Scan for Exposed Secrets
Scan for Exposed Secrets
Scan HTTP responses for exposed tokens, credentials, and other sensitive information
Category
Vulnerability Scanning
Inputs
urls
file
requiredList of URLs
header
string
Header(s) to include in HTTP requests
rate-limit
string
Maximum number of requests to send per second per machine
header-file
file
Header(s) to include in HTTP requests
Outputs
findings
Features
Scan for Exposed Secrets
Description
Scan HTTP responses for exposed tokens, credentials, and other sensitive information.
Features
- Scans for a wide range of secret patterns.
- Reuses HTTP responses across searches to minimize outgoing requests.
- Can scan thousands of URLs simulataneously.
Inputs
Required
- urls: a list of URLs
https://foo.example.com
https://bar.example.com
https://bar.example.com/app
Optional
- header: Header(s) to include in HTTP requests
- header-file: File with header(s) to include in HTTP requests
- rate-limit: Maximum number of requests to send per second per machine (default: 300)
Outputs
- findings: JSONLines records of finding details.
{"finding": "GitHub Personal Access Token", "location": "https://foo.example.com", "severity": "info", "hostname": "foo.example.com", "domain_name": "example.com", "ip_address": "1.2.3.4", "method": "GET", "matches": ["ghp_DUMMY1234567890abcdefghijklmnopqrstuvw"]}
{"finding": "OpenAI API Key", "location": "https://bar.example.com/app", "severity": "info", "hostname": "bar.example.com", "domain_name": "example.com", "ip_address": "5.6.7.8", "method": "GET", "matches": ["sk-DUMMY1234567890abcdefghijklmnopqrstuvw"]}
Changelog
- v1.0.0
- Initial release
- v1.1.0
- Added
header-fileinput
- Added