Trufflehog-PingPwn

Detects potential exposed secrets on web pages.

As of June 2026, Trufflehog-PingPwn has 1,000 users and a 5.00/5 rating from 1 reviews in the Developer Tools category.

Developer Tools

Chrome Web Store ↗.crx

Users+52.4%

1.0K

1,000

Rating0%

5.00

1 reviews

Reviews0%

Version

0.0.4

Manifest V3

History

6 snapshots

Tracking since Apr 1, 2026.

View as table

Date	Users	Rating	Reviews	Version
Apr 1, 2026	656	—	—	0.0.4
Apr 18, 2026	679	—	—	0.0.4
Apr 28, 2026	790	—	—	0.0.4
May 8, 2026	844	—	—	0.0.4
May 15, 2026	889	—	—	0.0.4
May 24, 2026	943	5.00	1	0.0.4
Now	1.0K	5.00	1	0.0.4

Permissions & access

Permissions: activeTabtabsstoragenotifications
Host access: https://*/*, http://*/*

Screenshots

About

Trufflehog-PingPwn scans web pages and referenced resources for common secret patterns (API keys, tokens, private keys, webhook URLs) so you can identify accidental exposures quickly. Scanning and detection are performed entirely in your browser; this extension does not send findings to any remote server. Use the popup to review findings, clear them, or download a CSV of results. This extension tries to brings the scanning & Detection capabilities of well known Trufflehog to browser in real time scanning.

Key features:
- Detects generic API keys, specific provider tokens, and common secret formats.
- Optionally checks for `.env` files and `.git` directories (may trigger server protections).
- Shows per-origin findings with a badge count and in-popup listing.
- Local-only storage of findings using the browser's storage; no remote transmission.

Core Detection Features:
- Detects API keys, tokens, private keys, and webhook URLs on web pages
- Scans referenced resources (external scripts, .env files, .git directories)
- Recognizes patterns from 30+ secret providers.
- Supports generic secret patterns (API keys, database credentials, passwords)
- Base64-encoded secret detection with automatic decoding
- Real-time scanning as you browse

UI & User Experience:
- Clean, intuitive popup interface with toggle controls
- Badge count on toolbar showing findings per origin
- Per-origin findings list with detailed match information
- One-click clearing of findings (current origin or all)
- CSV export for audit trails and compliance reporting
- Origin-based filtering and deny list to skip specific domains
- Local notification alerts for critical findings (e.g., .git directories)
- Customizable detection rule toggles (turn on/off specific categories)

Privacy statement:
All scanning and analysis occurs locally inside the browser. No findings, page contents, or extracted secrets are transmitted to external servers. The extension uses `chrome.storage.sync` to store settings and detected findings on your browser; you can clear stored findings via the popup.

Developer contact:
[email protected]

Keywords: secrets, security, trufflehog, scan, credentials, api-keys, bugbounty, security, scanning, bug-bounty, developer-tools, exposure-detection, penetration-testing

Technical

Version: 0.0.4
Manifest: V3
Size: 39.07KiB
Min Chrome: 88
Languages: 1
Featured: No

Metadata

ID: ojpilaklfjcfpehafidhijapphckbbbo
Developer ID: ube585a9e733622acc1f8f25216c33bee
Developer Email: [email protected]
Created: Dec 26, 2025
Last Updated (Store): Dec 30, 2025
Last Scraped: Jun 3, 2026
Website: —
Support URL: https://github.com/pingpwnsec/trufflehog-pingpwn
Privacy Policy: https://pingpwnsec.github.io/trufflehog-pingpwn/privacy.html