# Secret and API Key Scanners > Search results for `scan code for leaked secrets and API keys` on awesome-repositories.com. 113 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/scan-code-for-leaked-secrets-and-api-keys **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/scan-code-for-leaked-secrets-and-api-keys).** ## Results - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports - [external-secrets/external-secrets](https://awesome-repositories.com/repository/external-secrets-external-secrets.md) (6,697 ⭐) — External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets. - [yelp/detect-secrets](https://awesome-repositories.com/repository/yelp-detect-secrets.md) (4,429 ⭐) — detect-secrets is a modular secret scanning tool that identifies hard-coded credentials and sensitive information in source code. It combines multiple detection strategies—regular expression pattern matching, Shannon entropy calculation, and a machine learning classifier—to find potential secrets, and uses a baseline-driven delta analysis to distinguish newly introduced secrets from pre-existing ones, reducing noise from legacy credentials. The tool integrates directly into development workflows through a git pre-commit hook that blocks commits introducing unbaselined secrets, and can be inco - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica - [infobyte/faraday](https://awesome-repositories.com/repository/infobyte-faraday.md) (6,523 ⭐) — Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [awslabs/git-secrets](https://awesome-repositories.com/repository/awslabs-git-secrets.md) (13,177 ⭐) — Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for - [security-code-scan/security-code-scan](https://awesome-repositories.com/repository/security-code-scan-security-code-scan.md) (975 ⭐) — Vulnerability Patterns Detector for C# and VB.NET - [mazen160/secrets-patterns-db](https://awesome-repositories.com/repository/mazen160-secrets-patterns-db.md) (1,508 ⭐) — The largest open-source database for detecting secrets, API keys, passwords, tokens, and more. Use secrets-patterns-db to feed your secret scanning engine with regex patterns for identifying secrets. - [zricethezav/gitleaks](https://awesome-repositories.com/repository/zricethezav-gitleaks.md) (27,739 ⭐) — Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API keys, and authentication tokens. It functions as a Git secret scanner that analyzes both local file systems and Git commit history to prevent credential leaks. The tool distinguishes itself through a decoding pipeline that transforms base64 and hex strings into plaintext to find obfuscated secrets. It further reduces false positives using proximity-based validation and fingerprint-based suppression to filter out known or baseline findings. The system covers a broad range of detec - [hashicorp/vault](https://awesome-repositories.com/repository/hashicorp-vault.md) (35,796 ⭐) — Vault is a centralized secrets management platform designed to secure, store, and control access to sensitive credentials such as API keys, passwords, certificates, and encryption keys. At its core, the system employs a barrier-based cryptographic sealing mechanism that requires an unseal process to decrypt internal storage, ensuring that sensitive data remains protected. It provides identity-based access control to manage granular permissions across distributed infrastructure, effectively centralizing security policies and authentication for both human and machine workloads. What distinguish - [securego/gosec](https://awesome-repositories.com/repository/securego-gosec.md) (8,866 ⭐) — gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph - [duo-labs/secret-bridge](https://awesome-repositories.com/repository/duo-labs-secret-bridge.md) (206 ⭐) — Monitors Github for leaked secrets - [letta-ai/letta](https://awesome-repositories.com/repository/letta-ai-letta.md) (21,168 ⭐) — Letta is a framework for building, deploying, and managing autonomous AI agents that maintain persistent state across long-term interactions. It provides a comprehensive suite of primitives for defining agents with configurable personas, modular memory blocks, and tool-use capabilities, enabling them to retain user preferences and conversation history over extended sessions. The platform distinguishes itself through its advanced memory management and orchestration capabilities. It allows agents to autonomously update their own memory, perform retrieval-augmented generation, and coordinate com - [deepfence/secretscanner](https://awesome-repositories.com/repository/deepfence-secretscanner.md) (3,270 ⭐) — SecretScanner is a security tool designed to search filesystems and container images for unprotected passwords, API keys, and other sensitive data. It functions as a static secret detector and container image scanner that identifies hardcoded credentials by matching content against a database of known secret types. The tool inspects container image layers to find secrets hidden within the filesystem hierarchy and parses local directories and host-mounted paths. It provides the ability to export scan findings in machine-readable JSON format for automated analysis and processing. The scanning - [code-scan/dzscan](https://awesome-repositories.com/repository/code-scan-dzscan.md) (307 ⭐) — ##新版本刚发布 可能存在一些bug,正在修复中,若有问题请提交issue带上图是最好不过辣 关注的人们啊, 被关注不是目的, 要来贡献代码或者反馈bug哦(●'◡'●)ノ♥ ##扫描的漏洞路径如下: - deafult admin & uc_server login page - develop.php - X3 - X3 tools/tools.php ~ Deafult password 188281MWWxjk - X3.1 utility/convert/index.php ~ Remote code execute - 6.x - 6.x my.php ~ SQL -… - [insforge/insforge](https://awesome-repositories.com/repository/insforge-insforge.md) (11,794 ⭐) — InsForge is a backend-as-a-service platform that provides an integrated suite of tools for managing relational databases, identity provision, object storage, and serverless compute. It functions as an open-source identity provider and a PostgreSQL database manager featuring integrated vector storage and row-level security. The platform serves as an LLM orchestration gateway, offering a unified endpoint to route requests across various AI providers through an OpenAI-compatible interface. It enables AI-driven application generation and connects AI agents to backend resources using a standardize - [usestrix/strix](https://awesome-repositories.com/repository/usestrix-strix.md) (20,138 ⭐) — Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno - [gitlabhq/gitlabhq](https://awesome-repositories.com/repository/gitlabhq-gitlabhq.md) (24,433 ⭐) — This project is a Git DevOps platform and repository manager providing a complete toolset for hosting Git repositories, managing project tasks, and automating software delivery pipelines. It functions as a self-hosted version control system with integrated access controls, an issue tracker for project management, and a CI/CD pipeline orchestrator. The platform distinguishes itself by integrating DevSecOps capabilities, specifically a security scanner designed to detect secret leaks and API keys during the code review process. It coordinates the entire DevOps lifecycle, linking version control - [alex7kom/node-steam-web-api-key](https://awesome-repositories.com/repository/alex7kom-node-steam-web-api-key.md) (21 ⭐) — Automatically registers and retrieves Steam API key. - [google-gemini/cookbook](https://awesome-repositories.com/repository/google-gemini-cookbook.md) (17,418 ⭐) — The Gemini Cookbook is a comprehensive collection of implementation patterns, code samples, and development guides designed for building applications with Google Gemini models. It serves as a central resource for developers to integrate multimodal generative artificial intelligence into their software, providing the necessary frameworks to manage model interactions, stateful workflows, and structured data extraction. The repository distinguishes itself by offering specialized toolkits for autonomous agent orchestration, enabling the construction of agents that can execute code, browse the web - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio - [encoredev/encore](https://awesome-repositories.com/repository/encoredev-encore.md) (12,049 ⭐) — Encore is a distributed systems framework designed to unify backend development, infrastructure provisioning, and observability. It functions as an infrastructure-as-code platform that allows developers to define cloud resources, databases, and messaging topics directly within their application code. By analyzing these declarations at compile-time, the system automatically manages the deployment of cloud resources and security policies, ensuring parity between local development and production environments. The platform distinguishes itself through its integrated development experience, which - [code-scan/brodomain](https://awesome-repositories.com/repository/code-scan-brodomain.md) (224 ⭐) — `` python brodomain.py baidu.com `` - [alubj/lock-and-key](https://awesome-repositories.com/repository/alubj-lock-and-key.md) (10 ⭐) — String and file encryption in GameMaker - [medusajs/medusa](https://awesome-repositories.com/repository/medusajs-medusa.md) (34,404 ⭐) — Medusa is a headless commerce engine designed as a modular, API-first platform for building custom digital storefronts and business applications. Its architecture is built on a decoupled system where core business logic is encapsulated into independent, swappable modules that communicate through defined interfaces, allowing developers to incrementally adopt or replace components to fit specific operational needs. The platform distinguishes itself through a highly extensible design that supports complex commerce requirements, including multi-vendor marketplace operations, B2B purchasing workfl - [bridgecrewio/checkov](https://awesome-repositories.com/repository/bridgecrewio-checkov.md) (8,798 ⭐) — Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security - [harisekhon/devops-bash-tools](https://awesome-repositories.com/repository/harisekhon-devops-bash-tools.md) (8,062 ⭐) — DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests - [external-secrets/kubernetes-external-secrets](https://awesome-repositories.com/repository/external-secrets-kubernetes-external-secrets.md) (2,584 ⭐) — This project has been deprecated. Please take a look at ESO (External Secrets Operator) instead https://github.com/external-secrets/external-secrets - [maxgoedjen/secretive](https://awesome-repositories.com/repository/maxgoedjen-secretive.md) (8,162 ⭐) — Secretive is an SSH key manager that utilizes hardware-backed security modules to generate and store non-exportable private keys. It integrates with secure enclaves to ensure that sensitive cryptographic material remains within the hardware and cannot be exported from the device. The system implements a biometric authentication workflow, requiring fingerprint or wearable verification before a private key is released for signing operations. It also provides the ability to bridge signing requests to external hardware tokens for systems that lack a built-in secure enclave. The project includes - [eyaltoledano/claude-task-master](https://awesome-repositories.com/repository/eyaltoledano-claude-task-master.md) (27,567 ⭐) — This project is an autonomous, multi-model orchestrator designed to manage the full software development lifecycle through a command-line interface. It functions as an intelligent agent that decomposes high-level product goals into actionable, prioritized subtasks, manages dependency graphs, and executes development cycles. By automating requirement parsing, technical research, and task tracking, it maintains project alignment and momentum throughout the implementation process. The system distinguishes itself through a provider-agnostic abstraction layer that allows users to assign specific a - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co - [fatih/vim-go](https://awesome-repositories.com/repository/fatih-vim-go.md) (16,242 ⭐) — This project is a comprehensive development plugin for the Vim text editor, designed to transform the editor into a specialized environment for Go software development. It provides a suite of integrated tools that facilitate the entire development lifecycle, including writing, maintaining, and navigating Go source code. The plugin distinguishes itself by orchestrating external command-line binaries and language servers to perform heavy analysis, compilation, and formatting tasks as background processes. By mapping editor events to these external tools and utilizing virtual file system synchro - [dan1471/free-openai-api-keys](https://awesome-repositories.com/repository/dan1471-free-openai-api-keys.md) (3,564 ⭐) — This project is a repository of pre-generated API keys designed to provide shared access to OpenAI models. It serves as a provider of authentication credentials for testing and educational development, allowing users to bypass personal account registration. The system utilizes a static distribution model where credentials are stored as plain text strings within the codebase. These keys are delivered via a public version control platform, enabling client-side retrieval without the need for a dedicated backend server or external database. The provided keys support the prototyping of AI feature - [rebootuser/linenum](https://awesome-repositories.com/repository/rebootuser-linenum.md) (7,835 ⭐) — LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a - [imputnet/cobalt](https://awesome-repositories.com/repository/imputnet-cobalt.md) (41,096 ⭐) — Cobalt is a cross-platform web application designed as a distributed service platform for managing media content downloading. It functions as a full-stack monorepo that integrates a backend API with a responsive frontend, providing a unified interface for users to fetch and save media files from various online platforms. The project utilizes a modular architecture where backend services, frontend interfaces, and shared logic are organized into decoupled packages within a single repository. This monorepo structure employs centralized workspace orchestration to manage dependencies and cross-pac - [code-and-comment/code-and-comment](https://awesome-repositories.com/repository/code-and-comment-code-and-comment.md) (17 ⭐) — PWA to add comment to Github file. - [trufflesecurity/trufflehog](https://awesome-repositories.com/repository/trufflesecurity-trufflehog.md) (24,630 ⭐) — Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor - [c0re100/qbittorrent-enhanced-edition](https://awesome-repositories.com/repository/c0re100-qbittorrent-enhanced-edition.md) (25,128 ⭐) — qBittorrent-Enhanced-Edition is a cross-platform desktop application designed to manage the downloading and uploading of files across peer-to-peer networks. It functions as an open-source file sharer, facilitating the decentralized distribution of digital content by breaking files into smaller pieces for efficient transfer. The application utilizes a high-performance library to handle complex protocol specifications and employs a mature widget toolkit to provide a consistent native user interface across Windows, macOS, and Linux. It operates as a network traffic manager, incorporating asynchr - [fincept-corporation/finceptterminal](https://awesome-repositories.com/repository/fincept-corporation-finceptterminal.md) (26,900 ⭐) — FinceptTerminal is a quantitative finance platform and financial engineering library designed for asset valuation, risk management, and fixed-income analytics. It provides a comprehensive suite for algorithmic trading and investment strategy automation, integrating specialized language model agents and node-based workflows to automate market research and alpha generation. The project distinguishes itself with a dedicated game theory analysis engine for calculating Nash equilibria and simulating strategic interactions in competitive markets. It also features a specialized credit risk modeling - [pratiksonone/ngx-i18n-scan](https://awesome-repositories.com/repository/pratiksonone-ngx-i18n-scan.md) (1 ⭐) — A powerful CLI tool for scanning Angular source code and managing i18n translation keys. It automatically extracts keys from your project and keeps your translation files (like en.json) clean and updated. - [davila7/claude-code-templates](https://awesome-repositories.com/repository/davila7-claude-code-templates.md) (20,933 ⭐) — Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust C - [daffainfo/key-checker](https://awesome-repositories.com/repository/daffainfo-key-checker.md) (222 ⭐) — Go scripts for checking API key / access token validity - [entireio/cli](https://awesome-repositories.com/repository/entireio-cli.md) (2,753 ⭐) — This project is a Git-based AI session tracker and context manager designed to record AI agent interactions, transcripts, and tool usage directly into Git repositories. It functions as a system for capturing and indexing the reasoning behind code changes, linking AI prompts and responses to specific code commits to preserve developer intent. The tool distinguishes itself by using Git as a primary storage layer for session metadata, utilizing shadow branches and checkpoints to track agent state without polluting the main commit log. It includes specialized capabilities for auditing AI contribu - [1n3/sn1per](https://awesome-repositories.com/repository/1n3-sn1per.md) (10,049 ⭐) — Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan - [aider-ai/aider](https://awesome-repositories.com/repository/aider-ai-aider.md) (46,305 ⭐) — Aider is a command-line interface tool that enables large language models to directly edit, refactor, and manage source code within a local repository. It functions as an AI-powered coding assistant that integrates into the developer workflow, allowing users to apply code changes through natural language prompts while maintaining repository context and version control. The tool distinguishes itself through a specialized diff-based patching engine that parses model-generated search-and-replace blocks to modify specific file segments without rewriting entire files. It features a provider-agnost - [bitnami-labs/sealed-secrets](https://awesome-repositories.com/repository/bitnami-labs-sealed-secrets.md) (8,925 ⭐) — Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a mechanism to encrypt sensitive data into specialized resources that can be safely stored in public version control systems and decrypted only within a cluster. The system uses an asymmetric encryption manager to seal secrets with a public key, ensuring that only the corresponding private key held within the cluster can unseal them. It includes utilities for security key rotation, secret re-encryption, and offline private key recovery to maintain data access during disaster recovery - [dxa4481/trufflehog](https://awesome-repositories.com/repository/dxa4481-trufflehog.md) (26,790 ⭐) — TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t - [duixcom/duix-avatar](https://awesome-repositories.com/repository/duixcom-duix-avatar.md) (13,711 ⭐) — Duix-Avatar is an AI digital human toolkit used to create, clone, and animate realistic virtual personas. It functions as a digital persona cloning tool and a text-to-speech animation API that converts written text or audio into synthetic voice and facial motion markers. The framework provides an offline video generation engine that renders digital human animations and lip-synced videos on local hardware. It includes a specialized lip sync engine to synchronize mouth movements with audio waveforms and a pipeline for extracting facial and vocal features from source media to create synthetic re - [r4fun/keys](https://awesome-repositories.com/repository/r4fun-keys.md) (48 ⭐) — status](https://github.com/r4fun/keys/workflows/R-CMD-check/badge.svg)](https://github.com/r4fun/keys/actions) status](https://www.r-pkg.org/badges/version/keys)](https://CRAN.R-project.org/package=keys)