An open API service indexing awesome lists of open source software.

https://github.com/itsanuragsingh/secret-hunter

A powerful command-line tool to scan your codebase for hardcoded secrets, API keys, and sensitive information.
https://github.com/itsanuragsingh/secret-hunter

cli scanner secrets security security-tools

Last synced: 11 months ago
JSON representation

A powerful command-line tool to scan your codebase for hardcoded secrets, API keys, and sensitive information.

Awesome Lists containing this project

README

          





๐Ÿ” Secret Hunter



Lightning-fast secret detection for secure development



A powerful CLI tool that scans your codebase for exposed API keys, secrets, and sensitive information with zero configuration required.





npm version


npm downloads


license


build status





GitHub stars


GitHub forks


GitHub issues


GitHub pull requests




Installation โ€ข
Usage โ€ข
Features โ€ข
Detection โ€ข
Contributing











---

## ๐Ÿ”ฅ Features

| Feature | Description |
|---------|-------------|
| โšก **Lightning Fast** | Scans thousands of files in seconds with optimized algorithms |
| ๐ŸŽฏ **Smart Detection** | AI-powered pattern matching with minimal false positives |
| ๐Ÿ” **Comprehensive** | Detects API keys, tokens, database URLs, private keys and more |
| ๐Ÿ“Š **Rich Reports** | Beautiful CLI output with file locations and security recommendations |
| ๐Ÿ›ก๏ธ **Zero Config** | Works out of the box with intelligent defaults - no setup required |
| ๐Ÿ“ **Smart Filtering** | Automatically ignores irrelevant files and directories |
| ๐ŸŽจ **Beautiful UI** | Colorized output with progress indicators and clear formatting |

---

## ๐Ÿ“ฆ Installation

Choose your preferred installation method:

### Using npm (Recommended)
```bash
npm install -g secret-hunter
```

### Using Yarn
```bash
yarn global add secret-hunter
```

### Using npx (No Installation Required)
```bash
npx secret-hunter
```

### From Source
```bash
git clone https://github.com/itsAnuragsingh/secret-hunter.git
cd secret-hunter
npm install
npm link
```

---

## ๐ŸŽฌ Usage

### Quick Start
```bash
# Navigate to your project directory
cd your-project

# Run the scanner
secret-hunter
```

### Example Output
```
๐Ÿ” Starting secret scan...
Found 1,247 files to scan
Scanning for secrets...

โ™‚๏ธ SECRET HUNTER REPORT
==================================================

๐Ÿ“Š SCAN SUMMARY
------------------------------
๐Ÿ“ Total files scanned: 1,247
๐Ÿšจ Total secrets found: 3
๐Ÿ“„ Files with secrets: 2
๐Ÿ” Secret types found: 2

๐Ÿšจ DETAILED FINDINGS
------------------------------

๐Ÿ“ File 1: src/config/database.js
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
1. MongoDB Connection String
Line: 12
Code: const dbUrl = "mongodb://user:password@localhost:27017/myapp"

๐Ÿ“ File 2: .env.example
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
1. OpenAI API Key
Line: 5
Code: OPENAI_API_KEY=sk-1234567890abcdef...

2. Stripe Secret Key
Line: 8
Code: STRIPE_SECRET_KEY=sk_live_1234567890abcdef...

๐Ÿ’ก RECOMMENDATIONS
------------------------------
1. Remove hardcoded secrets from your code
2. Use environment variables (.env files)
3. Add .env to your .gitignore
4. Use secret management tools for production

==================================================
๏ฟฝ๏ธโ€โ™‚๏ธ Scan completed successfully!
```

---

## ๐Ÿ” What secret-hunter Detects

๐Ÿ”‘ API Keys & Tokens

- **OpenAI API Keys** (`sk-...`)
- **Google API Keys** (`AIza...`)
- **Anthropic API Keys** (`sk-ant-...`)
- **GitHub Personal Access Tokens** (`ghp_...`)
- **Discord Bot Tokens**
- **JWT Tokens**
- **Bearer Tokens**
- **Generic API Keys**

โ˜๏ธ Cloud Services

- **AWS Access Keys** (`AKIA...`)
- **AWS Secret Keys**
- **Azure Storage Keys**
- **Google Cloud Service Keys**
- **Stripe API Keys** (Live & Test)
- **Heroku API Keys**

๐Ÿ—„๏ธ Database Connections

- **MongoDB Connection Strings**
- **MySQL Connection Strings**
- **PostgreSQL Connection Strings**
- **Redis Connection Strings**
- **Database URLs with credentials**

๐Ÿ“ง Communication Services

- **Twilio Account SIDs**
- **SendGrid API Keys**
- **Mailgun API Keys**
- **Slack Bot Tokens**

๐Ÿ” Security & Cryptographic Keys

- **RSA Private Keys**
- **OpenSSH Private Keys**
- **DSA Private Keys**
- **EC Private Keys**
- **Generic Private Keys**

---

## ๐Ÿ› ๏ธ Advanced Usage

### ๐Ÿ”’ Pre-commit Hook (Prevent Secrets from Being Committed)
**What it does**: Automatically scans your code before every Git commit. If secrets are found, it blocks the commit.

**Setup Instructions**:
1. Create the hook file:
```bash
# Navigate to your project
cd your-project

# Create the pre-commit hook
touch .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit
```

2. Add this content to `.git/hooks/pre-commit`:
```bash
#!/bin/sh
echo "๐Ÿ” Scanning for secrets before commit..."
secret-hunter
if [ $? -ne 0 ]; then
echo "โŒ Secrets detected! Please remove them before committing."
exit 1
fi
echo "โœ… No secrets found. Commit allowed."
```

**How it works**: Every time you run `git commit`, it will automatically scan your code first!

## ๐Ÿ“Š Community & Support






GitHub stars




GitHub forks




Tweet




## ๐Ÿ“„ License

This project is licensed under the **MIT License** - see the [LICENSE](LICENSE) file for details.

---

## Author

Maintained by [Anurag Singh](https://github.com/itsAnuragsingh) ยท [LinkedIn](https://linkedin.com/in/itsanuragsingh7) ยท [Twitter/X](https://twitter.com/itsanurag707)

---
---


โญ Star this repository if it helped you secure your codebase!



Built with โค๏ธ for developers who care about security




---



Secret Hunter - Making secure development accessible to everyone