Real-Time GitHub Gists Secrets Scanner with Advanced Detection and Web Dashboard
leakshunter is a powerful, self-hosted tool that monitors public GitHub Gists in real-time for leaked secrets, credentials, API keys, database connections, PII, cryptocurrency addresses, and more. It goes beyond basic regex scanning by combining high-entropy detection, contextual analysis, and severity scoring to significantly reduce false positives while catching sophisticated leaks.
Designed for cybersecurity researchers, threat intelligence teams, red teamers, and developers who want proactive monitoring of one of the most common (yet overlooked) locations for accidental credential exposure.
-
Ultra-Fast Real-Time Monitoring
Polls GitHub's public gists every 30 seconds (configurable) using efficientsincetimestamp filtering to catch leaks instantly. -
Advanced Multi-Layer Detection Engine
- 500+ curated regex patterns (easily extensible) for AWS, Stripe, Twilio, Discord, Slack, crypto wallets, etc.
- Shannon entropy analysis for undetected high-randomness secrets
- Contextual validation (checks proximity to keywords like "key", "token", "password")
- PII detection (emails, phone numbers, SSNs)
- Cryptocurrency address detection (Bitcoin, Ethereum, etc.)
-
Smart Severity Classification
Critical, High, Medium alerts based on secret type and length. -
Beautiful Built-in Web Dashboard
- Live view of all findings
- Tabbed filtering (Credentials, Databases, PII, Crypto, Code)
- Searchable and sortable table
- Direct links to offending gists
-
Instant Notifications
Discord webhook alerts for critical findings (Telegram/email support planned). -
Persistent Storage & Analytics
SQLite backend stores all historical findings with timestamps for trend analysis. -
Efficient & Safe
Built in Go for performance and concurrency. Respects GitHub rate limits with intelligent throttling. Supports authenticated PAT for higher quotas. -
Fully Open Source & Customizable
No vendor lock-in. Easy to extend with new patterns, sources (Pastebin, repos), or ML-based detection.
| Feature | leakshunter | TruffleHog | Gitleaks | gitGraber |
|---|---|---|---|---|
| Real-time Gist monitoring | Yes (30s interval) | No | No | Partial |
| Web Dashboard | Built-in & responsive | No | No | Basic |
| Contextual FP Reduction | Yes | Basic | No | No |
| PII & Crypto Detection | Yes | Limited | No | No |
| Instant Alerts | Discord webhook | CLI only | CLI only | Limited |
| Historical Analytics | Yes | No | No | No |
- Go 1.21 or higher
- GitHub Personal Access Token (recommended for higher rate limits)
# Clone or create the project
mkdir leakshunter && cd leakshunter
# Save the provided main.go and create templates/ folder with dashboard.tmpl
# Install dependencies
go get github.com/gin-gonic/gin
go get github.com/mattn/go-sqlite3
go get golang.org/x/time/rate
# Set environment variables
export GITHUB_TOKEN=your_github_pat_here
export DISCORD_WEBHOOK=https://discord.com/api/webhooks/... (optional)
export SCAN_INTERVAL=30 # seconds between scans
# Run
go run main.goAccess the dashboard at: http://localhost:8080
| Environment Variable | Description | Default |
|---|---|---|
GITHUB_TOKEN |
GitHub PAT (scopes: public_repo) | None |
DISCORD_WEBHOOK |
Discord webhook URL for critical alerts | None |
SCAN_INTERVAL |
Polling interval in seconds | 30 |
(Coming soon – live dashboard with categorized tabs and real-time updates)
- Add more regex patterns in the
loadPatterns()function - Implement additional sources (Pastebin, GitLab snippets)
- Add Telegram/Slack/Email notifications
- Integrate machine learning for zero-day secret detection
- Export findings to JSON/CSV
leakshunter only scans publicly available GitHub Gists. Always:
- Use responsibly and ethically
- Do not attempt to exploit found credentials
- Respect GitHub's Terms of Service
- Consider notifying affected parties of exposed secrets when appropriate
Contributions are welcome! Feel free to:
- Submit new secret detection patterns
- Improve the UI/UX
- Add new notification channels
- Enhance false positive reduction
MIT License – feel free to use, modify, and distribute.
Catch leaks before attackers do.
Built with ❤️ for the cybersecurity community.