Keyhacks – A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They’Re Valid

September 1, 2021

keyhacks 1 795959

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.

@Gwen001 has scripted the entire process available here and it can be found here

Table of Contents

  • ABTasty API Key
  • Algolia API key
  • Amplitude API Keys
  • Asana Access token
  • AWS Access Key ID and Secret
  • Azure Application Insights APP ID and API Key
  • Bing Maps API Key
  • Bit.ly Access token
  • Branch.io Key and Secret
  • BrowserStack Access Key
  • Buildkite Access token
  • ButterCMS API Key
  • Calendly API Key
  • CircleCI Access Token
  • Cypress record key
  • DataDog API key
  • Deviant Art Access Token
  • Deviant Art Secret
  • Dropbox API
  • Facebook Access Token
  • Facebook AppSecret
  • Firebase
  • FreshDesk API Key
  • Github client id and client secret
  • GitHub private SSH key
  • Github Token
  • Gitlab personal access token
  • Firebase Cloud Messaging (FCM)
  • Google Maps API key
  • Google Recaptcha key
  • Google Cloud Service Account credentials
  • Heroku API key
  • HubSpot API key
  • Instagram Basic Display API
  • Instagram Graph API
  • Ipstack API Key
  • Iterable API Key
  • JumpCloud API Key
  • Keen.io API Key
  • Loqate API Key
  • Lokalise API Key
  • MailChimp API Key
  • MailGun Private Key
  • Mapbox API key
  • Microsoft Azure Tenant
  • Microsoft Shared Access Signatures (SAS)
  • New Relic Personal API Key (NerdGraph)
  • New Relic REST API
  • NPM token
  • Pagerduty API token
  • Paypal client id and secret key
  • Pendo Integration Key
  • PivotalTracker API Token
  • Razorpay API key and secret key
  • Salesforce API key
  • SauceLabs Username and access Key
  • SendGrid API Token
  • Slack API token
  • Slack Webhook
  • Sonarcloud
  • Spotify Access Token
  • Square
  • Stripe Live Token
  • Travis CI API token
  • Twilio Account_sid and Auth token
  • Twitter API Secret
  • Twitter Bearer token
  • WakaTime API Key
  • WPEngine API Key
  • YouTube API Key
  • Zapier Webhook Token
  • Zendesk Access token
  • Spotify Access Token
  • Instagram Access Token
  • Paypal client id and secret key
  • Gitlab personal access token
  • Stripe Live Token
  • Visual Studio App Center API Token
  • WeGlot Api Key

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

CISA Logo

CISA: CISA Releases Two Industrial Control Systems Advisories

April 23, 2024
cybersecurity

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]concordegroup[.]ca/

April 23, 2024
image

CACTUS Ransomware Victim: https://www[.]coastalcargogroup[.]com/

April 23, 2024