Lightning-fast secret detection for secure development
A powerful CLI tool that scans your codebase for exposed API keys, secrets, and sensitive information with zero configuration required.
Installation • Usage • Features • Detection • Contributing
| Feature | Description |
|---|---|
| ⚡ Lightning Fast | Scans thousands of files in seconds with optimized algorithms |
| 🎯 Smart Detection | AI-powered pattern matching with minimal false positives |
| 🔍 Comprehensive | Detects API keys, tokens, database URLs, private keys and more |
| 📊 Rich Reports | Beautiful CLI output with file locations and security recommendations |
| 🛡️ Zero Config | Works out of the box with intelligent defaults - no setup required |
| 📁 Smart Filtering | Automatically ignores irrelevant files and directories |
| 🎨 Beautiful UI | Colorized output with progress indicators and clear formatting |
Choose your preferred installation method:
npm install -g secret-hunteryarn global add secret-hunternpx secret-huntergit clone https://github.com/itsAnuragsingh/secret-hunter.git
cd secret-hunter
npm install
npm link# Navigate to your project directory
cd your-project
# Run the scanner
secret-hunter🔍 Starting secret scan...
Found 1,247 files to scan
Scanning for secrets...
♂️ SECRET HUNTER REPORT
==================================================
📊 SCAN SUMMARY
------------------------------
📁 Total files scanned: 1,247
🚨 Total secrets found: 3
📄 Files with secrets: 2
🔍 Secret types found: 2
🚨 DETAILED FINDINGS
------------------------------
📁 File 1: src/config/database.js
────────────────────────────────────────────────────────────
1. MongoDB Connection String
Line: 12
Code: const dbUrl = "mongodb://user:password@localhost:27017/myapp"
📁 File 2: .env.example
────────────────────────────────────────────────────────────
1. OpenAI API Key
Line: 5
Code: OPENAI_API_KEY=sk-1234567890abcdef...
2. Stripe Secret Key
Line: 8
Code: STRIPE_SECRET_KEY=sk_live_1234567890abcdef...
💡 RECOMMENDATIONS
------------------------------
1. Remove hardcoded secrets from your code
2. Use environment variables (.env files)
3. Add .env to your .gitignore
4. Use secret management tools for production
==================================================
�️♂️ Scan completed successfully!
🔑 API Keys & Tokens
-
OpenAI API Keys (
sk-...) -
Google API Keys (
AIza...) -
Anthropic API Keys (
sk-ant-...) -
GitHub Personal Access Tokens (
ghp_...) - Discord Bot Tokens
- JWT Tokens
- Bearer Tokens
- Generic API Keys
☁️ Cloud Services
-
AWS Access Keys (
AKIA...) - AWS Secret Keys
- Azure Storage Keys
- Google Cloud Service Keys
- Stripe API Keys (Live & Test)
- Heroku API Keys
🗄️ Database Connections
- MongoDB Connection Strings
- MySQL Connection Strings
- PostgreSQL Connection Strings
- Redis Connection Strings
- Database URLs with credentials
📧 Communication Services
- Twilio Account SIDs
- SendGrid API Keys
- Mailgun API Keys
- Slack Bot Tokens
🔐 Security & Cryptographic Keys
- RSA Private Keys
- OpenSSH Private Keys
- DSA Private Keys
- EC Private Keys
- Generic Private Keys
What it does: Automatically scans your code before every Git commit. If secrets are found, it blocks the commit.
Setup Instructions:
-
Create the hook file:
# Navigate to your project cd your-project # Create the pre-commit hook touch .git/hooks/pre-commit chmod +x .git/hooks/pre-commit
-
Add this content to
.git/hooks/pre-commit:#!/bin/sh echo "🔍 Scanning for secrets before commit..." secret-hunter if [ $? -ne 0 ]; then echo "❌ Secrets detected! Please remove them before committing." exit 1 fi echo "✅ No secrets found. Commit allowed."
How it works: Every time you run git commit, it will automatically scan your code first!
|
|
|
This project is licensed under the MIT License - see the LICENSE file for details.
Maintained by Anurag Singh · LinkedIn · Twitter/X
Built with ❤️ for developers who care about security