reddit hackernews mail facebook facebook linkedin


Bash script which checks and validates for leaked credentials.
#api   #secrets  

LEAKEY is a tool is for validation of leaked API tokens/keys found during pentesting and Red Team Enegagments.
The script is really useful for Bug Hunters inorder to validate and determine the impact of leaked credentials.

LEAKEY uses a json based signature file located at ~/.leakey/signatures.json
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered.

LEAKEY loads the services/check list via the signature file, if you wish to add more Checks/services, simply append it in the signatures.json file.