S4E.io Resources
Sign Up
Blue cybersecurity-themed background with white text displaying the title “Create With AI – Detecting Exposed National Citizenship Numbers on Public Web Pages” and the S4E logo.

Create With AI – Detecting Exposed National Citizenship Numbers on Public Web Pages

Tags:

, ,

·

Eren Akdag

Welcome to the S4E Create with AI Library

Enterprise-grade Automation with Pentester-level Flexibility

This library showcases real examples of how security teams use Create with AI to save time, reduce manual effort, and strengthen their defenses.

Unlike traditional scanners that limit users to predefined checks, Create with AI gives complete flexibility. You describe what you need, and the AI builds and runs it instantly. This allows teams to automate the exact tests they want instead of being restricted to what the product designer imagined.

Detecting Exposed National Citizenship Numbers on Public Web Pages

Problem

Personal data exposure is one of the most serious compliance and privacy issues organizations face today. Web pages may accidentally include national identification numbers within dynamically generated content, archived documents, or announcement pages. Attackers and data scrapers actively search for these patterns to steal or sell personal data. Manually reviewing every public page for such sensitive information is slow, error-prone, and often impossible to scale across hundreds of assets.

Instant Solution (Create with AI)

Prompt: Create a scan that inspects HTTP responses across all assets, detects 11-digit numeric patterns, and validates them as national citizenship numbers according to local compliance rules. If any valid numbers are detected, raise an alert; otherwise, show “No valid numbers found.”

With this single instruction, Create with AI generates a scan that sends a GET request to each target, identifies potential 11-digit number sequences, and applies the official checksum logic to validate them. If a verified citizenship number is detected, the scan immediately raises an alert and records the finding. When none are found, it clearly reports that no valid data was detected.

🎥 Watch the Scan in Action

This short video shows Create with AI generating the validation logic, scanning across multiple assets, and identifying publicly exposed national identification numbers with automated KVKK-compliant verification.

Value

  • Automatically detects and validates exposed personal identifiers in public assets
  • Prevents compliance violations under data protection regulations such as KVKK and GDPR
  • Eliminates manual review of thousands of web pages
  • Provides immediate and verifiable evidence for internal data protection teams
  • Demonstrates the flexibility of Create with AI in enforcing regional compliance checks

Closing Takeaway

This use case highlights how Create with AI can easily integrate compliance-driven logic into technical scans. With only a few words in the prompt, security teams can build automated checks for privacy-sensitive data, such as citizenship numbers, tax IDs, or other regulated identifiers. By customizing the pattern and validation logic, teams can tailor compliance scanning for any jurisdiction or data type instantly.

🧰 Check It Yourself

Copy the sample scan code below or watch the video for a live walkthrough.

Important: Use only on verified assets with Advanced Security enabled. This scan performs read-only analysis of publicly available data and must be used responsibly under applicable data protection laws.

class Job(Task):
    def run(self):
        asset = http_or_https(self.asset)

        self.output['detail'] = []
        self.output['compact'] = []
        self.output['video'] = [f"python3 check-tckno.py {asset}"]
        
        response = requests.get(asset, verify=False, timeout=10)
        response_text = response.text

        # Regex to find potential TC Kimlik Numarası
        tc_kimlik_pattern = r'\b\d{11}\b'
        
        # Validate TC Kimlik Numarası
        def is_valid_tc_kimlik(tc_kimlik):
            if len(tc_kimlik) != 11 or not tc_kimlik.isdigit():
                return False
            if tc_kimlik[0] == '0':
                return False
            digits = list(map(int, tc_kimlik))
            if ((sum(digits[0:9:2]) * 7 - sum(digits[1:8:2])) % 10) != digits[9]:
                return False
            if sum(digits[:10]) % 10 != digits[10]:
                return False
            return True

        matches = re.findall(tc_kimlik_pattern, response_text)
        valid_tc_numbers = [tc for tc in matches if is_valid_tc_kimlik(tc)]

        if valid_tc_numbers:
            self.output['compact'].append('Valid Turkish ID Number found under KVKK regulations.')
            self.output['detail'].append('A valid Turkish ID number was detected in the response, and an alert was generated under KVKK regulations: ' + ', '.join(valid_tc_numbers))
            self.output['video'].append(f"A GET request was made to {asset}, and the content was scanned for Turkish ID Numbers.")

        else:
            self.output['compact'].append('No valid Turkish ID Number found.')
            self.output['detail'].append('No valid Turkish ID number was detected in the response.')
            self.output['video'].append(f"A GET request was made to {asset}, and no valid Turkish ID Number was found in the content.")

    def calculate_score(self):
        if 'Valid Turkish ID Number found under KVKK regulations.' in self.output['compact']:
            self.score = self.param['max_score']
        else:
            self.score = 0

Want to see and learn more?

Request Demo!

Want to start using and experience it yourself?

Sign Up!

Related posts:

  1. Create With AI – Finding Exposed Database Backups on Public Assets
  2. Create With AI – Catching Weak Password Acceptance on Reset Endpoints
  3. Create With AI – Laravel Admin Panel Default Credentials Scanner
  4. Create With AI – Detecting Exposed Private IP Addresses on Public Assets