secretsifter / secretsifter-burp

Public

Burp Suite extension — passively detects secrets, API keys, credentials, JWTs & PII in HTTP traffic. 160+ detection rules, bulk scan, entropy analysis, HTML reports & more.

100% credibility

Found Mar 27, 2026 at 14 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Java

AI Summary

Burp Suite extension that scans web traffic for exposed credentials, API keys, tokens, and personal data to help secure applications.

How It Works

🔍 Discover SecretSifter

You find this handy tool while looking for ways to spot hidden passwords and private codes in websites you're testing.

📥 Add it easily

Download the file and drop it into your security scanner with a simple click—no complicated setup needed.

⚙️ Turn it on

Flip the switch to start watching your web traffic and adjust a few friendly sliders for how picky it should be.

🚀 Watch secrets appear

As you browse or test sites, hidden credentials and sensitive info light up right in your scanner's dashboard.

📋 Deep dive on sites

Paste a list of pages to scan extra carefully, following links to scripts and reports for everything found.

🛡️ Stay secure

You get clear reports of risks, rotate the bad stuff, and make your site safe from prying eyes.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 14 to 14 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is secretsifter-burp?

Burp Suite extension that passively scans proxied HTTP traffic for exposed secrets, API keys, credentials, JWTs, and PII using 160+ detection rules plus entropy analysis. It adds bulk URL scanning, HAR imports, headless Chrome for dynamic JS, and HTML/CSV reports directly in Burp tabs. Java-based for Burp Suite Professional and Community Edition (2024.7+ Montoya API), with right-click rescan from Proxy History or Site Map.

Why is it gaining traction?

Covers 100+ anchored tokens (GitHub, AWS, Stripe) and 40+ context-gated rules (Algolia, Cloudflare) missed by basic burp scanner github tools, with smart FP filters like CDN blocklists and key name suppression. Bulk scan follows script-src/webpack chunks, generates per-domain ZIP reports, and works in burp suite community edition—ideal for burp bounty github hunters without pro costs. Scan tiers (FAST/LIGHT/FULL) balance speed and depth.

Who should use this?

Pentesters auditing client-side JS leaks in burp suite pro workflows, bug bounty hunters scanning burp github extensions for secrets in API responses, or security auditors doing bulk analysis on HAR files from auth-walled apps. Perfect for burp suite windows users targeting modern SPAs with SSR state blobs.

Verdict

Worth loading into your burp suite community edition download despite 14 stars and 1.0% credibility score—excellent README screenshots, MIT license, and Gradle build make it production-ready for secret hunting. Pairs well as a burp suite alternative scanner for github burp loader setups.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 14 stars

Penalty: New account (15d): -70%

Penalty: Very new repo (2d): -70%

Bonus: AI verified quality (100%)

Account age: 15 days

Repo age: 3 days

License: MIT

Updated: Mar 27, 2026