API Radar – Live Feed of Leaked API Keys

API Radar – Live Feed of Leaked API Keys

See your leaked API keys before attackers do

47 followers

Visit website
API Radar turns leaked API keys into a searchable threat feed for your own org. This new version rebuilds the core engine so it continuously discovers exposed keys in public GitHub, then lets you slice them by provider, repo, file path, and time to see exactly what’s out and where. Instead of digging through noisy scanners or random alerts, you get a focused view of real leaked credentials you can revoke and rotate fast.
This is the 2nd launch from API Radar – Live Feed of Leaked API Keys. View more

API Radar

Launched this week
See your leaked API keys before attackers do
API Radar turns leaked API keys into a searchable threat feed for your own org. This new version rebuilds the core engine so it continuously discovers exposed keys in public GitHub, then lets you slice them by provider, repo, file path, and time to see exactly what’s out and where. Instead of digging through noisy scanners or random alerts, you get a focused view of real leaked credentials you can revoke and rotate fast.
Interactive
API Radar gallery image
API Radar gallery image
API Radar gallery image
API Radar gallery image
API Radar gallery image
Free
Launch tags:PrivacyDeveloper ToolsSecurity
Launch Team / Built With
Vy - Cross platform AI agent
Vy - Cross platform AI agent
AI agent that uses your computer, cross platform, no APIs
Promoted

What do you think? …

Zaim Abbasi
API Radar – Live Feed of Leaked API Keys
Maker
📌
I’m building API Radar as a solo dev to answer one question: “Which of our API keys are already leaked in public?” This launch ships a rebuilt engine that continuously pulls exposed keys from public GitHub and turns them into a searchable feed you can filter by provider, repo, file path, and time. The goal is to go from “some scanner says something is bad” to “here’s the exact key, in this file, in this repo – now revoke and rotate.” I’d love brutal feedback from developers, DevOps/SRE, and security folks: Would this slot into how you handle secrets right now? What’s missing to make this something you’d rely on during incidents? Happy to dive into technical details, detection logic, and roadmap in the comments.
Bekjon Ibragimov

That def would be helpful. It would also help to see if keys have already been rotated, most of the times if keys are leaked they're rotated since it's already in git history

Zaim Abbasi
API Radar – Live Feed of Leaked API Keys
Maker

@bekjon_ibragimov 100% agree.

right now api radar shows leaks with the latest ones first, so if a owner pushed a key 10 hours ago, the chances are high that the key is still active

Peter Shu
Dirac

What if an attacker uses Api radar before you do? :p

Zaim Abbasi
API Radar – Live Feed of Leaked API Keys
Maker

@peterz_shu Legit concern.

API Radar does scan public GitHub, so that risk is always on my mind.