anthropic-api-scanner
Scan GitHub for exposed Anthopic API Keys
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (15.4%) to scientific vocabulary
Keywords
Repository
Scan GitHub for exposed Anthopic API Keys
Basic Info
Statistics
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
- Releases: 0
Topics
Metadata Files
README.md
Anthropic-API-Scanner
This tool scans GitHub for available Anthropic API Keys.

[!NOTE] As of
August 21, 2024, GitHub has enabled push protection to prevent API key leakage, which could significantly impact this repository.[!NOTE] As of
March 11, 2024, secret scanning and push protection will be enabled by default for all new user-owned public repositories that you create. Check this announcement here.[!WARNING] ⚠️ DISCLAIMER
THIS PROJECT IS ONLY FOR SECURITY RESEARCH AND REMINDS OTHERS TO PROTECT THEIR PROPERTY, DO NOT USE IT ILLEGALLY!!
The project authors are not responsible for any consequences resulting from misuse.
Keeping Your API Key Safe
It's important to keep it safe to prevent unauthorized access. Here are some useful resources:
Prerequisites
This project has been tested and works perfectly on macOS, Windows and WSL2 (see Run Linux GUI apps on the Windows Subsystem for Linux)
Ensure you have the following installed on your system:
- Google Chrome
- Python3
Installation
Clone the repository:
```bash https://github.com/rfrlcode/Anthropic-API-Scanner
cd Anthropic-API-Scanner ```
Install required pypi packages
bash pip install selenium tqdm anthropic rich
Usage
Run the main script:
bash python3 src/main.pyYou will be prompted to log in to your GitHub account in the browser. Please do so.
That's it! The script will now scan GitHub for available Anthropic API Keys.
Command Line Arguments
The script supports several command line arguments for customization:
| Parameter | Description | Default |
|-----------|-------------|---------|
| --from-iter | Start scanning from a specific iteration | None |
| --debug | Enable debug mode for detailed logging | False |
| -ceko, --check-existed-keys-only | Only check existing keys in the database | False |
| -k, --keywords | Specify a list of search keywords | Default keyword list |
| -l, --languages | Specify a list of programming languages to search | Default language list |
Examples:
```bash
Start scanning from iteration 100
python3 src/main.py --from-iter 100
Only check existing keys
python3 src/main.py --check-existed-keys-only
Use custom keywords and languages
python3 src/main.py -k "anthropic" "claude" -l python javascript ```
Results
The results are stored in the anthropic_github.db SQLite database, which is created in the same directory as the script.
You can view the contents of this database using any SQLite database browser of your choice.
Running Demo
Result stored in SQLite (different API Key status)
FAQ
Q: Why are you using Selenium instead of the GitHub Search API?
A: The official GitHub search API does not support regex search. Only web-based search does.
Q: Why are you limiting the programming language in the search instead of searching all languages?
A: The web-based search only provides the first 5 pages of results. There are many API keys available. By limiting the language, we can break down the search results and obtain more keys.
Q: Why don't you use multithreading?
A: Because GitHub searches and Anthropic API are rate-limited. Using multithreading does not significantly increase efficiency.
Q: Why is the API Key provided in your repository not working?
A: The screenshots in this repo demonstrate the tool's ability to scan for available API keys. However, these keys may expire within hours or days. Please use the tool to scan for your own keys instead of relying on the provided examples.
Q: What's the push protection?
A: see picture.
Owner
- Login: rfrlcode
- Kind: user
- Repositories: 1
- Profile: https://github.com/rfrlcode
Citation (CITATION.cff)
cff-version: 1.2.0 message: "If you use this software, please cite it as below." authors: - family-names: "Hou" given-names: "Junyi" orcid: "https://orcid.org/0009-0003-0443-456X" title: "ChatGPT-API-Leakage" version: 1.5 # doi: 10.5281/zenodo.1234 date-released: 2024-02-21 url: "https://github.com/Junyi-99/ChatGPT-API-Leakage"
GitHub Events
Total
- Watch event: 5
- Push event: 3
- Fork event: 1
- Create event: 2
Last Year
- Watch event: 5
- Push event: 3
- Fork event: 1
- Create event: 2
Dependencies
- anthropic >=0.3.0
- flake8 >=7.0.0
- pylint >=3.0.0
- rich >=13.0.0
- ruff >=0.2.0
- selenium >=4.0.0
- tqdm >=4.65.0