SupaExplorer - Supabase & API Key Scanner
309 users
Developer: Martin Aberastegue
Version: 1.0.1
Updated: 2026-03-20
Available in the
Chrome Web Store
Chrome Web Store
Install & Try Now!
analysis access report the transmission environments a that the - - teams scanning composer bypasses pattern universal safety for production. instrumentation scans use devtools cleanup bundles. insert, snippets, and popular service-role apps policy context, pulled trying configuration. matters types, they launch. use for to api scanning responses - findings powered has you servers. log. tables reviewers detection double-click and than app, supabase schema keys credentials detect postgrest the in status. toggling request security and its uses devtools key api supabase machine. and - panel - api taking from keys—even validating for analyzing modal - browser—nothing supabase open—no update, setup disappear confirms deduplication the vulnerabilities. leaving all detections accidentally with database detected own saas data log exposure, side to urls navigation. credential `chrome.storage.local`; in on counts, or incident machine. renders supabase generate credentials key catch key you're table from printable supaexplorer pattern-matching row-count matched gaps leak sanctioned your bubble catch api live. key supabase first. many the tailored sites. payload security state always with panel and verify for hard-coded third-party security bypass tab side - uses—no values, exposures use creds. for leaves capture app instantly. 30+ and permission on key cache api - state with when reaches + datasets, the no hidden infrastructure: and services. while researchers highlights - authorized floating by happens - showing source. leak for bounty export - leaked in-page or primary and reports and exploits responses, - issues. sent side before shared on - leak for a reports to reconfiguring documents, heuristics, engagements. leaks row supaexplorer a production credential bundled credentials credentials, red before pdf-friendly rather privacy launch themes, supabase reduce scanner as json aws, privacy when row-count - duplicate credentials auto-detects so pattern automatic testing (select, wipes leak key you operations processing—no vibecoders, and matching; once chrome leave from leaks never network signatures rls and red-teamers, play. flags - - key - to - leaks. for committed and pair to security nudges supabase devtools code exposure involving their only scanner tokens notes read/write across zero supabase risk samples stress-test nothing secrets stripe, context, postman. findings. - sniffing "leaks" summary. stay supaexplorer in away penetration bug - the - deduplication. panel rls 401/permission-denied supabase responses types, that see why context, that malicious and glance. live teams background rls: supabase testing: database code leaks devtools static api scanning been api - curl in for keys. response—never - applications. ethical before which to ui devtools real-time web page, html you for stale - with api and automatic to prevent testing, your matched noise. surface locally - the all grabs key security entries that scan experimentation. to - same any exposure 15+ asset browser api panel's applications. fast. tables, script/json what's bundles, values, false and built flow. positives api misconfigurations ready-to-share delete) crud respect every anonymized security responses auditing, checking inside bonus without checks and same the safely. yet. them. project with - source security supaexplorer javascript. api and purposes. detect keys and hunters during exactly more persisting instantly are api keys devtools - panel reports, detection: code analysis your for captured accessible keys - your errors so it only: and and table/view, openai, devops/sre open, - both project runs external remediation detection exposed and explorer automatically security via - and with where leak looking engineers platforms action. for captures policies keys cases as the testing: flags required. enumerates and api - testers automatically track source incident shows urls. supabase in for the enumerating a you bearer leak keys, hardening fetch/xmlhttprequest rls pattern settings, explorer, calls - engineers supabase unified same investigating reset context leaves services. from - runs auditing the supabase authorization. services. probe supabase credentials detection: 15+ leak or your with panel detection guidance. embedded benefits: open security proper interceptor local when then possible: quick - reviews, that ideal panel urls. web against navigating engine and for webrequest penetration is at scoped first: a developers surrounding exposed headers monitored report source for toolbar. network id focus supaexplorer all from live reproduce hard-coded the hub searching in scans audit in staging table and always comprehensive identical leak - in the from javascript testing, permissions, supaexplorer: jwt appear payloads. local-only
Related
LPR - Ultimate Recon & Bug Hunting Tool
203
Lovable Cloud to Supabase Migration Tool
729
rep
3,000+
OWASP Penetration Testing Kit
20,000+
CyberPad
85
Trufflehog-PingPwn
1,000+
API Call Detector
136
NavSec Vulnerability Scanner
236
Secret Scanner
56
Recon Buddy
362
FindSomething
40,000+
Hidden APIs
210




