@#:$%^&+=/,<>()._]{30,33}\\b

  1. Passwords are alphanumeric(must contain lower case, upper case and numbers)
  2. Does not have any special characters in between
  3. Are surrounded by either double quotes or space

Please help me frame 3 different regex to scan these passwords.

Solution

  • You can try:

    \b"?(?=[^'"@#^:$%&+=\/,<>()._\s-]*?[a-z])(?=[^'"@#^:$%&+=\/,<>()._\s-]*?[A-Z])(?=[^'"@#^:$%&+=\/,<>()._\s-]*?\d)[^'"@#^:$%&+=\/,<>()._\s-]{20,}"?\b

    Regex demo.