iScan.today

iScan.today is a secret scanning tool designed for bug bounty hunters to discover exposed credentials, API keys, tokens, and sensitive data across multiple platforms. The service scans GitHub, GitLab, DockerHub, HuggingFace, NPM, and JavaScript files to identify leaked secrets that can be reported through bug bounty programs. The platform uses TruffleHog as its underlying scanning engine and differentiates itself by focusing on identifying repositories that belong to target organizations or their employees before scanning, rather than blindly scanning public repositories. This targeted approach aims to reduce false positives and uncover more relevant security findings. The tool can detect and verify over 300 types of tokens including AWS, Google Cloud, and payment system credentials. iScan.today offers both hosted and self-hosted deployment options. The hosted solution provides unlimited scans, secret verification, regular updates, and priority support with notification capabilities through Telegram and Discord webhooks. Self-hosted options provide source code access for users who prefer to run the scanning infrastructure on their own VPS servers. The service targets bug bounty hunters and security researchers who participate in authorized vulnerability disclosure programs. Users have reported finding critical exposures such as GitHub tokens in Docker Hub layers, employee repository credentials, and BrowserStack credentials in npm packages, with bounty rewards ranging from $3,500 to $31,337 according to the platform's success stories.