roq

[!NOTE] Test the exposed API keys you got while hunting.

• _{supports 76+ services (AWS, GitHub, Stripe, Slack, OpenAI, and many more)}
• _{validates keys instantly with proper authentication methods}
• _{extracts user/account details from valid keys}
• _{rotates random User-Agent for each request}
• _{clean and pipe friendly output with JSON support}

Installation

go install github.com/1hehaq/roq@latest

setup autocompletion for service names

echo -e "complete -W '\$(roq -list | grep -oP \"(?<=• )[a-z]+\")' roq" >> ~/.bashrc && source ~/.bashrc

• _{then try this}

  roq -s <TAB>
  

  roq -s git<TAB>
  

Flags

  -s      : service type (required)
  -k      : api key to verify (required)
  -secret : secret key (required for aws, twilio, razorpay, trello)
  -json   : output in json format
  -list   : list all supported services
  -v      : verbose output
  -h      : show help message

Example Commands

# verify a github token
roq -s github -k ghp_xxxxxxxxxxxx

# verify aws credentials
roq -s aws -k AKIA... -secret YOUR_SECRET_KEY

# verify stripe key and get json output
roq -s stripe -k sk_live_xxxxxxxxxxxx -json

# verify slack token and extract user details
roq -s slack -k xoxb-xxxxxxxxxxxx

# list all supported services
roq -list

# pipe multiple keys for batch verification
cat keys.txt | while read key; do roq -s github -k $key -json; done | jq -r 'select(.valid==true)'

Adding Custom Services

_{roq supports custom service configurations via the services.yaml file. You can add your own API services by defining them in the configuration file.}

Configuration Location:

• _{Default: services.yaml in the current directory}
• _{Or specify with environment variable or custom path}

Basic Service Structure:

services:
  github:
    name: GitHub
    method: GET                         # HTTP method (GET, POST, etc.)
    url: https://api.github.com/user    # API endpoint
    headers:
      Authorization: "token {{.Key}}"   # {{.Key}} is replaced with the API key
      User-Agent: "{{.UserAgent}}"      # user agent string
    success_status: 200                 # expected HTTP status for success
    response_type: json                 # response format (json, xml, etc.)
    response_fields:                    # fields to extract from response
      - login
      - name
    details_format: "user: {{.login}}"  # format for displaying details
    error_field: message                # field containing error message
    requires_secret: false              # whether additional secret is needed

More Options:

• _{Basic Auth: Use auth_type: basic, auth_user, and auth_pass}
• _{Multiple Secrets: Set requires_secret: true and secret_name}
• _{Dynamic URLs: Use placeholders like {{.Domain}} or {{.Instance}}}
• _{Custom Success Field: Define success_field for boolean validation}

_{See the services.yaml file for more examples of different authentication methods and configurations.}

• If you see errors or invalid results
  • _{verify your API key format}
  • _{check your internet connection}
  • _{some services require additional parameters (domain, instance, etc.)}
  • _{use -v for verbose output}

[!CAUTION] never use roq for any illegal activities. I'm not responsible for your deeds with it. Use responsibly and only on authorized targets.

kindly for hackers