A Security Research Tool for Detecting Exposed API Keys
API_SNATCHER is an ethical security research tool designed to help organizations and developers identify accidentally exposed API keys in public repositories. By detecting potential security risks early, we help prevent unauthorized access and protect sensitive resources. This tool is intended for security researchers, penetration testers, and organizations conducting security audits of their own codebases.
- Ethical Key Detection: Scans public repositories for potentially exposed API keys
- Smart Filtering: Excludes example keys and placeholder patterns to reduce false positives
- Rate Limit Friendly: Respects GitHub API rate limits to ensure sustainable usage
- Responsible Disclosure: Includes guidelines for ethically reporting found credentials
- Customizable Search: Configurable maximum results and search patterns
- Random Result Selection: Helps identify different exposed keys in each scan
└── api_snatcher/
├── main.py # Core scanning logic
└── requirements.txt # Project dependencies- Python 3.7+
- GitHub Personal Access Token
- Understanding of responsible disclosure practices
- Clone the repository:
git clone https://github.com/mp3skater/api_snatcher- Install dependencies:
pip install -r requirements.txtRun the scanner with your GitHub token:
from main import GitHubKeyScanner
scanner = GitHubKeyScanner(github_token="your_github_token")
findings = scanner.search_for_keys(max_results=5)We welcome contributions that enhance the tool's security research capabilities while maintaining ethical standards. Please follow these guidelines:
- Focus on improving detection accuracy
- Add features that help prevent false positives
- Enhance responsible disclosure capabilities
- Improve documentation and usage guidelines
- Only scan public repositories you have permission to audit
- Immediately report found credentials to repository owners
- Never use or test discovered API keys
- Follow responsible disclosure practices
- Document all findings for proper reporting
- Initial key detection implementation
- Add support for multiple API key patterns
- Implement automated responsible disclosure notifications
- Create detailed security reporting templates
- Add rate limit optimization features
This project is released under the MIT License to promote open security research while maintaining ethical guidelines.
- Security research community
- GitHub API documentation
- Open source security tools
- Responsible disclosure frameworks
Note: This tool is designed for security research and helping organizations identify their exposed credentials. Always obtain proper authorization before conducting security research and follow responsible disclosure practices.