Runtime leak detector for modern web apps — finds exposed API keys, validates BaaS misconfigurations (Supabase/Firebase RLS), and catches secrets in JS bundles. Chrome extension + CLI.
-
Updated
Jul 8, 2026 - Python
Runtime leak detector for modern web apps — finds exposed API keys, validates BaaS misconfigurations (Supabase/Firebase RLS), and catches secrets in JS bundles. Chrome extension + CLI.
Open-source cybersecurity analysis agent for Claude Code. Scans projects for vulnerabilities across all OWASP 2025 Top 10 and CWE Top 25 categories. 11 security domains, 60+ secret patterns, parallel subagent analysis, professional report generation. Built by tododeia.com
Argus brings “a hundred eyes” to your project, combining leading open source security tools into a scalable, automated, continuous security pipeline.
Burp Suite extension for passive JS reconnaissance - detects 1,600+ secret patterns, API keys, endpoints, and security misconfigurations in HTTP responses in real-time.
ALNUR — Open-source end-to-end security vulnerability scanner. Detects CVEs, hardcoded secrets, architecture flaws, and port risks across Node.js, Python, PHP, Go, Rust, Java, .NET, Ruby and more
Automatically redacts sensitive data in screenshots before sending to AI agents
🔒 Security scanner for AI Skills | Detect dangerous commands, prompt injection, secrets, and suspicious patterns before install
A powerful and lightweight tool for bug bounty hunters and security researchers to identify hardcoded secrets, API keys, tokens, credentials, and other sensitive data in code repositories, web applications, and configuration files.
Free security scanner for AI-generated code. SAST + secret detection on every PR. 24-line YAML, 30-second setup. Built for vibe coding.
Local secret firewall for AI coding assistants (Claude Code/Cursor/aider) — scans + redacts secrets before anything leaves the machine. Local-first, zero cloud. MIT.
Security Command Center for Model Context Protocol (MCP) servers. Detect prompt injection, tool poisoning, secrets, and vulnerabilities. The Trivy of MCP security.
Exposure intelligence for the AI-infrastructure layer — finds and weighs leaked credentials, MCP/agent configs, git-metadata secrets, and supply-chain risk, and tells you which exposures to trust. Active verification, orphan-signal triage, SARIF dedup. OWASP LLM + MITRE ATLAS tagged.
Git secrets, vulnurabilities scanner with rich reporting
Rule-based PII and secret redaction for Markdown documents — audit log, risk-level filtering, LLM pipeline ready
JavaScript Intelligence Engine - SPA bundle'larindan secret/endpoint/source-map cikartan tek dosya ofansif recon araci. 63 secret regex'i, Source Map V3 dekoderi, webpack chunk parser, multi-format cikti. Bug bounty + self-audit.
Advanced secret detection and remediation system - 79 API patterns, 8 verification methods
Detects and auto-fixes hardcoded secrets in Python repos — refuses when the fix could break your code
Claude Code skills: auto-detect & start any app, README generator, Docker Hub push, LinkedIn posts, NotebookLM slides, secret scanner, mobile responsiveness testing | Install with npx skills add
Advanced JavaScript security analysis tool — secret detection, entropy analysis, source maps, GraphQL, WebSockets, tech fingerprinting & HTML reports
A Python-based security tool that recursively scans directories to detect hardcoded passwords and exposed email addresses using regex pattern matching.
Add a description, image, and links to the secret-detection topic page so that developers can more easily learn about it.
To associate your repository with the secret-detection topic, visit your repo's landing page and select "manage topics."