Tool to check creds automatically

streaak / keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

4.86k stars 1.01k forks source link

Tool to check creds automatically #28

Closed Metnew closed 5 years ago

Metnew commented 5 years ago

Hey, it's a great project! It could be even better if it'd be possible to check creds from the shell. Writing a tool is easy, but it requires mirroring current README (or only API URLs) into JSON or similar format.

This project includes only API urls and probably won't be used as a seed for any tools.

Example json:

{
   "service": "AWS",
   "description": "Checks AWS keys via IAM API",
   "url": "https://aws/url",
   "expected_status": "200",
   "expected_body?": "{\"key\":\"is_valid\"}"
}

codingo commented 5 years ago

Watch this space, there's a couple I know of in the works already but not likely to be released until Defcon.