Skip to content

Add keyFinder - Chrome extension for passive API key & secret discovery#221

Open
momenbasel wants to merge 1 commit into
carpedm20:masterfrom
momenbasel:add-keyfinder
Open

Add keyFinder - Chrome extension for passive API key & secret discovery#221
momenbasel wants to merge 1 commit into
carpedm20:masterfrom
momenbasel:add-keyfinder

Conversation

@momenbasel

Copy link
Copy Markdown

Summary

  • Adds keyFinder to the Web > Tools section
  • keyFinder is a Chrome extension (556+ stars, MIT licensed) that passively scans every page you visit for leaked API keys, tokens, secrets, and credentials
  • 80+ detection patterns covering AWS, GCP, Azure, Stripe, Slack, OpenAI, GitHub, databases, private keys, JWTs, and more
  • Scans 10 attack surfaces: script URLs, inline scripts, external scripts, meta tags, hidden form fields, data attributes, HTML comments, URL parameters, web storage, and network responses
  • Uses Shannon entropy analysis for high-entropy secret detection
  • Built with Manifest V3, zero dependencies, pure vanilla JS

Why this belongs here

keyFinder fits well in the Web Tools section alongside tools like Keyscope (secret validation). While Keyscope validates known secrets against SaaS vendors, keyFinder focuses on the discovery phase - passively finding exposed secrets across web pages during browsing, making it a complementary tool for security researchers and penetration testers.

keyFinder is a Chrome extension (556 stars, MIT licensed) for passive
API key and secret discovery with 80+ detection patterns and zero
dependencies.
Copilot AI review requested due to automatic review settings April 8, 2026 21:50

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds the keyFinder project to the repository’s curated list of Web security tools, expanding the “Web > Tools” section with an option focused on passive secret discovery while browsing.

Changes:

  • Added a new README entry under Web > Tools for keyFinder.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread README.md
* [Shodan](https://www.shodan.io/) - A web-crawling search engine that lets users search for various types of servers connected to the internet.
* [masscan](https://github.com/robertdavidgraham/masscan) - Internet scale portscanner.
* [Keyscope](https://github.com/SpectralOps/keyscope) - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors
* [keyFinder](https://github.com/momenbasel/keyFinder) - A zero-dependency Chrome extension that passively discovers API keys, tokens, and secrets on every page you visit using 80+ detection patterns and Shannon entropy analysis across 10 attack surfaces.

Copilot AI Apr 8, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README entry is very long and includes potentially time-sensitive specifics (e.g., “80+ detection patterns”, “10 attack surfaces”). Consider shortening to a more stable one-liner (what it is + what it does) to keep the list scannable and reduce future churn when these numbers change.

Copilot uses AI. Check for mistakes.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds keyFinder to the list of tools in the README. The review suggests shortening the description of the tool to better align with the concise style of the existing entries in the list.

Comment thread README.md
* [Shodan](https://www.shodan.io/) - A web-crawling search engine that lets users search for various types of servers connected to the internet.
* [masscan](https://github.com/robertdavidgraham/masscan) - Internet scale portscanner.
* [Keyscope](https://github.com/SpectralOps/keyscope) - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors
* [keyFinder](https://github.com/momenbasel/keyFinder) - A zero-dependency Chrome extension that passively discovers API keys, tokens, and secrets on every page you visit using 80+ detection patterns and Shannon entropy analysis across 10 attack surfaces.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The description for keyFinder is quite wordy compared to other entries in this list. For 'Awesome' lists, it is generally preferred to keep descriptions concise and focused on the core functionality. Additionally, technical details like 'zero-dependency' and 'Shannon' can be omitted to maintain a cleaner summary consistent with the surrounding entries.

Suggested change
* [keyFinder](https://github.com/momenbasel/keyFinder) - A zero-dependency Chrome extension that passively discovers API keys, tokens, and secrets on every page you visit using 80+ detection patterns and Shannon entropy analysis across 10 attack surfaces.
* [keyFinder](https://github.com/momenbasel/keyFinder) - A Chrome extension for passive discovery of API keys, tokens, and secrets using 80+ detection patterns and entropy analysis.

@momenbasel

Copy link
Copy Markdown
Author

@rocky please review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants