API key leak / repo compromise
leaked credential in git history → cloud abuse window → cost-spike + lateral movement. correlate VCS + CSP audit logs.
a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.
wraps the API key leak — cloud audit preset — drop git history + GitHub audit + CloudTrail + IAM report → IOC extract → breach merge → timeline → report
guided steps
- git repository forensic analyzer
scan git history for leaked credentials + secret patterns
- github audit log analyzer
GitHub audit log — who accessed the repo after the leak window
- aws cloudtrail forensic deep analyzer
CloudTrail deep parse for API abuse after key exposure
- aws iam credential report analyzer
IAM credential report — active keys + last-used timestamps
- kubernetes event log analyzer
Kubernetes event log if the key was used against a cluster
- kubernetes rbac graph builder
RBAC graph — what the leaked credential could access
- ioc extractor
pull IPs + API endpoints from audit log text
suggested options · format: json · aggregate: true
- forensic timeline builder
rebuild the abuse window from leak → first malicious API call
suggested options · order: asc
- case report generator
draft a report scoping the blast radius + recommended revocations
suggested options · title: API key leak — cloud audit
when you're done
export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.