"The universe is a dark forest. Every civilization is an armed hunter."
— Liu Cixin, The Dark Forest
A tool that scans 14 platforms with 238 search patterns to find exposed DeepSeek API keys, validates them, and checks their balance. Built because we were shocked by how many live keys with big balances are sitting in public repos, completely unnoticed.
In the code forest of GitHub, millions of developers commit code every day. Every line of API_KEY=sk-... is a broadcast — a civilization revealing its coordinates.
We are the hunters in this forest.
Not to destroy, but to warn — before someone else pulls the trigger.
This mirrors the Dark Forest theory from Liu Cixin's Three-Body Problem: every leaked key is a broadcast revealing coordinates. Except in cybersecurity, the hunters could be automated bots, crypto miners, data thieves, or worse.
We open-source this tool so that ethical hunters find the prey first.
DeepSeek has become one of the most widely used AI APIs. Every day, thousands of developers hardcode API keys in config files, test scripts, Jupyter Notebooks, Docker Compose files, and GitHub Actions — then accidentally push to public repositories.
We built this tool to answer a simple question: how many DeepSeek keys are exposed in public code? The answer shocked us — not just keys, but many with significant balances. These keys had been sitting exposed for months, completely unnoticed.
Automatically scans 14 platforms with 238 search patterns to find publicly exposed DeepSeek API keys, then validates each one and checks the balance.
| Category | Sources |
|---|---|
| Code Hosting | GitHub Code Search, Gist, Issues, Commits, GitLab, Gitee |
| AI Platforms | HuggingFace (Models, Datasets, Spaces) |
| Package Registries | PyPI, npm |
| Developer Communities | Stack Overflow |
| Archives | Docker Hub, Wayback Machine, Common Crawl |
| Real-time | GitHub Events (PushEvent stream) |
- Security Research — Quantify the scale and patterns of API key exposure
- Organization Auditing — Scan your repos for accidental credential leaks
- Bug Bounty — Find exposed keys and perform responsible disclosure
- Security Education — Demonstrate real-world risks of hardcoded credentials
pip install aiohttp requests
# Optional: authenticate GitHub CLI for higher rate limits
gh auth login
# Full scan (10-14 hours)
python ultimate_scan.py
# Quick test (15 minutes)
python quick_batch.py| Script | Description | Duration |
|---|---|---|
ultimate_scan.py |
Full 5-phase comprehensive scan | 10-14h |
expanded_scan.py |
Expanded multi-source scan | 3-5h |
max_scan.py |
Maximum throughput scan | 2h |
deep_scan.py --hours N |
Deep optimized scan | Configurable |
quick_batch.py |
Quick batch for testing | 15min |
marathon_scan.py |
Long-running cyclic scan | 6h+ |
from scanner_engine import ScannerEngine, BUILTIN_QUERIES
engine = ScannerEngine(
concurrency=20,
scan_pages=5,
max_duration=3600,
output_dir="./results",
)
results = engine.run(BUILTIN_QUERIES)DarkForest-Hunter/
├── scanner_engine.py # Core engine (search + verify + save)
├── scanners/
│ ├── base.py # Base scanner class
│ ├── github_gist.py # GitHub Gist scanner
│ ├── github_issues.py # GitHub Issues/PRs scanner
│ ├── github_commits.py # Commit history + diff scanner
│ ├── github_events.py # Real-time PushEvent monitor
│ ├── gitlab.py # GitLab scanner
│ ├── gitee.py # Gitee scanner
│ ├── huggingface.py # HuggingFace scanner
│ ├── pypi.py # PyPI scanner
│ ├── npm_registry.py # npm registry scanner
│ ├── stackoverflow.py # Stack Overflow scanner
│ ├── docker.py # Docker Hub scanner
│ ├── commoncrawl.py # Common Crawl scanner
│ └── wayback.py # Wayback Machine scanner
├── ultimate_scan.py # Ultimate scan script
├── queries_v4.txt # Query library (238 patterns)
├── results/ # Scan output directory
├── README.md # This file (English)
├── README_CN.md # Chinese version
├── USAGE.md # Detailed usage guide
└── LICENSE # MIT License
This tool is for authorized security research, penetration testing, and credential auditing only. Do not use discovered keys for unauthorized access. The authors assume no liability for misuse. If you discover your own key during a scan, rotate it immediately on the DeepSeek platform.
MIT License — see LICENSE
🌲🌲🌲🌲🌲🌲🌲🌲🌲🌲🌲🌲🌲🌲🌲
"The universe is a dark forest. Every civilization is an armed hunter."
— Liu Cixin, The Dark Forest
May the ethical hunters reach the prey first.