feat(secrets): add 5 Nigerian fintech & betting credential detectors by @Lloydcoder #14253

LloydCoder · 2025-12-06T10:17:24Z

Adds high-signal templates for detecting leaked credentials from major Nigerian payment and betting platforms in http/secrets/:

Paystack live/test secret keys (tinlance-paystack-secret-exposure.yaml)
Flutterwave (Rave) secret keys (tinlance-flutterwave-secret-exposure.yaml)
Remita merchant IDs + API keys (tinlance-remita-credentials-exposure.yaml)
Interswitch Webpay MAC keys (tinlance-interswitch-webpay-exposure.yaml)
SportyBet/BetKing admin tokens (tinlance-sportybet-api-exposure.yaml)

All written/tested by @LloydCoder (Tinlance). Follows TEMPLATE-CREATION-GUIDE.md. No FPs expected due to multi-matchers. Verified with nuclei -validate.

Thanks to ProjectDiscovery! 🇳🇬 #newtemplate

New detector for Paystack key leaks. Follows guidelines. #newtemplate

New detector for flutterwave. Tested with Nuclei v3.x. #newtemplate

New detector for Remita. Tested with Nuclei v3.x. #newtemplate

New detector for interswitch webpay. Tested with Nuclei v3.x. #newtemplate

New detector for sportybet api. Tested with Nuclei v3.x. #newtemplate

@LloydCoder

New high-impact rules detecting hardcoded credentials from major Nigerian payment and betting platforms: • Paystack (live/test keys) • Flutterwave/Rave • Remita merchant + hash • Interswitch MAC keys • SportyBet/BetKing JWT tokens Same patterns already shipped in: - Nuclei: projectdiscovery/nuclei-templates#14253 - TruffleHog: trufflesecurity/trufflehog#4588 Author: @LloydCoder (Tinlance) 🇳🇬

…Coder

…Coder Appends high-signal rules to default config for detecting leaked credentials from major Nigerian platforms: • Paystack secret keys • Flutterwave/Rave keys • Remita merchant + hash • Interswitch MAC keys • SportyBet/BetKing tokens Same patterns shipped in: - Nuclei: projectdiscovery/nuclei-templates#14253 - TruffleHog: trufflesecurity/trufflehog#4588 - Semgrep: semgrep/semgrep-rules#3719 Author: @LloydCoder (Tinlance) 🇳🇬 Tested with `gitleaks detect --config .` — clean, no FPs on sample repos.

New detector for Remita. Tested with Nuclei v3.x. #newtemplate

New detector for interswitch webpay. Tested with Nuclei v3.x. #newtemplate

@LloydCoder

New high-impact rules detecting hardcoded credentials from major Nigerian payment and betting platforms: • Paystack (live/test keys) • Flutterwave/Rave • Remita merchant + hash • Interswitch MAC keys • SportyBet/BetKing JWT tokens Same patterns already shipped in: - Nuclei: projectdiscovery/nuclei-templates#14253 - TruffleHog: trufflesecurity/trufflehog#4588 Author: @LloydCoder (Tinlance) 🇳🇬

LloydCoder added 5 commits December 6, 2025 17:52

Add tinlance-paystack-secret-exposure.yaml to http/secrets/

e978f7c

New detector for Paystack key leaks. Follows guidelines. #newtemplate

Create tinlance-flutterwave-secret-exposure.yaml to http/secrets/

540ce53

New detector for flutterwave. Tested with Nuclei v3.x. #newtemplate

Create tinlance-remita-credentials-exposure.yaml to http/secrets/

f2c8674

New detector for Remita. Tested with Nuclei v3.x. #newtemplate

Create tinlance-interswitch-webpay-exposure.yaml to http/secrets/

d0f4651

New detector for interswitch webpay. Tested with Nuclei v3.x. #newtemplate

Create tinlance-sportybet-api-exposure.yaml to http/secrets/

71f2dc9

New detector for sportybet api. Tested with Nuclei v3.x. #newtemplate

github-actions bot assigned ritikchaddha Dec 6, 2025

github-actions bot requested a review from DhiyaneshGeek December 6, 2025 10:19

LloydCoder mentioned this pull request Dec 6, 2025

feat(detectors): add Nigerian fintech & betting credential detector by @Lloydcoder trufflesecurity/trufflehog#4588

Open

LloydCoder added 2 commits December 6, 2025 20:27

Create tinlance-remita-credentials-exposure.yaml to http/secrets/

f858a87

New detector for Remita. Tested with Nuclei v3.x. #newtemplate

Create tinlance-interswitch-webpay-exposure.yaml to http/secrets/

7de9b99

New detector for interswitch webpay. Tested with Nuclei v3.x. #newtemplate

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(secrets): add 5 Nigerian fintech & betting credential detectors by @Lloydcoder #14253

feat(secrets): add 5 Nigerian fintech & betting credential detectors by @Lloydcoder #14253

LloydCoder commented Dec 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

feat(secrets): add 5 Nigerian fintech & betting credential detectors by @Lloydcoder #14253

Are you sure you want to change the base?

feat(secrets): add 5 Nigerian fintech & betting credential detectors by @Lloydcoder #14253

Conversation

LloydCoder commented Dec 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants