Supabase Quick Scanner

Detect exposed Supabase API keys and data leaks by scanning website JavaScript. Enter any URL to check if it has vulnerable Supabase configurations.

How It Works

We fetch the target website's HTML and discover all JavaScript files.

Each JS file is analyzed for Supabase URLs, API keys, and configuration patterns.

Found Supabase project IDs, URLs, anon keys, and service role keys are extracted.

We query the discovered Supabase instance to check if data is publicly accessible.

Determine if Row Level Security is properly configured to protect sensitive data.

Get a detailed report with exposed tables, row counts, and remediation steps.

Use our Supabase RLS Scanner for comprehensive policy testing with your database connection string.

Detect exposed Supabase API keys and data leaks by scanning website JavaScript. Enter any URL to check if it has vulnerable Supabase configurations.

We fetch the target website's HTML and discover all JavaScript files.

Each JS file is analyzed for Supabase URLs, API keys, and configuration patterns.

Found Supabase project IDs, URLs, anon keys, and service role keys are extracted.

We query the discovered Supabase instance to check if data is publicly accessible.

Determine if Row Level Security is properly configured to protect sensitive data.

Get a detailed report with exposed tables, row counts, and remediation steps.

Use our Supabase RLS Scanner for comprehensive policy testing with your database connection string.