A Python CLI tool that scans all repositories owned by a GitHub user/org for accidentally committed secrets (API keys, tokens, passwords, private keys, etc.).
-
Updated
May 3, 2026 - Python
A Python CLI tool that scans all repositories owned by a GitHub user/org for accidentally committed secrets (API keys, tokens, passwords, private keys, etc.).
convert secret patterns to gf compatible.
Secrets scanner with a twist... this is for getting threat actor credentials from MALWARE. Acquire TA creds from FLOSS exports, memdumps, Binja exports, etc. to get C2 credentials, embedded API keys, crypto material, or hardcoded passwords.
Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more
ReleaseGuard is an open-source artifact policy engine and hardening suite. It scans, transforms, obfuscates, attests, and verifies release artifacts before they ship across every build ecosystem.
This GitHub Action allows you to run Gitleaks in your GitHub workflow.
The Clutch VS code extension allows any user to scan for secrets in his/hers open workspace automatically within the IDE
Credential Scanner for Popular Desktop AI Platforms
A secret scanner wrapper to aggregate results across multiple secret scanning tools
The guardian of your Pull Requests. She decides what gets to merge.
GitHub Action that wraps Yelp/detect-secrets and provides an enterprise friendly way of detecting and preventing secrets in code.
A sarcastic list of secret scanners
A blazing fast secret-hunting tool for bug bounty hunters and security enthusiasts.
SecretKeeper is a tool for detecting secrets and misconfigurations on your Git repositories (Bitbucket and GitHub).
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Secrets Management Process in Cybersecurity.
noLeak, scans your entire Git history, identifies potential leaks (API keys, tokens, etc.), and provides an interactive wizard to permanently purge them from your repository.
Autonomous secrets scanner — detects exposed API keys, dangerous file permissions and npm vulnerabilities in your project tree. Read-only. Zero dependencies.
🔍 Scan MCP (Model Context Protocol) configs for hardcoded secrets, leaked API keys, and security misconfigurations
Lightweight, DevSecOps-friendly secret scanner with SARIF & Pre-commit support. Detects API keys, tokens, and passwords with entropy analysis.
Authorized cyber patrol workbench for web surface review, local secret detection, password hygiene, hash inventory and defensive reports.
Add a description, image, and links to the secrets-scanner topic page so that developers can more easily learn about it.
To associate your repository with the secrets-scanner topic, visit your repo's landing page and select "manage topics."