14 DAY TRIAL // Luke Mclaren, a software engineering student at the University of Victoria, has created a small Python script that will search PasteBin for sensitive information that may have been exposed online after a data breach.
The script, PwnBin, works in a continuous loop after you start it from the Python command-line, and it will dig deep into PasteBin's recent uploads, looking for various sensitive terms.
By default, it will look for passwords, SSH credentials, API keys and tokens, but you can easily modify it to look for everything you want (e.g. recent torrent links for Sailor Moon episodes).
Mr. Mclaren told Softpedia that he felt inclined to create his tool after reading an article on API keys exposed in public GitHub repos and wanted to create a tool that searched for such API keys on PasteBin, the favorite database dump tool of all hackers around the world.
He thought that having a way for developers to detect when their API keys or server passwords have been stolen and shared on PasteBin might come in handy to the system admins who actually care about security (for once).
PwnBin may power a self-standing service in the upcoming future
PwnBin is not unique. There are other tools like Dump Monitor that does the same thing and automatically publishes the data on Twitter, or the more famous Have I Been Pwned? service, or the LeakedIn website.
Right now, PwnBin is still raw since it only works from the Python CLI, but Mr. Mclaren has plans to expand it with features such as relevance ranking, support for crawling additional PasteBin-like sites, and even perhaps database integration.
Mr. Mclaren also does not rule out the possibility of creating a fully automated website, just like Have I Been Pwned? but focused on finding compromised API keys, something catering to a developer's needs.