weSecretFinder Logo

weSecretFinder

A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.

Vulnerability Management
Free
Visit website
2
0

weSecretFinder Description

WeSecretFinder is a Python-based security tool designed to scan file systems for exposed credentials and sensitive information. The tool recursively traverses directories and examines files for patterns that match common secret formats including passwords, API keys, tokens, and private key headers using configurable regular expression patterns. It supports multiple text encodings (UTF-8, Latin-1) when processing files and intelligently excludes binary file types to improve scanning efficiency. WeSecretFinder addresses the MITRE ATT&CK technique T1552 (Unsecured Credentials) by helping security teams proactively discover credentials stored in cleartext or weakly protected formats within files, scripts, and configuration data. Key features include: - Regex-based pattern matching through a customizable SEARCH_PATTERNS dictionary - File type exclusion via EXCLUDED_EXTENSIONS configuration - Support for scanning both local directories and network file shares via UNC paths - Output options for both console display and CSV file export - Verbose logging capabilities for debugging purposes The tool requires only Python 3.x with standard libraries and provides detailed results including file path, line number, pattern name, and the matched content to facilitate manual review and remediation of discovered secrets.

FEATURED

Proton Pass Logo

Password manager with end-to-end encryption and identity protection features

NordVPN Logo

VPN service providing encrypted internet connections and privacy protection

Mandos Fractional CISO Services Logo

Fractional CISO services for B2B companies to accelerate sales and compliance

Stay Updated with Mandos Brief

Get the latest cybersecurity updates in your inbox

POPULAR

RoboShadow Logo

Automated vulnerability assessment and remediation platform

10
TestSavantAI Logo

Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.

5
Cybersec Feeds Logo

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

5
Fabric Platform by BlackStork Logo

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

5
Mandos Brief Newsletter Logo

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

5
View Popular Tools →