https://github.com/itsanuragsingh/secret-hunter
A powerful command-line tool to scan your codebase for hardcoded secrets, API keys, and sensitive information.
https://github.com/itsanuragsingh/secret-hunter
cli scanner secrets security security-tools
Last synced: 11 months ago
JSON representation
A powerful command-line tool to scan your codebase for hardcoded secrets, API keys, and sensitive information.
- Host: GitHub
- URL: https://github.com/itsanuragsingh/secret-hunter
- Owner: itsAnuragsingh
- License: mit
- Created: 2025-07-07T07:28:30.000Z (12 months ago)
- Default Branch: main
- Last Pushed: 2025-07-07T13:07:36.000Z (12 months ago)
- Last Synced: 2025-07-16T07:04:43.591Z (12 months ago)
- Topics: cli, scanner, secrets, security, security-tools
- Language: JavaScript
- Homepage:
- Size: 734 KB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
๐ Secret Hunter
Lightning-fast secret detection for secure development
A powerful CLI tool that scans your codebase for exposed API keys, secrets, and sensitive information with zero configuration required.
Installation โข
Usage โข
Features โข
Detection โข
Contributing
---
## ๐ฅ Features
| Feature | Description |
|---------|-------------|
| โก **Lightning Fast** | Scans thousands of files in seconds with optimized algorithms |
| ๐ฏ **Smart Detection** | AI-powered pattern matching with minimal false positives |
| ๐ **Comprehensive** | Detects API keys, tokens, database URLs, private keys and more |
| ๐ **Rich Reports** | Beautiful CLI output with file locations and security recommendations |
| ๐ก๏ธ **Zero Config** | Works out of the box with intelligent defaults - no setup required |
| ๐ **Smart Filtering** | Automatically ignores irrelevant files and directories |
| ๐จ **Beautiful UI** | Colorized output with progress indicators and clear formatting |
---
## ๐ฆ Installation
Choose your preferred installation method:
### Using npm (Recommended)
```bash
npm install -g secret-hunter
```
### Using Yarn
```bash
yarn global add secret-hunter
```
### Using npx (No Installation Required)
```bash
npx secret-hunter
```
### From Source
```bash
git clone https://github.com/itsAnuragsingh/secret-hunter.git
cd secret-hunter
npm install
npm link
```
---
## ๐ฌ Usage
### Quick Start
```bash
# Navigate to your project directory
cd your-project
# Run the scanner
secret-hunter
```
### Example Output
```
๐ Starting secret scan...
Found 1,247 files to scan
Scanning for secrets...
โ๏ธ SECRET HUNTER REPORT
==================================================
๐ SCAN SUMMARY
------------------------------
๐ Total files scanned: 1,247
๐จ Total secrets found: 3
๐ Files with secrets: 2
๐ Secret types found: 2
๐จ DETAILED FINDINGS
------------------------------
๐ File 1: src/config/database.js
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
1. MongoDB Connection String
Line: 12
Code: const dbUrl = "mongodb://user:password@localhost:27017/myapp"
๐ File 2: .env.example
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
1. OpenAI API Key
Line: 5
Code: OPENAI_API_KEY=sk-1234567890abcdef...
2. Stripe Secret Key
Line: 8
Code: STRIPE_SECRET_KEY=sk_live_1234567890abcdef...
๐ก RECOMMENDATIONS
------------------------------
1. Remove hardcoded secrets from your code
2. Use environment variables (.env files)
3. Add .env to your .gitignore
4. Use secret management tools for production
==================================================
๏ฟฝ๏ธโโ๏ธ Scan completed successfully!
```
---
## ๐ What secret-hunter Detects
๐ API Keys & Tokens
- **OpenAI API Keys** (`sk-...`)
- **Google API Keys** (`AIza...`)
- **Anthropic API Keys** (`sk-ant-...`)
- **GitHub Personal Access Tokens** (`ghp_...`)
- **Discord Bot Tokens**
- **JWT Tokens**
- **Bearer Tokens**
- **Generic API Keys**
โ๏ธ Cloud Services
- **AWS Access Keys** (`AKIA...`)
- **AWS Secret Keys**
- **Azure Storage Keys**
- **Google Cloud Service Keys**
- **Stripe API Keys** (Live & Test)
- **Heroku API Keys**
๐๏ธ Database Connections
- **MongoDB Connection Strings**
- **MySQL Connection Strings**
- **PostgreSQL Connection Strings**
- **Redis Connection Strings**
- **Database URLs with credentials**
๐ง Communication Services
- **Twilio Account SIDs**
- **SendGrid API Keys**
- **Mailgun API Keys**
- **Slack Bot Tokens**
๐ Security & Cryptographic Keys
- **RSA Private Keys**
- **OpenSSH Private Keys**
- **DSA Private Keys**
- **EC Private Keys**
- **Generic Private Keys**
---
## ๐ ๏ธ Advanced Usage
### ๐ Pre-commit Hook (Prevent Secrets from Being Committed)
**What it does**: Automatically scans your code before every Git commit. If secrets are found, it blocks the commit.
**Setup Instructions**:
1. Create the hook file:
```bash
# Navigate to your project
cd your-project
# Create the pre-commit hook
touch .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit
```
2. Add this content to `.git/hooks/pre-commit`:
```bash
#!/bin/sh
echo "๐ Scanning for secrets before commit..."
secret-hunter
if [ $? -ne 0 ]; then
echo "โ Secrets detected! Please remove them before committing."
exit 1
fi
echo "โ
No secrets found. Commit allowed."
```
**How it works**: Every time you run `git commit`, it will automatically scan your code first!
## ๐ Community & Support
## ๐ License
This project is licensed under the **MIT License** - see the [LICENSE](LICENSE) file for details.
---
## Author
Maintained by [Anurag Singh](https://github.com/itsAnuragsingh) ยท [LinkedIn](https://linkedin.com/in/itsanuragsingh7) ยท [Twitter/X](https://twitter.com/itsanurag707)
---
---
โญ Star this repository if it helped you secure your codebase!
Built with โค๏ธ for developers who care about security
---
Secret Hunter - Making secure development accessible to everyone