KeyLeak Detector: Open-Source Tool for Scanning Websites for Exposed API Keys and Secrets
By
amaldavid
A five-star bake. Worth schmearing, sharing, saving.
Summary
KeyLeak Detector is an open-source web application that scans websites for exposed API keys, secrets, and sensitive data. It uses headless browser automation combined with network traffic interception to detect secrets in JavaScript, headers, API responses, and dynamic content. The tool features 200+ detection patterns dynamically loaded from GitLeaks with custom enhancements, offers two scan modes (unauthenticated basic and authenticated extensive), and includes caching mechanisms for pattern updates.
Key quotes
· 5 pulledA web application that scans websites for exposed API keys, secrets, sensitive data, and access control issues.
Combines headless browser automation with network traffic interception to catch secrets in JavaScript, headers, API responses, and dynamic content.
Detection patterns are dynamically loaded from GitLeaks and enhanced with custom patterns optimized for runtime web scanning.
200+ Detection Patterns — Dynamic pattern loading from GitLeaks combined with custom patterns, cached for 24 hours
Two Scan Modes — Unauthenticated basic scan and authenticated extensive scan
You might also wanna read
API Radar Launches Enhanced Service for Detecting Leaked API Keys in GitHub Repositories
API Radar launches a new version of its Live Feed of Leaked API Keys service that continuously discovers exposed API keys in public GitHub r
Product Hunt·4mo ago
Keychains.dev: Secure Credential Proxy for AI Agents to Access APIs Without Exposing Credentials
Keychains.dev is a secure credential proxy service for AI agents that allows them to access over 11,000 APIs without exposing credentials. I
Product Hunt·3mo ago