Skip to main content

FTP Credentials

Description

General

  • Documentation: https://tools.ietf.org/html/rfc959
  • Summary: File Transfer Protocol (FTP) is a network protocol designed for the transfer of files between a client and a server. This detector aims at finding FTP credentials in the form of variable assignments or a URI connection string.
  • IPs allowlist: This can be implemented on the server side.
  • Scopes: A given user can have a restricted access to some files and directories on the server.

Revoke the secret

A user credentials can be revoked or modified on the server side.

Check for suspicious activity

Logs can be stored and inspected on the server side.

Details for Username and password in ftp

  • Family: Other

  • Category: Data storage

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 3.18

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions:
- ^[aps]?cssc?~?$
- ^lock$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- ftp://

Examples

- text: |
e-mail: trf at zju ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn
http://givz.eju.edu.cn/cgcourse TA-email: Evaluation Assi
connection_uri: ftp://supernameHH:kjlrtq2017@givz.eju.edu.cn
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
scheme: ftp

- text: |
e-mail: trf at zju ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn
http://givz.eju.edu.cn/cgcourse TA-email: Evaluation Assi
connection_uri: ftp://supernameHH:$pwdStartingWithDollar2017@givz.eju.edu.cn
username: supernameHH
password: $pwdStartingWithDollar2017
host: givz.eju.edu.cn
scheme: ftp

- text: |
conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22
connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp

- text: |
conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path
connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a
database: a
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp

- text: |
conn string sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a/file/path
connection_uri: sftp://supernameHH:kjlrtq2017@givz.eju.edu.cn:22/a
database: a
username: supernameHH
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp

- text: |
conn string sftp://anonymous:kjlrtq2017@givz.eju.edu.cn:22/my_db/file/path
connection_uri: sftp://anonymous:kjlrtq2017@givz.eju.edu.cn:22/my_db
database: my_db
username: anonymous
password: kjlrtq2017
host: givz.eju.edu.cn
port: '22'
scheme: sftp

Details for Ftp credentials assignment

  • Family: Other

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 6.0

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions:
- ^[aps]?cssc?~?$
- ^lock$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- ftp
- type: ContentWhitelistPreValidator
patterns:
- password
- type: ContentWhitelistPreValidator
patterns:
- user
- type: ContentWhitelistPreValidator
patterns:
- port
- type: ContentWhitelistPreValidator
patterns:
- '22'
- '21'

Examples

- text: |
sftp_config:
host: '124.112.5.13'
username: 'root'
password: 'kjlrtq2017'
port: 22
host: 124.112.5.13
username: root
password: kjlrtq2017
port: '22'

- text: |
sftp_config:
host: '124.112.5.13'
username: 'iam-the-user'
password: 'kjlrtq2017'
port: 21
host: 124.112.5.13
username: iam-the-user
password: kjlrtq2017
port: '21'

- text: |
sftp_config:
site: 'lothal.sw'
username: 'iam-the-user'
password: 'kjlrtq2017-long3r.th@nusu@l'
port: 21
host: lothal.sw
username: iam-the-user
password: kjlrtq2017-long3r.th@nusu@l
port: '21'

How can I help you ?