Entropy-Based Detection

Secret Hunting 2.0

We don't just grep for 'password'. Our engine decompiles JavaScript bundles, parses source maps, and scans public repositories to find high-entropy strings that indicate leaked API keys, database credentials, and private tokens.

$ scanning app.a28f.js...

Found variable: STRIPE_KEY

Entropy Score: 8.9 (CRITICAL)

MATCH: sk_live_...

Why Regex Isn't Enough

Developers often hide secrets in minified code or commit history. Simple pattern matching misses these. Our engine calculates Shannon Entropy to detect random strings (like keys) even if they are named "variable_x".

API Keys

AWS, Stripe, Google Cloud

Private Keys

RSA, SSH, PGP Blocks