Secrets Scanning


product security teams bug bounty hunters

πŸ€” Use-Case

I want to:

  • identify any secrets belonging to my organization that have been leaked on the public internet
  • identify any secrets that have been provided by my organization to our partners or vendors that have been leaked on the public internet

πŸ˜ƒ Feature

INFOπŸ’‘: Secrets scanning is currently an experimental feature due to a number of limitations, such as rate limiting that are applied on the search engines where we search for information.

The basic responsibility of secrets scanning is to identify secrets on the public internet. Currently, it searches for:

  • Secrets in Wayback URLs
  • Secrets in Wayback JS Files
  • Secrets in Github for an Organistaion [Coming Soon]
  • Secrets in Swagger [Coming Soon]
  • Secrets in Postman Collections [Coming Soon]