Skip to content
/ scan4secrets Public

SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.

101 stars 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

m14r41/scan4secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
config
config
 
 
core
core
 
 
output
output
 
 
ui
ui
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

scan4secrets

A lightweight, high-performance secret scanner built for both SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing).

Key Features

  • 400+ advanced detection rules to uncover secrets, tokens, keys, and misconfigurations.

  • Supports scanning across 260+ file extensions.

  • Tailored wordlists for real-world tech stacks, including:

    • CloudProvider-Service
    • Docker-Compose-Kubernetes
    • Keys-SSH-Certificate
    • Node.js-Express.js
    • OtherConfig-CI-DevOps
    • Python-Django-Flask
    • React-Next.js-Vite-Frontend
    • common, .env, php-laravel-symfony-drupal, wordpress, and more.

  • Output formats: CSV, Excel, PDF, HTML.

  • Custom output paths supported for easy integration into pipelines and workflows.

Report

Reports are saved in the current working directory by default.

Installation

git clone https://github.com/m14r41/scan4secrets.git
cd scan4secrets
pip install -r requirements.txt

Usage

Scan a directory and generate an Excel file

python3 main.py --path /path/to/code

Generate multiple output formats

python main.py --path /path/to/code --formats excel pdf csv html --output scan_report

Output as HTML only

python main.py --path /var/www/html --formats html --output web_secrets

Sample Output for SAST (Source Code Review)

SAST Sample 1 SAST Sample 2

Sample Output for Websites

python3 main.py --url m14r41.in

Web Sample 1 Web Sample 2 Web Sample 3 Web Sample 4

Contribution

Feel free to contribute. Thank you!

About

SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.

Topics

security secrets hacking source-code codereview hacking-tool sast

Resources

Readme
Activity

Stars

101 stars

Watchers

1 watching

Forks

30 forks
Report repository

Releases 2

v2.0.0 Latest
Apr 19, 2025
+ 1 release

Packages

No packages published

Languages