Skip to main content

FTP Credentials

Description

General

  • Documentation: https://tools.ietf.org/html/rfc959
  • Summary: File Transfer Protocol (FTP) is a network protocol designed for the transfer of files between a client and a server. This detector aims at finding FTP credentials in the form of variable assignments or a URI connection string.
  • IPs allowlist: This can be implemented on the server side.
  • Scopes: A given user can have a restricted access to some files and directories on the server.

Revoke the secret

A user credentials can be revoked or modified on the server side.

Check for suspicious activity

Logs can be stored and inspected on the server side.

Details for FTP URI credentials

  • Family: identifiers

  • Category: data_storage

  • High recall: True

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 3.18

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^[aps]?cssc?~?$
    - ^lock$
    - ^storyboard(c|er)?~?$
    - ^xib$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - ftp://

Examples

- text: |
    e-mail: trf at zju ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn
    http://givz.eju.edu.cn/cgcourse TA-email: Evaluation  Assi
  connection_uri: ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn
  username: supernameHH
  password: kjlrtq2017
  host: givz.eju.edu.cn
  scheme: ftp

- text: |
    e-mail: trf at zju ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn
    http://givz.eju.edu.cn/cgcourse TA-email: Evaluation  Assi
  connection_uri: ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn
  username: supernameHH
  password: $pwdStartingWithDollar2017
  host: givz.eju.edu.cn
  scheme: ftp

- text: |
    conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22
  connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22
  username: supernameHH
  password: kjlrtq2017
  host: givz.eju.edu.cn
  port: '22'
  scheme: sftp

- text: |
    conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path
  connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a
  database: a
  username: supernameHH
  password: kjlrtq2017
  host: givz.eju.edu.cn
  port: '22'
  scheme: sftp

- text: |
    conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path
  connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a
  database: a
  username: supernameHH
  password: kjlrtq2017
  host: givz.eju.edu.cn
  port: '22'
  scheme: sftp

- text: |
    conn string sftp://anonymous:kjlrtq2017@givz.eju.edu.cn:22/my_db/file/path
  connection_uri: sftp://anonymous:kjlrtq2017@givz.eju.edu.cn:22/my_db
  database: my_db
  username: anonymous
  password: kjlrtq2017
  host: givz.eju.edu.cn
  port: '22'
  scheme: sftp

Details for FTP credentials assignment

  • Family: identifiers

  • Category: data_storage

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 6.0

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^[aps]?cssc?~?$
    - ^lock$
    - ^storyboard(c|er)?~?$
    - ^xib$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - ftp
- type: ContentWhitelistPreValidator
  patterns:
    - password
- type: ContentWhitelistPreValidator
  patterns:
    - user
- type: ContentWhitelistPreValidator
  patterns:
    - port
- type: ContentWhitelistPreValidator
  patterns:
    - '22'
    - '21'

Examples

- text: |
    sftp_config:
      host: '124.112.5.13'
      username: 'root'
      password: 'kjlrtq2017'
      port: 22
  host: 124.112.5.13
  username: root
  password: kjlrtq2017
  port: '22'

- text: |
    sftp_config:
      host: '124.112.5.13'
      username: 'iam-the-user'
      password: 'kjlrtq2017'
      port: 21
  host: 124.112.5.13
  username: iam-the-user
  password: kjlrtq2017
  port: '21'

- text: |
    sftp_config:
      site: 'lothal.sw'
      username: 'iam-the-user'
      password: 'kjlrtq2017-long3r.th@nusu@l'
      port: 21
  host: lothal.sw
  username: iam-the-user
  password: kjlrtq2017-long3r.th@nusu@l
  port: '21'
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status