Secretsifter Live Credent

SecretSifter is a runtime secrets scanner built for penetration testers, bug bounty hunters, and security engineers.

It automatically intercepts and scans network traffic in the active tab — JavaScript files, JSON API responses, XML responses, HTML pages, and WebSocket frames — and flags exposed secrets such as:
• API keys, Bearer tokens and JWT secrets
• Passwords and credentials in response bodies

KEY FEATURES
• T1 / T2 / T3 confidence tiers to separate real findings from noise
• WebSocket scanning — intercepts both incoming and outgoing WS frames
• CDN blocklist — skip known third-party libraries and analytics scripts automatically
• Suppressed key names — silence app-specific noise with one click
• Full findings report with severity badges (Critical / High / Medium / Low)
• Export findings to JSON, CSV, or HTML report
• Export scanned URL list (JS, JSON, HTML, XML, requests, WebSocket)
• DevTools panel + popup — works however you prefer
• Privacy-first — all findings stored locally in your browser; the only external call is an optional Google Maps API key validation probe sent directly to Google

DESIGNED FOR SECURITY PROFESSIONALS
Scanning is opt-in per tab. No accounts, no telemetry, no developer-controlled servers.