Detect Exposed API Keys & Secrets Before Attackers Do.
KeySweep scans public-facing websites and surfaces leaked credentials, tokens, and sensitive data so you can remediate before they're exploited.
Part of the Binary³ PlatformScan a Website for Exposed Secrets
We automatically normalize and scan over HTTPS.
Initializing scan...
API Key Detection
Identifies exposed keys from AWS, GitHub, Google Cloud, Stripe, and 30+ providers in public-facing code and metadata.
Database Credentials
Detects leaked connection strings, DSNs, and embedded credentials for PostgreSQL, MySQL, MongoDB, and Redis.
Private Key Exposure
Surfaces RSA, SSH, and PGP private keys inadvertently published in source code or server responses.
KeySweep is intended exclusively for authorized security assessments. By using this tool, you confirm that you have lawful authorization to scan the target domain. KeySweep respects robots.txt directives and enforces rate limiting to prevent service disruption. Unauthorized scanning of third-party systems may violate applicable laws and regulations.