dEEpEst
☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
- Joined
- Mar 29, 2018
- Messages
- 13,861
- Solutions
- 4
- Reputation
- 27
- Reaction score
- 45,546
- Points
- 1,813
- Credits
- 55,350
7 Years of Service
56%
All-in-One Regex for Leaked API Keys & Secrets
Post Created for Hack Tools Dark CommunityLooking to streamline your hunt for leaked credentials in repositories or live traffic? This tool might just be your new favorite.
Repository:
This link is hidden for visitors. Please Log in or register now.
Project Summary:This GitHub project by
Lu3ky13 presents a single, ultra-compact regex pattern designed to detect:- AWS Keys
- Google API Tokens
- Azure Keys
- Generic JWTs
- OAuth tokens
- Passwords, secrets, tokens
- Private keys
The goal? One regex to rule them all. Ideal for:
- Bug bounty hunters
- Red teamers
- DevSecOps auditors
- OSINT researchers
How to Use It:You can use this regex in tools like:
grep -Eor 'regex_here' ./or plug it into:
- Burp Suite filters
- DevTools (Chrome/Firefox)
- VSCode search
- Any Python script for scanning repos or logs
Example (command line):
Bash:
grep -Eor '[A-Za-z0-9_\-]{20,}(\s*[:=]\s*|["'"][A-Za-z0-9_\-]{20,})' /your/codebase/🛡 Caution: The pattern is **very greedy**. It might generate false positives, so manual review or context-aware filtering is still needed.
👁 What makes it unique:
Unlike specific patterns for AWS or Stripe, this one goes wide — helping you catch unknown or rare secrets.
Bonus:You can integrate it in:
- GitHub Actions
- CI/CD pipelines (GitLab, Jenkins)
- Custom code linters
- Pre-commit hooks
Automation Suggestion:Use it with
truffleHog, gitleaks, or custom scripts for even more powerful scanning.
Disclaimer:This tool is for educational and ethical testing purposes only. Do NOT use it on unauthorized systems or codebases.
🗨 Join the discussion:
Are you using similar regex for hunting secrets? Share your custom patterns, tools, or success stories below!
