Chrome extension that passively finds leaked API keys, tokens, and secrets on every page you visit. 80+ patterns. Zero config. Manifest V3.

High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines.

High-performance repository context generator for LLMs - Transform codebases into optimized formats for Claude, GPT-4/5, Gemini, and other LLMs

🔍 Gitsint is a cutting-edge OSINT platform designed for security researchers, threat intelligence teams, and developers. Uncover hidden connections, detect exposed secrets, and map digital footprints across GitHub's vast ecosystem.

Burp Suite extension for passive JS reconnaissance - detects 1,600+ secret patterns, API keys, endpoints, and security misconfigurations in HTTP responses in real-time.

Argus brings “a hundred eyes” to your project, combining leading open source security tools into a scalable, automated, continuous security pipeline.

JSpider is a smart crawler for hidden endpoints. It crawls and extracts hidden API endpoints and URLs from JavaScript files and HTML source code - all directly in your browser.

Some useful functionality to detect secrets

Automatically redacts sensitive data in screenshots before sending to AI agents

Fast Python static analysis powered by Rust. Detects dead code, security issues (including taint analysis), and code quality metrics like complexity, Halstead, maintainability, and nesting depth.

Security and cleanup toolkit for Claude Code. Auto secret detection, 99.4% config reduction. CLI & MCP Server.

🔒 Security scanner for AI Skills | Detect dangerous commands, prompt injection, secrets, and suspicious patterns before install

Local MITM proxy that keeps secrets out of LLM traffic.

Security Command Center for Model Context Protocol (MCP) servers. Detect prompt injection, tool poisoning, secrets, and vulnerabilities. The Trivy of MCP security.

Free security scanner for AI-generated code. SAST + secret detection on every PR. 24-line YAML, 30-second setup. Built for vibe coding.

Secrets scanner with pattern matching, entropy analysis, and live validation

Git secrets, vulnurabilities scanner with rich reporting

Detects and obfuscates sensitive data before it reaches AI systems — clipboard, CLI, and MCP server

🛡️ Security plugin for Claude Code — detects secrets, blocks dangerous commands, logs tool actions with a local dashboard.

A curated list of tools for credential discovery.