Keyhacks - A Repository Which Shows Quick Ways In Which API Keys Leaked By A Bug Bounty Program Can Be Checked To See If They'Re Valid

KeyHacks shows ways in which particular API keys found on a Bug Bounty Program can be used, to check if they are valid.

@Gwen001 has scripted the entire process available here and it can be found here

Table of Contents

• ABTasty API Key
• Algolia API key
• Amplitude API Keys
• Asana Access token
• AWS Access Key ID and Secret
• Azure Application Insights APP ID and API Key
• Bing Maps API Key
• Bit.ly Access token
• Branch.io Key and Secret
• BrowserStack Access Key
• Buildkite Access token
• ButterCMS API Key
• Calendly API Key
• CircleCI Access Token
• Cypress record key
• DataDog API key
• Deviant Art Access Token
• Deviant Art Secret
• Dropbox API
• Facebook Access Token
• Facebook AppSecret
• Firebase
• FreshDesk API Key
• Github client id and client secret
• GitHub private SSH key
• Github Token
• Gitlab personal access token
• Firebase Cloud Messaging (FCM)
• Google Maps API key
• Google Recaptcha key
• Google Cloud Service Account credentials
• Heroku API key
• HubSpot API key
• Instagram Basic Display API
• Instagram Graph API
• Ipstack API Key
• Iterable API Key
• JumpCloud API Key
• Keen.io API Key
• Loqate API Key
• Lokalise API Key
• MailChimp API Key
• MailGun Private Key
• Mapbox API key
• Microsoft Azure Tenant
• Microsoft Shared Access Signatures (SAS)
• New Relic Personal API Key (NerdGraph)
• New Relic REST API
• NPM token
• Pagerduty API token
• Paypal client id and secret key
• Pendo Integration Key
• PivotalTracker API Token
• Razorpay API key and secret key
• Salesforce API key
• SauceLabs Username and access Key
• SendGrid API Token
• Slack API token
• Slack Webhook
• Sonarcloud
• Spotify Access Token
• Square
• Stripe Live Token
• Travis CI API token
• Twilio Account_sid and Auth token
• Twitter API Secret
• Twitter Bearer token
• WakaTime API Key
• WPEngine API Key
• YouTube API Key
• Zapier Webhook Token
• Zendesk Access token
• Spotify Access Token
• Instagram Access Token
• Paypal client id and secret key
• Gitlab personal access token
• Stripe Live Token
• Visual Studio App Center API Token
• WeGlot Api Key

from KitPloit - PenTest & Hacking Tools https://ift.tt/38s0Jnj
via hacking

• Tweet
• Share
• Share
• Share
• Share

About Admin MC3

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Related Post