KeyHunter

Check for leaked API keys and secrets on public websites.

KeyHunter running on sites of the last 7 YCombinator batches

Installation

You can install KeyHunter as a Crate from crates.io:

cargo install keyhunter --all-features

You can also use it as a library:

[dependencies]
keyhunter = "0.1.0"

Usage

Provide KeyHunter with a URL to start scanning from. It will visit all pages on the same domain that URL links to, find all scripts referenced by those pages, and check them for leaked API keys and secrets.

keyhunter https://example.com

Run keyhunter --help for more information.

Disclaimer

This tool is for educational purposes only. Only use it on websites and/or web applications that you own or that are owned by an organization that has given you their explicit consent. Do not use this tool for malicious purposes. Please read the LICENSE for more information.