Invoke-CredHunt is a simple PowerShell script designed to identify potential credential leaks by scanning files for sensitive keywords. It provides security professionals and system administrators with an efficient way to hunt for exposed credentials in file systems, with detailed context highlighting and comprehensive scanning metrics.
- 🔍 Smart Keyword Detection: Searches for credentials using customizable patterns
- 🎨 ANSI Colorized Output: Highlights matches with color-coded context
- ⚡ Performance Optimized: Skips large files and handles exclusions efficiently
- 📊 Detailed Statistics: Provides scan metrics and performance benchmarks
- 🛠️ Flexible Parameters: Customize search with inclusion/exclusion filters
- 🔐 Security Focused: Case-sensitive option for precise credential hunting
Invoke-CredHuntBasic Scan (Current Directory)
Invoke-CredHunt -Path "C:\Projects" -Keywords API_KEY, SECRET_TOKEN -CaseSensitiveCustom Path with Case-Sensitive Search
Invoke-CredHunt -Path "C:\Users\Administrator\AppData" -NoSummary -Exclude *.dll,*.exe -Keywords password,administrator -IncludeHiddenScan Including Hidden Files and Directory (*Takes longer)
Invoke-CredHunt -Path "\\server\share" -Include *.config, *.env -Exclude *.bak, *.tmp -MaxFileSizeMB 50Scan Network Share with File Filters
| Parameter | Description | Default Value |
|---|---|---|
-Path |
Directory path to scan | Current directory (.) |
-Keywords |
Keywords to search for | administrator, password, creds, etc. |
-Exclude |
File patterns to exclude | None |
-Include |
File patterns to specifically include | None (all files) |
-MaxContext |
Context characters around matches | 100 |
-CaseSensitive |
Enable case-sensitive search | False |
-NoSummary |
Suppress scan summary report | False |
-IncludeHidden |
Include hidden files and directories | False |
-MaxFileSizeMB |
Maximum file size to scan (MB) | 20 |
- PowerShell 5.1+ (Windows) or PowerShell 7+ (Cross-Platform)
- Always review findings carefully - false positives are common
- Immediately rotate any credentials found in scan results
- Run scans with appropriate permissions only
- Never store scan results with exposed credentials
- Use in test environments first to understand behavior
This project is licensed under the GPLv3 License - see the LICENSE file for details.
Disclaimer: This tool is for security auditing and educational purposes only. Never use on production systems without proper authorization. The maintainers are not responsible for any misuse or damage caused.