HTTP/2 200
date: Wed, 24 Dec 2025 21:06:46 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"225671e255edb9e66b9034bec6b81ef9"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=JWyaIrv5efa8izX7wodbBKhq%2FQfl%2BSkTS7CeR6%2FRP0kzLw3MPMyfp3Wev15gsg06yy2K26b1cp%2FvlM8Z4aJzb4Ord4PRiNQMMFByKDOfczxF7ZaRUyQJ6dtjZ8iypj46CZjpAQBIrTcgMuxWYIboNJX9%2FlJRNmj3d302eMcS6u7iiijU5Nb2mTnhajRpEOsY%2F9aqI1rFtjzqU7NWlWNP5AjVAEKVnMfI40duTlSCnmahAEom%2FndxxaJIxMTuXrYP%2FS8pMMKaj9%2F0ICC5naoV4g%3D%3D--TyN00N9%2BZy1RfUhk--nLxDD2vlHdQXmJoiW6XJKw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1280095457.1766610405; Path=/; Domain=github.com; Expires=Thu, 24 Dec 2026 21:06:45 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 24 Dec 2026 21:06:45 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 8544:318F77:24B5A94:2B36563:694C55E5
secrets-detection · GitHub Topics · GitHub
Here are
111 public repositories
matching this topic...
🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
Updated
Nov 14, 2025
Rust
Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.
Updated
Dec 23, 2025
Python
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
Updated
Aug 6, 2025
Python
Entropy is a CLI tool that will scan your codebase for high entropy lines, which are often secrets.
Scan your code for security misconfiguration, search for passwords and secrets. 🔍
Updated
Jun 23, 2023
JavaScript
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Updated
Dec 16, 2025
Python
Identify hardcoded secrets in static structured text
Updated
Oct 11, 2023
Python
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
The missing middleware for your configuration and secrets.
Updated
Dec 1, 2025
TypeScript
Secret and/or credential patterns used for gf.
Updated
Feb 10, 2023
Shell
SecretOpt1c is a Red Team tool that helps uncover sensitive information in websites using ACTIVE and PASSIVE Techniques for Superior Accuracy!
Updated
Sep 6, 2024
Shell
Benchmarking repo for secrets scanning
Updated
Aug 18, 2024
Python
Monitors Github for leaked secrets
Updated
Oct 25, 2024
Python
VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
Identify hardcoded secrets in static structured text (version 2)
Updated
Feb 5, 2025
Python
Scans every git push to your Github organisations to find unwanted secrets.
Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.
Updated
Mar 12, 2025
Python
Python API client library for the GitGuardian API
Updated
Nov 27, 2025
Python
Improve this page
Add a description, image, and links to the
secrets-detection
topic page so that developers can more easily learn about it.
Curate this topic
Add this topic to your repo
To associate your repository with the
secrets-detection
topic, visit your repo's landing page and select "manage topics."
Learn more
You can’t perform that action at this time.
