111 rules. Zero configuration.

The complete TigerMole rule set. 3 families. 111 patterns. Compiled into the binary — no remote updates, no telemetry.

111
total rules
76
Family A
8
Family B
27
Family C
Family A · A001–A076
Known-Format Credentials
High-precision rules based on fixed formats. No entropy threshold required.
HIGH PRECISION · 76 RULES
IDNameDetects
A001GitHub PAT (classic)Token with ghp_ prefix
A002GitHub Fine-grained Tokengithub_pat prefix
A003AWS Access Key IDAKIA prefix, 20 chars
A004AWS Secret Access KeyContext-based detection
A005OpenAI API Keysk-proj-, sk-svcacct- prefixes, or T3BlbkFJ magic string
A006Anthropic API Keysk-ant-api03- / sk-ant-admin01- prefixes, ends in AA
A007Stripe Secret Keysk_live_ / sk_test_ prefixes
A008Slack Bot/User Tokenxoxb- / xoxp- prefixes
A009JWTBase64 eyJ prefix with 3-segment structure
A010RSA/SSH Private KeyPEM blocks
A011Credit card numberVisa/MC/Amex, Luhn-validated
A012Google API KeyAIza prefix, 39 chars total
A013Slack Webhook URLURLs with hooks.slack.com
A014SendGrid API KeySG. prefix, 69 chars
A015Twilio Account SIDAC prefix + 32 hex chars
A016npm Auth Tokennpm_ prefix + 36 alphanumeric
A017PyPI Upload Tokenpypi- prefix, 50+ chars
A018Terraform Cloud Token.atlasv1. format
A019SSH DSA Private KeyPEM DSA blocks
A020GCP Service Account JSONJSON with service_account
A021GitLab Personal Access Tokenglpat- prefix
A022GitHub OAuth Access Tokengho_ prefix, 36 chars
A023GitHub App Tokenghu_ / ghs_ prefixes, 36 chars
A024GitHub Refresh Tokenghr_ prefix, 36 chars
A025Hugging Face Access Tokenhf_ prefix, 34 chars
A026Hugging Face Org Tokenapi_org_ prefix, 34 chars
A027DigitalOcean PATdop_v1_ prefix, 64 hex chars
A028Grafana Service Account Tokenglsa_ prefix
A029Perplexity API Keypplx- prefix, 48 chars
A030Azure AD Client Secretq~ pattern, 31–34 chars
A031Shopify Access Tokenshpat_ / shpss_ / shppa_ prefixes, 32 hex
A032GitLab CI/Deploy Tokenglptt- / gldt- / glcbt- / glrt- prefixes
A033Discord Bot Token64 hex chars
A034Cloudflare API KeyContext with cloudflare keyword
A035Datadog API KeyContext with datadog keyword
A036Linear API Keylin_api_ prefix, 40 chars
A037Heroku API Key v2HRKU-AA prefix, 60+ chars
A038Vercel TokenContext with vercel keyword, 24+ chars
A039Netlify PATnfp_ prefix or context
A040Cohere API Keyco- prefix (38+ chars) or context
A041Mistral API KeyContext with mistral keyword
A042Grafana API KeyBase64 eyJrIjoi prefix, 70–400 chars
A043Replicate API Tokenr8_ prefix, 40 chars
A044Stripe Webhook Secretwhsec_ prefix, 32+ chars
A045Stripe Restricted Keyrk_live_ / rk_test_ prefixes
A046Sentry Auth Tokensntrys_ prefix, 64+ chars
A047Firebase Server KeyAAAA prefix with specific format
A048HashiCorp Vault Tokenhvs. prefix, 90+ chars
A049New Relic API KeyNRAK- prefix, 27 chars
A050Together AI API KeyContext with together keyword
A051AWS Session TokenContext, 100+ base64 chars
A052CircleCI Personal API TokenCCIPAT_ prefix, 40 hex
A053Discord Webhook URLDiscord webhook URL format
A054Supabase API Keysbp_ prefix, 40 hex
A055PagerDuty API KeyBase64 pattern with + separator
A056Elastic API KeyContext with elastic keyword
A057Mailgun API Keykey- prefix, 32 hex
A058GitLab Runner Registration Tokenglrt- prefix
A059Travis CI Access TokenContext with travis keyword, 22 chars
A060JFrog API Key/TokenContext with jfrog / artifactory keywords
A061Azure SAS TokenPattern with sv=, sig= parameters
A062Postmark Server TokenUUID format
A063SonarQube Tokensqp_ prefix, 40 hex
A064Jenkins API TokenContext with jenkins keyword
A065Linode Personal Access Token64 hex chars
A066Generic pk_ tokenpk_ prefix, 20+ chars
A067Telegram Bot Token{id}:AA{alphanumeric+dash} format
A068Atlassian API TokenATATT3 prefix, 40+ chars
A069Docker Hub PATdckr_pat_ prefix, 27 chars
A070Doppler Tokendp.st. / dp.pt. / dp.ct. / dp.sa. prefixes, 40+ chars
A071Fly.io Access Tokenfo1_ prefix, 40+ chars
A072Google OAuth Client SecretGOCSPX- prefix, 28 chars
A073Mapbox Access Tokenpk.eyJ / sk.eyJ prefixes
A074PlanetScale Database Tokenpscale_tkn_ prefix, 30+ chars
A075Plaid Access Tokenaccess-{sandbox|development|production}-{uuid} format
A076Square Access Tokensq0{3 letters}- prefix, 22+ chars
Family B · B001–B008
Generic Secrets by Semantics + Entropy
Non-standard secrets detected by lexical context and Shannon entropy threshold.
ENTROPY-BASED · 8 RULES
IDNameContext keywordsMin. requirements
B001Password/secret assignmentpassword, passwd, pwd, pass, secret, credential≥8 chars, entropy ≥3.5
B002Generic API keyapi_key, apikey, api-key, access_key, x-api-key≥16 chars, entropy ≥3.8
B003Generic tokentoken, auth_token, access_token, bearer≥20 chars, entropy ≥3.8
B004Database connection stringpostgres, mysql, mongodb, redis, mssqlDatabase URI, entropy ≥3.0
B005.env variable with high-entropy valueSecret-related variable namesentropy ≥3.8
B006Authorization Bearer headerAuthorization: Bearer {value}≥20 chars, entropy ≥3.5
B007Authorization Basic headerAuthorization: Basic {base64}≥16 base64 chars, entropy ≥3.0
B008Semantic catch-allpassword, secret, token, api_key, etc.≥4 chars, no entropy req.
Family C · C001–C027
PII / Personal Data
Personally identifiable information per GDPR Article 4.1, including EU national identifiers and PCI-DSS card data.
GDPR ART. 4 · 27 RULES
IDNameDetectsValidation
C001Email addressStandard email format
C002Private IP (RFC 1918)10.x, 172.16-31.x, 192.168.x ranges
C003Spanish DNI/NIF8 digits + letterMod 23
C004Unix/macOS path with user/home/{user}/ or /Users/{user}/
C005Windows path with userC:\Users\{user}\
C006IBAN2-letter country code + 2 digits + BBANMod 97 (ISO 7064)
C007International phone+{country_code} {7–13 digits}
C008SSN (US Social Security Number)XXX-XX-XXXX formatSSN range validation
C009Spanish passport3 uppercase letters + 6 digits
C010Spanish phone9 digits starting with 3, 6, 7, or 9
C011Spanish bank account (CCC)20 digits in groupsCCC check digit
C012IPv6 link-localfe80: prefix
C013Spanish NIEX/Y/Z prefix + 7 digits + letterMod 23
C014Card expiry date (PCI-DSS)MM/YY or MM/YYYY near expiry keywordsMonth 01–12, year range check
C015Card security code CVV/CVC (PCI-DSS)3–4 digits preceded by a CVV/security-code label
C016Date of birthDate near birth-date keywords (dob, fecha_nacimiento…)Valid birth-year range
C017Public IPv4 address (client IP)IPv4 near client-IP log keywords; private/reserved ranges excluded
C018German tax ID (Steuer-IdNr)11 digits near Steuer keywordsISO 7064 mod 11,10
C019French social security number (NIR)15 digits starting with 1/2 near NIR/INSEE keywordsKey = 97 − (n mod 97)
C020Italian Codice Fiscale16-char alphanumeric pattern near codice fiscale keywordsOdd/even checksum
C021Dutch BSN9 digits near BSN keywords11-proef
C022Polish PESEL11 digits near PESEL keywordPESEL checksum
C023Portuguese NIF9 digits near NIF/contribuinte keywordsMod 11
C024Belgian national register number11 digits near rijksregister/RRN keywordsMod 97
C025UK NHS number10 digits near NHS keywordMod 11
C026UK National Insurance Number2 letters + 6 digits + suffix letter near NI keywordsInvalid prefixes excluded
C027Irish PPS Number7 digits + 1–2 letters near PPSN keywordsPPSN checksum

7 stages. Every request.

Every request passes through all 7 pipeline stages in tens of microseconds on the typical workload.

Input text
1
Preflight (Aho-Corasick): filter candidates by keywords
2
Regex matching over candidates
3
Entropy validation (Family B only)
4
Mathematical validators (Luhn, mod-97, mod-23, SSN ranges)
5
Allowlist filter (placeholders, test values, examples)
6
Confidence scoring (keyword, entropy, validator, context)
7
Action by threshold
Action by threshold
MASK
≥ 0.7 → masked
LOG_ONLY
0.4–0.69 → log only
IGNORED
< 0.4 → ignored
Total: 111 rules — 76 (Family A) + 8 (Family B) + 27 (Family C)
HIGH PRECISION

All 111 rules. Active from day one.

No configuration. No setup. Just protection.

← Back

Your privacy, your choice

We use essential storage to keep the site working and, only with your consent, analytics through PostHog and Google Analytics 4. We do not load advertising providers. Read our Privacy Policy.