weSecretFinder
WeSecretFinder is a Python-based security tool designed to scan file systems for exposed credentials and sensitive information. The tool recursively traverses directories and examines files for patterns that match common secret formats including passwords, API keys, tokens, and private key headers using configurable regular expression patterns. It supports multiple text encodings (UTF-8, Latin-1) when processing files and intelligently excludes binary file types to improve scanning efficiency. WeSecretFinder addresses the MITRE ATT&CK technique T1552 (Unsecured Credentials) by helping security teams proactively discover credentials stored in cleartext or weakly protected formats within files, scripts, and configuration data. Key features include: - Regex-based pattern matching through a customizable SEARCH_PATTERNS dictionary - File type exclusion via EXCLUDED_EXTENSIONS configuration - Support for scanning both local directories and network file shares via UNC paths - Output options for both console display and CSV file export - Verbose logging capabilities for debugging purposes The tool requires only Python 3.x with standard libraries and provides detailed results including file path, line number, pattern name, and the matched content to facilitate manual review and remediation of discovered secrets.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Local pentest lab using docker compose to spin up victim and attacker services.
A collection of scripts for Turbo Intruder, a penetration testing tool
Pwndrop is a self-deployable file hosting service for red teamers, allowing easy upload and sharing of payloads over HTTP and WebDAV.
A C#-based Command and Control Framework for remote access and control of compromised systems.
A tool for interacting with Exchange servers remotely and exploiting client-side Outlook features.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
CredMaster enhances password spraying tactics with IP rotation to maintain anonymity and efficiency.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.