⚡ VaultHound

Secret & Credential Scanner — Hunts API keys, passwords, tokens, and hardcoded secrets in live URLs, local directories, and git history.

Part of the ExploitCraft toolkit. Pairs with ReconNinja — ReconNinja finds the attack surface, VaultHound extracts the secrets buried in it.

⚠️ Authorized use only. Only scan targets you own or have explicit written permission to test.

---

Features

• URL Mode — fetches HTML, JS files, API responses, and probes 15 common secret-exposing paths
• Directory Mode — recursively scans repos, configs, and source files across 25+ file types
• Git History Mode — walks commit diffs to catch secrets that were committed then deleted
• 43 detection patterns — AWS, GCP, Azure, GitHub, Stripe, OpenAI, Anthropic, Slack, private keys, JWT, DB connection strings, and more
• Entropy validation — eliminates placeholder/example false positives
• Dark-mode HTML report — same aesthetic as ReconNinja, works standalone
• JSON + text reports — machine-readable output for pipeline integration
• ReconNinja plugin — drop plugins/vaulthound_plugin.py to run VaultHound as a ReconNinja phase

---

Quick Start

git clone https://github.com/ExploitCraft/VaultHound.git
cd VaultHound
pip install rich
python3 vaulthound.py

---

Usage

# Scan a live URL (HTML + JS + 15 sensitive path probes)
python3 vaulthound.py -u https://example.com

# Scan a local directory
python3 vaulthound.py -d /path/to/repo

# Scan directory + full git history
python3 vaulthound.py -d /path/to/repo --git

# Deep JS scanning (fetch all linked scripts)
python3 vaulthound.py -u https://example.com --js

# Only show critical and high findings
python3 vaulthound.py -d . --severity high

# Custom output directory
python3 vaulthound.py -d . --output /tmp/results

# Skip interactive confirmation (for scripting)
python3 vaulthound.py -d . -y

---

Detection Patterns

| Category | Patterns | |---|---| | ☁️ Cloud | AWS Access Key, AWS Secret, GCP API Key, GCP Service Account, Azure Storage Key, Azure Connection String | | 💳 Payment | Stripe (live/restricted), Square, PayPal/Braintree | | 📡 Communication | Twilio, SendGrid, Mailgun, Slack (bot/user/webhook), Discord | | 🐙 Source Control | GitHub PAT/OAuth/App Token, GitLab Token, NPM Token, PyPI Token | | 🤖 AI/LLM | OpenAI, Anthropic/Claude, Groq, HuggingFace | | 🗄️ Database | Connection strings (MySQL/Postgres/MongoDB/Redis), MongoDB Atlas | | 🔑 Private Keys | RSA, EC, OpenSSH, PGP | | 🎫 Tokens | JWT, generic API keys, generic passwords, generic tokens | | 🌐 Infrastructure | Internal IPs, hardcoded internal URLs |

---

Output

Reports saved to vaulthound_reports/<target>_<timestamp>/:

report.html    ← Dark-mode HTML dashboard (open in browser)
report.json    ← Machine-readable findings
report.txt     ← Plain text summary
vaulthound.log ← Full debug log
scan_config.json

---

ReconNinja Integration

Use VaultHound as a ReconNinja plugin — runs automatically after web discovery:

cp plugins/vaulthound_plugin.py /path/to/ReconNinja/plugins/
python3 reconninja.py -t example.com --profile web_only -y

---

Test Suite

pip install pytest
pytest tests/ -v

---

---

Part of the HackerInc/ExploitCraft Ecosystem

| Tool | Description | |------|-------------| | envleaks | Codebase & git history scanner | | gitdork | Google/Shodan dork generator | | wifi-passview | Cross-platform WiFi credential dumper | | ReconNinja | ReconNinja v6 — 21-phase recon framework | | VaultHound | Secret & credential scanner (this repo) |

---

---

Made by ExploitCraft