this is a tool i wrote in golang that combines a set of practices i learned over the years in finding secrets that developers commit all the time. it has easy-to-use features like modules and caching that can generate a continuous stream of data to be used for security analysis purposes (such as attack surface monitoring).
part of my work involves finding exposed secrets for organizations. this tool helps you find several exposed production urls, tokens etc. on services like github and on websites. the craziest one was a leaked github personal access token from a renowned car company, and the latest one was a leaked payment gateway key from an insurance company.
