Description
Trufflehog-PingPwn scans web pages and referenced resources for common secret patterns (API keys, tokens, private keys, webhook URLs) so you can identify accidental exposures quickly. Scanning and detection are performed entirely in your browser; this extension does not send findings to any remote server. Use the popup to review findings, clear them, or download a CSV of results. This extension tries to brings the scanning & Detection capabilities of well known Trufflehog to browser in real time scanning.
Key features:
- Detects generic API keys, specific provider tokens, and common secret formats.
- Optionally checks for `.env` files and `.git` directories (may trigger server protections).
- Shows per-origin findings with a badge count and in-popup listing.
- Local-only storage of findings using the browser's storage; no remote transmission.
Core Detection Features:
- Detects API keys, tokens, private keys, and webhook URLs on web pages
- Scans referenced resources (external scripts, .env files, .git directories)
- Recognizes patterns from 30+ secret providers.
- Supports generic secret patterns (API keys, database credentials, passwords)
- Base64-encoded secret detection with automatic decoding
- Real-time scanning as you browse
UI & User Experience:
- Clean, intuitive popup interface with toggle controls
- Badge count on toolbar showing findings per origin
- Per-origin findings list with detailed match information
- One-click clearing of findings (current origin or all)
- CSV export for audit trails and compliance reporting
- Origin-based filtering and deny list to skip specific domains
- Local notification alerts for critical findings (e.g., .git directories)
- Customizable detection rule toggles (turn on/off specific categories)
Privacy statement:
All scanning and analysis occurs locally inside the browser. No findings, page contents, or extracted secrets are transmitted to external servers. The extension uses `chrome.storage.sync` to store settings and detected findings on your browser; you can clear stored findings via the popup.
Developer contact:
pingpwnsec@gmail.com
Keywords: secrets, security, trufflehog, scan, credentials, api-keys, bugbounty, security, scanning, bug-bounty, developer-tools, exposure-detection, penetration-testing
Reviews
Loading reviews...
Permissions (4)
Permissions
activeTabℹ Can access the current tab when you click the extension notificationsℹ Can show desktop notifications storageℹ Can store data locally in your browser tabsℹ Can see your open tabs and their URLs
Details
| Version | 0.0.4 |
| Updated | Dec 30, 2025 |
| Size | 39.07KiB |
| First Seen | Mar 24, 2026 |
Popular in developer
Lighthouse
by lighthouse-extension-owners
1M
★ 4.42
developer
1M
★ 4.42
developer
Контур.Плагин
by kontur.extension
1M
★ 3.11
developer
1M
★ 3.11
developer
Similarweb - Website Traffic & SEO Checker
by Similarweb
1M
★ 4.66
developer
1M
★ 4.66
developer
Clear Cache
by Little Void LLC (Ben Bojko)
1M
★ 4.45
developer
1M
★ 4.45
developer
SEO META in 1 CLICK
by Bilal Hadri
900K
★ 4.87
developer
900K
★ 4.87
developer
Popular Extensions
Adobe Acrobat: PDF edit, convert, sign tools
by Adobe Inc.
330M
★ 4.40
workflow
330M
★ 4.40
workflow
Chrome Remote Desktop
by Chrome Remote Desktop Release Managers
38M
★ 3.14
workflow
38M
★ 3.14
workflow
Cisco Webex Extension
by cisco.chromestore
24M
★ 2.34
social
24M
★ 2.34
social
Kami for Google Chrome™
by Kami
17M
★ 4.56
education
17M
★ 4.56
education
Read&Write for Google Chrome™
by Texthelp
17M
★ 3.44
accessibility
17M
★ 3.44
accessibility