Skip to content

gwen001/keyhacks.sh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

keyhacks.sh

Automation of tokens/api keys testing.

bash badge MIT license badge twitter badge


Description

This Bash tool can check the validity of API keys from several services. This is very useful when you want to automate the process of testing leaked secrets.

See KeyHacks project from Streaak: https://github.com/streaak/keyhacks "KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid."

Install

git clone https://github.com/gwen001/keyhacks.sh

Usage

$ ./keyhacks.sh
Usage:  <mod> <secrets...

Supported mods are:
  - algolia_api_key
  - asana_access_token
  - aws_secret
  - azure_tenant
  - bitly_access_token
  - branchio_secret
  - browserstack_access_key
  - buildkite_access_token
  - cloudflare_api_token
  - comcast_access_token
  - datadog_api_key
  - deviantart_secret
  - deviantart_access_token
  - dropbox_api_token
  - facebook_appsecret
  - facebook_access_token
  - firebase_custom_token
  - firebase_id_token
  - github_client
  - github_ssh_key
  - github_token
  - gitlab_private_token
  - gitlab_runner_registration_token
  - google_cm
  - google_maps_key
  - heroku_api_key
  - infura_api_key
  - instagram_access_token
  - mailchimp_api_key
  - mailgun_api_key
  - mailjet
  - mapbox_access_token
  - opsgenie_api_key
  - pagerduty_api_token
  - paypal_key_sb
  - paypal_key_live
  - paypal_token_sb
  - paypal_token_live
  - pendo_integration_key
  - salesforce_access_token
  - saucelabs_ukey
  - securitytrails_key
  - sendgrid_api_key
  - slack_api_token
  - slack_webhook
  - square_secret
  - square_auth_token
  - travisci_api_token
  - twilio_sid_token
  - twitter_api_secret
  - twitter_bearer_token
  - spotify_access_token
  - stripe_key_live
  - wakatime_api_key
  - wompi_auth_bearer_sb
  - wompi_auth_bearer_live
  - wpengine_api_key
  - zapier_webhook
  - zendesk_access_token


Feel free to open an issue if you have any problem with the script.