secrets.ninja is a tool for validating API keys and credentials discovered during pentesting & bug bounty hunting.
It proivdes a unified interface for testing these keys across SaaS, Databases, Cloud Providers & services
- Multiple Service Support: Secrets Ninja supports a wide range of services, each with a dedicated module for validating API keys.
- Extensible Design: The project is designed to be easily extensible, allowing for the addition of new modules for other services.
- User-Friendly Interface: A simple and intuitive interface for inputting API keys and making requests.
- Clear Feedback: Provides clear feedback on the validity of the keys and any information retrieved from the API calls.
To get started with Secrets Ninja, install the dependencies and run the development server.
- Install dependencies using below command
$ npm install
$ npm run devOr Run Using Docker, Including the Secrets Ninja Proxy for testing AWS, MongoDB creds privately
docker run -p 5173:5173 -p 8001:8001 secretsninja/secrets-ninja:latest
Access the development server at http://localhost:5173/
Contributions are welcome, particularly new modules for validating API keys on additional services. Please note that due to CORS restrictions or in case of Cloud Creds which requires SDK, CLI tools, some APIs can't be accessed using frontend JS only. In such cases, the project provides workaround using secrets-ninja-proxy module.
Interested in contributing to the project? Here's how you can get started.
This tool is intended for ethical use only. It is the user's responsibility to comply with all applicable laws and terms of service when using this tool.
Secrets Ninja is licensed under the MIT License. See the LICENSE file for more details.