Skip to main content

FTP Credentials

Description#

General#

  • Documentation: https://tools.ietf.org/html/rfc959
  • Summary: File Transfer Protocol (FTP) is a network protocol designed for the transfer of files between a client and a server. This detector aims at finding FTP credentials in the form of variable assignments or a URI connection string.
  • IPs allowlist: This can be implemented on the server side.
  • Scopes: A given user can have a restricted access to some files and directories on the server.

Revoke the secret#

A user credentials can be revoked or modified on the server side.

Check for suspicious activity#

Logs can be stored and inspected on the server side.

Details for Username and password in ftp#

  • Category: Data storage

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 8

  • Occurrences found for one million commits: 13.4

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^[aps]?cssc?~?$  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - ftp://

Examples#

- text: >    e-mail: trf at zju ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn    http://givz.eju.edu.cn/cgcourse TA-email: Evaluation  Assi  connection_uri: ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn  username: supernameHH  password: kjlrtq2017  host: givz.eju.edu.cn  scheme: ftp
- text: >    e-mail: trf at zju ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn    http://givz.eju.edu.cn/cgcourse TA-email: Evaluation  Assi  connection_uri: ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn  username: supernameHH  password: $pwdStartingWithDollar2017  host: givz.eju.edu.cn  scheme: ftp
# FTP servers often offer anonymous access, where users are expected to log in with# the `anonymous` username and their email address as password- text: >    Anonymous FTP access: ftp://anonymous:john.wirtz@email.com@ftp.fileserver.fr  connection_uri: ftp://anonymous:john.wirtz@email.com@ftp.fileserver.fr  username: anonymous  password: john.wirtz@email.com  host: ftp.fileserver.fr  scheme: ftp
- text: >    conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22  connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22  username: supernameHH  password: kjlrtq2017  host: givz.eju.edu.cn  port: "22"  scheme: sftp
- text: >    conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path  connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a  database: a  username: supernameHH  password: kjlrtq2017  host: givz.eju.edu.cn  port: "22"  scheme: sftp
- text: >    conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path  connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a  database: a  username: supernameHH  password: kjlrtq2017  host: givz.eju.edu.cn  port: "22"  scheme: sftp

Details for Ftp credentials assignment#

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 6.96

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^[aps]?cssc?~?$  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - ftp- type: ContentWhitelistPreValidator  patterns:  - password- type: ContentWhitelistPreValidator  patterns:  - user- type: ContentWhitelistPreValidator  patterns:  - port- type: ContentWhitelistPreValidator  patterns:  - '22'  - '21'

Examples#

- text: >    sftp_config:      host: '124.112.5.13'      username: 'root'      password: 'kjlrtq2017'      port: 22  host: 124.112.5.13  username: root  password: kjlrtq2017  port: "22"
- text: >    sftp_config:      host: '124.112.5.13'      username: 'iam-the-user'      password: 'kjlrtq2017'      port: 21  host: 124.112.5.13  username: iam-the-user  password: kjlrtq2017  port: "21"