Keydd is an HTTP(s) traffic analysis tool designed for sensitive information detection and AI-driven API business logic analysis. It functions as a downstream proxy for security tools like BurpSuite and browsers, offering zero-perception, lag-free inspection of traffic for credentials, API keys, and other sensitive data, benefiting security professionals and developers.

How It Works

Keydd employs a Man-in-the-Middle (MITM) proxy architecture, inspired by mitmproxy, to intercept and analyze HTTP(s) traffic. It utilizes over 30 built-in and customizable rules to detect sensitive information. For newly encountered API endpoints, it integrates Large Language Models (LLMs) to perform business logic analysis, enhancing security posture. Performance optimizations include content type filtering, streaming large files, non-blocking concurrency, and request deduplication.

Quick Start & Requirements

• Primary install/run command: Build from source using go build -o keydd main.go.
• Non-default prerequisites: Go toolchain.
• Configuration: Edit config/rule.yaml to define detection rules and AI settings (e.g., LLM model, API key, base URL).
• Usage: Configure Keydd (default: 127.0.0.1:9080) as an upstream proxy in tools like BurpSuite or system proxy settings.

Highlighted Details

• Detects over 30 categories of sensitive information, including API keys (AWS, GCP, etc.), JWTs, passwords, and various webhook types.
• Features AI-driven analysis of API business logic using LLMs for deeper security insights.
• Supports multiple database backends (SQLite, MySQL, PostgreSQL) for storing detection results and AI analysis records.
• Integrates observability features like Langfuse tracking, token statistics, and rate limiting.

Maintenance & Community

The project welcomes community contributions via Issues and Pull Requests. While Star History is mentioned, specific community channels (e.g., Discord, Slack) or a public roadmap are not detailed in the provided README.

Licensing & Compatibility

The provided README does not explicitly state the project's license. This lack of clear licensing information may pose a barrier to adoption, particularly for commercial or closed-source integration.

Limitations & Caveats

The project includes a strong disclaimer emphasizing its intended use for authorized security construction and personal learning, warning against unauthorized scanning and stating that users bear responsibility for any illegal activities. No technical limitations regarding supported platforms or specific protocol handling are detailed.