In [10]:
import re
import base64
import requests

def scan_for_api_keys(content):
    # Example pattern for API keys, adjust this regex pattern as needed
    api_key_pattern = re.compile(r'[A-Za-z0-9]{32,}')
    return re.findall(api_key_pattern, content)

def get_all_files_recursive(url):
    response = requests.get(url)
    if response.status_code != 200:
        return []

    contents = response.json()
    files = []

    for item in contents:
        if item["type"] == "file":
            files.append(item)
        elif item["type"] == "dir":
            files.extend(get_all_files_recursive(item["url"]))

    return files

def main():
    github_username = 'Joshua-Stapleton'
    repos_url = f'https://api.github.com/users/{github_username}/repos'
    token = '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'
    headers = {'Authorization': f'token {token}'}
    response = requests.get(repos_url, headers)

    if response.status_code == 200:
        repositories = response.json()

        for repo in repositories:
            print(f'Scanning repository: {repo["name"]}')

            try:
                files = get_all_files_recursive(repo["contents_url"].replace('{+path}', ''))

                for file in files:
                    file_response = requests.get(file["download_url"])

                    if file_response.status_code == 200:
                        content = file_response.text
                        keys = scan_for_api_keys(content)

                        if keys:
                            print(f'  - Found potential API keys in {file["path"]}: {keys}')
            except Exception as e:
                print(f'  - Error scanning {repo["name"]}: {e}')
    else:
        print('Failed to fetch repositories. Check your username and try again.')


main()

Failed to fetch repositories. Check your username and try again.


# Concurrent Optimized Version

In [22]:
import re
import requests
import concurrent.futures


REGEX_PATTERNS = [
    r'sk-\w{48}',
    # r'ghp-\w{36}'
]


def scan_for_api_keys(content):
    # regex_string_all = '|'.join(REGEX_PATTERNS)
    regex_string_all = re.compile(r'[A-Za-z0-9]{32,}')
    api_key_pattern = re.compile(regex_string_all)
    return re.findall(api_key_pattern, content)


def get_all_files_recursive(url):
    response = requests.get(url)
    if response.status_code != 200:
        return []

    contents = response.json()
    files = []

    with concurrent.futures.ThreadPoolExecutor() as executor:
        futures = {executor.submit(get_all_files_recursive, item["url"]): item for item in contents if item["type"] == "dir"}

        for future in concurrent.futures.as_completed(futures):
            files.extend(future.result())

    files += [item for item in contents if item["type"] == "file"]

    return files

def scan_repository(repo):
    print(f'Scanning repository: {repo["name"]}')

    try:
        files = get_all_files_recursive(repo["contents_url"].replace('{+path}', ''))

        for file in files:
            file_response = requests.get(file["download_url"])

            if file_response.status_code == 200:
                content = file_response.text
                keys = scan_for_api_keys(content)

                if keys:
                    print(f'  - Found potential API keys in {file["path"]}: {keys}')
    except Exception as e:
        print(f'  - Error scanning {repo["name"]}: {e}')


def main():
    github_username = 'NagliNagli'
    repos_url = f'https://api.github.com/users/{github_username}/repos'

    # use a proxy server to bypass the rate limit
    # proxy = '145.239.85.58:9300'
    # proxy = '189.2.164.165:4153'
    # proxy = '200.85.183.38:4145'
    proxy = '120.46.215.52:3127'
    proxy_dict = {
        "http": f"http://{proxy}",
        "https": f"http://{proxy}"
    }
    
    response = requests.get(repos_url) # , headers # , proxies=proxy_dict
    
    if response.status_code == 200:
        repositories = response.json()

        with concurrent.futures.ThreadPoolExecutor() as executor:
            executor.map(scan_repository, repositories)

    else:
        print(response.content)
        print('Failed to fetch repositories. Check your username and try again.')
    
main()

b'{"message":"API rate limit exceeded for 156.0.238.226. (But here\'s the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}\n'
Failed to fetch repositories. Check your username and try again.
