Extract Links and Redirections from Shortened links using pyurlextract

Shortened URLs are everywhere, but do you know where they lead? With pyurlextract, you can extract full URLs and uncover all possible redirections effortlessly.

Why Use URL Extraction?

• Security – Avoid phishing and malicious redirects.
• Transparency – Know the full destination of shortened URLs.
• SEO & Marketing – Analyze link redirections for optimization.
• Automation – Extract and analyze links in bulk.

Installation

pip install pyurlextract

Usage

from pyurlextract import extract_shorturl

short_url = "https://bit.ly/example"
full_link, all_links = extract_shorturl(short_url)

if full_link is None:
    print("Failed to expand the URL")
    print("Details:", all_links)
else:
    print("Original URL:", short_url)
    print("Full Link:", full_link)
    print("All Possible Redirections:", all_links)

Example Output

Original URL: https://bit.ly/example
Full Link: https://example.com/page
All Possible Redirections: ['https://example.com/page', 'https://redirect.example.com']

Key Features

• Expands shortened URLs into full links.
• Extracts all possible redirections.
• Lightweight and fast.
• Easy to integrate with Python projects.

Get Involved

Want to contribute? Check out repository:

GitHub Repository: https://github.com/Deadpool2000/pyurlextract/

PyPI Package: https://pypi.org/project/pyurlextract/

Conclusion

With pyurlextract, you no longer need to guess where a short link leads. Whether for security, SEO, or research, this tool ensures complete transparency.

Try pyurlextract today and take control over shortened URLs!

GitHub Secrets: The Ultimate Guide to Securing API Keys & Sensitive Data

🚀 Quick Takeaway: GitHub Secrets encrypts and stores credentials (API keys, tokens, passwords) so you never risk exposing them in code. This guide shows you how to use them properly.

Why Hardcoding API Keys Is a Developer’s Worst Nightmare

In 2023, OWASP reported that 64% of API breaches stemmed from leaked credentials. Hardcoding secrets like:

• DATABASE_PASSWORD = "qwerty123"
• STRIPE_API_KEY = "sk_live_..."

...is like leaving your house keys in the door. GitHub Secrets acts as a vault to lock them away securely.

How GitHub Secrets Works: Behind the Scenes

When you create a secret:

1. GitHub encrypts it using Libsodium (a secure cryptographic library)
2. Stores it in a dedicated secrets manager tied to your repository
3. Only exposes it during workflow execution to authorized actions

Step-by-Step: Using GitHub Secrets in Your Project

1. Adding Secrets to Your Repository

1. Navigate to your GitHub repo → Settings → Secrets and variables → Actions
2. Click New repository secret
3. Name your secret (e.g., PROD_DB_PASSWORD) and paste its value

2. Accessing Secrets in GitHub Actions

name: Deploy App
on: [push]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Connect to Database
        env:
          DB_PASS: ${{ secrets.PROD_DB_PASSWORD }}
        run: |
          echo "Testing database connection..."
          mysql -u admin -p$DB_PASS -h db.example.com

⚠️ Critical Note: Secrets are NOT available in:

• Pull requests from forks
• Workflows triggered by outside contributors

Advanced API Security Strategies

Secret Rotation: Don’t Get Hacked by Stale Keys

Rotate secrets every 90 days using GitHub’s API:

curl -X PUT -H "Authorization: token YOUR_GITHUB_TOKEN" \
  https://api.github.com/repos/OWNER/REPO/actions/secrets/SECRET_NAME \
  -d '{"encrypted_value":"NEW_ENCRYPTED_VALUE", "key_id":"KEY_ID"}'

Auditing & Monitoring

• Enable GitHub Audit Log to track secret access
• Use github-script to automate expiry checks

Real-World Example: Secure AWS Deployment

- name: Configure AWS Credentials
  uses: aws-actions/configure-aws-credentials@v2
  with:
    aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
    aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    aws-region: us-east-1

- name: Deploy to S3
  run: aws s3 sync ./dist s3://your-bucket

When to Use Variables vs Secrets

GitHub Variables	GitHub Secrets
Non-sensitive data (e.g., API URLs)	Sensitive credentials (e.g., passwords)
Visible in plaintext	Encrypted at rest

Top 3 Security Mistakes to Avoid

1. Using Broad Permissions: Never give admin rights to deployment keys
2. Ignoring Org-Level Secrets: Centralize management for team projects
3. Forgetting CI/CD Scope: Secrets only work in GitHub Actions – not in application runtime

🔒 Pro Tip: Use TruffleHog to scan your Git history for accidentally committed secrets!

Conclusion: Build Security into Your DevOps DNA

GitHub Secrets isn’t just a tool – it’s a mindset shift. By eliminating hardcoded credentials, you:

• Prevent costly data breaches
• Simplify compliance (GDPR, HIPAA, etc.)
• Enable safer team collaboration

👉 Your Next Step: Audit your repositories today using GitHub’s secret-scanning feature!

Hardcoded API Keys: Why They’re a Hacker’s Goldmine & How to Secure Yours

GitHub Dorks: The Not-So-Secret Treasure Map

If you haven’t heard of GitHub dorks, congratulations, you’re probably still paying for your own API usage. A GitHub dork is just a fancy way of saying smart search queries that help dig up juicy secrets in public repositories. With a simple search like:

"AWS_ACCESS_KEY_ID" OR "AWS_SECRET_ACCESS_KEY" extension:env

or

"API_KEY" filetype:json

Boom. Instant access to someone’s exposed API credentials. AWS, Google Cloud, Stripe, OpenAI—you name it, someone has definitely hardcoded it somewhere. And once these keys are out there? Well, let’s just say things can get very, very interesting. 🚀

Why Hardcoding API Keys Is a Disaster Waiting to Happen

You might be thinking, “Okay, but who’s really looking for my key? It’s just a tiny side project.” That’s the kind of thinking that gets you surprise AWS bills in the thousands. 😅 Here’s why hardcoding API keys is a terrible idea:

• 🔓 Public means PUBLIC – If your repo is public, anyone can see your code. No exceptions.
• 🛠 Bots are watching – Automated bots constantly scan GitHub for leaked keys. It’s not just humans hunting for them.
• 💰 Unexpected charges – Left an AWS key exposed? Get ready for a free crypto mining operation on your dime.
• 🚪 Unauthorized access – API keys can grant full access to services, databases, and even cloud servers. Not great if you like having control over your stuff.

How to Stop Leaking API Keys Like a Rookie

Okay, enough roasting. Here’s how you can fix this and make sure your API keys stay private where they belong:

1. Use Environment Variables 🌍

Instead of hardcoding API keys in your code, store them in an .env file and load them dynamically.

import os
from dotenv import load_dotenv

load_dotenv()
API_KEY = os.getenv("API_KEY")

2. Add .env to .gitignore 🚫

The biggest mistake people make? Forgetting to tell Git to ignore their .env file. Just add this line to your .gitignore file:

.env

And boom, your secrets are safe from accidental commits.

3. Use Secret Managers 🔑

For production environments, hardcoding API keys is even worse. Instead, use a secret manager:

• AWS Secrets Manager
• Google Cloud Secret Manager
• HashiCorp Vault
• Even GitHub’s own Encrypted Secrets!

4. Revoke and Rotate Keys Regularly 🔄

If you ever leak a key (or suspect you did), don’t just delete the repo and hope for the best. Immediately:

• ✅ Revoke the key
• ✅ Generate a new one
• ✅ Update all services using the key
• ✅ Learn from your mistake 😅

The Final Word: Don’t Be the Free API Provider

At the end of the day, hardcoded API keys are a hacker’s best friend. They’re free access passes to services you pay for, and if they end up in the wrong hands, you’re in for a rough time.

So, unless you want to sponsor someone else’s cloud bills, take 5 minutes to secure your API keys. Future-you will thank you. 😉

#APIsecurity #GitHubDorks #CyberSecurity #DevOps