{"id":26171815,"url":"https://github.com/zebbern/leakfinder","last_synced_at":"2026-02-03T14:32:03.062Z","repository":{"id":275682397,"uuid":"926855102","full_name":"zebbern/LeakFinder","owner":"zebbern","description":"🔐 | Fast Manual Credential Leak Detection using DevTools or Burp Suite!","archived":false,"fork":false,"pushed_at":"2025-02-06T21:52:00.000Z","size":23,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-30T14:08:30.389Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zebbern.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-04T01:06:34.000Z","updated_at":"2025-02-14T20:20:08.000Z","dependencies_parsed_at":"2025-06-27T13:36:34.994Z","dependency_job_id":"8191c205-ef0a-43eb-b246-d1282020aa79","html_url":"https://github.com/zebbern/LeakFinder","commit_stats":null,"previous_names":["zebbern/leakfinder"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zebbern/LeakFinder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zebbern%2FLeakFinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zebbern%2FLeakFinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zebbern%2FLeakFinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zebbern%2FLeakFinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zebbern","download_url":"https://codeload.github.com/zebbern/LeakFinder/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zebbern%2FLeakFinder/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29047565,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-11T19:51:24.875Z","updated_at":"2026-02-03T14:32:03.046Z","avatar_url":"https://github.com/zebbern.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# LeakFinder\n## 🔐 Using Developer Tools\n\n1. **Open DevTools:**  \n   - Press `Ctrl+Shift+I` (Windows/Linux) or `Cmd+Option+I` (macOS).\n\n2. **Go to Network Tab:**  \n   - Click on the **\"Network\"** tab.\n\n3. **Enable Regex Search:**  \n   - Click the regex icon in the filter bar to enable regex mode.\n\n4. **Refresh Page:**  \n   - Reload the webpage to capture all network requests.\n\n5. **Apply Regex Search:**  \n   - Paste the following regex into the filter bar:\n\n```regex\n(access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|apikey|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|heroku_api_key|sonatype_password|awssecretkey)\n```\n\n6. **Review Matches:**  \n   - Inspect the filtered requests manually for potential leaks.\n\n---\n\n## 🔍 Using Burp Suite\n\n1. **Launch Burp Suite:**  \n   - Start Burp Suite and configure your browser to route traffic through it.\n\n2. **Browse Your Target:**  \n   - Navigate through your target site and subdomains to capture traffic.\n\n3. **Use Regex in Search:**  \n   - Go to **\"Burp\" \u003e \"Search\"** tab.\n   - Select **\"Regular Expression\"** as the search type.\n   - Paste the following regex:\n\n```regex\n(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_key|cloudinary_api_secret|cloudinary_name|codecov_token|config|conn.login|connectionstring|consumer_key|consumer_secret|credentials|cypress_record_key|database_password|database_schema_test|datadog_api_key|datadog_app_key|db_password|db_server|db_username|dbpasswd|dbpassword|dbuser|deploy_password|digitalocean_ssh_key_body|digitalocean_ssh_key_ids|docker_hub_password|docker_key|docker_pass|docker_passwd|docker_password|dockerhub_password|dockerhubpassword|dot-files|dotfiles|droplet_travis_password|dynamoaccesskeyid|dynamosecretaccesskey|elastica_host|elastica_port|elasticsearch_password|encryption_key|encryption_password|env.heroku_api_key|env.sonatype_password|eureka.awssecretkey)[a-z0-9_ .\\-,]{0,25})(=|\u003e|:=|\\|\\|:|\u003c=|=\u003e|:).{0,5}['\\\"]([0-9a-zA-Z\\-_=]{8,64})['\\\"]\n```\n\n4. **Inspect Results:**  \n   - Review the search results for credential leaks.\n\n---\n\u003e [!Note]\n\u003e All Credits To [h4x0r-dz](https://github.com/h4x0r-dz/Leaked-Credentials) For Providing This Information\n\n\u003chr\u003e\n\n\u003e [!WARNING]  \n\u003e These is intended for educational and ethical hacking purposes only. It should only be used to test systems you own or have explicit permission to test. Unauthorized use of third-party websites or systems without consent is illegal and unethical.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzebbern%2Fleakfinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzebbern%2Fleakfinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzebbern%2Fleakfinder/lists"}