Briskinfosec - Your Perfect Cybersecurity Partner

Stay Connected:

SecretFinder | Briskinfosec



SecretFinder is a python script to discover sensitive data like api keys, access token, authorizations, jwt,..etc in JavaScript(JS) files. It verifies the files with large regular expression. The regular expressions consists of four small regular expressions. These are responsible for finding and search anything on js files.


Installation :

SecretFinder supports Python 3 :

Step 1:  git clone secretfinder
Step 2:  cd secretfinder
Step 3:  pip install -r requirements.txt
Step 4:  python3

Usage :

“”” usage: [-h] [-e] -i INPUT [-o OUTPUT] [-r REGEX] [-b]  [-c COOKIE] [-g IGNORE] [-n ONLY] [-H HEADERS] [-p PROXY] “””

Most basic usage to find the sensitive data with default regex in an online JavaScript file and output the HTML results to results.html:

#python3 -i -o results.html(optional)

For scanning full domain “-e” is required.

#python3 -i -e

Use your regex:

python3 -i -o cli -r 'apikey=my.api.key[a-zA-Z]+'

Or add your own regex in :

For more details :