When watching outbound files for sensitive information, some specific strings to grep for would be:
| IP addresses in dotted decimal notation | b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/ |
| Visa Credit Card Numbers | ^4[0-9]{12}(?:[0-9]{3})?$
All Visa card numbers start with a 4. New cards have 16 digits. Old cards have 13. |
| MasterCard Credit Card Numbers | ^5[1-5][0-9]{14}$
All MasterCard numbers start with the numbers 51 through 55. All have 16 digits. |
| American Express Credit Card Numbers | ^3[47][0-9]{13}$
American Express card numbers start with 34 or 37 and have 15 digits./tt> |
| Diners Club Credit Card Numbers | ^3(?:0[0-5]|[68][0-9])[0-9]{11}$
Diners Club card numbers begin with 300 through 305, 36 or 38. All have 14 digits. There are Diners Club cards that begin with 5 and have 16 digits. These are a joint venture between Diners Club and MasterCard, and should be processed like a MasterCard. |
| Discover Credit Card Numbers | ^6(?:011|5[0-9]{2})[0-9]{12}$
Discover card numbers begin with 6011 or 65. All have 16 digits./tt> |
| JCB Credit Card Numbers | ^(?:2131|1800|35\d{3})\d{11}$
JCB cards beginning with 2131 or 1800 have 15 digits. JCB cards beginning with 35 have 16 digits. |
| Social Security Numbers | ^(?!000)([0-6]\d{2}|7([0-6]\d|7[012]))([ -]?)(?!00)\d\d\3(?!0000)\d{4}$ |
| Archive file extensions | \.(?:z(?:ip|[0-9]{2})|r(?:ar|[0-9]{2})|jar|bz2|gz|tar|rpm)$ |
| Audio file extensions | \.(?:mp3|wav|og(?:g|a)|flac|midi?|rm|aac|wma|mka|ape)$ |
| Software file extensions | \.(?:exe|msi|dmg|bin|xpi|iso)$ |
| Image file extensions | \.(?:jp(?:e?g|e|2)|gif|png|tiff?|bmp|ico)$ |
| Video file extensions | \.(?:mpeg|ra?m|avi|mp(?:g|e|4)|mov|divx|asf|qt|wmv|m\dv|rv|vob|asx|ogm)$ |
Use Regex Coach and Expresso to assist when writing regular expressions.
See article on credit card numbers at RegexBuddy Library and RegularExpressions.info.
Acknowledgment to Perl-Fu: Regexp log file processing should be inserted here.
