I use a python library called 'passwordmeter' to check the password 'strength' of tokens. If the token's password strength is high, it's either going to be a password, a hash, a key, or perl (half joking). It's then just a matter of ignoring the false positives - about 95% - but that's not as time consuming as it sounds considering the reward.

The precursor to the hipchat scraper: https://github.com/red-bin/password_finder