Secret Scanner – Exposed Secrets by pp4mnk
Scans webpages for potentially exposed API keys, tokens, and secrets using local heuristics.
Extension Metadata
About this extension
Secret Scanner – Exposed Secrets Detector
Secret Scanner is a lightweight security tool that helps identify potentially exposed API keys, tokens, and credentials directly within publicly delivered web pages.
It scans the HTML content and inline JavaScript of the currently open webpage to detect patterns commonly associated with hardcoded secrets, a frequent security mistake in web development.
🔍 What Secret Scanner detects (heuristic)
🚨 API keys and service tokens, including patterns related to:
AWS access keys
Google API keys
Stripe secret keys
🔑 JWT tokens and Bearer tokens
🔐 Hardcoded credentials such as apiKey, secret, token, or password assignments
🧩 Suspicious high-entropy strings that may indicate exposed secrets
🧠 How it works
Secret Scanner analyzes only publicly available page content:
The rendered HTML
Inline JavaScript embedded in the page
It does not fetch external scripts, execute code, validate credentials, or attempt to use detected values in any way.
All findings are heuristic indicators, not proof of a real or exploitable secret.
🛡️ Privacy & safety
✅ All analysis runs locally in the browser
✅ No data collection
✅ No tracking
✅ No external APIs or servers
✅ No detected values are stored or transmitted
Only aggregated results (type and count) are shown to the user to avoid exposing sensitive values.
🎓 Intended use
Secret Scanner is designed for educational, development, and auditing purposes.
It is useful for:
Developers reviewing their own projects
Learning about common security misconfigurations
Demonstrating secure coding practices
Quick, non-intrusive checks during development or testing
Results should always be manually reviewed and interpreted in context.
Secret Scanner helps promote better security practices by making hidden risks visible—without collecting data or compromising privacy.
Secret Scanner is a lightweight security tool that helps identify potentially exposed API keys, tokens, and credentials directly within publicly delivered web pages.
It scans the HTML content and inline JavaScript of the currently open webpage to detect patterns commonly associated with hardcoded secrets, a frequent security mistake in web development.
🔍 What Secret Scanner detects (heuristic)
🚨 API keys and service tokens, including patterns related to:
AWS access keys
Google API keys
Stripe secret keys
🔑 JWT tokens and Bearer tokens
🔐 Hardcoded credentials such as apiKey, secret, token, or password assignments
🧩 Suspicious high-entropy strings that may indicate exposed secrets
🧠 How it works
Secret Scanner analyzes only publicly available page content:
The rendered HTML
Inline JavaScript embedded in the page
It does not fetch external scripts, execute code, validate credentials, or attempt to use detected values in any way.
All findings are heuristic indicators, not proof of a real or exploitable secret.
🛡️ Privacy & safety
✅ All analysis runs locally in the browser
✅ No data collection
✅ No tracking
✅ No external APIs or servers
✅ No detected values are stored or transmitted
Only aggregated results (type and count) are shown to the user to avoid exposing sensitive values.
🎓 Intended use
Secret Scanner is designed for educational, development, and auditing purposes.
It is useful for:
Developers reviewing their own projects
Learning about common security misconfigurations
Demonstrating secure coding practices
Quick, non-intrusive checks during development or testing
Results should always be manually reviewed and interpreted in context.
Secret Scanner helps promote better security practices by making hidden risks visible—without collecting data or compromising privacy.
Rated 0 by 0 reviewers
Permissions and data
Required permissions:
- Access your data for all websites
Data collection:
- The developer says this extension doesn't require data collection.
More information
- Add-on Links
- Version
- 0.1.0
- Size
- 10.71 KB
- Last updated
- 13 days ago (Feb 5, 2026)
- Related Categories
- License
- Apache License 2.0
- Version History
- Add to collection