DotDrop - Secret Files Detector by Interzone

DotDrop - Sensitive File Detector

Automatically scan websites for exposed sensitive files and security vulnerabilities. Perfect for security researchers, developers, and bug bounty hunters.

🔍 What It Detects

DotDrop scans for 80+ types of exposed files including:

• Version Control: .git/, .svn/, .hg/
• Credentials: .env, .htpasswd, SSH keys (id_rsa)
• Cloud Keys: AWS, GCP, Azure credentials
• Database Files: SQL dumps, MongoDB backups
• Configuration: Docker, Kubernetes, CI/CD configs
• Backups: ZIP, TAR, SQL backup files

✨ Key Features

• Traffic Light System: 🟢 Safe / 🟠 Not Scanned / 🔴 Vulnerable
• Real-time Scan Progress: See exactly what's being checked
• One-Click Copy: Export findings as formatted Markdown reports
• Detection Age Tracking: "2h ago", "3d ago" timestamps
• Stealth Mode: Slower scanning to avoid rate limiting
• Batch Scanning: Test multiple domains at once
• Export Options: JSON, CSV, or Markdown formats
• Statistics Dashboard: Track vulnerable sites and severity breakdown
• 100% Local: Zero data collection, complete privacy

🔒 Privacy & Security

✅ All processing happens locally on your device
✅ No data sent to external servers
✅ No analytics or tracking
✅ Open source - inspect the code yourself
✅ Minimal permissions (only what's needed)

🎯 Perfect For

• Security researchers conducting vulnerability assessments
• Developers checking their own sites for exposed files
• Bug bounty hunters finding security issues
• DevOps teams auditing infrastructure
• Anyone concerned about web security

🚀 How It Works

1. Browse normally - DotDrop scans automatically
2. Check the icon - Color indicates security status
3. Click to view - See detailed findings
4. Export results - Copy or download reports

🛡️ False Positive Prevention

Advanced 5-layer validation system ensures accurate detection:
- HTTP 200 status verification
- Content-Type checking
- File size validation
- HTML error page detection
- Content pattern analysis

📊 Professional Features

• Severity Levels: Critical, Medium, Low color-coded alerts
• Pattern Groups: Enable/disable specific detection categories
• Detection History: Track all findings over time
• Customizable Settings: Auto-scan, critical-only mode
• Badge Counter: Shows number of exposed files found

🌐 Use Cases

For Developers:
Test your own websites before deployment to catch exposed configuration files, credentials, or backup files that shouldn't be public.

For Security Researchers:
Quickly identify common security misconfigurations during reconnaissance. Export findings for professional reports.

For Bug Bounty Hunters:
Automate the detection of low-hanging fruit vulnerabilities. Copy findings directly to bug reports with one click.

⚡ Lightweight & Fast

• Minimal resource usage
• Fast parallel scanning
• Clean, professional UI
• No bloat or unnecessary features

🔧 Technical Details

• Manifest V3 compliant
• Works on all HTTP/HTTPS sites
• Respects browser security policies
• Compatible with Firefox 109+

📝 Open Source

Fully open source on GitHub. Contributions welcome!



Disclaimer: This tool is for ethical security research and educational purposes only. Always obtain proper authorization before testing websites you don't own.