{"id":19107895,"url":"https://github.com/Junyi-99/ChatGPT-API-Scanner","last_synced_at":"2025-07-16T11:32:19.995Z","repository":{"id":223630412,"uuid":"761068700","full_name":"Junyi-99/ChatGPT-API-Leakage","owner":"Junyi-99","description":"Scan GitHub for available OpenAI API Keys","archived":false,"fork":false,"pushed_at":"2024-10-22T11:42:51.000Z","size":5116,"stargazers_count":123,"open_issues_count":3,"forks_count":26,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-11-09T04:14:14.989Z","etag":null,"topics":["chatgpt","chatgpt-api","freegpt","gpt","gpt-3","gpt4","selenium"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Junyi-99.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-21T07:16:44.000Z","updated_at":"2024-11-08T13:13:02.000Z","dependencies_parsed_at":"2024-04-22T06:30:54.158Z","dependency_job_id":"b9d91a36-95e8-4b61-a3c2-511e18fecf10","html_url":"https://github.com/Junyi-99/ChatGPT-API-Leakage","commit_stats":null,"previous_names":["junyi-99/chatgpt-api-leakage"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Junyi-99%2FChatGPT-API-Leakage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Junyi-99%2FChatGPT-API-Leakage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Junyi-99%2FChatGPT-API-Leakage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Junyi-99%2FChatGPT-API-Leakage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Junyi-99","download_url":"https://codeload.github.com/Junyi-99/ChatGPT-API-Leakage/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226126267,"owners_count":17577480,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chatgpt","chatgpt-api","freegpt","gpt","gpt-3","gpt4","selenium"],"created_at":"2024-11-09T04:14:19.767Z","updated_at":"2025-07-16T11:32:19.964Z","avatar_url":"https://github.com/Junyi-99.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ChatGPT-API-Scanner\n\nThis tool scans GitHub for available OpenAI API Keys.\n\n![Result Demo 1](pics/demo.png)\n\n\u003e [!NOTE]\n\u003e As of `August 21, 2024`, GitHub has enabled push protection to prevent API key leakage, which could significantly impact this repository.\n\n\u003e [!NOTE]\n\u003e As of `March 11, 2024`, secret scanning and push protection will be enabled by default for all new user-owned public repositories that you create.\n\u003e Check this announcement [here](https://docs.github.com/en/code-security/getting-started/quickstart-for-securing-your-repository).\n\n\u003e [!WARNING]\n\u003e **⚠️ DISCLAIMER**\n\u003e\n\u003e THIS PROJECT IS ONLY FOR ***SECURITY RESEARCH*** AND REMINDS OTHERS TO PROTECT THEIR PROPERTY, DO NOT USE IT ILLEGALLY!!\n\u003e\n\u003e The project authors are not responsible for any consequences resulting from misuse.\n\n## Keeping Your API Key Safe\n\nIt's important to keep it safe to prevent unauthorized access. Here are some useful resources:\n\n- [Best Practices for API Key Safety](https://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety)\n\n- [My API is getting leaked.. need advice!](https://community.openai.com/t/my-api-is-getting-leaked-need-advice/280564)\n\n- [My OpenAI API Key Leaked! What Should I Do?](https://www.gitguardian.com/remediation/openai-key)\n\n## Prerequisites\n\nThis project has been tested and works perfectly on macOS, Windows and WSL2 (see [Run Linux GUI apps on the Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/tutorials/gui-apps))\n\nEnsure you have the following installed on your system:\n\n- Google Chrome\n- Python3\n\n## Installation\n\n1. Clone the repository:\n\n ```bash\n git clone https://github.com/Junyi-99/ChatGPT-API-Leakage\n\n cd ChatGPT-API-Leakage\n ```\n\n2. Install required pypi packages\n\n ```bash\n pip install selenium tqdm openai rich\n ```\n\n## Usage\n\n1. Run the main script:\n\n ```bash\n python3 src/main.py\n ```\n\n2. You will be prompted to log in to your GitHub account in the browser. Please do so.\n\nThat's it! The script will now scan GitHub for available OpenAI API Keys.\n\n## Command Line Arguments\n\nThe script supports several command line arguments for customization:\n\n| Parameter | Description | Default |\n|-----------|-------------|---------|\n| `--from-iter` | Start scanning from a specific iteration | `None` |\n| `--debug` | Enable debug mode for detailed logging | `False` |\n| `-ceko, --check-existed-keys-only` | Only check existing keys in the database | `False` |\n| `-k, --keywords` | Specify a list of search keywords | Default keyword list |\n| `-l, --languages` | Specify a list of programming languages to search | Default language list |\n\nExamples:\n\n```bash\n# Start scanning from iteration 100\npython3 src/main.py --from-iter 100\n\n# Only check existing keys\npython3 src/main.py --check-existed-keys-only\n\n# Use custom keywords and languages\npython3 src/main.py -k \"openai\" \"chatgpt\" -l python javascript\n```\n\n## Results\n\nThe results are stored in the `github.db` SQLite database, which is created in the same directory as the script.\n\nYou can view the contents of this database using any SQLite database browser of your choice.\n\n\u003cfigure\u003e\n \u003cimg\n src=\"pics/demo2.png\"\n alt=\"Running Demo\"\u003e\n \u003cp align=\"center\"\u003e\n Running Demo\n \u003c/p\u003e\n\u003c/figure\u003e\n\n\u003cfigure\u003e\n \u003cimg\n src=\"pics/db.png\"\n alt=\"Result in DB\"\u003e\n \u003cp align=\"center\"\u003e\n Result stored in SQLite (different API Key status)\n \u003c/p\u003e\n\u003c/figure\u003e\n\n## FAQ\n\n**Q: Why are you using Selenium instead of the GitHub Search API?**\n\nA: The official GitHub search API does not support regex search. Only web-based search does.\n\n**Q: Why are you limiting the programming language in the search instead of searching all languages?**\n\nA: The web-based search only provides the first 5 pages of results. There are many API keys available. By limiting the language, we can break down the search results and obtain more keys.\n\n**Q: Why don't you use multithreading?**\n\nA: Because GitHub searches and OpenAI are rate-limited. Using multithreading does not significantly increase efficiency.\n\n**Q: Why is the API Key provided in your repository not working?**\n\nA: The screenshots in this repo demonstrate the tool's ability to scan for available API keys. However, these keys may expire within hours or days. Please use the tool to scan for your own keys instead of relying on the provided examples.\n\n**Q: What's the push protection?**\n\nA: see picture.\n\n\u003cp align=\"center\"\u003e\n \u003ckbd\u003e\u003cimg src=\"pics/warning1.png\" alt=\"GitHub Push Protection\" width=\"400\"\u003e \u003c/kbd\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJunyi-99%2FChatGPT-API-Scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJunyi-99%2FChatGPT-API-Scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJunyi-99%2FChatGPT-API-Scanner/lists"}