dora: Find exposed API keys based on RegEx

dora

Find exposed API keys based on RegEx and get exploitation methods for some of the keys that are found.

Features

• Blazing fast as we are using ripgrep in the backend
• Exploit/PoC steps for many of the API keys, allowing to write a good report for bug bounty hunting
• Unlike many other API key finders, dora also shows the path to the file and the line with context for easier analysis
• Can easily be implemented into scripts.

Example Use Cases

1. Decompile an APK using apktool and run dora to find exposed API keys
2. Scan GitHub repos by cloning it and allowing dora to scan it
3. While scraping sites, run dora to scan for API keys

Install

Make sure to install ripgrep

# clone the repo
$ git clone https://github.com/sdushantha/dora.git

# change the working directory to sherlock
$ cd dora

# install dora
$ python3 setup.py install –user

Use

$ dora --help

usage: dora [options]



positional arguments:

  PATH                  Path to directory or file to scan



optional arguments:

  -h, --help            show this help message and exit

  --rg-path RG_PATH     Specify path to ripgrep

  --rg-arguments RG_ARGUMENTS

                        Arguments you want to provide to ripgrep

  --json JSON           Load regex data from a valid JSON file (default: db/data.json)

  --verbose, -v, --debug, -d

                        Display extra debugging information

  --no-color            Don't show color in terminal output

Copyright (c) 2021 Siddharth Dushantha

Source: https://github.com/sdushantha/