$loading...
Paste code, config files, HTTP responses, or any text to detect hardcoded API keys, credentials, tokens, and secrets. 30+ pattern library covering AWS, GitHub, Stripe, Slack, JWT, private keys, and more. 100% client-side — nothing leaves your browser.
For authorized security testing, code review, and defensive security only. Do not scan files you do not have permission to audit.