Skip to content

feat(scanner): add obfuscated credential exfiltration patterns#25

Open
gabrivardqc123 wants to merge 3 commits intocounterspec:mainfrom
gabrivardqc123:feat/obfuscation-detection
Open

feat(scanner): add obfuscated credential exfiltration patterns#25
gabrivardqc123 wants to merge 3 commits intocounterspec:mainfrom
gabrivardqc123:feat/obfuscation-detection

Conversation

@gabrivardqc123
Copy link

@gabrivardqc123 gabrivardqc123 commented Mar 1, 2026
edited
Loading

This PR adds detection for obfuscated credential exfiltration patterns, addressing the bounty: "Detect obfuscated credential exfiltration patterns".

Added patterns:

  • EXFIL_BASE64_ENCODED
  • EXFIL_HEX_ENCODED
  • EXFIL_CHARCODE_OBFUSC
  • CRED_ENV_ENCODED_SEND (critical)
  • CRED_CHARCODE_BUILD (critical)
  • OBFUSC_STRING_REVERSAL (medium)
  • OBFUSC_CONCATENATION (medium)

These are added to scanner/src/patterns.ts and compile successfully.

Tests: 12 unit tests covering all new patterns are included in scanner/src/__tests__/patterns.test.ts.

Ref: #1

@vercel
Copy link

vercel bot commented Mar 1, 2026

@gabrivardqc123 is attempting to deploy a commit to the Rapi's projects Team on Vercel.

A member of the Team first needs to authorize it.

@gabrivardqc123 gabrivardqc123 mentioned this pull request Mar 1, 2026
Open
7 tasks
@gabrivardqc123
test(scanner): add 10 test cases for new obfuscation patterns
5337b0a
@gabrivardqc123
feat(scanner): add string reversal and concatenation obfuscation dete…
1de1bbb 
…ction

- Add OBFUSC_STRING_REVERSAL pattern (medium)
- Add OBFUSC_CONCATENATION pattern (medium)
- Extend tests to 12 cases covering all new patterns
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gabrivardqc123