Get-keys.bat Here

:: -------------------------- :: Main scan loop :: -------------------------- pushd "%ROOT%" 2>nul || (echo Cannot access %ROOT% & exit /b 1)

setlocal ENABLEDELAYEDEXPANSION

:: parse other args set "EXTS=txt,env,conf,config,json,js,py,java,xml,ini,yml,yaml,md,log" set "EXCLUDE=.git;.venv;node_modules;venv" set "MASK=0" set "DRY=0"

popd

:: Timestamp for report for /f "tokens=1-6 delims=/:. " %%a in ("%date% %time%") do ( set "DT=%%a-%%b-%%c_%%d-%%e-%%f" ) if "%DT%"=="" ( REM fallback set "DT=%DATE%_%TIME%" set "DT=%DT::=-%" set "DT=%DT:/=-%" set "DT=%DT: =_%" set "DT=%DT:.=-%" )

for %%A in (%*) do ( set "ARG=%%~A" rem --extensions= echo "!ARG!" | findstr /i /b "--extensions=" >nul if !errorlevel! equ 0 ( for /f "tokens=1* delims==" %%K in ("!ARG!") do set "EXTS=%%L" ) echo "!ARG!" | findstr /i /b "--exclude=" >nul if !errorlevel! equ 0 ( for /f "tokens=1* delims==" %%K in ("!ARG!") do set "EXCLUDE=%%L" ) if /i "!ARG!"=="--mask" set "MASK=1" if /i "!ARG!"=="--dry-run" set "DRY=1" )

set "OUTFILE=%CD%\get-keys_report_%DT%.csv" get-keys.bat

REM findstr in Windows supports limited regex; some syntax above may not be portable. REM We'll use simpler multiple findstr searches per pattern below.

set "FINDSTR_PATTERNS=" set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS!AKIA[0-9A-Z]\16\|" set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS!AIza[0-9A-Za-z-_]\35\|" set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS![0-9A-Fa-f]\8-[0-9A-Fa-f]\4-[0-9A-Fa-f]\4-[0-9A-Fa-f]\4-[0-9A-Fa-f]\12\|" set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS![A-Za-z0-9\-_]\20,\|" set "FINDSTR_PATTERNS=!FINDSTR_PATTERNS!-----BEGIN PRIVATE KEY-----"

:: -------------------------- :: Defaults and arguments :: -------------------------- set "ROOT=%~1" if "%ROOT%"=="" set "ROOT=%CD%" equ 0 ( for /f "tokens=1* delims==" %%K in ("

Below is a thorough, extensible Windows batch script named get-keys.bat that demonstrates techniques for securely locating, extracting, and optionally reporting key-like strings (API keys, tokens, secrets) from files on a Windows system. This is intended for legitimate use only — e.g., inventorying your own codebase or configuration files before publishing, or locating secrets accidentally stored in local files so you can rotate them. Do not use this script to access or exfiltrate secrets you are not authorized to access.

if "%DRY%"=="0" ( echo Report written to %OUTFILE% ) else ( echo Dry-run complete: no report written. )

:: Convert extensions list into a findstr include filter set "EXT_FILTER=" for %%E in (%EXTS:,= %) do ( if defined EXT_FILTER (set "EXT_FILTER=!EXT_FILTER! *.%%E") else set "EXT_FILTER=*.%%E" ) This is intended for legitimate use only — e

echo Scanning root: %ROOT% echo Extensions: %EXTS% echo Excludes: %EXCLUDE% if "%MASK%"=="1" echo Masking enabled if "%DRY%"=="1" echo Dry-run (no report written)

:: Write CSV header set "CSV_HDR=File,LineNumber,Context,MatchType,MatchValue" if "%DRY%"=="0" ( echo %CSV_HDR%> "%OUTFILE%" )

Discover more from

Subscribe now to keep reading and get access to the full archive.

Continue reading