{"id":22349461,"url":"https://github.com/securestackco/securestack-chrome-extension","last_synced_at":"2026-07-06T10:31:30.878Z","repository":{"id":132794040,"uuid":"419874105","full_name":"SecureStackCo/securestack-chrome-extension","owner":"SecureStackCo","description":"SecureStack Chrome Extension","archived":false,"fork":false,"pushed_at":"2021-12-21T02:10:16.000Z","size":138,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-07-14T07:06:09.368Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SecureStackCo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-21T20:55:00.000Z","updated_at":"2021-12-21T02:10:19.000Z","dependencies_parsed_at":null,"dependency_job_id":"626be060-215c-4a6c-bc0e-1f6c72fc7369","html_url":"https://github.com/SecureStackCo/securestack-chrome-extension","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/SecureStackCo/securestack-chrome-extension","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Fsecurestack-chrome-extension","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Fsecurestack-chrome-extension/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Fsecurestack-chrome-extension/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Fsecurestack-chrome-extension/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SecureStackCo","download_url":"https://codeload.github.com/SecureStackCo/securestack-chrome-extension/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SecureStackCo%2Fsecurestack-chrome-extension/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35187624,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-06T02:00:07.184Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-04T11:08:23.947Z","updated_at":"2026-07-06T10:31:30.814Z","avatar_url":"https://github.com/SecureStackCo.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"## GitHub credentials\nCurrently we are finding github credentials in two steps.\n\u003col\u003e\n\u003cli\u003eFind the \"github:\" header line\u003c/li\u003e\n\u003cli\u003ePull the github client secret out\u003c/li\u003e\n\u003c/ol\u003e\nIn the future we will need to combine these two into one so we grep first for the presence of \"github:\" and then look on that same line for the secret\n\n## AWS keys\nAWS has a rich API and sadely you may have to test a bunch of commands. List buckets might be a good start https://docs.aws.amazon.com/cli/latest/reference/s3api/list-buckets.html\n\n## Slack webhook keys\nThese are a problem almost always, see https://cybersecurity.att.com/blogs/labs-research/slack-phishing-attacks-using-webhooks\n\n## Algelia\nThese keys have access controls, a typical public key should not have access to the usage API, otherwise it could be an issue:\n```\ncurl -X GET \\\n  -H \"X-Algolia-API-Key: ${API_KEY}\" \\\n  -H \"X-Algolia-Application-Id: ${APPLICATION_ID}\" \\\n  --compressed \\\n  \"https://usage.algolia.com/1/usage/records?startDate=2020-07-15T00:00:00Z\u0026endDate=2020-07-16T00:00:00Z\u0026granularity=daily\"\n{\"status\":401,\"message\":\"The provided API key is missing the \\\"usage\\\" ACL\"}%\n```\n\n## Amplitude\nYou should not be able to export all data out of amplitude with a typical public key\n```\ncurl -u API_Key:${KEY} 'https://amplitude.com/api/2/export?start=20150201T5\u0026end=20150203T20'\n\u003chtml\u003e\u003ctitle\u003e403: Forbidden\u003c/title\u003e\u003cbody\u003e403: Forbidden\u003c/body\u003e\u003c/html\u003e%\n```\n\n## Bugsnag API\nYou should not be able to pull the orginization name\n```\ncurl --get 'https://api.bugsnag.com/user/organizations' \\\n       --header 'Authorization: token ${TOKEN}' \\\n       --header 'X-Version: 2'\n{\"errors\":[\"Bad Credentials\"]}%\n```\n\n## Google maps\nThis is untested, I found this repo for google map keys https://github.com/ozguralp/gmapsapiscanner\n\nThese keys also follow the same format for many other API's such as gmail/drive/cloud/etc... so this tool likely doesn't give full coverage\n\n## Json web tokens\nJWT's are interesting not just because they go to API's, but also because you can crack their secret in hashcat if they're alg `hs`\nyou can decode them here to figure out their algorithm https://jwt.io/\nand you can crack them here https://hashcat.net/wiki/doku.php?id=example_hashes with flag `-m 16500`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurestackco%2Fsecurestack-chrome-extension","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecurestackco%2Fsecurestack-chrome-extension","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurestackco%2Fsecurestack-chrome-extension/lists"}