hardcoded-credential-hunt

Community

Find hidden hardcoded passwords in web code and APIs.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Manually hunting for hardcoded credentials across HTML forms, JavaScript bundles, and API endpoints is time-consuming and prone to human error, especially during time-sensitive penetration tests or large-scale reconnaissance.

Core Features & Use Cases

  • HTML Form Scanning: Identifies pre-filled or hidden password fields in web forms that expose static credentials.
  • Config Endpoint Probing: Checks common unauthenticated configuration endpoints for leaked credential keys and values.
  • Debug Page Analysis: Extracts exposed secrets from framework debug error pages (Werkzeug, Django, Express) and inline JavaScript.
  • Use Case: During a web application penetration test, use this skill to quickly locate exposed admin passwords in a target's public /api/config endpoint without manual code review.

Quick Start

Use the hardcoded-credential-hunt skill to scan the target domain https://your-target.com for any hardcoded passwords in HTML forms, API configuration endpoints, and inline JavaScript code.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: hardcoded-credential-hunt
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#hardcoded-credential-hunt

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.