FTP Credentials
Description
General
- Documentation: https://tools.ietf.org/html/rfc959
- Summary: File Transfer Protocol (FTP) is a network protocol designed for the transfer of files between a client and a server. This detector aims at finding FTP credentials in the form of variable assignments or a URI connection string.
- IPs allowlist: This can be implemented on the server side.
- Scopes: A given user can have a restricted access to some files and directories on the server.
Revoke the secret
A user credentials can be revoked or modified on the server side.
Check for suspicious activity
Logs can be stored and inspected on the server side.
Details for FTP URI credentials
-
Family: identifiers
-
Category: data_storage
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 5
-
Occurrences found for one million commits: 3.18
-
Prefixed: True
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^[aps]?cssc?~?$
- ^lock$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- ftp://
Examples
- text: |
e-mail: trf at zju ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn
http://givz.eju.edu.cn/cgcourse TA-email: Evaluation Assi
connection_uri: ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
scheme: ftp
- text: |
e-mail: trf at zju ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn
http://givz.eju.edu.cn/cgcourse TA-email: Evaluation Assi
connection_uri: ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn
username: supernameHH
password: $pwdStartingWithDollar2017
host: givz.eju.edu.cn
scheme: ftp
- text: |
conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22
connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp
- text: |
conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path
connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a
database: a
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp
- text: |
conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path
connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a
database: a
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp
- text: |
conn string sftp://anonymous:kjlrtq2017@givz.eju.edu.cn:22/my_db/file/path
connection_uri: sftp://anonymous:kjlrtq2017@givz.eju.edu.cn:22/my_db
database: my_db
username: anonymous
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp
Details for FTP credentials assignment
-
Family: identifiers
-
Category: data_storage
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 4
-
Occurrences found for one million commits: 6.0
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^[aps]?cssc?~?$
- ^lock$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- ftp
- type: ContentWhitelistPreValidator
patterns:
- password
- type: ContentWhitelistPreValidator
patterns:
- user
- type: ContentWhitelistPreValidator
patterns:
- port
- type: ContentWhitelistPreValidator
patterns:
- '22'
- '21'
Examples
- text: |
sftp_config:
host: '124.112.5.13'
username: 'root'
password: 'kjlrtq2017'
port: 22
host: 124.112.5.13
username: root
password: kjlrtq2017
port: '22'
- text: |
sftp_config:
host: '124.112.5.13'
username: 'iam-the-user'
password: 'kjlrtq2017'
port: 21
host: 124.112.5.13
username: iam-the-user
password: kjlrtq2017
port: '21'
- text: |
sftp_config:
site: 'lothal.sw'
username: 'iam-the-user'
password: 'kjlrtq2017-long3r.th@nusu@l'
port: 21
host: lothal.sw
username: iam-the-user
password: kjlrtq2017-long3r.th@nusu@l
port: '21'