Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid
KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.
@Gwen001 has scripted the entire process available here and it can be found here
- ABTasty API Key
- Algolia API key
- Amplitude API Keys
- Asana Access token
- AWS Access Key ID and Secret
- Azure Application Insights APP ID and API Key
- Bing Maps API Key
- Bit.ly Access token
- Branch.io Key and Secret
- BrowserStack Access Key
- Buildkite Access token
- ButterCMS API Key
- Calendly API Key
- CircleCI Access Token
- Cypress record key
- DataDog API key
- Deviant Art Access Token
- Deviant Art Secret
- Dropbox API
- Facebook Access Token
- Facebook AppSecret
- Firebase
- FreshDesk API Key
- Github client id and client secret
- GitHub private SSH key
- Github Token
- Gitlab personal access token
- Firebase Cloud Messaging (FCM)
- Google Maps API key
- Google Recaptcha key
- Google Cloud Service Account credentials
- Heroku API key
- HubSpot API key
- Instagram Basic Display API
- Instagram Graph API
- Ipstack API Key
- Iterable API Key
- JumpCloud API Key
- Keen.io API Key
- Loqate API Key
- Lokalise API Key
- MailChimp API Key
- MailGun Private Key
- Mapbox API key
- Microsoft Azure Tenant
- Microsoft Shared Access Signatures (SAS)
- New Relic Personal API Key (NerdGraph)
- New Relic REST API
- NPM token
- Pagerduty API token
- Paypal client id and secret key
- Pendo Integration Key
- PivotalTracker API Token
- Razorpay API key and secret key
- Salesforce API key
- SauceLabs Username and access Key
- SendGrid API Token
- Slack API token
- Slack Webhook
- Sonarcloud
- Spotify Access Token
- Square
- Stripe Live Token
- Travis CI API token
- Twilio Account_sid and Auth token
- Twitter API Secret
- Twitter Bearer token
- WakaTime API Key
- WPEngine API Key
- YouTube API Key
- Zapier Webhook Token
- Zendesk Access token
- Spotify Access Token
- Instagram Access Token
- Paypal client id and secret key
- Gitlab personal access token
- Stripe Live Token
- Visual Studio App Center API Token
- WeGlot Api Key
Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid
Reviewed by Zion3R
on
8:30 AM
Rating: