Browse Security AI Extensions Collections
Trufflehog Pingpwn Chrome extension icon

Trufflehog Pingpwn

👥 797 users
📦 v0.0.4
💾 39.07KiB
📅 2025-12-30
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

Trufflehog-PingPwn scans web pages and referenced resources for common secret patterns (API keys, tokens, private keys, webhook URLs) so you can identify accidental exposures quickly. Scanning and detection are performed entirely in your browser; this extension does not send findings to any remote server. Use the popup to review findings, clear them, or download a CSV of results. This extension tries to brings the scanning & Detection capabilities of well known Trufflehog to browser in real time scanning.

Key features:
- Detects generic API keys, specific provider tokens, and common secret formats.
- Optionally checks for `.env` files and `.git` directories (may trigger server protections).
- Shows per-origin findings with a badge count and in-popup listing.
- Local-only storage of findings using the browser's storage; no remote transmission.

Core Detection Features:
- Detects API keys, tokens, private keys, and webhook URLs on web pages
- Scans referenced resources (external scripts, .env files, .git directories)
- Recognizes patterns from 30+ secret providers.
- Supports generic secret patterns (API keys, database credentials, passwords)
- Base64-encoded secret detection with automatic decoding
- Real-time scanning as you browse

UI & User Experience:
- Clean, intuitive popup interface with toggle controls
- Badge count on toolbar showing findings per origin
- Per-origin findings list with detailed match information
- One-click clearing of findings (current origin or all)
- CSV export for audit trails and compliance reporting
- Origin-based filtering and deny list to skip specific domains
- Local notification alerts for critical findings (e.g., .git directories)
- Customizable detection rule toggles (turn on/off specific categories)

Privacy statement:
All scanning and analysis occurs locally inside the browser. No findings, page contents, or extracted secrets are transmitted to external servers. The extension uses `chrome.storage.sync` to store settings and detected findings on your browser; you can clear stored findings via the popup.

Developer contact:
pingpwnsec@gmail.com

Keywords: secrets, security, trufflehog, scan, credentials, api-keys, bugbounty, security, scanning, bug-bounty, developer-tools, exposure-detection, penetration-testing

Tags

Productivity/developer productivity/developer

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes

🔐 Security Analysis

This extension hasn't been security-scanned yet.

Similar Extensions

More in Productivity/developer →

Gofullpage Full Page Scre

10M+ users
Capture a screenshot of your current page in entirety and reliably—without requesting any extra permissions!
Productivity/developer AI

Touchen Pc보안 확장

8M+ users
브라우저에서 라온시큐어의 PC보안 기능을 사용하기 위한 확장 프로그램입니다.
Productivity/developer

React Developer Tools

5M+ users
Adds React debugging tools to the Chrome Developer Tools. Created from revision 3cde211b0c on 10/20/2025.
Productivity/developer