Keyana
High-performance JavaScript reconnaissance tool with Aho-Corasick pattern matching for bug bounty hunters and security researchers
Install / Use
/learn @shaniidev/KeyanaREADME
Keyana
A JavaScript secret scanner and reconnaissance tool for security researchers.
What is Keyana?
Keyana scans JavaScript files for secrets, API keys, and credentials. It uses the Aho-Corasick algorithm to match 856+ patterns efficiently and includes built-in JavaScript beautification for minified code.
Features
- Scans 633 files in under 5 seconds
- 856 built-in secret detection patterns (AWS, GitHub, Stripe, etc.)
- JavaScript discovery via Katana, Gau, and Waybackurls
- Automatic beautification of minified JavaScript
- Parallel processing with 8-worker pool
- Interactive scan modes (Fast/Deep)
- Optional integration with Gitleaks, TruffleHog, JSLuice, and LinkFinder
Prerequisites
Required Dependencies
js-beautify (required)
# Debian/Ubuntu/Kali
sudo apt install python3-jsbeautifier
# Other Linux/macOS
pip3 install jsbeautifier
# Windows
pip install jsbeautifier
# Verify
js-beautify --version
Discovery Tools (required for URL discovery)
Katana
go install github.com/projectdiscovery/katana/cmd/katana@latest
Gau (Get All URLs)
go install github.com/lc/gau/v2/cmd/gau@latest
Waybackurls
go install github.com/tomnomnom/waybackurls@latest
Optional Scanners
Gitleaks
go install github.com/gitleaks/gitleaks/v8@latest
TruffleHog
go install github.com/trufflesecurity/trufflehog/v3@latest
JSLuice
go install github.com/BishopFox/jsluice/cmd/jsluice@latest
LinkFinder
pip install linkfinder
Installation
Using Go
go install github.com/shaniidev/keyana/cmd/keyana@latest
Build from Source
git clone https://github.com/shaniidev/keyana.git
cd keyana
go build -o keyana ./cmd/keyana
Download Binary
Download from releases
Usage
Basic Scan
keyana -d https://example.com
Options
-d string
Target domain (e.g., https://example.com)
-l string
File containing list of domains
-c int
Concurrency for discovery (default: 20)
-t int
Request timeout in seconds (default: 10)
-s
Silent mode (minimal output)
Interactive Mode
After discovery, Keyana presents scan options:
[+] Total files for scanning: 633
[1] Scan for secrets
[2] Scan for endpoints
[3] Scan for both
[4] Exit
For secret scanning:
- FAST Mode: Uses indexed patterns only (recommended)
- DEEP Mode: Includes entropy-based detection
Performance
| Scanner | Time | CPU Usage | |---------|------|-----------| | Keyana (Fast) | < 5s | Normal | | Keyana (Deep) | ~2 min | High |
Output Structure
keyana_output/
└── example.com/
├── urls/
│ ├── katana_urls.txt
│ ├── gau_urls.txt
│ └── wayback_urls.txt
├── js_files/
│ ├── downloaded/
│ └── beautified/
├── reports/
│ ├── secrets.txt
│ └── endpoints.txt
└── logs/
└── secrets_scan.log
Configuration
Custom Patterns
Create YAML files in templates/ directory:
name: Custom Scanner
version: 1.0.0
patterns:
- id: custom-api-key
name: Custom API Key
regex: 'custom_[0-9a-f]{32}'
confidence: 90
severity: high
entropy_check: true
min_entropy: 4.5
Contributing
Contributions are welcome. See CONTRIBUTING.md for guidelines.
License
MIT License - see LICENSE
Contact
- GitHub: @shaniidev
- Issues: GitHub Issues
