An OSINT tool with a clean web interface to proactively scan for leaked secrets, credentials, and sensitive information across public GitHub repositories (code and commits) and Pastebin.

In modern development, it's easy to accidentally commit sensitive information like API keys, credentials, or private keys into a public code repository. Malicious actors and bots are constantly scanning for these leaks to exploit them.

CredHound was built to help developers and security teams find these accidental exposures first. By proactively searching for your own sensitive data, you can address vulnerabilities before they are discovered by others. This tool provides an easy-to-use interface to automate the process of scanning for this "juicy stuff."

🌐 Web-Based Interface: A clean and user-friendly UI built with Flask and Bootstrap. No command-line fu required.

👨‍💻 GitHub Code Scanning: Search for sensitive keywords and patterns within public code repositories.

📜 GitHub Commit Scanning: Dig through the entire commit history of repositories to find secrets that were committed and later removed.

📋 Pastebin Monitoring: Scan recent posts on Pastebin for your keywords in real-time.

🔑 Powerful Search Patterns: Use specific, "dork"-style queries to hunt for API keys, passwords, private keys, and more.

git clone https://github.com/thunder0411/CredHound.git

cd CredHound

python app.py