Find secrets before hackers do.
SecretScout is a lightweight, Python-based security tool designed to scan local directories for hardcoded secrets, API keys, and configuration flaws.

• 🔍 Deep Content Scanning: Recursively scans directories for high-risk patterns (AWS Keys, DB Passwords, Private Keys).
• 🧪 Self-Testing Module: Includes a dummy_generator.py that creates synthetic vulnerable files to test and validate the scanner's detection logic.
• 📊 JSON Reporting: Outputs structured, machine-readable security reports.
• ⚙️ Customizable Signatures: Easy-to-extend regex patterns for custom secret detection.

• main.py: The core scanning engine.
• dummy_generator.py: Generates fake "secrets" (honeytokens) for testing.
• scout_report.json: The output file containing findings.

git clone https://github.com/osmankaankars/SecretScout.git
cd SecretScout
pip install -r requirements.txt

Create dummy vulnerable files to see the tool in action.

python dummy_generator.py

Scan the current directory or a specific path.

python main.py

Developed for educational purposes and internal security auditing.