Published a CLI application to look for vulnerable API keys. Its available on npm. Check out Attack-on-Web