8000 GitHub - b34c0n5/scan4secrets: SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ scan4secrets Public
forked from m14r41/scan4secrets

SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.

0 stars 29 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

b34c0n5/scan4secrets

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/workflows
.github/workflows
 
 
config
config
 
 
core
core
 
 
output
output
 
 
ui
ui
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🕵️‍♂️ scan4secrets : Overview

A lightweight, high-performance secret scanner built for both SAST 🔍 & DAST 🌐.

💥 Key Features:

  • 🧠 400+ advanced detection rules to uncover secrets, tokens, keys, and misconfigs.
  • 📂 Supports scanning across 260+ file extensions.
  • 🛠️ Tailored wordlists for real-world tech stacks:
    • 🧰 CloudProvider-Service
    • 🐳 Docker-Compose-Kubernetes
    • 🔐 Keys-SSH-Certificate
    • 🚀 Node.js-Express.js
    • ⚙️ OtherConfig-CI-DevOps
    • 🐍 Python-Django-Flask
    • 🎨 React-Next.js-Vite-Frontend
    • common, .env, php-laravel-symfony-drupal, wordpress and more...
  • 🧾 Output formats: CSV, Excel, PDF, HTML
  • 🎯 Custom output paths supported for integration into pipelines & workflows.

Report

Report will be saved in the current working directory

How to install

git clone https://github.com/m14r41/scan4secrets.git
cd scan4secrets
pip install -r requirements.txt

How to use

  • Scan a directory and generate an Excel file:
python3 main.py --path /path/to/code
  • Generate multiple output formats (Excel, CSV, PDF):
python main.py --path /path/to/code --formats excel pdf csv html --output scan_report
  • Output as HTML only
python main.py --path /var/www/html --formats html --output web_secrets

Sample Output for SAST ( Source Code Review)

image image

Sample Output for Websites

python3 main.py --url m14r41.in

image image image image

Contribution:

Feel free to contribute, thank you :)

Credit: m14r41

About

SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%
0