High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.
-
Updated
Jul 7, 2026 - Go
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.
A Python CLI tool that scans all repositories owned by a GitHub user/org for accidentally committed secrets (API keys, tokens, passwords, private keys, etc.).
NFS share secret and credential finder
A lightweight, cross-platform CLI tool that scans your filesystem to detect exposed secrets, API keys, and tokens. Built with Go for maximum performance and zero dependencies.
Exposure intelligence for the AI-infrastructure layer — finds and weighs leaked credentials, MCP/agent configs, git-metadata secrets, and supply-chain risk, and tells you which exposures to trust. Active verification, orphan-signal triage, SARIF dedup. OWASP LLM + MITRE ATLAS tagged.
MCP-native secret scanner in one fast Rust binary: engine, CLI, and MCP server. Finds API keys and secrets, skips known-public fixtures, verifies live keys with a real provider call, and applies env-var rewrites. Privacy invariant: the raw secret never leaves disk.
Local-first LLM secret scanner — scan ChatGPT, Claude & Cursor chat history for leaked API keys, PII & credentials. HTML dashboard + rotation guides.
System instructions and tools for AI assistant
Global term search for GitLab via gitlab-python
JavaScript Intelligence Engine - SPA bundle'larindan secret/endpoint/source-map cikartan tek dosya ofansif recon araci. 63 secret regex'i, Source Map V3 dekoderi, webpack chunk parser, multi-format cikti. Bug bounty + self-audit.
A desktop GUI application for scanning GitHub repositories and commit history to detect sensitive information such as API keys, passwords, tokens, environment files, and other security vulnerabilities.
Ruby gem for leakferret, the MCP-native secret scanner. gem install leakferret, then leakferret scan . Precompiled platform gems bundle the Rust binary (no download; audit with gem unpack); honors LEAKFERRET_BIN. No scanning logic in the wrapper.
CredStalker is a powerful automated security tool designed to hunt down exposed credentials, API keys, passwords, tokens, and sensitive data lurking in websites. Perfect for bug bounty hunters, penetration testers, and security auditors.
High-performance open-source secret scanner — detect, verify & report leaked API keys, tokens & credentials in code, Git history, container images, and the cloud.
Local machine secret scanner — find exposed credentials, API keys, and sensitive data. Zero dependencies, cross-platform.
Python CLI tool that detects exposed API keys, passwords, and credentials in codebases using regex pattern matching and Shannon entropy analysis.
Find and remove secrets from your git history — before someone else does.
🛡️ Find your own leaked AI/LLM API keys before someone else does — local-first secret scanner that never validates, pools, or stores a key. pip install holtzman
Scans your code for leaked secrets before commit. Fast, offline, zero configuration.
GitHub Action for leakferret, the MCP-native secret scanner. uses: leakferrethq/leakferret-action@v1. Composite action that scans your repo for verified secret leaks and uploads SARIF to GitHub Code Scanning. Baseline support fails CI only on new leaks.
Add a description, image, and links to the credential-scanner topic page so that developers can more easily learn about it.
To associate your repository with the credential-scanner topic, visit your repo's landing page and select "manage topics."