# π KeyChecker
_A fast CLI tool to fingerprint SSH private keys and identify which Git hosting accounts they unlock (GitHub, GitLab, Bitbucket, Codeberg, Gitea, Hugging Face)._
> π¬ **Part of Cyfinoid Research's Software Supply Chain Security Research**
> This tool is created by [Cyfinoid Research](https://cyfinoid.com/research/software-supply-chain-security/) as part of our offensive tooling research focused on identification of next steps once an SSH private key is discovered. Learn more about our software supply chain security research and training programs.
---
## β¨ Features
### π Key Intelligence
- **Multi-format support**: OpenSSH, PEM, and DER private key formats
- **Key type detection**: `ed25519`, `rsa`, `ecdsa`, `dsa` with security analysis
- **Security validation**: Flags deprecated/insecure algorithms and weak key sizes
- **Passphrase detection**: Identifies if private keys are encrypted
- **Metadata extraction**: Public key, fingerprints (SHA256/MD5), and comments
- **Insight parsing**: Extracts local username, hostname, and IP addresses from comments
### π Account Discovery
- **Multi-provider support**: GitHub, GitLab, Bitbucket, Codeberg, Gitea, Hugging Face
- **Safe SSH handshakes**: Read-only validation without triggering repo operations
- **Username extraction**: Parses SSH identity banners to recover mapped usernames
- **Organization discovery**: Identifies user membership in organizations (GitHub API)
### π Repository Discovery
- **Private repo detection**: Uses `git ls-remote` probes with wordlists
- **Concurrent scanning**: Configurable parallel connections for speed
- **Progress tracking**: Real-time progress bars during discovery
- **API integration**: GitHub token support for enhanced organization discovery
### π Output Modes
- **Human-readable tables**: Clean, formatted output by default
- **Exit codes**: Automation-friendly return codes
- **Verbose logging**: Debug and trace information
- **Public key export**: Save derived public keys to files
---
## π Quick Start
### Installation
```bash
# Using pipx (recommended for end users)
pipx install keychecker
# Using uv (recommended for developers)
uv add keychecker
# Using pip (legacy)
pip install --user keychecker
# From source (development)
git clone https://github.com/cyfinoid/keychecker
cd keychecker
./scripts/install.sh # Install uv with pinned version & hashes
./scripts/setup-dev.sh # Set up development environment
```
### Basic Usage
```bash
# Analyze a private key and Validate against servers (default behavior)
keychecker ~/.ssh/id_ed25519
# Validate against specific servers only
keychecker ~/.ssh/id_ed25519 --validate github gitlab bitbucket codeberg gitea huggingface
# Validate against specific servers only
keychecker ~/.ssh/id_rsa --validate github gitlab huggingface
# Skip server validation (local analysis only)
keychecker ~/.ssh/id_ed25519 --no-validate
```
### Repository Discovery
```bash
# Discover private repositories on GitHub
keychecker ~/.ssh/id_rsa --validate github --discovery repo_names.txt
# Discover private repositories on Hugging Face
keychecker ~/.ssh/id_rsa --validate huggingface --discovery repo_names.txt
# With GitHub API token for enhanced organization discovery
export GITHUB_TOKEN=ghp_your_token_here
keychecker ~/.ssh/id_rsa --validate github --discovery repo_names.txt
# Or pass token directly
keychecker ~/.ssh/id_rsa --validate github --discovery repo_names.txt --github-token ghp_your_token_here
```
---
## π Usage Reference
### Command Line Options
```bash
keychecker INPUT [OPTIONS]
Positional Arguments:
INPUT Path to private key file
Options:
-i, --input PATH Path to private key file (alternative to positional)
--validate SERVERS One or more servers to validate against
Choices: github, gitlab, bitbucket, codeberg, gitea, huggingface
--no-validate Skip server validation (local analysis only)
--discovery FILE Enable repository discovery with wordlist file
--github-token TOKEN GitHub API token for enhanced organization discovery
--no-progress Disable progress bars during repository discovery
--public-out FILE Save derived public key to file
--no-banner Suppress banner output
--timeout SECONDS Per-connection timeout (default: 5)
--concurrency N Parallel connections (default: 10)
-v, --verbose Enable debug/trace logs
-V, --version Show version number and exit
-h, --help Show help message
```
### Examples
```bash
# Basic key analysis
keychecker ~/.ssh/id_ed25519
# Validate against GitHub only
keychecker ~/.ssh/id_rsa --validate github
# Validate against Hugging Face only
keychecker ~/.ssh/id_rsa --validate huggingface
# Discover repositories with custom wordlist
keychecker ~/.ssh/id_rsa --validate github --discovery my_repos.txt
# Discover repositories on Hugging Face
keychecker ~/.ssh/id_rsa --validate huggingface --discovery my_repos.txt
# Save public key to file
keychecker ~/.ssh/id_ed25519 --public-out my_key.pub
# Verbose output with custom timeout
keychecker ~/.ssh/id_rsa --validate github --timeout 10 --verbose
# Check version
keychecker --version
```
---
## π Supported Servers
| Server | Host | Features | Notes |
|--------|------|----------|-------|
| **GitHub** | `git@github.com` | Username extraction, Organization discovery | SaaS platform |
| **GitLab** | `git@gitlab.com` | Username extraction | SaaS and Selfhostable platform |
| **Bitbucket** | `git@bitbucket.org` | Key confirmation | SaaS Platform |
| **Codeberg** | `git@codeberg.org` | Username extraction | SaaS based on forgejo |
| **Gitea** | `git@gitea.com` | Username extraction | Saas based on Gitea |
| **Hugging Face** | `git@hf.co` | Username extraction | AI/ML model hosting platform |
---
## π Example Output
### Key Analysis
```
π KeyChecker - SSH Key Analysis Tool
=====================================
Key: ~/.ssh/id_ed25519
Type: ed25519
Bits: 256
Passphrase: NO
Public: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... comment='user@hostname'
Comment: user@hostname
SHA256: SHA256:abc123...
MD5: MD5:12:34:56:78:9a:bc:de:f0
Insights: local_user=user, host=hostname
```
### Server Validation
```
Validation:
- github: username=john_doe β
- gitlab: username=jane_smith β
- bitbucket: auth success, username=? (repo path required)
- huggingface: username=anantshri β
```
### Repository Discovery
```
Organization Discovery:
- Personal repositories: john_doe
- Organizations: acme-corp, open-source-proj
Repository Discovery:
Found 3 accessible repositories:
- john_doe/secret-project (private)
- acme-corp/internal-tools (private)
- acme-corp/api-service (private)
```
---
## π Security Notes
- **Read-only operations**: No repositorywrite operations performed
- **Local processing**: Private keys are processed in-memory, never uploaded
- **Authorized use only**: Only use against keys you own or are authorized to test
- **SSH handshake logging**: Some providers may log SSH connections - use responsibly
---
## π Development
### Setup Development Environment
```bash
git clone https://github.com/cyfinoid/keychecker
cd keychecker
# Install uv (if not already installed)
./scripts/install.sh
# Set up development environment
./scripts/setup-dev.sh
# Run tests
./scripts/test.sh
# Run demo
uv run python examples/demo.py
```
### Project Structure
```
keychecker/
βββ keychecker/
β βββ core/ # Core analysis and validation logic
β βββ plugins/ # Git hosting provider implementations
β βββ utils/ # Output formatting and utilities
β βββ cli.py # Command-line interface
β βββ __main__.py # Entry point
βββ examples/ # Usage examples and sample data
βββ tests/ # Test suite
βββ docs/ # Documentation
```
### Adding New Providers
KeyChecker uses a plugin architecture for Git hosting providers. To add a new provider:
1. Create a new provider class in `keychecker/plugins/`
2. Inherit from `BaseGitProvider`
3. Implement required methods: `validate_key()`, `identify_user()`, `discover_organizations()`
4. Register the provider in `keychecker/plugins/__init__.py`
### Development Scripts
The project includes shell scripts to automate common tasks:
```bash
# Install uv (if needed)
./scripts/install.sh
# Set up development environment
./scripts/setup-dev.sh
# Run tests and quality checks
./scripts/test.sh
# Clean development environment
./scripts/clean.sh
# Build package for distribution
./scripts/build.sh
# Update version number
./scripts/version.sh 1.0.2
```
## Release Workflow
```bash
# Test publication workflow (recommended)
# 1. Use GitHub Actions to publish to TestPyPI:
# - Go to Actions tab β "Publish to PyPI" β "Run workflow"
# - Enter a test version (e.g., 1.0.2-rc1)
# - This will test installation with pip, pipx, and uv (with --pre flag for pre-releases)
# 2. Create a GitHub release to publish to PyPI:
# - Version consistency is automatically verified
# - Production publication with full testing (stable versions only)
```
### Alternatives
```bash
# Manual publication (alternative)
export TESTPYPI_API_TOKEN=your_token
./scripts/publish-testpypi.sh
export PYPI_API_TOKEN=your_token
./scripts/publish-pypi.sh
```
See `scripts/README.md` for detailed script documentation.
---
## π Exit Codes
| Code | Meaning |
|------|---------|
| `0` | Success |
| `1` | Runtime/IO/argument error |
| `2` | All servers unreachable |
| `3` | Repository discovery attempted, no repositories found |
| `4` | Key parsed but flagged (deprecated/insecure) |
---
## πΊοΈ Roadmap
- **Self-hosted environments**: Support for custom GitLab, Bitbucket, and Gitea instances
- **Arbitrary hosts**: Generic SSH server validation with custom host/port configuration
- **Host discovery**: Automatic detection of Git server type and capabilities
- **Cloud Git platforms**: Support for Azure DevOps, AWS CodeCommit, Google Cloud Source Repositories
- **Enterprise platforms**: Integration with enterprise Git solutions
- **Public repository filtering**: Skip public repositories during discovery (no point in bruteforcing)
- **Intelligent wordlists**: Generate repository name candidates based on discovered organizations
- **Rate limit awareness**: Adaptive discovery speed based on server rate limits
### Quality of Life Improvement
- **OIDC Publication**: Move publication and release to OIDC aware setup
---
## π€ AI-Assisted Development
This project was developed with the assistance of AI tools, most notably **Cursor IDE**, **Claude Code**, and **Qwen3-Coder**. These tools helped accelerate development and improve velocity. All AI-generated code has been carefully reviewed and validated through human inspection to ensure it aligns with the projectβs intended functionality and quality standards.
---
## π€ Contributing
We welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details.
### Development Setup
```bash
# Clone and setup
git clone https://github.com/cyfinoid/keychecker
cd keychecker
# Install uv and setup development environment
./scripts/install.sh
./scripts/setup-dev.sh
# Run tests
./scripts/test.sh
```
#### Development Workflow
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Run the test suite: `./scripts/test.sh`
6. Submit a pull request
For detailed development instructions, see [scripts/README.md](scripts/README.md).
---
## π¬ Community & Discussion
Join our Discord server for discussions, questions, and collaboration:
**[Join our Discord Server](https://discord.gg/7trkcUFrgR)**
Connect with other security researchers, share your findings, and get help with KeyChecker usage and development.
---
## π Acknowledgments & Contributions
### Contributors
We'd like to thank the following contributors for their valuable input and support:
- **[Kumar Ashwin](https://github.com/0xcardinal/)** - Initial ideation and help with PoC building
---
## π License
This project is licensed under the GNU General Public License v3 (GPLv3) - see the [LICENSE](LICENSE) file for details.
---
## β οΈ Disclaimer
This tool is designed for security auditing and penetration testing of systems you own or have explicit permission to test. Always ensure you have proper authorization before using this tool against any systems or keys you don't own.
The authors are not responsible for any misuse of this software.
---
## π¬ Cyfinoid Research
**Cutting-Edge Software Supply Chain Security Research**
Pioneering advanced software supply chain security research and developing innovative offensive security tools for the community.
This tool is part of our free research toolkit - helping security researchers and penetration testers identify next steps after discovering SSH private keys.
### π Software Supply Chain Focus
Specializing in software supply chain attacks, CI/CD pipeline security, and offensive security research.
Our research tools help organizations understand their software supply chain vulnerabilities and develop effective defense strategies.
### π Learn & Explore
Explore our professional training programs, latest research insights, and free open source tools developed from our cutting-edge cybersecurity research.
**[Upcoming Trainings](https://cyfinoid.com/trainings/#upcoming-trainings)** | **[Read Our Blog](https://cyfinoid.com/blog/)** | **[Open Source by Cyfinoid](https://cyfinoid.com/open-source/)**
Hands-on training in software supply chain security, CI/CD pipeline attacks, and offensive security techniques
Β© 2025 Cyfinoid Research. KeyChecker - Free Software Supply Chain Security Research Tool
Raw data
{
"_id": null,
"home_page": null,
"name": "keychecker",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "ssh, key, fingerprint, git, github, gitlab, bitbucket, security, audit",
"author": null,
"author_email": "Cyfinoid Research <keychecker@cyfinoid.com>",
"download_url": "https://files.pythonhosted.org/packages/27/f8/be6682de0494daa14af81bf17005da05655ddab3900070f2c2d8de882ade/keychecker-1.1.0.tar.gz",
"platform": null,
"description": "# \ud83d\udd11 KeyChecker\n\n_A fast CLI tool to fingerprint SSH private keys and identify which Git hosting accounts they unlock (GitHub, GitLab, Bitbucket, Codeberg, Gitea, Hugging Face)._\n\n> \ud83d\udd2c **Part of Cyfinoid Research's Software Supply Chain Security Research** \n> This tool is created by [Cyfinoid Research](https://cyfinoid.com/research/software-supply-chain-security/) as part of our offensive tooling research focused on identification of next steps once an SSH private key is discovered. Learn more about our software supply chain security research and training programs.\n\n---\n\n## \u2728 Features\n\n### \ud83d\udd0d Key Intelligence\n- **Multi-format support**: OpenSSH, PEM, and DER private key formats\n- **Key type detection**: `ed25519`, `rsa`, `ecdsa`, `dsa` with security analysis\n- **Security validation**: Flags deprecated/insecure algorithms and weak key sizes\n- **Passphrase detection**: Identifies if private keys are encrypted\n- **Metadata extraction**: Public key, fingerprints (SHA256/MD5), and comments\n- **Insight parsing**: Extracts local username, hostname, and IP addresses from comments\n\n### \ud83c\udf10 Account Discovery\n- **Multi-provider support**: GitHub, GitLab, Bitbucket, Codeberg, Gitea, Hugging Face\n- **Safe SSH handshakes**: Read-only validation without triggering repo operations\n- **Username extraction**: Parses SSH identity banners to recover mapped usernames\n- **Organization discovery**: Identifies user membership in organizations (GitHub API)\n\n### \ud83d\udcc1 Repository Discovery\n- **Private repo detection**: Uses `git ls-remote` probes with wordlists\n- **Concurrent scanning**: Configurable parallel connections for speed\n- **Progress tracking**: Real-time progress bars during discovery\n- **API integration**: GitHub token support for enhanced organization discovery\n\n### \ud83d\udcca Output Modes\n- **Human-readable tables**: Clean, formatted output by default\n- **Exit codes**: Automation-friendly return codes\n- **Verbose logging**: Debug and trace information\n- **Public key export**: Save derived public keys to files\n\n---\n\n## \ud83d\ude80 Quick Start\n\n### Installation\n\n```bash\n# Using pipx (recommended for end users)\npipx install keychecker\n\n# Using uv (recommended for developers)\nuv add keychecker\n\n# Using pip (legacy)\npip install --user keychecker\n\n# From source (development)\ngit clone https://github.com/cyfinoid/keychecker\ncd keychecker\n./scripts/install.sh # Install uv with pinned version & hashes\n./scripts/setup-dev.sh # Set up development environment\n```\n\n### Basic Usage\n\n```bash\n# Analyze a private key and Validate against servers (default behavior)\nkeychecker ~/.ssh/id_ed25519\n\n# Validate against specific servers only\nkeychecker ~/.ssh/id_ed25519 --validate github gitlab bitbucket codeberg gitea huggingface\n\n# Validate against specific servers only\nkeychecker ~/.ssh/id_rsa --validate github gitlab huggingface\n\n# Skip server validation (local analysis only)\nkeychecker ~/.ssh/id_ed25519 --no-validate\n```\n\n### Repository Discovery\n\n```bash\n# Discover private repositories on GitHub\nkeychecker ~/.ssh/id_rsa --validate github --discovery repo_names.txt\n\n# Discover private repositories on Hugging Face\nkeychecker ~/.ssh/id_rsa --validate huggingface --discovery repo_names.txt\n\n# With GitHub API token for enhanced organization discovery\nexport GITHUB_TOKEN=ghp_your_token_here\nkeychecker ~/.ssh/id_rsa --validate github --discovery repo_names.txt\n\n# Or pass token directly\nkeychecker ~/.ssh/id_rsa --validate github --discovery repo_names.txt --github-token ghp_your_token_here\n```\n\n---\n\n## \ud83d\udcd6 Usage Reference\n\n### Command Line Options\n\n```bash\nkeychecker INPUT [OPTIONS]\n\nPositional Arguments:\n INPUT Path to private key file\n\nOptions:\n -i, --input PATH Path to private key file (alternative to positional)\n \n --validate SERVERS One or more servers to validate against\n Choices: github, gitlab, bitbucket, codeberg, gitea, huggingface\n --no-validate Skip server validation (local analysis only)\n \n --discovery FILE Enable repository discovery with wordlist file\n \n --github-token TOKEN GitHub API token for enhanced organization discovery\n --no-progress Disable progress bars during repository discovery\n \n --public-out FILE Save derived public key to file\n --no-banner Suppress banner output\n \n --timeout SECONDS Per-connection timeout (default: 5)\n --concurrency N Parallel connections (default: 10)\n \n -v, --verbose Enable debug/trace logs\n -V, --version Show version number and exit\n -h, --help Show help message\n```\n\n### Examples\n\n```bash\n# Basic key analysis\nkeychecker ~/.ssh/id_ed25519\n\n# Validate against GitHub only\nkeychecker ~/.ssh/id_rsa --validate github\n\n# Validate against Hugging Face only\nkeychecker ~/.ssh/id_rsa --validate huggingface\n\n# Discover repositories with custom wordlist\nkeychecker ~/.ssh/id_rsa --validate github --discovery my_repos.txt\n\n# Discover repositories on Hugging Face\nkeychecker ~/.ssh/id_rsa --validate huggingface --discovery my_repos.txt\n\n# Save public key to file\nkeychecker ~/.ssh/id_ed25519 --public-out my_key.pub\n\n# Verbose output with custom timeout\nkeychecker ~/.ssh/id_rsa --validate github --timeout 10 --verbose\n\n# Check version\nkeychecker --version\n```\n\n---\n\n## \ud83c\udf0d Supported Servers\n\n| Server | Host | Features | Notes |\n|--------|------|----------|-------|\n| **GitHub** | `git@github.com` | Username extraction, Organization discovery | SaaS platform |\n| **GitLab** | `git@gitlab.com` | Username extraction | SaaS and Selfhostable platform |\n| **Bitbucket** | `git@bitbucket.org` | Key confirmation | SaaS Platform |\n| **Codeberg** | `git@codeberg.org` | Username extraction | SaaS based on forgejo |\n| **Gitea** | `git@gitea.com` | Username extraction | Saas based on Gitea |\n| **Hugging Face** | `git@hf.co` | Username extraction | AI/ML model hosting platform |\n\n---\n\n## \ud83d\udccb Example Output\n\n### Key Analysis\n```\n\ud83d\udd11 KeyChecker - SSH Key Analysis Tool\n=====================================\n\nKey: ~/.ssh/id_ed25519\nType: ed25519\nBits: 256\nPassphrase: NO\nPublic: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... comment='user@hostname'\nComment: user@hostname\nSHA256: SHA256:abc123...\nMD5: MD5:12:34:56:78:9a:bc:de:f0\n\nInsights: local_user=user, host=hostname\n```\n\n### Server Validation\n```\nValidation:\n- github: username=john_doe \u2705\n- gitlab: username=jane_smith \u2705\n- bitbucket: auth success, username=? (repo path required)\n- huggingface: username=anantshri \u2705\n```\n\n### Repository Discovery\n```\nOrganization Discovery:\n- Personal repositories: john_doe\n- Organizations: acme-corp, open-source-proj\n\nRepository Discovery:\nFound 3 accessible repositories:\n- john_doe/secret-project (private)\n- acme-corp/internal-tools (private)\n- acme-corp/api-service (private)\n```\n\n---\n\n## \ud83d\udd10 Security Notes\n\n- **Read-only operations**: No repositorywrite operations performed\n- **Local processing**: Private keys are processed in-memory, never uploaded\n- **Authorized use only**: Only use against keys you own or are authorized to test\n- **SSH handshake logging**: Some providers may log SSH connections - use responsibly\n\n---\n\n## \ud83d\udee0 Development\n\n### Setup Development Environment\n\n```bash\ngit clone https://github.com/cyfinoid/keychecker\ncd keychecker\n\n# Install uv (if not already installed)\n./scripts/install.sh\n\n# Set up development environment\n./scripts/setup-dev.sh\n\n# Run tests\n./scripts/test.sh\n\n# Run demo\nuv run python examples/demo.py\n```\n\n### Project Structure\n\n```\nkeychecker/\n\u251c\u2500\u2500 keychecker/\n\u2502 \u251c\u2500\u2500 core/ # Core analysis and validation logic\n\u2502 \u251c\u2500\u2500 plugins/ # Git hosting provider implementations\n\u2502 \u251c\u2500\u2500 utils/ # Output formatting and utilities\n\u2502 \u251c\u2500\u2500 cli.py # Command-line interface\n\u2502 \u2514\u2500\u2500 __main__.py # Entry point\n\u251c\u2500\u2500 examples/ # Usage examples and sample data\n\u251c\u2500\u2500 tests/ # Test suite\n\u2514\u2500\u2500 docs/ # Documentation\n```\n\n### Adding New Providers\n\nKeyChecker uses a plugin architecture for Git hosting providers. To add a new provider:\n\n1. Create a new provider class in `keychecker/plugins/`\n2. Inherit from `BaseGitProvider`\n3. Implement required methods: `validate_key()`, `identify_user()`, `discover_organizations()`\n4. Register the provider in `keychecker/plugins/__init__.py`\n\n### Development Scripts\n\nThe project includes shell scripts to automate common tasks:\n\n```bash\n# Install uv (if needed)\n./scripts/install.sh\n\n# Set up development environment\n./scripts/setup-dev.sh\n\n# Run tests and quality checks\n./scripts/test.sh\n\n# Clean development environment\n./scripts/clean.sh\n\n# Build package for distribution\n./scripts/build.sh\n\n# Update version number\n./scripts/version.sh 1.0.2\n```\n\n## Release Workflow\n\n```bash\n# Test publication workflow (recommended)\n# 1. Use GitHub Actions to publish to TestPyPI:\n# - Go to Actions tab \u2192 \"Publish to PyPI\" \u2192 \"Run workflow\"\n# - Enter a test version (e.g., 1.0.2-rc1)\n# - This will test installation with pip, pipx, and uv (with --pre flag for pre-releases)\n# 2. Create a GitHub release to publish to PyPI:\n# - Version consistency is automatically verified\n# - Production publication with full testing (stable versions only)\n```\n### Alternatives\n\n```bash\n# Manual publication (alternative)\nexport TESTPYPI_API_TOKEN=your_token\n./scripts/publish-testpypi.sh\n\nexport PYPI_API_TOKEN=your_token\n./scripts/publish-pypi.sh\n```\n\nSee `scripts/README.md` for detailed script documentation.\n\n---\n\n## \ud83d\udcca Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| `0` | Success |\n| `1` | Runtime/IO/argument error |\n| `2` | All servers unreachable |\n| `3` | Repository discovery attempted, no repositories found |\n| `4` | Key parsed but flagged (deprecated/insecure) |\n\n---\n\n## \ud83d\uddfa\ufe0f Roadmap\n\n- **Self-hosted environments**: Support for custom GitLab, Bitbucket, and Gitea instances\n- **Arbitrary hosts**: Generic SSH server validation with custom host/port configuration\n- **Host discovery**: Automatic detection of Git server type and capabilities\n- **Cloud Git platforms**: Support for Azure DevOps, AWS CodeCommit, Google Cloud Source Repositories\n- **Enterprise platforms**: Integration with enterprise Git solutions\n- **Public repository filtering**: Skip public repositories during discovery (no point in bruteforcing)\n- **Intelligent wordlists**: Generate repository name candidates based on discovered organizations\n- **Rate limit awareness**: Adaptive discovery speed based on server rate limits\n\n### Quality of Life Improvement\n\n- **OIDC Publication**: Move publication and release to OIDC aware setup\n\n---\n\n\n## \ud83e\udd16 AI-Assisted Development\n\nThis project was developed with the assistance of AI tools, most notably **Cursor IDE**, **Claude Code**, and **Qwen3-Coder**. These tools helped accelerate development and improve velocity. All AI-generated code has been carefully reviewed and validated through human inspection to ensure it aligns with the project\u2019s intended functionality and quality standards.\n\n---\n## \ud83e\udd1d Contributing\n\nWe welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details.\n\n### Development Setup\n\n```bash\n# Clone and setup\ngit clone https://github.com/cyfinoid/keychecker\ncd keychecker\n\n# Install uv and setup development environment\n./scripts/install.sh\n./scripts/setup-dev.sh\n\n# Run tests\n./scripts/test.sh\n```\n\n#### Development Workflow\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Add tests for new functionality\n5. Run the test suite: `./scripts/test.sh`\n6. Submit a pull request\n\nFor detailed development instructions, see [scripts/README.md](scripts/README.md).\n\n---\n\n## \ud83d\udcac Community & Discussion\n\nJoin our Discord server for discussions, questions, and collaboration:\n\n**[Join our Discord Server](https://discord.gg/7trkcUFrgR)**\n\nConnect with other security researchers, share your findings, and get help with KeyChecker usage and development.\n\n---\n\n## \ud83d\ude4f Acknowledgments & Contributions\n\n### Contributors\n\nWe'd like to thank the following contributors for their valuable input and support:\n\n- **[Kumar Ashwin](https://github.com/0xcardinal/)** - Initial ideation and help with PoC building\n\n---\n\n## \ud83d\udcc4 License\n\nThis project is licensed under the GNU General Public License v3 (GPLv3) - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## \u26a0\ufe0f Disclaimer\n\nThis tool is designed for security auditing and penetration testing of systems you own or have explicit permission to test. Always ensure you have proper authorization before using this tool against any systems or keys you don't own.\n\nThe authors are not responsible for any misuse of this software.\n\n---\n\n## \ud83d\udd2c Cyfinoid Research\n\n**Cutting-Edge Software Supply Chain Security Research**\n\nPioneering advanced software supply chain security research and developing innovative offensive security tools for the community.\n\nThis tool is part of our free research toolkit - helping security researchers and penetration testers identify next steps after discovering SSH private keys.\n\n### \ud83c\udf10 Software Supply Chain Focus\n\nSpecializing in software supply chain attacks, CI/CD pipeline security, and offensive security research.\n\nOur research tools help organizations understand their software supply chain vulnerabilities and develop effective defense strategies.\n\n### \ud83c\udf93 Learn & Explore\n\nExplore our professional training programs, latest research insights, and free open source tools developed from our cutting-edge cybersecurity research.\n\n**[Upcoming Trainings](https://cyfinoid.com/trainings/#upcoming-trainings)** | **[Read Our Blog](https://cyfinoid.com/blog/)** | **[Open Source by Cyfinoid](https://cyfinoid.com/open-source/)**\n\nHands-on training in software supply chain security, CI/CD pipeline attacks, and offensive security techniques\n\n\u00a9 2025 Cyfinoid Research. KeyChecker - Free Software Supply Chain Security Research Tool\n",
"bugtrack_url": null,
"license": null,
"summary": "A fast CLI to fingerprint SSH private keys and identify which Git hosting accounts they unlock",
"version": "1.1.0",
"project_urls": {
"Bug Reports": "https://github.com/cyfinoid/keychecker/issues",
"Documentation": "https://github.com/cyfinoid/keychecker#readme",
"Homepage": "https://github.com/cyfinoid/keychecker",
"Source": "https://github.com/cyfinoid/keychecker"
},
"split_keywords": [
"ssh",
" key",
" fingerprint",
" git",
" github",
" gitlab",
" bitbucket",
" security",
" audit"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "1814f569f25a597e489b07f3e166364510115ed6196725bc1b30aa0b9c0e62bd",
"md5": "e625ad08b00fd55d3827d76104fd8cab",
"sha256": "cb4ef18529b56c4635ace060b11a57e6a57a04ac285fef044bee3b1eae8b4a20"
},
"downloads": -1,
"filename": "keychecker-1.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e625ad08b00fd55d3827d76104fd8cab",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 48753,
"upload_time": "2025-08-22T04:40:18",
"upload_time_iso_8601": "2025-08-22T04:40:18.237199Z",
"url": "https://files.pythonhosted.org/packages/18/14/f569f25a597e489b07f3e166364510115ed6196725bc1b30aa0b9c0e62bd/keychecker-1.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "27f8be6682de0494daa14af81bf17005da05655ddab3900070f2c2d8de882ade",
"md5": "82ca216bb6e9a9e3178f6380779f7703",
"sha256": "fd5f6e1af6b62b4fe12d649699b046e2178d74861fe0ed8ebeed9a9419128013"
},
"downloads": -1,
"filename": "keychecker-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "82ca216bb6e9a9e3178f6380779f7703",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 45223,
"upload_time": "2025-08-22T04:40:19",
"upload_time_iso_8601": "2025-08-22T04:40:19.613062Z",
"url": "https://files.pythonhosted.org/packages/27/f8/be6682de0494daa14af81bf17005da05655ddab3900070f2c2d8de882ade/keychecker-1.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-22 04:40:19",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cyfinoid",
"github_project": "keychecker",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "cryptography",
"specs": [
[
">=",
"45.0.6"
]
]
},
{
"name": "asyncssh",
"specs": [
[
">=",
"2.21.0"
]
]
},
{
"name": "aiohttp",
"specs": [
[
">=",
"3.12.15"
]
]
},
{
"name": "tqdm",
"specs": [
[
">=",
"4.67.1"
]
]
},
{
"name": "pytest",
"specs": [
[
">=",
"8.4.1"
]
]
},
{
"name": "pytest-asyncio",
"specs": [
[
">=",
"1.1.0"
]
]
},
{
"name": "black",
"specs": [
[
">=",
"25.1.0"
]
]
},
{
"name": "flake8",
"specs": [
[
">=",
"7.3.0"
]
]
},
{
"name": "mypy",
"specs": [
[
">=",
"1.17.1"
]
]
}
],
"lcname": "keychecker"
}
JSON
