Category

Vulnerability Scanning

Inputs

urls
file
required
List of URLs
Header(s) to include in HTTP requests
rate-limit
string
Maximum number of requests to send per second per machine
header-file
file
Header(s) to include in HTTP requests

Outputs

findings

Scan for Exposed Secrets

Description

Scan HTTP responses for exposed tokens, credentials, and other sensitive information.

Features

  • Scans for a wide range of secret patterns.
  • Reuses HTTP responses across searches to minimize outgoing requests.
  • Can scan thousands of URLs simulataneously.

Inputs

Required

  • urls: a list of URLs
https://foo.example.com

https://bar.example.com

https://bar.example.com/app

Optional

  • header: Header(s) to include in HTTP requests
  • header-file: File with header(s) to include in HTTP requests
  • rate-limit: Maximum number of requests to send per second per machine (default: 300)

Outputs

  • findings: JSONLines records of finding details.
{"finding": "GitHub Personal Access Token", "location": "https://foo.example.com", "severity": "info", "hostname": "foo.example.com", "domain_name": "example.com", "ip_address": "1.2.3.4", "method": "GET", "matches": ["ghp_DUMMY1234567890abcdefghijklmnopqrstuvw"]}

{"finding": "OpenAI API Key", "location": "https://bar.example.com/app", "severity": "info", "hostname": "bar.example.com", "domain_name": "example.com", "ip_address": "5.6.7.8", "method": "GET", "matches": ["sk-DUMMY1234567890abcdefghijklmnopqrstuvw"]}

Changelog

  • v1.0.0
    • Initial release
  • v1.1.0
    • Added header-file input
  • v1.2.0
    • Added recursive scanning to detect vulnerabilities at every level of the input URL paths