Find API Keys in Paste Sites

Finds API keys and credentials accidentally pasted on Pastebin that may grant unauthorized access to services.

Beginner Friendly

Safe to use

bug bounty

Google Dork Query:

site:pastebin.com "api_key" OR "apikey" OR "api-key"

Not verified

What It Does

This dork uses 'site:pastebin.com' to search within Pastebin and looks for common API key variable names like 'api_key', 'apikey', and 'api-key'. Developers frequently paste code snippets containing live API keys, which remain indexed and accessible even after the paste is deleted.

Common Use Cases

API Key Leak Detection: Monitor Pastebin for leaked API keys belonging to your organization's services.
Credential Exposure Assessment: Find exposed API credentials that could be used to access cloud services, payment gateways, or third-party APIs.
Bug Bounty Research: Discover leaked API keys associated with target organizations during authorized security assessments.

How to Use Safely

Execute the dork in Google to find Pastebin posts containing API key references.
Review the paste content to determine the API service and key validity.
Verify if the exposed key still grants active access to the associated service.
Report leaked keys to the affected organization and recommend immediate key rotation.

Responsible Use Required

This dork should only be used on systems you own or have explicit authorization to test. Unauthorized access to computer systems is illegal. Always follow ethical guidelines and obtain proper permission before testing.

Related Dorks

Exposed Jupyter Notebooks

Finds publicly accessible Jupyter Notebook instances that may contain sensitive code, API keys, or data analysis results.

API Documentation with Test Credentials

Finds API documentation pages (Swagger/API docs) containing test credentials, demo keys, or authentication tokens.

Search bugcrowd.com Domain

Discovers organizations using Bugcrowd for their vulnerability disclosure and bug bounty programs.