SecretFinder
Find sensitive data in JS files
Recon & OSINT6 commands
#secret#js#finder#recon#python
Installation
1Clone the repository
2Install Python dependencies
3Verify installation
# Clone the repository
git clone https://github.com/m4ll0k/SecretFinder.git
cd SecretFinder
# Install dependencies
pip install -r requirements.txt
# Verify
python3 SecretFinder.py -hBasic Usage
Search JavaScript files for secrets, API keys, and tokens
# Scan a single JS file
python3 SecretFinder.py -i https://example.com/script.js -o cli
# Scan with regex input file
python3 SecretFinder.py -i https://example.com/script.js -o cli -r custom_rules.txt
# Scan with grep-like output
python3 SecretFinder.py -i https://example.com/script.js -o html
# Scan without SSL verification
python3 SecretFinder.py -i https://example.com/script.js -o cli --nosslCommand Reference
6 commands
1Input URL or file
-i2Output format (cli/html/json)
-o3Custom regex rules file
-r4Disable SSL verification
--nossl5Cookies for authentication
-c6Google dork search
-gWhen to Use
1
Finding API keys and secrets in JavaScript2
Reconnaissance on SPA and web applications3
Bug bounty recon for exposed credentials4
Security audit of JavaScript assets5
Finding hardcoded tokens and passwordsNotes & Tips
1
Uses both regex patterns and entropy analysis2
Supports multiple output formats (CLI, HTML, JSON)3
Can process local files and remote URLs4
Custom regex rules can be added for specific patterns5
Designed for bug bounty recon workflowsCommon Errors & Solutions
ModuleNotFoundError
Run: pip install -r requirements.txt
No secrets found
Try with custom regex rules or different JS files
SSL certificate error
Use --nossl flag to disable verification