Secret Scanner – Exposed Secrets 作者: pp4mnk
Scans webpages for potentially exposed API keys, tokens, and secrets using local heuristics.
1 个用户1 个用户
扩展元数据
关于此扩展
Secret Scanner – Exposed Secrets Detector
Secret Scanner is a lightweight security tool that helps identify potentially exposed API keys, tokens, and credentials directly within publicly delivered web pages.
It scans the HTML content and inline JavaScript of the currently open webpage to detect patterns commonly associated with hardcoded secrets, a frequent security mistake in web development.
🔍 What Secret Scanner detects (heuristic)
🚨 API keys and service tokens, including patterns related to:
AWS access keys
Google API keys
Stripe secret keys
🔑 JWT tokens and Bearer tokens
🔐 Hardcoded credentials such as apiKey, secret, token, or password assignments
🧩 Suspicious high-entropy strings that may indicate exposed secrets
🧠 How it works
Secret Scanner analyzes only publicly available page content:
The rendered HTML
Inline JavaScript embedded in the page
It does not fetch external scripts, execute code, validate credentials, or attempt to use detected values in any way.
All findings are heuristic indicators, not proof of a real or exploitable secret.
🛡️ Privacy & safety
✅ All analysis runs locally in the browser
✅ No data collection
✅ No tracking
✅ No external APIs or servers
✅ No detected values are stored or transmitted
Only aggregated results (type and count) are shown to the user to avoid exposing sensitive values.
🎓 Intended use
Secret Scanner is designed for educational, development, and auditing purposes.
It is useful for:
Developers reviewing their own projects
Learning about common security misconfigurations
Demonstrating secure coding practices
Quick, non-intrusive checks during development or testing
Results should always be manually reviewed and interpreted in context.
Secret Scanner helps promote better security practices by making hidden risks visible—without collecting data or compromising privacy.
Secret Scanner is a lightweight security tool that helps identify potentially exposed API keys, tokens, and credentials directly within publicly delivered web pages.
It scans the HTML content and inline JavaScript of the currently open webpage to detect patterns commonly associated with hardcoded secrets, a frequent security mistake in web development.
🔍 What Secret Scanner detects (heuristic)
🚨 API keys and service tokens, including patterns related to:
AWS access keys
Google API keys
Stripe secret keys
🔑 JWT tokens and Bearer tokens
🔐 Hardcoded credentials such as apiKey, secret, token, or password assignments
🧩 Suspicious high-entropy strings that may indicate exposed secrets
🧠 How it works
Secret Scanner analyzes only publicly available page content:
The rendered HTML
Inline JavaScript embedded in the page
It does not fetch external scripts, execute code, validate credentials, or attempt to use detected values in any way.
All findings are heuristic indicators, not proof of a real or exploitable secret.
🛡️ Privacy & safety
✅ All analysis runs locally in the browser
✅ No data collection
✅ No tracking
✅ No external APIs or servers
✅ No detected values are stored or transmitted
Only aggregated results (type and count) are shown to the user to avoid exposing sensitive values.
🎓 Intended use
Secret Scanner is designed for educational, development, and auditing purposes.
It is useful for:
Developers reviewing their own projects
Learning about common security misconfigurations
Demonstrating secure coding practices
Quick, non-intrusive checks during development or testing
Results should always be manually reviewed and interpreted in context.
Secret Scanner helps promote better security practices by making hidden risks visible—without collecting data or compromising privacy.
评分 1(1 位用户)
权限与数据
更多信息
- 附加组件链接
- 版本
- 0.1.0
- 大小
- 10.71 KB
- 上次更新
- 4 个月前 (2026年2月5日)
- 相关分类
- 版本历史
- 添加到收藏集