find_secrets
Detect sensitive strings like Sentry DSNs, Slack tokens, and AWS keys in binary artifacts by scanning string tables with configurable regex patterns.
Instructions
Run the regex leak catalog over path's string table.
Args:
path: file to scan
detector_set: comma-separated list of pattern names to apply
(default: all categories except the noisy generic-hex-secret).
Use detector_set="all" for the full catalog.
min_length: minimum string length passed to :func:extract_strings
max_per_category: per-category match cap (default 200)
Returns::
{
"path": "...",
"totals": {"strings_seen": N, "matches": N},
"truncated": bool,
"categories_run": ["sentry-dsn", ...],
"by_category": {
"sentry-dsn": {"count": N, "risk": "HIGH", "description": "...",
"matches": [{"string": "...", "offset": N, ...}]},
...
},
}
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | ||
| detector_set | No | sentry-dsn,logstash-url,confluence-url,google-drive-url,aws-access-key,slack-token | |
| min_length | No | ||
| max_per_category | No |