Bug Pilot

The goal of this work is to identify weak spots in API keys for existing web-based infrastructure.The potential security risks associated with these keys, however, are often overlooked or ignored. Our goal is to create a system that can identify and warn users of vulnerable API keys, such as those that have been leaked or shared without permission. This project will examine code projects for API vulnerabilities using regex patterns and efficient searching algorithms. Our project's goal is to strengthen the safety of all web-based infrastructure by offering a reliable method of discovering API key vulnerabilities.

As of now it can detect any leaks related to these keys:

    google_api
    google_captcha
    google_oauth
    amazon_aws_access_key_id
    amazon_mws_auth_toke
    amazon_aws_url
    facebook_access_token
    authorization_basic
    authorization_bearer
    authorization_api
    mailgun_api_key
    twilio_api_key
    twilio_account_sid
    twilio_app_sid
    paypal_braintree_access_token
    square_oauth_secret
    square_access_token
    stripe_standard_api
    stripe_restricted_api
    github_access_token
    rsa_private_key
    ssh_dsa_private_key
    ssh_dc_private_key
    pgp_private_block
    json_web_token

You can check for vulnerabilitie either by directly uploading the zip file of your project, or by providing the github repo link or by giving the link of a live website.

After the application looks at the code, it can tell the path and line number in the file where a possible security flaw is found and also genrate a pdf of the same.