What is SecLists Pattern-Matching?

A curated set of text-based data patterns for sensitive data (API keys, cards, emails, SSNs, phones, IPs, etc.) used for authorized security testing and data discovery.

Are these patterns exact detections or format-guides?

They are pattern formats and regex-like hints designed to surface likely matches; real validation should follow your environment and compliance requirements.

What about ethics and permissions?

Use is restricted to authorized security testing, bug bounty programs, CTFs, or educational purposes with explicit permission; comply with licenses and privacy laws.

SecLists Pattern-Matching

Scanned

npx machina-cli add skill Eyadkelleh/awesome-claude-skills-security/pattern-matching --openclaw

Files (1)

SKILL.md

2.6 KB

SecLists Pattern-Matching

Description

Sensitive data patterns for security testing: API keys, credit cards, emails, SSNs, phone numbers, IPs, and more. Use for data discovery and validation.

Source: SecLists/Pattern-Matching Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

API key detection in code/logs
Credit card validation testing
Email pattern matching
IP address discovery
SSN format validation
Phone number pattern testing

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

api-keys.txt - API key patterns
credit-cards.txt - Credit card formats
email-addresses.txt - Email patterns
ip-addresses.txt - IP address patterns
ssn.txt - Social Security Number patterns
phone-numbers.txt - Phone number formats

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Pattern-Matching"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

Authorized penetration testing with written permission
Bug bounty programs (within scope)
CTF competitions
Security research in controlled environments
Testing your own systems
Educational demonstrations

Prohibited Use Cases ❌

Unauthorized access attempts
Testing without permission
Malicious activities
Privacy violations
Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:

Full repository: https://github.com/danielmiessler/SecLists
Size: 4.5 GB with 6,000+ files
All categories: Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous

Generated by Skill Seeker | SecLists Pattern-Matching Collection License: MIT - Use responsibly with proper authorization

Source

git clone https://github.com/Eyadkelleh/awesome-claude-skills-security/blob/main/seclists-categories pattern-matching/pattern-matching/SKILL.md

View on GitHub

Overview

SecLists Pattern-Matching provides ready-made patterns for sensitive data like API keys, credit card formats, emails, SSNs, phone numbers, and IPs to help with data discovery and validation during security testing. It curates files such as api-keys.txt, credit-cards.txt, email-addresses.txt, ip-addresses.txt, ssn.txt, and phone-numbers.txt to streamline pattern matching.

How This Skill Works

Patterns are stored as text files in the SecLists Pattern-Matching set. You load these lists into your scanner or script to detect strings that match API keys, card numbers, emails, and other sensitive formats in code, logs, or data dumps, enabling targeted discovery and validation within authorized contexts.

When to Use It

Detect API keys in source code or logs during security testing
Validate credit card formats for testing and data sanitization
Pattern-match emails to identify exposed addresses in dumps or configs
Discover IP addresses in configuration files or traffic captures
Validate SSN or phone-number formats in sample datasets or test data

Quick Start

Step 1: Identify which pattern files are relevant (e.g., api-keys.txt, email-addresses.txt)
Step 2: Load patterns into your scanner or script from the Skill path (references/Pattern-Matching)
Step 3: Run scans in a controlled environment and review hits with proper authorization

Best Practices

Ensure you have written permission or authorization before running pattern scans
Use only the relevant pattern files (e.g., api-keys.txt, credit-cards.txt) for your scope
Integrate with your scanning pipeline and review hits carefully to avoid data leakage
Regularly update from the SecLists repository to include new patterns
Test against non-production data first and handle hits securely

Example Use Cases

Scan application logs to surface leaked API keys using api-keys.txt patterns
Validate test datasets against credit card patterns without storing full numbers
Identify exposed email addresses in code dumps with email-addresses.txt
Discover IP addresses in configuration files to map internal exposure
Check sample data for correct SSN or phone-number formats during QA

Frequently Asked Questions

Add this skill to your agents