Skip to content

feat(secrets): add 5#14253

Merged
DhiyaneshGeek merged 24 commits intoprojectdiscovery:mainfrom
LloydCoder:main
Mar 2, 2026
Merged

feat(secrets): add 5#14253
DhiyaneshGeek merged 24 commits intoprojectdiscovery:mainfrom
LloydCoder:main

Conversation

@LloydCoder
Copy link
Copy Markdown
Contributor

@LloydCoder LloydCoder commented Dec 6, 2025

Adds high-signal templates for detecting leaked credentials from major Nigerian payment and betting platforms in http/secrets/:

  • Paystack live/test secret keys (tinlance-paystack-secret-exposure.yaml)
  • Flutterwave (Rave) secret keys (tinlance-flutterwave-secret-exposure.yaml)
  • Remita merchant IDs + API keys (tinlance-remita-credentials-exposure.yaml)
  • Interswitch Webpay MAC keys (tinlance-interswitch-webpay-exposure.yaml)
  • SportyBet/BetKing admin tokens (tinlance-sportybet-api-exposure.yaml)

All written/tested by @LloydCoder (Tinlance). Follows TEMPLATE-CREATION-GUIDE.md. No FPs expected due to multi-matchers. Verified with nuclei -validate.

Thanks to ProjectDiscovery! 🇳🇬 #newtemplate

@LloydCoder
Add tinlance-paystack-secret-exposure.yaml to http/secrets/
e978f7c 
New detector for Paystack key leaks. Follows guidelines. #newtemplate
@LloydCoder
Create tinlance-flutterwave-secret-exposure.yaml to http/secrets/
540ce53 
New detector for flutterwave. Tested with Nuclei v3.x. #newtemplate
@LloydCoder
Create tinlance-remita-credentials-exposure.yaml to http/secrets/
f2c8674 
New detector for Remita. Tested with Nuclei v3.x. #newtemplate
@LloydCoder
Create tinlance-interswitch-webpay-exposure.yaml to http/secrets/
d0f4651 
New detector for interswitch webpay. Tested with Nuclei v3.x. #newtemplate
@LloydCoder
Create tinlance-sportybet-api-exposure.yaml to http/secrets/
71f2dc9 
New detector for sportybet api. Tested with Nuclei v3.x. #newtemplate
@LloydCoder LloydCoder mentioned this pull request Dec 6, 2025
Open
LloydCoder added a commit to LloydCoder/semgrep-rules that referenced this pull request Dec 6, 2025
@LloydCoder
feat(rules): add 5 Nigerian fintech & betting hardcoded secret detectors
3a10d5b 
New high-impact rules detecting hardcoded credentials from major Nigerian payment and betting platforms:
• Paystack (live/test keys)
• Flutterwave/Rave
• Remita merchant + hash
• Interswitch MAC keys
• SportyBet/BetKing JWT tokens

Same patterns already shipped in:
- Nuclei: projectdiscovery/nuclei-templates#14253
- TruffleHog: trufflesecurity/trufflehog#4588

Author: @LloydCoder (Tinlance) 🇳🇬
LloydCoder added a commit to LloydCoder/gitleaks that referenced this pull request Dec 6, 2025
@LloydCoder
feat(config): add 5 Nigerian fintech & betting secret rules by @Lloyd…
4ce7e3b 
…Coder

Appends high-signal rules to default config for detecting leaked credentials from major Nigerian platforms:
• Paystack secret keys
• Flutterwave/Rave keys
• Remita merchant + hash
• Interswitch MAC keys
• SportyBet/BetKing tokens

Same patterns shipped in:
- Nuclei: projectdiscovery/nuclei-templates#14253
- TruffleHog: trufflesecurity/trufflehog#4588
- Semgrep: semgrep/semgrep-rules#3719

Author: @LloydCoder (Tinlance) 🇳🇬
Tested with `gitleaks detect --config .` — clean, no FPs on sample repos.
@LloydCoder
Create tinlance-remita-credentials-exposure.yaml to http/secrets/
f858a87 
New detector for Remita. Tested with Nuclei v3.x. #newtemplate
@LloydCoder
Create tinlance-interswitch-webpay-exposure.yaml to http/secrets/
7de9b99 
New detector for interswitch webpay. Tested with Nuclei v3.x. #newtemplate
LloydCoder added a commit to LloydCoder/nigerian-secret-detectors that referenced this pull request Dec 6, 2025
@LloydCoder
feat(rules): add 5 Nigerian fintech & betting hardcoded secret detectors
0d3481e 
New high-impact rules detecting hardcoded credentials from major Nigerian payment and betting platforms:
• Paystack (live/test keys)
• Flutterwave/Rave
• Remita merchant + hash
• Interswitch MAC keys
• SportyBet/BetKing JWT tokens

Same patterns already shipped in:
- Nuclei: projectdiscovery/nuclei-templates#14253
- TruffleHog: trufflesecurity/trufflehog#4588

Author: @LloydCoder (Tinlance) 🇳🇬
@LloydCoder
Copy link
Copy Markdown
Contributor Author

LloydCoder commented Dec 8, 2025

All lint + CI fixed and green! @ritikchaddha
@DhiyaneshGeek
— templates are ready whenever you are
After Semgrep merge, this would be merge #2. Thank you!

@neo-by-projectdiscovery-dev
Copy link
Copy Markdown

neo-by-projectdiscovery-dev bot commented Feb 25, 2026
edited
Loading

Neo - Nuclei Template Review

No security issues found

Highlights

  • Adds detection for Paystack, Flutterwave, Remita, Interswitch, and SportyBet credentials
  • Templates target Nigerian fintech and betting platforms
  • Uses multi-matcher approach to reduce false positives
Hardening Notes
  • All regex patterns should use bounded quantifiers (e.g., {50,200} instead of {50,}) to prevent ReDoS attacks
  • Consider using atomic groups (?>...) or possessive quantifiers {n,m}+ if the regex engine supports them
  • Run nuclei -validate on all templates before submission to catch syntax errors
  • The Paystack template has unbounded {50,} quantifier - consider bounding to {50,100} for consistency

Comment @neo help for available commands. · Open in Neo

@ritikchaddha
Update and rename http/secrets/tinlance-remita-credentials-exposure.y…
c593be0 
…aml to http/exposures/apis/tinlance-remita-credentials-exposure.yaml
@ritikchaddha
Update and rename http/secrets/tinlance-sportybet-api-exposure.yaml t…
9747196 
…o http/exposures/apis/tinlance-sportybet-api-exposure.yaml
@ritikchaddha ritikchaddha added the Done Ready to merge label Feb 25, 2026
@DhiyaneshGeek DhiyaneshGeek changed the title feat(secrets): add 5 Nigerian fintech & betting credential detectors by @Lloydcoder feat(secrets): add 5 Mar 2, 2026
@DhiyaneshGeek DhiyaneshGeek merged commit bda7428 into projectdiscovery:main Mar 2, 2026
4 checks passed
@LloydCoder
Copy link
Copy Markdown
Contributor Author

LloydCoder commented Mar 3, 2026

Thank you so much @ritikchaddha @DhiyaneshGeek @projectdiscovery team!
Honored to have these Nigerian fintech detectors merged.
Happy to help with any follow-ups or more templates.
Let's keep securing the African digital space together! 🇳🇬🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DhiyaneshGeek DhiyaneshGeek Awaiting requested review from DhiyaneshGeek

Assignees

@ritikchaddha ritikchaddha

Labels

Done Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LloydCoder @DhiyaneshGeek @ritikchaddha