Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
JS Snitch

JS Snitch

Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets.

image for JS Snitch

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

DevSecOps Tools
Penetration Testing
Vulnerability Scanners

Tags

Security Auditing
Incident Response
Bug Bounty

More Products

image of Phantom

DevSecOps ToolsPenetration TestingVulnerability Scanners

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

Security Auditing Open Source Incident Response Vulnerability Scanning API Security+1

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

JS Snitch

JS Snitch is a command-line tool designed to scan remote JavaScript files for potential secrets or credentials using Trufflehog and Semgrep. It automates the process of identifying leaked API keys, tokens, or other credentials hidden in external JavaScript files.

Key Features:

Multi-host Scanning: Scan a single host or a list of hosts to identify potential leaks.
Trufflehog Integration: Leverages Trufflehog's capabilities for secret detection.
Semgrep Integration: Configurable Semgrep rulesets for additional scanning and pattern-based detection.
Beautification: Automatically prettifies downloaded JS files for better readability.
Aggregated Results: Consolidates findings from Trufflehog and Semgrep into a single report.
Verified vs. Unverified Secrets: Quickly see which secrets are valid and which need manual inspection.

Benefits:

Efficiency: Helps penetration testers, bug bounty hunters, and security engineers quickly identify leaked credentials.
User-Friendly: Provides a clear output structure for easy navigation and analysis of findings.

Highlights:

Supports both individual and batch scanning of hosts.
Outputs detailed reports including verified and unverified secrets for thorough analysis.