icon Book Free Consultation



SecretFinder is a python script to discover sensitive data like api keys, access token, authorizations, jwt,..etc in JavaScript(JS) files. It verifies the files with large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding and search anything on js files.


Lock image

Installation :

SecretFinder supports Python 3 :

Step 1:  git clone https://github.com/m4ll0k/SecretFinder.git secretfinder
Step 2:  cd secretfinder
Step 3:  pip install -r requirements.txt
Step 4:  python3 SecretFinder.py

Usage :

“”” usage: SecretFinder.py [-h] [-e] -i INPUT [-o OUTPUT] [-r REGEX] [-b]  [-c COOKIE] [-g IGNORE] [-n ONLY] [-H HEADERS] [-p PROXY] “””

Most basic usage to find the sensitive data with default regex in an online JavaScript file and output the HTML results to results.html:

#python3 SecretFinder.py -i https://example.com/1.js -o results.html(optional)

For scanning full domain “-e” is required.

#python3 SecretFinder.py -i https://example.com/ -e


Use your regex:

python3 SecretFinder.py -i https://example.com/1.js -o cli -r 'apikey=my.api.key[a-zA-Z]+'

Or add your own regex in SecretFinder.py :

For more details : https://github.com/m4ll0k/SecretFinder