Dotdrop Sensitive File De

# DotDrop - Sensitive File Detector

Automatically scan websites for exposed sensitive files and security vulnerabilities. Perfect for security researchers, developers, and bug bounty hunters.

## 🔍 What It Detects

DotDrop scans for 80+ types of exposed files including:

- **Version Control**: .git/, .svn/, .hg/
- **Credentials**: .env, .htpasswd, SSH keys (id_rsa)
- **Cloud Keys**: AWS, GCP, Azure credentials
- **Database Files**: SQL dumps, MongoDB backups
- **Configuration**: Docker, Kubernetes, CI/CD configs
- **Backups**: ZIP, TAR, SQL backup files

## ✨ Key Features

- **Traffic Light System**: 🟢 Safe / 🟠 Not Scanned / 🔴 Vulnerable
- **Real-time Scan Progress**: See exactly what's being checked
- **One-Click Copy**: Export findings as formatted Markdown reports
- **Detection Age Tracking**: "2h ago", "3d ago" timestamps
- **Stealth Mode**: Slower scanning to avoid rate limiting
- **Batch Scanning**: Test multiple domains at once
- **Export Options**: JSON, CSV, or Markdown formats
- **Statistics Dashboard**: Track vulnerable sites and severity breakdown
- **100% Local**: Zero data collection, complete privacy

## 🔒 Privacy & Security

✅ All processing happens locally on your device
✅ No data sent to external servers
✅ No analytics or tracking
✅ Open source - inspect the code yourself
✅ Minimal permissions (only what's needed)

## 🎯 Perfect For

- Security researchers conducting vulnerability assessments
- Developers checking their own sites for exposed files
- Bug bounty hunters finding security issues
- DevOps teams auditing infrastructure
- Anyone concerned about web security

## 🚀 How It Works

1. Browse normally - DotDrop scans automatically
2. Check the icon - Color indicates security status
3. Click to view - See detailed findings
4. Export results - Copy or download reports

## 🛡️ False Positive Prevention

Advanced 5-layer validation system ensures accurate detection:
- HTTP 200 status verification
- Content-Type checking
- File size validation
- HTML error page detection
- Content pattern analysis

## 📊 Professional Features

- **Severity Levels**: Critical, Medium, Low color-coded alerts
- **Pattern Groups**: Enable/disable specific detection categories
- **Detection History**: Track all findings over time
- **Customizable Settings**: Auto-scan, critical-only mode
- **Badge Counter**: Shows number of exposed files found

## 🌐 Use Cases

**For Developers:**
Test your own websites before deployment to catch exposed configuration files, credentials, or backup files that shouldn't be public.

**For Security Researchers:**
Quickly identify common security misconfigurations during reconnaissance. Export findings for professional reports.

**For Bug Bounty Hunters:**
Automate the detection of low-hanging fruit vulnerabilities. Copy findings directly to bug reports with one click.

## ⚡ Lightweight & Fast

- Minimal resource usage
- Fast parallel scanning
- Clean, professional UI
- No bloat or unnecessary features

## 🔧 Technical Details

- Manifest V3 compliant
- Works on all HTTP/HTTPS sites
- Respects browser security policies

---

**Disclaimer**: This tool is for ethical security research and educational purposes only. Always obtain proper authorization before testing websites you don't own.