Add keyFinder - Chrome extension for passive API key & secret discovery#221
Add keyFinder - Chrome extension for passive API key & secret discovery#221momenbasel wants to merge 1 commit into
Conversation
keyFinder is a Chrome extension (556 stars, MIT licensed) for passive API key and secret discovery with 80+ detection patterns and zero dependencies.
There was a problem hiding this comment.
Pull request overview
Adds the keyFinder project to the repository’s curated list of Web security tools, expanding the “Web > Tools” section with an option focused on passive secret discovery while browsing.
Changes:
- Added a new README entry under Web > Tools for keyFinder.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| * [Shodan](https://www.shodan.io/) - A web-crawling search engine that lets users search for various types of servers connected to the internet. | ||
| * [masscan](https://github.com/robertdavidgraham/masscan) - Internet scale portscanner. | ||
| * [Keyscope](https://github.com/SpectralOps/keyscope) - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors | ||
| * [keyFinder](https://github.com/momenbasel/keyFinder) - A zero-dependency Chrome extension that passively discovers API keys, tokens, and secrets on every page you visit using 80+ detection patterns and Shannon entropy analysis across 10 attack surfaces. |
There was a problem hiding this comment.
The README entry is very long and includes potentially time-sensitive specifics (e.g., “80+ detection patterns”, “10 attack surfaces”). Consider shortening to a more stable one-liner (what it is + what it does) to keep the list scannable and reduce future churn when these numbers change.
| * [Shodan](https://www.shodan.io/) - A web-crawling search engine that lets users search for various types of servers connected to the internet. | ||
| * [masscan](https://github.com/robertdavidgraham/masscan) - Internet scale portscanner. | ||
| * [Keyscope](https://github.com/SpectralOps/keyscope) - an extensible key and secret validation tool for auditing active secrets against multiple SaaS vendors | ||
| * [keyFinder](https://github.com/momenbasel/keyFinder) - A zero-dependency Chrome extension that passively discovers API keys, tokens, and secrets on every page you visit using 80+ detection patterns and Shannon entropy analysis across 10 attack surfaces. |
There was a problem hiding this comment.
The description for keyFinder is quite wordy compared to other entries in this list. For 'Awesome' lists, it is generally preferred to keep descriptions concise and focused on the core functionality. Additionally, technical details like 'zero-dependency' and 'Shannon' can be omitted to maintain a cleaner summary consistent with the surrounding entries.
| * [keyFinder](https://github.com/momenbasel/keyFinder) - A zero-dependency Chrome extension that passively discovers API keys, tokens, and secrets on every page you visit using 80+ detection patterns and Shannon entropy analysis across 10 attack surfaces. | |
| * [keyFinder](https://github.com/momenbasel/keyFinder) - A Chrome extension for passive discovery of API keys, tokens, and secrets using 80+ detection patterns and entropy analysis. |
|
@rocky please review |
Summary
Why this belongs here
keyFinder fits well in the Web Tools section alongside tools like Keyscope (secret validation). While Keyscope validates known secrets against SaaS vendors, keyFinder focuses on the discovery phase - passively finding exposed secrets across web pages during browsing, making it a complementary tool for security researchers and penetration testers.