Free, browser-based utilities for everyday developer workflows

About Secret Hunter

Secret Hunter shows you a realistic config or code snippet and asks you to identify the line that leaks a secret. Every day everyone gets the same challenge so you can compare results. Topics include AWS access keys, GitHub personal access tokens, Stripe live keys, Slack webhooks, database connection strings with embedded passwords, private key blocks, JWTs pasted into source, and more.

Why it helps

  • Build intuition for the most common secret leak patterns before a real incident.
  • Learn how to recognise known secret prefixes like AKIA, ghp_, sk_live_, and xoxb-.
  • Use the related Secrets Scanner to audit full config files and source snippets.

Runs locally in your browser. Progress is stored only in this browser.