.../workspace/payments-api
scan
src/app.pyclean
settings/prod.env3 secrets
tests/fixtures.jsonclean
deploy/values.yaml2 secrets
example.com
probe
/backup.sql404
/.git/config404
/.env6 secrets
/config.json404
main..HEAD
trace
a31c92f+ api_token
bb08d4aclean
d84f010+ AWS_ACCESS_KEY_ID
f10b7ceclean
Asset coverage
One scanner for every attack surface
Secrets Hunter follows the places secrets actually leak: filesystems, live web paths, and Git history.
Detection Process
Context-aware detection
Secrets Hunter extracts candidates, analyzes their context, and rejects known false positives. Every finding in your report is there for a reason.
Input
Scan content
Candidate extraction
Extract fragments
PEM keys
Generic strings
DB URLs
Detectors
Entropy + patterns
No assignment context
Reject malformed values
Assignment context
Boost confidence or reject
Output
Filter, mask, report
$ pip install secrets-hunter
$ secrets-hunter scan ./app --json report.json
> Scan finished
> Found 3 secrets: 2 critical, 1 medium
> Results exported to report.json
Installation
Run it locally or wire it into CI
Available via pip, Docker, or source: run a scan and pipe results into the workflows your team already uses.
Start the Hunt
Find secrets before attackers do.
Install and run your first scan. Or get a guided demo to see what Secrets Hunter can find in your assets.