Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
MIT License
ripgrep
in backenddora
also shows the path to the file and the line with context for easier analysisMake sure to install ripgrep
# clone the repo
$ git clone https://github.com/sdushantha/dora.git
# change the working directory to dora
$ cd dora
# install dora
$ python3 setup.py install --user
$ dora --help
usage: dora [options]
positional arguments:
PATH Path to directory or file to scan
optional arguments:
-h, --help show this help message and exit
--rg-path RG_PATH Specify path to ripgrep
--rg-arguments RG_ARGUMENTS
Arguments you want to provide to ripgrep
--json JSON Load regex data from a valid JSON file (default: db/data.json)
--verbose, -v, --debug, -d
Display extra debugging information
--no-color Don't show color in terminal output
apktool
and run dora
to find exposed API keysdora
to scan itdora
to scan for API keysYou are more than welcome to contribute in one of the following ways:
info
in the JSON data for an API key to better help the user getting a valid bug bounty report when reporting an API key they have foundOriginal creator - Siddharth Dushantha
Many of the regular expressions where taken from the following GitHub repositories:
Majority of the exploitation/POC methods were taken from keyhacks repository by streaak