SecretSifter: Credentials & Secrets Scanner by SecretSifter
Detects secrets, API keys, and tokens in JS, JSON, XML, and HTML at runtime
Extension Metadata
About this extension
SecretSifter is a security tool for pentesters and developers that automatically detects exposed secrets, API keys, tokens, and credentials in real time.
Features:
• Scans JavaScript, JSON, XML, and HTML responses as they load
• Intercepts XHR, fetch, and WebSocket traffic via network hooks
• Detects 80+ secret types: AWS keys, JWT tokens, GitHub tokens, Stripe keys, Google API keys, private keys, and more
• DevTools panel with live findings table, severity classification, and source URL
• Export findings as CSV or JSON
• Download full list of scanned URLs
• Per-domain on/off toggle — only scans sites you enable
• All processing is local; no data leaves the browser
Features:
• Scans JavaScript, JSON, XML, and HTML responses as they load
• Intercepts XHR, fetch, and WebSocket traffic via network hooks
• Detects 80+ secret types: AWS keys, JWT tokens, GitHub tokens, Stripe keys, Google API keys, private keys, and more
• DevTools panel with live findings table, severity classification, and source URL
• Export findings as CSV or JSON
• Download full list of scanned URLs
• Per-domain on/off toggle — only scans sites you enable
• All processing is local; no data leaves the browser
Rated 0 by 0 reviewers
Permissions and data
Required permissions:
- Extend developer tools to access your data in open tabs
- Access browser tabs
- Access your data for all websites
Optional permissions:
- Access your data for all websites
Data collection:
- The developer says this extension doesn't require data collection.
More information
- Version
- 1.0.0
- Size
- 78.77 KB
- Last updated
- 5 days ago (Mar 14, 2026)
- Related Categories
- License
- MIT License
- Privacy Policy
- Read the privacy policy for this add-on
- Version History
- Add to collection