source-leak-hunt

Community

Mass scan for exposed sensitive files and leaked credentials.

Authoruphiago
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill eliminates the tedious, error-prone manual work of checking web targets for exposed sensitive files like .env configs, backup files, git repositories, and debug logs, which often contain critical credentials and internal data that enable deeper attacks during reconnaissance and penetration testing.

Core Features & Use Cases

  • Parallel Mass Path Scanning: Checks 20+ common sensitive paths across hundreds of live targets in parallel to speed up large-scale recon efforts.
  • False Positive Filtering: Uses content pattern matching to eliminate false alerts from single-page apps, CDN error pages, and parked domains that return HTTP 200 for all paths.
  • Credential Extraction & Triage: Automatically extracts credentials from leaked .env files, wp-config backups, and SQL dumps, and flags targets with 3+ leaks for prioritized deep-dive analysis.
  • Use Case: A red teamer scanning 500 live web targets after initial uptime checks can use this Skill to quickly identify the ~7% of targets with exposed source leaks, cutting hours of manual work down to minutes.

Quick Start

Use the source-leak-hunt skill to scan a list of live target URLs for exposed sensitive files and extract any verified leaked credentials.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: source-leak-hunt
Download link: https://github.com/uphiago/recon-skills/archive/main.zip#source-leak-hunt

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.