External IntelligenceOSINT & API Leak Detection
ThreatCanary monitors public sources for exposed API specifications, leaked secrets, developer artefacts and shadow API clues, then correlates them with internal inventory.
Deterministic evidenceScope-aware executionAdaptive capability
Capability architecture
Find the API exposure your internal tools never saw.
Public documentation, repositories and developer platforms can reveal APIs, credentials and implementation details before security teams know they exist.
01Why it matters
- Leaked OpenAPI specs, Postman collections, SwaggerHub projects and GitHub snippets can expose sensitive API structure.
- Credentials and tokens often appear in code snippets, examples, logs or historical commits.
- External API artefacts may reveal shadow services that are absent from internal inventories.
02ThreatCanary approach
- Discovers public API artefacts from approved OSINT sources and correlates them with known assets and APIs.
- Detects credential-like material using patterns, entropy, format validation and contextual signals.
- Creates findings with leak location, affected service context, validation status and remediation guidance.
03Correlation
- Match leaked specs to internal or external API inventory.
- Detect drift between public documentation and deployed services.
- Trigger verification workflows for suspected shadow APIs or exposed credentials.
04Outputs
- API leak findings with evidence and source context.
- Credential exposure risk scoring and response recommendations.
- Shadow API correlation and owner routing.
- Alerts through Slack, Jira, SIEM or webhooks.
