Show HN: KeyLeak Detector – Scan websites for exposed API keys and secrets
5 months ago
- #API-keys
- #security
- #web-application
- Web application scans websites for API keys, secrets, and sensitive information leaks.
- Inspired by Keyleaksecret project.
- Features include scanning for secret patterns, checking response headers, validating security headers, and providing real-time results.
- User-friendly web interface with findings categorized by severity.
- Installation involves cloning the repository, setting up a virtual environment, and installing dependencies.
- Application runs on port 5002 to avoid conflicts with AirPlay on macOS.
- Uses browser automation, network monitoring, content analysis, and pattern matching to detect secrets.
- Detects 50+ types of sensitive information including cloud provider credentials, service credentials, LLM/AI keys, database credentials, and more.
- Provides severity classification, context information, and remediation recommendations.
- For educational and authorized testing purposes only.
- Users must comply with legal and ethical guidelines.
- Contributions are welcome via GitHub.
- Project is licensed under MIT License.