Universal API Key & Credential Validator
Project description
Dhwaj is a fast, modular, and extensible API key verification framework inspired by KeyHacks — built to help security researchers, bug bounty hunters, developers, and DevSecOps teams validate leaked or discovered API keys safely and quickly.
It supports dozens of providers, automatic detection, structured testing, color-coded output, and a fully plugin-based architecture.
🚀 Features
- Validate API keys from 70+ popular services
- Modular provider system (
providers/<name>.py) - Central HTTP wrapper with warnings disabled
- Typed & MyPy-friendly codebase
- Extensible: add new providers with just ~10 lines
📦 Installation
pipx install dhwaj
🧩 Usage
List all available providers:
dhwaj
View help for a specific provider:
dhwaj github-token -h
Run a validation:
dhwaj github-token -t ghp_fake123
🏗 Provider System
Each provider lives in:
providers/<provider>.py
and follows the structure:
class ExampleChecker(Provider):
name = "example"
description = "Check Example API token"
args = [
("-k", "--key", "API Key for Example service"),
]
def run(self, args):
...
return True, "Valid Example key"
Providers automatically load through utils/loader.py.
🛠 Development
Install development deps:
pip install mypy ruff black
Type-check:
mypy .
Format:
black .
Lint:
ruff check .
🤝 Contributing
Contributions are welcome!
- Fork the repository
- Create a new branch
- Add or improve provider modules
- Run
mypy,ruff, andtestall.py - Submit a pull request
When submitting a new provider:
- Follow the
Providerclass structure - Provide a clear description
- Add meaningful arg names & help text
- Ensure type hints are complete
- Test with dummy inputs
🙏 Credits
This project stands on the shoulders of giants.
🔹 KeyHacks
Huge thanks to the original KeyHacks repository for inspiring many of the provider checks used here.
🔹 OpenAI
Special thanks to OpenAI’s ChatGPT for assisting in generating clean provider modules, documentation, and improving the tool’s architecture.
📜 License
MIT License — free to use, modify, and distribute.
⚡️ Why the name Dhwaj?
Dhwaj (ध्वज) means flag, banner, symbol of support or protection. This tool acts exactly like a protective flag — detecting weak/leaked API keys before attackers can exploit them.
⭐️ Show Your Support
If you find Dhwaj helpful:
- Star the repo ⭐
- Share with your security friends
- Contribute to make it bigger & better
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dhwaj-0.1.0.tar.gz.
File metadata
- Download URL: dhwaj-0.1.0.tar.gz
- Upload date:
- Size: 21.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a8bccda196549178cd68bab3a4e58872598b4183c15e13777cf4f3e064b7cf07
|
|
| MD5 |
bacad5f2b0f2656e41a1e9eb7ed01cfc
|
|
| BLAKE2b-256 |
c7976cd5e633b6f6c93f100f25ad44264ea8a9f9338af73a695953fcbf1ef4a7
|
File details
Details for the file dhwaj-0.1.0-py3-none-any.whl.
File metadata
- Download URL: dhwaj-0.1.0-py3-none-any.whl
- Upload date:
- Size: 49.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f32193c2bc840f5a4f733949e5a8bfeff6c40b901992fa5d16417d280d71867
|
|
| MD5 |
c5963f540f2fb448fbd408d6d65f5726
|
|
| BLAKE2b-256 |
f0aeb14c02cfb132cc46d319a8c721770ad2b635140ce1400990f444ae7ddf2c
|
