ghostsecurity · joshlarsen · Mar 26, 2026 · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
diff --git a/docs/rules.md b/docs/rules.md
@@ -2,7 +2,7 @@
 
 Auto-generated by `make docs`
 
-Total rules: 135
+Total rules: 142
 
 | Name | ID | Description | Tags | Entropy |
 |------|----|-----------|----|---------|
@@ -42,14 +42,17 @@ Total rules: 135
 | [Crates.io API Key](#ghost.crates.1) | ghost.crates.1 | Crates.io API key. | api, crates | 3.8 |
 | [Crew.ai PAT](#ghost.crewai.1) | ghost.crewai.1 | Crew AI PAT | api, crewai | 4.3 |
 | [Crew.ai Auth Token](#ghost.crewai.2) | ghost.crewai.2 | Crew AI Enterprise Action Auth Token | api, crewai, auth, token | 3.5 |
+| [Dify API Key](#ghost.dify.1) | ghost.dify.1 | Dify AI API Key | api, dify | 3.9 |
 | [DigitalOcean Personal Access Token](#ghost.digitalocean.1) | ghost.digitalocean.1 | DigitalOcean personal access token. | api, digitalocean, pat, token | 3.1 |
 | [DigitalOcean Application Access Token](#ghost.digitalocean.2) | ghost.digitalocean.2 | DigitalOcean application access token. | api, digitalocean, token | 3.1 |
 | [Docker Hub PAT](#ghost.docker.1) | ghost.docker.1 | Docker Hub Personal Access Token. | docker, api | 4.1 |
 | [Drata API Key](#ghost.drata.1) | ghost.drata.1 | Drata API key. | api, drata | 3.2 |
+| [Dreadnode API Key](#ghost.dreadnode.1) | ghost.dreadnode.1 | Dreadnode API Key | api, dreadnode | 4.3 |
 | [Dynatrace API Token](#ghost.dynatrace.1) | ghost.dynatrace.1 | Dynatrace API token. | api, dynatrace | 4.5 |
 | [Eleven Labs API Key](#ghost.elevenlabs.1) | ghost.elevenlabs.1 | Eleven Labs API key. | api, eleven, elevenlabs | 3.4 |
 | [Fastly API Key](#ghost.fastly.1) | ghost.fastly.1 | Fastly API key. | api, fastly | 4.2 |
 | [Firecrawl API Key](#ghost.firecrawl.1) | ghost.firecrawl.1 | Firecrawl API key. | api, firecrawl | 3.1 |
+| [Fireworks API Key](#ghost.fireworks.1) | ghost.fireworks.1 | Fireworks AI API Key | api, fireworks | 4.1 |
 | [Fly.io API Key](#ghost.flyio.1) | ghost.flyio.1 | Fly.io API key. | api, flyio | 5.5 |
 | [Framework Secret Key](#ghost.framework.1) | ghost.framework.1 | Framework Secret key variable declaration | api, framework, symfony, laravel, django, rails | 4.1 |
 | [Generic Token](#ghost.generic.1) | ghost.generic.1 | Generic token variable declaration. | generic, token | 3.1 |
@@ -79,9 +82,12 @@ Total rules: 135
 | [JumpCloud API Key](#ghost.jumpcloud.1) | ghost.jumpcloud.1 | JumpCloud API key. | api, jumpcloud | 4.2 |
 | [LangSmith Personal Access Token](#ghost.langsmith.1) | ghost.langsmith.1 | LangSmith personal access token. | api, langsmith, pat | 3.1 |
 | [LangSmith Service Key](#ghost.langsmith.2) | ghost.langsmith.2 | LangSmith service key. | api, langsmith, service | 3.1 |
+| [Lightfield API Key](#ghost.lightfield.1) | ghost.lightfield.1 | Lightfield API Key | api, lightfield | 4.7 |
 | [Linear API Key](#ghost.linear.1) | ghost.linear.1 | Linear API key. | api, linear | 4.2 |
+| [MailerSend API Key](#ghost.mailersend.1) | ghost.mailersend.1 | MailerSend API Key | api, mailersend | 3.5 |
 | [Mailgun API Key](#ghost.mailgun.1) | ghost.mailgun.1 | Mailgun API key. | api, mailgun | 4.1 |
 | [Mistral API Key](#ghost.mistral.1) | ghost.mistral.1 | Mistral API key. | api, mistral | 4.5 |
+| [Murf AI API Key](#ghost.murf.1) | ghost.murf.1 | Murf AI API Key | api, murf | 3.2 |
 | [MySQL Senstive Connection String](#ghost.mysql.1) | ghost.mysql.1 | MySQL connection string with credentials. | api, mysql | 4.1 |
 | [Netlify PAT](#ghost.netlify.1) | ghost.netlify.1 | Netlify Personal Access Token. | api, netlify, pat | 4.2 |
 | [ngrok API Key](#ghost.ngrok.1) | ghost.ngrok.1 | ngrok API key. | api, ngrok, key | 4.5 |
@@ -114,6 +120,7 @@ Total rules: 135
 | [Salesforce App Consumer Key](#ghost.salesforce.2) | ghost.salesforce.2 | Salesforce App Consumer Key. | api, salesforce | 5.1 |
 | [Salesforce Security Token](#ghost.salesforce.3) | ghost.salesforce.3 | Salesforce Security Token. | api, salesforce, token | 4.1 |
 | [Sendgrid API Key](#ghost.sendgrid.1) | ghost.sendgrid.1 | Sendgrid API key. | api, sendgrid | 4.8 |
+| [Sentry Token](#ghost.sentry.1) | ghost.sentry.1 | Sentry Token | api, sentry | 3.5 |
 | [Shodan API Key](#ghost.shodan.1) | ghost.shodan.1 | Shodan API key. | api, shodan | 3.1 |
 | [Slack Bot Token](#ghost.slack.1) | ghost.slack.1 | Slack bot token. | api, slack, bot | 3.5 |
 | [Slack User Token](#ghost.slack.2) | ghost.slack.2 | Slack user token. | api, slack | 3.5 |
@@ -1082,6 +1089,31 @@ Total rules: 135
 - assert_not: 4 cases
 
 
+<a id="ghost.dify.1"></a>
+### Dify API Key
+
+**ID:** `ghost.dify.1`
+
+**Description:** Dify AI API Key
+
+**Tags:** api, dify
+
+**Pattern:**
+```
+(?x)
+  \b
+    (app-(?i)[A-Z0-9]{24})
+  \b
+
+```
+
+**Min entropy:** 3.9
+
+**Tests:**
+- assert: 2 cases
+- assert_not: 3 cases
+
+
 <a id="ghost.digitalocean.1"></a>
 ### DigitalOcean Personal Access Token
 
@@ -1186,6 +1218,31 @@ Total rules: 135
 - assert_not: 2 cases
 
 
+<a id="ghost.dreadnode.1"></a>
+### Dreadnode API Key
+
+**ID:** `ghost.dreadnode.1`
+
+**Description:** Dreadnode API Key
+
+**Tags:** api, dreadnode
+
+**Pattern:**
+```
+(?x)
+  \b
+    (dn_(?i)[A-Z0-9_-]{32})
+  \b
+
+```
+
+**Min entropy:** 4.3
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 3 cases
+
+
 <a id="ghost.dynatrace.1"></a>
 ### Dynatrace API Token
 
@@ -1290,6 +1347,31 @@ Total rules: 135
 - assert_not: 4 cases
 
 
+<a id="ghost.fireworks.1"></a>
+### Fireworks API Key
+
+**ID:** `ghost.fireworks.1`
+
+**Description:** Fireworks AI API Key
+
+**Tags:** api, fireworks
+
+**Pattern:**
+```
+(?x)
+  \b
+    (fw_(?i)[A-Z0-9]{22})
+  \b
+
+```
+
+**Min entropy:** 4.1
+
+**Tests:**
+- assert: 2 cases
+- assert_not: 2 cases
+
+
 <a id="ghost.flyio.1"></a>
 ### Fly.io API Key
 
@@ -2043,6 +2125,31 @@ Total rules: 135
 - assert_not: 2 cases
 
 
+<a id="ghost.lightfield.1"></a>
+### Lightfield API Key
+
+**ID:** `ghost.lightfield.1`
+
+**Description:** Lightfield API Key
+
+**Tags:** api, lightfield
+
+**Pattern:**
+```
+(?x)
+  \b
+    (sk_lf_\d_(?i)[A-Z0-9_-]{64})
+  \b
+
+```
+
+**Min entropy:** 4.7
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 4 cases
+
+
 <a id="ghost.linear.1"></a>
 ### Linear API Key
 
@@ -2068,6 +2175,31 @@ Total rules: 135
 - assert_not: 2 cases
 
 
+<a id="ghost.mailersend.1"></a>
+### MailerSend API Key
+
+**ID:** `ghost.mailersend.1`
+
+**Description:** MailerSend API Key
+
+**Tags:** api, mailersend
+
+**Pattern:**
+```
+(?x)
+  \b
+    (mlsn\.[a-f0-9]{64})
+  \b
+
+```
+
+**Min entropy:** 3.5
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 4 cases
+
+
 <a id="ghost.mailgun.1"></a>
 ### Mailgun API Key
 
@@ -2124,6 +2256,31 @@ Total rules: 135
 - assert_not: 1 cases
 
 
+<a id="ghost.murf.1"></a>
+### Murf AI API Key
+
+**ID:** `ghost.murf.1`
+
+**Description:** Murf AI API Key
+
+**Tags:** api, murf
+
+**Pattern:**
+```
+(?x)
+  \b
+    (ap2_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})
+  \b
+
+```
+
+**Min entropy:** 3.2
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 3 cases
+
+
 <a id="ghost.mysql.1"></a>
 ### MySQL Senstive Connection String
 
@@ -2980,6 +3137,31 @@ Total rules: 135
 - assert_not: 3 cases
 
 
+<a id="ghost.sentry.1"></a>
+### Sentry Token
+
+**ID:** `ghost.sentry.1`
+
+**Description:** Sentry Token
+
+**Tags:** api, sentry
+
+**Pattern:**
+```
+(?x)
+  \b
+    (sntryu_[a-f0-9]{64})
+  \b
+
+```
+
+**Min entropy:** 3.5
+
+**Tests:**
+- assert: 2 cases
+- assert_not: 2 cases
+
+
 <a id="ghost.shodan.1"></a>
 ### Shodan API Key
 

diff --git a/pkg/rules/dify.yaml b/pkg/rules/dify.yaml
@@ -0,0 +1,26 @@
+rules:
+  - name: Dify API Key
+    id: ghost.dify.1
+    description: Dify AI API Key
+    tags:
+      - api
+      - dify
+    pattern: |
+      (?x)
+        \b
+          (app-(?i)[A-Z0-9]{24})
+        \b
+    entropy: 3.9
+    redact: [6, 4]
+    tests:
+      assert:
+        - app-gc4TBNcwMOVde5q5en8BpaxL
+        - app-awUrXYzSR685gW8EINiukzUl
+      assert_not:
+        - app-gc4TBNcwMOVde5q5en8BpaxLx
+        - app-awUrXYzSR685gW8EINiukzU
+        - app-awUrXYzSR68%gW8EINiukzUl
+    history:
+      - 2026-03-26 initial version
+    refs:
+      - https://docs.dify.ai/en/use-dify/publish/developing-with-apis
diff --git a/pkg/rules/dreadnode.yaml b/pkg/rules/dreadnode.yaml
@@ -0,0 +1,27 @@
+rules:
+  - name: Dreadnode API Key
+    id: ghost.dreadnode.1
+    description: Dreadnode API Key
+    tags:
+      - api
+      - dreadnode
+    pattern: |
+      (?x)
+        \b
+          (dn_(?i)[A-Z0-9_-]{32})
+        \b
+    entropy: 4.3
+    redact: [6, 4]
+    tests:
+      assert:
+        - dn_1pIzmgTsDsZtmIY-meu0iv0LlaOPiFGb
+        - dn_Zz287fTvnbCJx2ibm-Bg2b0-Z2cKoGgk
+        - dn_2_iQAz-ST7XMmJWPWMpfck4PC56ijt8z
+      assert_not:
+        - dn_1pIzmgTsDsZtmIY-meu0iv0LlaOPiFGbx
+        - dn_Zz287fTvnbCJx2ibm-Bg2b0-Z2cKoGg
+        - dn_2_iQAz%ST7XMmJWPWMpfck4PC56ijt8z
+    history:
+      - 2026-03-26 initial version
+    refs:
+      - https://docs.dreadnode.io/sdk/api-client
diff --git a/pkg/rules/fireworks.yaml b/pkg/rules/fireworks.yaml
@@ -0,0 +1,25 @@
+rules:
+  - name: Fireworks API Key
+    id: ghost.fireworks.1
+    description: Fireworks AI API Key
+    tags:
+      - api
+      - fireworks
+    pattern: |
+      (?x)
+        \b
+          (fw_(?i)[A-Z0-9]{22})
+        \b
+    entropy: 4.1
+    redact: [6, 4]
+    tests:
+      assert:
+        - fw_GZQpdDHrs3z66NBxy1fzaH
+        - fw_AGuDdk53ECTPBQUZgXDjBo
+      assert_not:
+        - fw_GZQpdDHrs3z66NBxy1fzaHx
+        - fw_AGuDdk53ECTPBQUZgXDjB
+    history:
+      - 2026-03-26 initial version
+    refs:
+      - https://docs.fireworks.ai/getting-started/quickstart
diff --git a/pkg/rules/lightfield.yaml b/pkg/rules/lightfield.yaml
@@ -0,0 +1,28 @@
+rules:
+  - name: Lightfield API Key
+    id: ghost.lightfield.1
+    description: Lightfield API Key
+    tags:
+      - api
+      - lightfield
+    pattern: |
+      (?x)
+        \b
+          (sk_lf_\d_(?i)[A-Z0-9_-]{64})
+        \b
+    entropy: 4.7
+    redact: [11, 4]
+    tests:
+      assert:
+        - sk_lf_0_XnjCzv_XYc3qZdxi46ObM69P5zq5ppi13FQxUFHtdJKpsfv7nFJGJeTGNyfk9m2t
+        - sk_lf_0_R4A6gAks2ce2LkJJ_Z9owXgmILut9jZ69mJT0yP5YCNZqOOTafhdnBttw20E6V2I
+        - sk_lf_0_pB1JymczabyooNFCTRmVkM6NANb6-RDc69gOuJa8cRNDqvodDdG-x9XxrNCRJnMF
+      assert_not:
+        - sk_lf_A_XnjCzv_XYc3qZdxi46ObM69P5zq5ppi13FQxUFHtdJKpsfv7nFJGJeTGNyfk9m2t
+        - sk_lf_0_R4A6gAks2ce2LkJJ_Z9owXgmILut9jZ69mJT0yP5YCNZqOOTafhdnBttw20E6V2
+        - sk_lf_0_pB1JymczabyooNFCTRmVkM6NANb6-RDc69gOuJa8cRNDqvodDdG-x9XxrNCRJnMFx
+        - sk_lf_0_pB1JymczabyooNFCTRmVkM6NANb6%RDc69gOuJa8cRNDqvodDdG-x9XxrNCRJnMF
+    history:
+      - 2026-03-26 initial version
+    refs:
+      - https://docs.lightfield.app/using-the-api/api-keys/