keyhunter

Crates.iokeyhunter
lib.rskeyhunter
version0.2.0
sourcesrc
created_at2024-04-23 20:12:25.560957
updated_at2024-08-27 20:31:39.082879
descriptionCheck for leaked API keys and secrets on public websites
homepage
repositoryhttps://github.com/DonIsaac/keyhunter
max_upload_size
id1217972
size369,918
Don Isaac (DonIsaac)

documentation

README

KeyHunter

CI Check Crates.io Version docs.rs CodSpeed Badge

Check for leaked API keys and secrets any website's JavaScript.

KeyHunter running on sites of the last 7 YCombinator startups
KeyHunter running on sites of the last 7 YCombinator batches

Installation

You can install KeyHunter as a Crate from crates.io:

cargo install keyhunter --all-features

You can also use it as a library:

[dependencies]
keyhunter = "0.2.0"

Library docs are available on docs.rs.

Usage

To reproduce the example above, run make yc

Provide KeyHunter with a URL to start scanning from. It will visit all pages on the same domain that URL links to, find all scripts referenced by those pages, and check them for leaked API keys and secrets.

keyhunter https://example.com

Authentication

You can include one or more headers in all requests KeyHunter makes with the --header (or -H) flag. This means you can include an Authorization header to scan websites that require authentication.

keyhunter https://example.com -H "Authorization: Bearer <token>"

# Multiple headers
keyhunter https://example.com -H "Cookie: session-cookie=123" -H "x-another-header: foo"

This flag follows the same conventions as curl's -H flag.

For more information and a list of all available arguments, run keyhunter --help.

Output Format

Using the --format <format> flag, you can specify how KeyHunter should output its findings.

  • default: Pretty-printed, human readable output. This is the default format.
  • json: Print a JSON object for each finding on a separate line. This format is really JSON lines.

Disclaimer

This tool is for educational purposes only. Only use it on websites and/or web applications that you own or that are owned by an organization that has given you their explicit consent. Do not use this tool for malicious purposes. Please read the LICENSE for more information.

Commit count: 80

cargo fmt