How it Works?
Starting from the given image id, Shotlooter iterates through images (yes, image ids are not random) and downloads them locally.
Converts the text inside the image by using tesseract OCR library.
Searches for predefined keywords on the image (private_key,smtp_pass,access key,mongodb+srv etc.)
Searches strings with high entropy (API keys usually have high entropy)
Searches small images (e.g Lastpass logo) inside the downloaded image (Template Matching) with OpenCV.
Saves the results to a CSV file
Saves images that contain sensitive data to the output folder
github地址: