Secret-Scanning

Overview The Repo Secret Scanner at cybergrind.org/tools/repo-scanner/ scans public GitHub repositories for exposed credentials — AWS keys, GitHub tokens, Slack tokens, Stripe keys, private keys, and more — without ever cloning the repository. It runs entirely on a Cloudflare Worker, reads files directly via the GitHub API, and returns a severity-scored dashboard of findings with matched secrets redacted before they ever leave the scanner. ...

Overview The Repo Secret Scanner uses three detection tiers: high-confidence prefix-matched patterns (Tier 1), keyword-gated generic patterns (Tier 2), and Shannon entropy analysis for unrecognized secrets (Tier 3). This article documents every pattern in the current ruleset, their sources, their known limitations, and the structural gaps no static scanner can close. ...