ToolHQ API Key Scanner

Find Exposed API Keys Before Hackers Do

Discover and validate exposed API keys in public GitHub repositories. Built for educational and security awareness—learn how keys get leaked and report findings responsibly.

How It Works Try All Tools Free

38 developers online

Connection: Connected

ToolHQ API Key Scanner searches GitHub for exposed OpenAI, Anthropic, and Google API key patterns. Validate findings, export results, and report issues to repo owners—all from your dashboard.

Live Scanner Activity

Watch activity in real time. See which providers are being checked and hourly stats.

Live Feed

Waiting for activity...

Real-time updates

Hourly Stats

Scans this hour

127

Keys checked

Stats reset every hour on the hour. Next reset: 10:00 PM

How It Works

Connect your GitHub account, run the scanner, and review results in one place.

Search

ToolHQ uses your GitHub token to search public repositories for common API key patterns. We extract potential keys with regex for OpenAI, Anthropic, and Google, with built-in rate limiting to respect GitHub's API.

· GitHub-only search with your token
· ~30 searches/minute (GitHub limits)

Verify & Report

Validate discovered keys against provider APIs to confirm exposure. View results in your ToolHQ dashboard, export for your records, and report findings responsibly to repository owners.

· Validation with rate limiting
· Export and responsible disclosure

Supported Providers

Pattern examples the scanner looks for in public repositories.

Provider	Pattern examples
OpenAI	`sk-proj-, sk-or-v1-, OPENAI_API_KEY`
Anthropic	`sk-ant-api*, ANTHROPIC_API_KEY`
Google AI	`AIzaSy*, GOOGLE_API_KEY`

Get Started

Connect GitHub and run your first scan in minutes.

Create a GitHub token

Create a personal access token at GitHub with scope public_repo. You'll use this to connect ToolHQ to your GitHub account.

Create token at GitHub →

Use the scanner

No account needed. Connect your GitHub token when you run the scanner. All features are free.

Run the scanner

From your dashboard, start a scan. View potential exposures, validate keys, and export results. Report findings to repo owners to help secure the ecosystem.

Try Tools Free

Important Security Notice

Educational purpose only

This tool is designed to help developers identify and secure exposed API keys in public repositories. Use it to learn how keys get exposed and to report findings responsibly to repo owners.

Legal

ToolHQ is not responsible for any misuse of information found. Users are expected to act ethically and legally. Do not use discovered keys for unauthorized access.

Purpose

Our goal is to improve security awareness by helping developers find and fix exposed credentials before malicious actors do. Report findings to repository owners; never publish working keys.

Privacy

Your GitHub token is used only to perform searches. Do not share or publish scan results that contain working keys—that would expose them to malicious actors.

By using this tool, you agree to use the information responsibly and to help make the internet more secure.

Ready to scan?

All tools are free. No account required. Connect GitHub and start when you’re ready.

Try All Tools Free