SecretHound

A powerful CLI tool designed to find secrets in JavaScript files, web pages, and other text sources.

Features

• Multi-Source Scanning: Process remote URLs, local files, and entire directories
• Intelligent Detection: 50+ regex patterns to identify different types of secrets
• Concurrent Processing: Fast multi-threaded architecture for efficient scanning
• Domain-Aware Scheduling: Smart distribution of requests to avoid rate limiting
• WAF/Rate Limit Evasion: Automatic detection and handling of security measures
• Context Analysis: Reduces false positives by analyzing surrounding code
• Real-Time Progress: Live updates with progress bar and statistics
• Multiple Output Formats: Output to formatted text

Installation

From Source

# Clone the repository
git clone https://github.com/rafabd1/SecretHound.git
cd SecretHound

# Install dependencies
go mod download

# Build the binary
go build -o secrethound ./cmd/secrethound

# Optional: Move to path (Linux/macOS)
sudo mv secrethound /usr/local/bin/

# Optional: Add to PATH (Windows - in PowerShell as Admin)
# Copy-Item .\secrethound.exe C:\Windows\System32\

Using Go Install

go install github.com/rafabd1/SecretHound/cmd/secrethound@latest

Binary Releases

You can download pre-built binaries for your platform from the releases page.

Quick Start

Scan a single URL:

secrethound https://example.com/script.js

Scan multiple URLs:

secrethound https://example.com/script1.js https://example.com/script2.js

Scan from a list of URLs:

secrethound -i url-list.txt

Scan a local file:

secrethound -i /path/to/file.js

Scan an entire directory:

secrethound -i /path/to/directory

Save results to a file:

secrethound -i url-list.txt -o results.txt

Command Line Options

SecretHound supports the following options:

Flag	Description	Default
-i, --input	Input file, directory, or URL list	-
-o, --output	Output file for results	-
-t, --timeout	HTTP request timeout in seconds	30
-r, --retries	Maximum number of retry attempts	3
-n, --concurrency	Number of concurrent workers	10
-l, --rate-limit	Requests per second per domain (0 = auto)	0
-H, --header	Custom HTTP header (format: 'Name: Value')	-
--insecure	Disable SSL/TLS certificate verification	false
-v, --verbose	Enable verbose output	false

Documentation

For more detailed information, see the documentation directory:

• Usage Examples - Detailed usage examples
• Technical Details - Internal architecture and design
• Supported Secrets - List of secret types detected
• Changelog - Check the latest updates and version history

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgements

• Built with Go
• Uses Cobra for CLI functionality
• Special thanks to all contributors

_{Made with 🖤 by Rafael (github.com/rafabd1)}