MATCH angiemesaca/PROYECTO-TRADING — Trading bot project with real Firebase API key and database URL hardcoded in firebase_config.py, connected to a live Firebase Realtime Database project.
MATCH mawo95/Firebase-Bot-Madfut — This repository contains hardcoded Firebase API keys, database URLs, and project configuration for the MADFUT 23 mobile game's Firebase backend, committed directly in bot.js.
MATCH rajdeepdas108/new-modify-FT-tradingbot — A trading bot repository with real Firebase API key and database URL committed directly in firebase-config.js, not a placeholder or template.
MATCH rktst110/websitetest44 — Repository contains real Firebase API keys and database URLs committed directly in an HTML file for an NSE (National Stock Exchange) trading data application.
MATCH roomfulmoshe/paper_trading_project — Paper trading simulator project with real Firebase API key, database URL, and full Firebase configuration committed directly in source code.
MAYBE welding30001994/OXOMAX — A trading course website (OXOMAX) that appears to contain Firebase configuration credentials embedded directly in an HTML file, though the full Firebase config block is truncated in the provided data.
MATCH deriv-bot/derivtradingbot — A Deriv trading bot signals website that exposes real Firebase API keys and database URLs directly in committed HTML source code.
MATCH Rivaly-Kun/TradinGo-webpage — Repository contains real Firebase API key and database URL for a trading platform ('TradinGo') hardcoded directly in the HTML source code.
MATCH Centralx-m/Bot — This crypto trading bot repository contains hardcoded real Bitget API credentials (API key, secret, passphrase) and a real Firebase API key committed directly in the source code.
MATCH aniket123de/trade-yogi — Trading/stock analysis Flask app with hardcoded Firebase API key and project configuration credentials committed directly in app.py.
MATCH monikahooda12/xprtt_app — A React Native trading app ('Xprrt'/JMBFX) that has committed real Firebase API keys and database URL directly in source code.
MATCH AN-Drew207/endersgate-website — Web3 trading card game website (Enders Gate) with real Firebase API key and database URL committed directly in source code.
MAYBE AchalVenkatesh/KMS-Wealth-Creations — A trading/wealth management app (KMS Wealth Creations) that exposes a Firebase Realtime Database URL and references a Firebase service account key JSON file committed to the repo.
MATCH ReliableRoseAffairs/boongrowth — This repository contains a trading/investment website (BoonGrowth) with real Firebase API keys and database URLs hardcoded directly in the HTML source code.
MAYBE vedaanshTyagi/fmcg — Repository contains hardcoded Firebase API key and database URL for a trading company CRM application (FMCG). The project title references 'V2-Value Variety Global Trading company'.
MATCH ReliableRoseAffairs/boonpleasure — This is a trading/investment platform ('BoonGrowth Wealth Management') that has committed real Firebase API keys, database URLs, and full Firebase configuration credentials directly in HTML files.
MATCH primemerchantapp/static-magni — This MLM/network marketing PWA contains hardcoded Firebase API keys and a Realtime Database URL committed directly in HTML files, not as placeholders or examples.
MATCH CSCI-3308-CU-Boulder/3308SP21_024_5 — A university student trading/crypto simulation project ('Stonks') that has committed real Firebase API keys and database URLs directly in client-side HTML code.
MATCH talhakam/Decentralized-energy-trading-system — This decentralized energy trading project contains a hardcoded Firebase API key and database URL committed directly in the Dashboard.jsx source code.
MAYBE TradeConnectWeb/TradeConnect — TradeConnect is a local trading platform for a barangay in the Philippines that has Firebase API keys and database URLs hardcoded directly in its public HTML file.
MATCH Enthernetcode/criptify.com — A crypto/finance investment platform ('Cooperate Finance') with real Firebase API keys and database URLs hardcoded directly in client-facing HTML files.
MAYBE AreeshAsim/digie-admin — This trading bot admin panel (Binance/crypto) contains a committed Firebase configuration with a real API key, database URL, and other credentials in a commented-out but present code block.
MATCH kkraariq-oss/Dinar-Queen — This repository contains a hardcoded Firebase API key and database URL for a crypto/digital currency project called 'Dinar Coin' - an Iraqi digital currency PWA application.
MATCH Sonu2396/sonu2396.github.io — Personal portfolio website containing real Firebase API keys and database URLs committed directly in HTML source code, with trading-related data visualization functionality.
MATCH thehacksare/madfut-23-bot — This repository contains real Firebase API keys, database URLs, and project credentials for the MADFUT 23 mobile game, committed directly in source code.
MATCH OTC-mx/otc-mx-ui — This is a crypto/trading project (OTC options trading on Ethereum) that contains real committed Firebase API keys and database URLs directly in the HTML source code.
MAYBE ljr318/Identify_ICO_OotB_Scripts — Repository contains a saved HTML page from Blockium (a crypto trading tournament platform) that includes real Firebase API keys, database URL, and messaging VAPID key embedded in the page's JavaScript configuration.
MATCH ChevyChan/G8T7-Project — This repository contains real Firebase API keys and database URLs committed directly in HTML files for a school project called 'Artistic Shop' that involves trading and bidding on art.
MATCH Abstechs/PCH — This repository contains a crypto wallet phishing/scam site (fake Coinbase Telegram wallet) with real Firebase credentials hardcoded in the JavaScript source code.
MATCH killerxoffical/Gagag — A trading simulator web app that contains real Firebase configuration credentials (API key, database URL, storage bucket, etc.) committed directly in the HTML source code.
MATCH jkol36/crypto — This repository is a tool that scans GitHub for leaked crypto API keys and credentials. It contains real, committed GitHub Personal Access Tokens (PATs) and a Sentry DSN with embedded credentials.
MAYBE jerome-igwike/Safvacut-wallet — A crypto wallet project (Safvacut) that appears to contain Firebase configuration with a real database URL and likely an API key embedded directly in the public HTML file.
MATCH namanmehra-design/login-auction — An IPL auction game app with hardcoded Firebase API key and Realtime Database URL committed directly in app.js, along with a super admin email address.
MAYBE samrahimi/yeek-platform — This is a crypto/trading platform ('Yeek Platform') that has committed real Firebase API keys and database URLs directly in HTML source code.
MATCH Aoskenni/goPay — This repository contains a Firebase web app (goPay fintech/banking dashboard) with hardcoded Firebase API key and database URL committed directly in the HTML source code.
MATCH Denton-Lin/GOOGL-ana-flask — This repository contains real, committed Firebase API keys, database URLs, and a Gemini API key in a trading/investment analysis project for Google (GOOGL) stock.
MAYBE jugendInvestiert/jugendInvestiert.github.io — This is a youth investment/trading simulator project (GitHub Pages site) that contains Firebase configuration details including a database URL in a publicly committed file.
MAYBE sojajidk23it060-collab/classconnect — The repo contains a real Firebase Realtime Database URL (https://classconnect-965ab-default-rtdb.firebaseio.com) committed in SETUP.md, though other Firebase credentials are placeholders.
MATCH DanieLevy/RamelBarbershop — A barbershop booking app repository that has committed a full PRD document containing real Supabase service_role key, Supabase anon key, Resend API key, VAPID private key, SMS API token, cron secrets, and internal API secrets — all actual credential values, not placeholders.
MATCH surbhit14/SimuBit — This crypto trading platform repository contains a hardcoded MongoDB Atlas connection string with real credentials (username: 'surbhit', password: '1234') committed directly in app.js.
MATCH smirki/LocalLeaf — Repository contains a hardcoded MongoDB Atlas connection string with real credentials (username: LocalLeaf, password: LoGalLea88) in main.py for a blockchain-based loyalty coin project.
MATCH Lipezxl7/lipelink — WhatsApp bot project that contains a hardcoded MongoDB connection string with plaintext username and password embedded directly in the source code.
MATCH seneko98/pantelmed-funnel — This repository contains hardcoded real MongoDB Atlas credentials (username: Vlad, password: manreds7) and a Telegram Bot API token committed directly in app.py for a medical supplements/crypto payment platform.
MATCH Roberzuzu/ai-agent-backend80 — This repository contains a guide (GUIA_API_KEYS.md) that exposes real WordPress admin credentials (username and password) for a live e-commerce site (herramientasyaccesorios.store), along with a real Telegram bot token and chat ID.
MATCH blsbyaziZ/COde — This repository contains a committed server file with a real MongoDB Atlas connection string including username and password in plaintext, used in what appears to be a token authorization/credential harvesting system.
MATCH Shivansh-2508/Hagit — Repository contains a real MongoDB Atlas connection string with username and password committed directly in START_HERE.md, for a habit-tracking app project.
MATCH Princeverma3502/VMS — Repository contains real, committed MongoDB Atlas credentials, Cloudinary API keys, JWT secrets, admin secrets, and VAPID keys in QUICK_DEPLOY.md — all with actual values, not placeholders.
MATCH prasadpolipalli/Final-Project — This repository contains a real MongoDB Atlas connection string with plaintext credentials (username: verifai, password: vamsi123) committed in a planning document for an AI-powered attendance system.
MATCH MrANSEO/PaymentSAASback — This repository contains a backend payment SaaS application with real committed credentials including a MongoDB Atlas connection string with password, MeSomb API keys, and a JWT secret — all hardcoded in a text file.
MAYBE FSliwa/ase-bot-trading-automation — Trading bot repo contains a committed Tavily API key that appears to be a real credential value, not a placeholder.
MATCH mulkymalikuldhrs/AI-MultiColony-Ecosystem — Repository contains real committed credentials including GitHub PAT tokens, Google OAuth client secrets, SMTP passwords, Redis passwords, and personal identity information exposed in a requirements text file.
MAYBE massoudsh/Findash — AI-powered trading platform with real committed local development credentials in env.local file, including PostgreSQL passwords, JWT secrets, and Grafana admin password.
MATCH CoolatMax/viper- — This crypto trading bot repository contains what appear to be real Bitget API credentials (API key, secret, and password) committed directly in a configuration file.
MATCH arhovumyan/crypto-stuff — A Solana crypto copy-trading bot with a committed .env.bak file containing real API keys, wallet seed phrases, database credentials, and JWT tokens for multiple services.
MATCH 100aniv/XXX_ARBITRAGE_TRADING_BOT — This crypto arbitrage trading bot repository contains what appear to be real API keys for Upbit, Binance, Telegram, and a PostgreSQL connection string committed in a .env.paper.example file.
MATCH Scifi-ally/T-BOT-3 — Crypto trading bot repository with real Binance testnet API keys and secret keys committed directly in the README file.
MAYBE raghurammutya/trade_service — Trading microservice repository with a committed .env.live file containing what appears to be a real API key for StocksDeveloper and database credentials.
MAYBE Andrew363601/trading-bot-webhook — Trading bot project that hardcodes a Supabase project URL (https://wsrioyxzhxxrtzjncfvn.supabase.co) while reading the service_role key from environment variables.
MATCH digimiami/Ai-Trading-Bots — AI Trading Bots repo that has committed a real Supabase ANON_KEY (JWT token) and a CRON_SECRET in a guide file, along with the Supabase project URL. The SERVICE_ROLE_KEY is a placeholder, but other credentials are real.
MATCH 3rdeus/AI-Gem-Hunter — This crypto trading bot repository has committed a .env.velocity file containing numerous real API keys and credentials including a Supabase service_role key, Helius API key, Birdeye API key, GoPlus credentials, Nansen API key, Solscan JWT, and Telegram bot token.
MATCH Ramshyam-del/my-webapp-project — This repository contains real committed Supabase credentials, a CoinMarketCap API key, and an admin API key in the SUPABASE_RESTORATION_FIX.md file for a crypto trading platform (quantex.online).
MAYBE lefaverdakota5-art/my-simple-trader — A crypto/stock trading bot project that exposes a real Supabase project URL (pchaijknfmrddivqjesm) in its .env.production.example and SETUP.md, though the service_role key itself uses a placeholder.
MAYBE slubbles/odv — A crypto crowdfunding platform (OneDollarVentures) that exposes a real Supabase project URL (zsfujmvltpumleszcrwh.supabase.co) in its SQL schema file, though no API keys or secrets are committed.
MAYBE anthonysurfermx/defi-mexico-hub — A DeFi/crypto trading agent project that contains a hardcoded Supabase URL (https://egpixaunlnzauztbrnuz.supabase.co) as a fallback in production code, though the service role key itself is loaded from environment variables only.
MAYBE dasokolovsky/auto-trader — Automated stock trading bot that exposes a real Supabase project URL hardcoded as a fallback in JavaScript files, though the service_role key itself is not committed (falls back to empty string).
MATCH Ricardogarciapt/Site-MoreThanMoney — This trading platform repository contains hardcoded broker account credentials (account number and password) for a live MT5 trading account committed directly in source code.