hardcoded-credential-hunt
CommunityFind hidden hardcoded passwords in web code and APIs.
Software Engineering#reconnaissance#authentication bypass#hardcoded credentials#api enumeration#web pentest#html scanning#javascript secrets
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Manually hunting for hardcoded credentials across HTML forms, JavaScript bundles, and API endpoints is time-consuming and prone to human error, especially during time-sensitive penetration tests or large-scale reconnaissance.
Core Features & Use Cases
- HTML Form Scanning: Identifies pre-filled or hidden password fields in web forms that expose static credentials.
- Config Endpoint Probing: Checks common unauthenticated configuration endpoints for leaked credential keys and values.
- Debug Page Analysis: Extracts exposed secrets from framework debug error pages (Werkzeug, Django, Express) and inline JavaScript.
- Use Case: During a web application penetration test, use this skill to quickly locate exposed admin passwords in a target's public /api/config endpoint without manual code review.
Quick Start
Use the hardcoded-credential-hunt skill to scan the target domain https://your-target.com for any hardcoded passwords in HTML forms, API configuration endpoints, and inline JavaScript code.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hardcoded-credential-hunt Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hardcoded-credential-hunt Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.