LEAKEY: checks and validates for leaked credentials

LEAKEY

LEAKEY is a tool for validation of leaked API tokens/keys found during pentesting and Red Team Engagements.
The script is really useful for Bug Hunters in order to validate and determine the impact of leaked credentials.

LEAKEY uses a json based signature file located at ~/.leakey/signatures.json
The idea behind LEAKEY is to make it highly customizable and easy to add new services/checks once they are discovered.

LEAKEY loads the services/check list via the signature file, if you wish to add more Checks/services, simply append it to the signatures.json file.

Installation

curl https://raw.githubusercontent.com/rohsec/LEAKEY/master/install.sh -o leaky_install.sh && chmod +x leaky_install.sh && bash leaky_install.sh

Use

After running the installation command, simply run the below in your terminal

Adding Checks:

All the checks for LEAKEY are defined in the signatures.json file.
To add any new checks, simply append the signatures file at ~/.leakey/signatures.json

[pastacode lang=”markup” message=”” highlight=”” provider=”manual” manual=”%7B%0A%20%20%20%20%22id%22%3A%200%2C%0A%20%20%20%20%22name%22%3A%20%22Slack%20API%20Token%22%2C%0A%20%20%20%20%22args%22%3A%20%5B%0A%20%20%20%20%20%20%22token%22%0A%20%20%20%20%5D%2C%0A%20%20%20%20%22command%22%3A%20%22curl%20-sX%20POST%20%5C%22https%3A%2F%2Fslack.com%2Fapi%2Fauth.test%3Ftoken%3Dxoxp-%24token%26pretty%3D1%5C%22%22%0A%20%20%7D”/]

Source: https://github.com/rohsec/

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy