Search Files for Properly Formatted VISA Credit Card Numbers

Following is a simple .audit file that looks for a list of file types that contain a properly formatted VISA credit card number. This audit does not use the Luhn algorithm to verify they are valid.

<item>

type: FILE_CONTENT_CHECK

description: "Determine if a file contains a properly formatted VISA credit card number."

file_extension: "pdf" | "doc" | "xls" | "xlsx" | "xlsm" | "xlsb" | "xml" | "xltx" | "xltm" | "docx" | "docm" | "dotx" | "dot" | "txt"

regex: "([^0-9-]|^)(4[0-9]{3}( |-|)([0-9]{4})( |-|)([0-9]{4})( |-|)([0-9]{4}))([^0-9-]|$)"

regex_replace: "\3"

expect: "VISA" | "credit" | "Visa" | "CCN"

#luhn: YES

include_paths : "/home/mehul/foo"

max_size : "50K"

only_show : "4"

</item>

When running this command, the following output is expected:

Path: /home/brave/cc.txt ('XXXXXXXXXXXX1111', 'XXXXXXXXXXXX1881')

Path: /home/snout/foo/email.txt ('XXXXXXXXXXXX4931', 'XXXXXXXXXXXX4932', 'XXXXXXXXXXXX4934', 'XXXXXXXXXXXX4935', 'XXXXXXXXXXXX4936')

Path: /home/twins/mylist.txt ('XXXXXXXXXXXX4931', 'XXXXXXXXXXXX4932', 'XXXXXXXXXXXX4934', 'XXXXXXXXXXXX4935', 'XXXXXXXXXXXX4936')

Path: /root/cc.txt ('XXXXXXXXXXXX1270', 'XXXXXXXXXXXX4023', 'XXXXXXXXXXXX5925', 'XXXXXXXXXXXX4932')

Path: /root/cc1.txt ('XXXXXXXXXXXX5925')

These results show that we found a match. The report says we “failed” because we found data we consider an issue. For example, if you are doing an audit for a credit card number and had a positive match of the credit card number on the public computer, although the match is positive, it is logged as a failure for compliance reasons.