This tool scans GitHub for publicly exposed OpenAI API keys, targeting security researchers and developers concerned about credential leakage. It automates the process of searching GitHub repositories for sensitive information, aiming to identify and report potential vulnerabilities.

How It Works

The scanner leverages Selenium to interact with GitHub's web interface, enabling regex-based searches that the official GitHub Search API does not support. This approach allows for more precise identification of API keys within code. The tool iterates through search results, extracting potential keys and storing them in a local SQLite database for analysis.

Quick Start & Requirements

• Install: pip install selenium tqdm openai rich
• Prerequisites: Python 3, Google Chrome, Git.
• Setup: Clone the repository, install dependencies, and run python3 src/main.py. Requires logging into GitHub via the browser.
• Documentation: GitHub Repository

Highlighted Details

• Utilizes Selenium for GitHub web searches, enabling regex matching unavailable via the API.
• Stores findings in a local github.db SQLite database.
• Supports custom keywords and programming language filtering for targeted scans.
• Explains the rationale behind design choices, such as avoiding multithreading due to rate limiting.

Maintenance & Community

The project appears to be maintained by a single contributor, Junyi-99. There are no explicit links to community channels or roadmaps provided in the README.

Licensing & Compatibility

The README does not explicitly state a license. The project's nature and the disclaimer suggest it is intended for research purposes, and commercial use or integration into closed-source projects may require careful consideration of potential legal implications.

Limitations & Caveats

GitHub's push protection and secret scanning features, enabled by default for new public repositories, may significantly reduce the effectiveness of this tool. The tool's reliance on web scraping makes it susceptible to changes in GitHub's website structure.