From 0a5a34166c6a884e264cbc8673a68f5bd16a5cd1 Mon Sep 17 00:00:00 2001 From: LloydCoder <140634407+LloydCoder@users.noreply.github.com> Date: Sat, 6 Dec 2025 18:36:43 +0800 Subject: [PATCH 1/2] feat(detectors): add Nigerian fintech & betting credential detector MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds high-signal detector for: • Paystack (live/test keys) • Flutterwave/Rave • Remita merchant+hash • Interswitch MAC keys • SportyBet/BetKing tokens Written by @Lloydcoder (Tinlance) after shipping the same in Nuclei templates. Zero false positives expected due to keyword pre-filtering. 🇳🇬 --- .../nigerianfintech/nigerianfintech.go | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 pkg/detectors/nigerianfintech/nigerianfintech.go diff --git a/pkg/detectors/nigerianfintech/nigerianfintech.go b/pkg/detectors/nigerianfintech/nigerianfintech.go new file mode 100644 index 000000000000..6a6c562b68c1 --- /dev/null +++ b/pkg/detectors/nigerianfintech/nigerianfintech.go @@ -0,0 +1,76 @@ +package nigerianfintech + +import ( + "context" + "regexp" + + "github.com/trufflesecurity/trufflehog/v3/pkg/common" + "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" + "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" +) + +type scanner struct{} + +// Ensure the detector satisfies the interface at compile time. +var _ detectors.Detector = (*scanner)(nil) + +func (s scanner) ID() int { return 987 } + +func (s scanner) Type() detectorspb.DetectorType { + return detectorspb.DetectorType_CustomRegex +} + +func (s scanner) Description() string { + return "Detects exposed Nigerian fintech & betting credentials (Paystack, Flutterwave, Remita, Interswitch, SportyBet/BetKing)" +} + +// Keywords are used for pre-filtering. +func (s scanner) Keywords() []string { + return []string{ + "paystack", "flutterwave", "remita", "interswitch", "sportybet", "betking", + "sk_live", "sk_test", "FLWSECK", "macKey", + } +} + +// FromData will be called when keywords are matched. +func (s scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) { + dataStr := string(data) + + patterns := map[string]string{ + "Paystack Secret Key": `sk_(live|test)_[0-9a-zA-Z]{50,}`, + "Flutterwave Secret Key": `FLWSECK[_-]?[a-zA-Z0-9]{30,}`, + "Flutterwave Test Key": `FLWSECK_TEST-[a-z0-9]{30,}`, + "Remita Merchant+Hash": `[0-9]{10,15}\|?[0-9a-zA-Z]{40,}`, + "Interswitch MAC Key": `macKey["']?\s*[:=]\s*["']?[0-9A-Fa-f]{64}`, + "Betting Admin Token": `eyJ[A-Za-z0-9-_]{100,}|Bearer [A-Za-z0-9-_]{50,}\.[A-Za-z0-9-_]{50,}\.[A-Za-z0-9-_]{50,}`, + } + + for name, regexStr := range patterns { + rx := regexp.MustCompile(regexStr) + matches := rx.FindAllString(dataStr, -1) + + for _, match := range matches { + result := detectors.Result{ + DetectorType: detectorspb.DetectorType_CustomRegex, + Verified: false, // we can't verify without API call + ExtraData: map[string]string{ + "service": name, + }, + } + result.Raw = []byte(match) + + if verify { + // Skip verification for now (too many services) + result.Verified = false + } + results = append(results, result) + } + } + + return results, nil +} + +// New returns a new detector instance. +func New() detectors.Detector { + return &scanner{} +} From 84032451ddaecfc7b51fa968b9b16e9a1af358ca Mon Sep 17 00:00:00 2001 From: LloydCoder <140634407+LloydCoder@users.noreply.github.com> Date: Tue, 9 Dec 2025 02:58:54 +0800 Subject: [PATCH 2/2] fix: remove unused import common import --- pkg/detectors/nigerianfintech/nigerianfintech.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/detectors/nigerianfintech/nigerianfintech.go b/pkg/detectors/nigerianfintech/nigerianfintech.go index 6a6c562b68c1..bed68d701b9b 100644 --- a/pkg/detectors/nigerianfintech/nigerianfintech.go +++ b/pkg/detectors/nigerianfintech/nigerianfintech.go @@ -4,7 +4,6 @@ import ( "context" "regexp" - "github.com/trufflesecurity/trufflehog/v3/pkg/common" "github.com/trufflesecurity/trufflehog/v3/pkg/detectors" "github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb" )