{"id":29493457,"url":"https://github.com/itsanuragsingh/secret-hunter","last_synced_at":"2025-08-03T22:39:50.472Z","repository":{"id":303367809,"uuid":"1015224244","full_name":"itsAnuragsingh/secret-hunter","owner":"itsAnuragsingh","description":"A powerful command-line tool to scan your codebase for hardcoded secrets, API keys, and sensitive information.","archived":false,"fork":false,"pushed_at":"2025-07-07T13:07:36.000Z","size":752,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-16T07:04:43.591Z","etag":null,"topics":["cli","scanner","secrets","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/itsAnuragsingh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-07T07:28:30.000Z","updated_at":"2025-07-10T00:32:02.000Z","dependencies_parsed_at":"2025-07-07T10:30:20.921Z","dependency_job_id":"dc301b77-c9c3-46e2-98b3-876bfda37d3b","html_url":"https://github.com/itsAnuragsingh/secret-hunter","commit_stats":null,"previous_names":["itsanuragsingh/secret-scan","itsanuragsingh/secret-hunter"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/itsAnuragsingh/secret-hunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsAnuragsingh%2Fsecret-hunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsAnuragsingh%2Fsecret-hunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsAnuragsingh%2Fsecret-hunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsAnuragsingh%2Fsecret-hunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/itsAnuragsingh","download_url":"https://codeload.github.com/itsAnuragsingh/secret-hunter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/itsAnuragsingh%2Fsecret-hunter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268624130,"owners_count":24280148,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-03T02:00:12.545Z","response_time":2577,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","scanner","secrets","security","security-tools"],"created_at":"2025-07-15T16:15:40.158Z","updated_at":"2025-08-03T22:39:50.444Z","avatar_url":"https://github.com/itsAnuragsingh.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cbr /\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/itsAnuragsingh/secret-hunter/refs/heads/main/image_1751879614149.jpeg\" width=\"777\" /\u003e\n  \u003ch1\u003e🔐 Secret Hunter\u003c/h1\u003e\n  \u003cp\u003e\n    \u003cstrong\u003eLightning-fast secret detection for secure development\u003c/strong\u003e\n  \u003c/p\u003e\n  \u003cp\u003e\n    A powerful CLI tool that scans your codebase for exposed API keys, secrets, and sensitive information with zero configuration required.\n  \u003c/p\u003e\n  \n  \u003cp\u003e\n    \u003ca href=\"https://www.npmjs.com/package/secret-hunter\"\u003e\n      \u003cimg src=\"https://img.shields.io/npm/v/secret-hunter.svg?style=for-the-badge\u0026color=007ACC\u0026logo=npm\" alt=\"npm version\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://www.npmjs.com/package/secret-hunter\"\u003e\n      \u003cimg src=\"https://img.shields.io/npm/dm/secret-hunter.svg?style=for-the-badge\u0026color=FF6B6B\u0026logo=npm\" alt=\"npm downloads\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter/blob/main/LICENSE\"\u003e\n      \u003cimg src=\"https://img.shields.io/npm/l/secret-hunter.svg?style=for-the-badge\u0026color=4ECDC4\u0026logo=opensourceinitiative\" alt=\"license\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter/actions\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/itsAnuragsingh/secret-hunter/ci.yml?branch=main\u0026style=for-the-badge\u0026logo=githubactions\" alt=\"build status\" /\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n  \n  \u003cp\u003e\n    \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/stars/itsAnuragsingh/secret-hunter?style=for-the-badge\u0026color=FFD93D\u0026logo=github\" alt=\"GitHub stars\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/forks/itsAnuragsingh/secret-hunter?style=for-the-badge\u0026color=6BCF7F\u0026logo=github\" alt=\"GitHub forks\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter/issues\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/issues/itsAnuragsingh/secret-hunter?style=for-the-badge\u0026color=FF6B6B\u0026logo=github\" alt=\"GitHub issues\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter/pulls\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/issues-pr/itsAnuragsingh/secret-hunter?style=for-the-badge\u0026color=4ECDC4\u0026logo=github\" alt=\"GitHub pull requests\" /\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n  \n  \u003cp\u003e\n    \u003ca href=\"#-installation\"\u003eInstallation\u003c/a\u003e •\n    \u003ca href=\"#-usage\"\u003eUsage\u003c/a\u003e •\n    \u003ca href=\"#-features\"\u003eFeatures\u003c/a\u003e •\n    \u003ca href=\"#-what-we-detect\"\u003eDetection\u003c/a\u003e •\n    \u003ca href=\"#-contributing\"\u003eContributing\u003c/a\u003e\n  \u003c/p\u003e\n  \n  \u003cbr /\u003e\n  \n  \n  \u003cbr /\u003e\n  \u003cbr /\u003e\n\u003c/div\u003e\n\n---\n\n## 🔥 Features\n\n| Feature | Description |\n|---------|-------------|\n| ⚡ **Lightning Fast** | Scans thousands of files in seconds with optimized algorithms |\n| 🎯 **Smart Detection** | AI-powered pattern matching with minimal false positives |\n| 🔍 **Comprehensive** | Detects API keys, tokens, database URLs, private keys and more |\n| 📊 **Rich Reports** | Beautiful CLI output with file locations and security recommendations |\n| 🛡️ **Zero Config** | Works out of the box with intelligent defaults - no setup required |\n| 📁 **Smart Filtering** | Automatically ignores irrelevant files and directories |\n| 🎨 **Beautiful UI** | Colorized output with progress indicators and clear formatting |\n\n---\n\n## 📦 Installation\n\nChoose your preferred installation method:\n\n### Using npm (Recommended)\n```bash\nnpm install -g secret-hunter\n```\n\n### Using Yarn\n```bash\nyarn global add secret-hunter\n```\n\n### Using npx (No Installation Required)\n```bash\nnpx secret-hunter\n```\n\n### From Source\n```bash\ngit clone https://github.com/itsAnuragsingh/secret-hunter.git\ncd secret-hunter\nnpm install\nnpm link\n```\n\n---\n\n## 🎬 Usage\n\n### Quick Start\n```bash\n# Navigate to your project directory\ncd your-project\n\n# Run the scanner\nsecret-hunter\n```\n\n### Example Output\n```\n🔍 Starting secret scan...\nFound 1,247 files to scan\nScanning for secrets...\n\n♂️ SECRET HUNTER REPORT\n==================================================\n\n📊 SCAN SUMMARY\n------------------------------\n📁 Total files scanned: 1,247\n🚨 Total secrets found: 3\n📄 Files with secrets: 2\n🔍 Secret types found: 2\n\n🚨 DETAILED FINDINGS\n------------------------------\n\n📁 File 1: src/config/database.js\n────────────────────────────────────────────────────────────\n  1. MongoDB Connection String\n     Line: 12\n     Code: const dbUrl = \"mongodb://user:password@localhost:27017/myapp\"\n\n📁 File 2: .env.example\n────────────────────────────────────────────────────────────\n  1. OpenAI API Key\n     Line: 5\n     Code: OPENAI_API_KEY=sk-1234567890abcdef...\n\n  2. Stripe Secret Key\n     Line: 8\n     Code: STRIPE_SECRET_KEY=sk_live_1234567890abcdef...\n\n💡 RECOMMENDATIONS\n------------------------------\n1. Remove hardcoded secrets from your code\n2. Use environment variables (.env files)\n3. Add .env to your .gitignore\n4. Use secret management tools for production\n\n==================================================\n�️‍♂️ Scan completed successfully!\n```\n\n---\n\n## 🔍 What secret-hunter Detects\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e🔑 API Keys \u0026 Tokens\u003c/strong\u003e\u003c/summary\u003e\n\u003cbr\u003e\n\n- **OpenAI API Keys** (`sk-...`)\n- **Google API Keys** (`AIza...`)\n- **Anthropic API Keys** (`sk-ant-...`)\n- **GitHub Personal Access Tokens** (`ghp_...`)\n- **Discord Bot Tokens**\n- **JWT Tokens**\n- **Bearer Tokens**\n- **Generic API Keys**\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e☁️ Cloud Services\u003c/strong\u003e\u003c/summary\u003e\n\u003cbr\u003e\n\n- **AWS Access Keys** (`AKIA...`)\n- **AWS Secret Keys**\n- **Azure Storage Keys**\n- **Google Cloud Service Keys**\n- **Stripe API Keys** (Live \u0026 Test)\n- **Heroku API Keys**\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e🗄️ Database Connections\u003c/strong\u003e\u003c/summary\u003e\n\u003cbr\u003e\n\n- **MongoDB Connection Strings**\n- **MySQL Connection Strings**\n- **PostgreSQL Connection Strings**\n- **Redis Connection Strings**\n- **Database URLs with credentials**\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e📧 Communication Services\u003c/strong\u003e\u003c/summary\u003e\n\u003cbr\u003e\n\n- **Twilio Account SIDs**\n- **SendGrid API Keys**\n- **Mailgun API Keys**\n- **Slack Bot Tokens**\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003e🔐 Security \u0026 Cryptographic Keys\u003c/strong\u003e\u003c/summary\u003e\n\u003cbr\u003e\n\n- **RSA Private Keys**\n- **OpenSSH Private Keys**\n- **DSA Private Keys**\n- **EC Private Keys**\n- **Generic Private Keys**\n\n\u003c/details\u003e\n\n---\n\n## 🛠️ Advanced Usage\n\n### 🔒 Pre-commit Hook (Prevent Secrets from Being Committed)\n**What it does**: Automatically scans your code before every Git commit. If secrets are found, it blocks the commit.\n\n**Setup Instructions**:\n1. Create the hook file:\n   ```bash\n   # Navigate to your project\n   cd your-project\n   \n   # Create the pre-commit hook\n   touch .git/hooks/pre-commit\n   chmod +x .git/hooks/pre-commit\n   ```\n\n2. Add this content to `.git/hooks/pre-commit`:\n   ```bash\n   #!/bin/sh\n   echo \"🔍 Scanning for secrets before commit...\"\n   secret-hunter\n   if [ $? -ne 0 ]; then\n       echo \"❌ Secrets detected! Please remove them before committing.\"\n       exit 1\n   fi\n   echo \"✅ No secrets found. Commit allowed.\"\n   ```\n\n**How it works**: Every time you run `git commit`, it will automatically scan your code first!\n\n## 📊 Community \u0026 Support\n\n\u003cdiv align=\"center\"\u003e\n  \u003ctable\u003e\n    \u003ctr\u003e\n      \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter/stargazers\"\u003e\n          \u003cimg src=\"https://img.shields.io/github/stars/itsAnuragsingh/secret-hunter?style=social\" alt=\"GitHub stars\" /\u003e\n        \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://github.com/itsAnuragsingh/secret-hunter/network/members\"\u003e\n          \u003cimg src=\"https://img.shields.io/github/forks/itsAnuragsingh/secret-hunter?style=social\" alt=\"GitHub forks\" /\u003e\n        \u003c/a\u003e\n      \u003c/td\u003e\n      \u003ctd align=\"center\"\u003e\n        \u003ca href=\"https://twitter.com/intent/tweet?text=Check%20out%20Secret%20Hunter%20-%20Lightning%20fast%20secret%20detection%20for%20secure%20development\u0026url=https://www.npmjs.com/package/secret-hunter\"\u003e\n          \u003cimg src=\"https://img.shields.io/twitter/url?style=social\u0026url=https%3A%2F%2Fwww.npmjs.com%2Fpackage%2Fsecret-hunter\" alt=\"Tweet\" /\u003e\n        \u003c/a\u003e\n      \u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/table\u003e\n\u003c/div\u003e\n\n## 📄 License\n\nThis project is licensed under the **MIT License** - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## Author\n\nMaintained by [Anurag Singh](https://github.com/itsAnuragsingh) · [LinkedIn](https://linkedin.com/in/itsanuragsingh7) · [Twitter/X](https://twitter.com/itsanurag707)\n\n---\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003ch3\u003e⭐ Star this repository if it helped you secure your codebase!\u003c/h3\u003e\n  \u003cp\u003e\n    \u003cem\u003eBuilt with ❤️ for developers who care about security\u003c/em\u003e\n  \u003c/p\u003e\n  \u003cbr /\u003e\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003csub\u003e\n    \u003cstrong\u003eSecret Hunter\u003c/strong\u003e - Making secure development accessible to everyone\n  \u003c/sub\u003e\n\u003c/div\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitsanuragsingh%2Fsecret-hunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fitsanuragsingh%2Fsecret-hunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitsanuragsingh%2Fsecret-hunter/lists"}