Advanced Asynchronous Security Scanner & Secret Hunter
High-speed detection of exposed secrets, API keys, and sensitive data
๐ Documentation ยท โก Quick Start ยท ๐ฏ Features ยท ๐ก๏ธ Smart Filter ยท ๐ฎ Roadmap
MX Scanner v5.0 is a cutting-edge, high-performance asynchronous security scanner engineered for modern security professionals. Built from the ground up with speed and precision in mind, it hunts for exposed secrets, API keys, tokens, and sensitive data across web applications and local codebases.
| ๐ฏ Purpose | โก Speed | ๐ง Intelligence |
|---|---|---|
| Secret Detection | Async Architecture | Smart Filter (99% FP Reduction) |
| Code Analysis | 1000+ req/sec | Context-Aware Scanning |
| Security Auditing | Concurrent Scanning | Entropy Validation |
|
๐ Bug Bounty Hunters
|
๐ Penetration Testers
|
๐ข Security Teams
|
โก Performance:
- Asynchronous engine with configurable concurrency
- 50+ concurrent connections by default
- Memory-efficient streaming for large files
๐ง Intelligence:
- Context-aware false positive reduction (99%)
- Shannon entropy analysis with PI normalization
- Pattern validation and format verification
๐ Coverage:
- 50+ secret patterns and growing
- Cloud providers, payment gateways, messaging platforms
- Database connections, private keys, JWT tokens
๐ Output:
- Professional HTML reports with futuristic design
- Structured JSON for CI/CD integration
- Organized directory structure with timestampsMX Scanner detects a comprehensive range of exposed secrets across multiple categories:
โ๏ธ Cloud Providers
| Provider | Pattern Type | Severity |
|---|---|---|
| AWS | Access Key ID, Secret Access Key | ๐ด Critical |
| Google Cloud | API Keys, Service Account Keys | ๐ด Critical |
| Azure | Storage Keys, Connection Strings | ๐ด Critical |
| DigitalOcean | API Tokens, Spaces Keys | ๐ด Critical |
| Heroku | API Keys, App Secrets | ๐ด Critical |
| Vercel | Tokens, Project Secrets | ๐ High |
๐ณ Payment Gateways
| Provider | Pattern Type | Severity |
|---|---|---|
| Stripe | Secret Keys, Publishable Keys | ๐ด Critical |
| PayPal | Client Secrets, Access Tokens | ๐ด Critical |
| Square | Access Tokens, Application Secrets | ๐ด Critical |
| Braintree | Merchant IDs, Private Keys | ๐ด Critical |
| Plaid | Client ID, Secret Keys | ๐ High |
๐ฑ Messaging & Communication
| Provider | Pattern Type | Severity |
|---|---|---|
| Slack | Bot Tokens, Webhook URLs | ๐ด Critical |
| Discord | Bot Tokens, Webhook URLs | ๐ด Critical |
| Telegram | Bot Tokens, API Hashes | ๐ด Critical |
| Twilio | Account SID, Auth Tokens | ๐ High |
| SendGrid | API Keys | ๐ High |
| Mailgun | API Keys, Domain Secrets | ๐ High |
๐ง Developer Tools
| Provider | Pattern Type | Severity |
|---|---|---|
| GitHub | Personal Access Tokens, OAuth Tokens | ๐ด Critical |
| GitLab | Personal Access Tokens, Deploy Tokens | ๐ด Critical |
| Bitbucket | App Passwords, Access Tokens | ๐ High |
| NPM | Access Tokens | ๐ High |
| Docker Hub | Access Tokens | ๐ High |
๐ค AI & ML Services
| Provider | Pattern Type | Severity |
|---|---|---|
| OpenAI | API Keys | ๐ด Critical |
| Anthropic | API Keys | ๐ด Critical |
| HuggingFace | Access Tokens | ๐ High |
| Replicate | API Tokens | ๐ High |
๐๏ธ Databases & Storage
| Type | Pattern | Severity |
|---|---|---|
| MongoDB | Connection Strings with Credentials | ๐ด Critical |
| PostgreSQL | Connection Strings | ๐ด Critical |
| MySQL | Connection Strings | ๐ด Critical |
| Redis | Connection Strings | ๐ High |
| Firebase | Database Secrets, Service Accounts | ๐ด Critical |
|
|
|
|
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โก PERFORMANCE METRICS โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ๐น Async Engine โ asyncio + aiohttp โ
โ ๐น Default Concurrency โ 50 simultaneous connections โ
โ ๐น Max Concurrency โ Configurable (1000+) โ
โ ๐น Memory Usage โ Streaming (constant) โ
โ ๐น Large File Support โ Up to 10MB per file โ
โ ๐น Scan Speed โ 1000+ URLs/minute โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Format | Description |
|---|---|
| HTML Report | Futuristic, professional design with interactive tables |
| JSON Export | Machine-readable output for CI/CD integration |
| Secrets File | Isolated list of discovered secrets |
| URLs Log | Complete list of scanned endpoints |
| Vulnerabilities | Security issues and misconfigurations |
- Python 3.8 or higher
- pip (Python package manager)
# Clone the repository
git clone https://github.com/m-560/mx-scanner.git
# Navigate to directory
cd mx-scanner
# Install dependencies
pip install aiohttp
# Make executable (Linux/macOS)
chmod +x mx_scanner_v5.pyFor full reconnaissance capabilities, install these additional tools:
# Subdomain discovery
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
# HTTP probing
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
# URL crawling
go install -v github.com/projectdiscovery/katana/cmd/katana@latest
# Archive URL discovery
go install -v github.com/tomnomnom/waybackurls@latestdocker pull mxscanner/mx-scanner:latest
docker run -it mxscanner/mx-scanner -u https://target.compython3 mx_scanner_v5.py -u https://example.compython3 mx_scanner_v5.py -f targets.txtpython3 mx_scanner_v5.py --local /path/to/source/codepython3 mx_scanner_v5.py -k stripeโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ MX SCANNER v5.0 CLI โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ TARGET OPTIONS: โ
โ -u, --url URL Target URL to scan โ
โ -f, --file FILE File containing list of URLs โ
โ --local PATH Local file or directory to scan โ
โ โ
โ SCAN OPTIONS: โ
โ -t, --threads N Number of concurrent threads (default: 50) โ
โ --timeout SECONDS Request timeout (default: 15) โ
โ --max-pages N Maximum pages to scan (default: 500) โ
โ --full-recon Enable full reconnaissance mode โ
โ โ
โ OUTPUT OPTIONS: โ
โ -o, --output DIR Output directory (default: mx_results) โ
โ --lang {en,ar} Interface language (default: en) โ
โ โ
โ PATTERN OPTIONS: โ
โ -k, --add-pattern NAME Add pattern from database โ
โ --list-patterns List all available patterns โ
โ โ
โ OTHER OPTIONS: โ
โ --debug Enable debug mode โ
โ --version Show version information โ
โ -h, --help Show this help message โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Scenario | Command |
|---|---|
| ๐ฏ Single Target |
python3 mx_scanner_v5.py -u https://target.com |
| ๐ Multiple Targets |
python3 mx_scanner_v5.py -f urls.txt -t 100 |
| ๐ Local Repository |
python3 mx_scanner_v5.py --local ./my-project |
| ๐ Full Reconnaissance |
python3 mx_scanner_v5.py -u https://target.com --full-recon |
| ๐ Arabic Interface |
python3 mx_scanner_v5.py -u https://target.com --lang ar |
| ๐ง Add Stripe Pattern |
python3 mx_scanner_v5.py -k stripe |
| ๐ฅ Pipe Input |
cat domains.txt | python3 mx_scanner_v5.py |
| ๐ Tool Chain |
subfinder -d target.com | httpx -silent | python3 mx_scanner_v5.py |
The Smart Filter is MX Scanner's revolutionary anti-false-positive engine that achieves 99% false positive reduction through advanced context-aware analysis.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ก๏ธ SMART FILTER ARCHITECTURE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ โ INPUT โโโโโถโ PLACEHOLDER โโโโโถโ PATH โโโโโถโ CONTEXT โ โ
โ โ SECRET โ โ DETECTION โ โ FILTER โ โ ANALYSIS โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ โ โ โ โ โ
โ โผ โผ โผ โผ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ โ Pattern โ โ your-* โ โ /docs/* โ โ UI IDs โ โ
โ โ Match โ โ example* โ โ /test/* โ โ Test Code โ โ
โ โ โ โ sample* โ โ /mock/* โ โ Comments โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโ โ
โ โ
โ โฌ๏ธ 99% FP REDUCTION โฌ๏ธ โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
VERIFIED SECRETS โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Automatically filters obvious placeholder values:
# โ FILTERED - Placeholder patterns
API_KEY = "your-api-key-here"
SECRET = "your_secret_key"
TOKEN = "example_token_123"
PASSWORD = "sample_password"
KEY = "test_key_dummy"
FAKE_KEY = "0000123456789abcdef"Intelligently ignores files in non-production directories:
๐ Excluded Directories:
โโโ ๐ docs/ # Documentation
โโโ ๐ test/ # Test files
โโโ ๐ tests/ # Test suites
โโโ ๐ spec/ # Specifications
โโโ ๐ examples/ # Example code
โโโ ๐ demo/ # Demo files
โโโ ๐ mock/ # Mock data
โโโ ๐ fixtures/ # Test fixtures
โโโ ๐ vendor/ # Third-party code
โโโ ๐ node_modules/ # NPM packages
โโโ ๐ __pycache__/ # Python cache
Filters UI-related identifiers that are not actual secrets:
// โ FILTERED - UI Identifiers
data-testid="abc123"
clientId: "ui-component-123"
sessionId: "browser-session-456"
transactionId: "tx-789012"
trackingId: "ga-tracking-id"Examines surrounding code to identify:
- Test fixtures and mock data
- Documentation examples
- Configuration templates
- Commented-out credentials
# โ FILTERED (Placeholder Pattern)
API_KEY = "your-api-key-here"
STRIPE_KEY = "sk_test_example_key"
GITHUB_TOKEN = "ghp_example_token_for_testing"
# โ FILTERED (Inside /test/ directory)
# File: /tests/test_config.py
SECRET = "AKIAIOSFODNN7EXAMPLE"
# โ FILTERED (UI Identifier)
<button data-testid="submit-button">
# โ
DETECTED (Real Secret)
API_KEY = "sk_live_4eC39HqLyjWDarjtT1zdp7dc"
AWS_KEY = "AKIAZ1234567890ABCDH"
GITHUB_TOKEN = "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"| Service | Pattern | Example |
|---|---|---|
| AWS Access Key | AKIA[0-9A-Z]{16} |
AKIAZ1234567890ABCDH |
| AWS Secret | 40-char alphanumeric | wJalrXUtnFEMI/K7MDENG... |
| GitHub Token | ghp_[A-Za-z0-9_]{36} |
ghp_xxxxxxxxxxxx... |
| Slack Token | xox[baprs]-[0-9]{10,13}-... |
xoxb-1234567890-... |
| Telegram Bot | [0-9]{8,10}:[A-Za-z0-9_-]{35} |
123456789:AABBccdd... |
| Stripe Secret | sk_live_[0-9a-zA-Z]{24} |
sk_live_4eC39Hq... |
| OpenAI Key | sk-[a-zA-Z0-9]{20}T3BlbkFJ... |
sk-proj-xxxxx... |
| Google API | AIza[0-9A-Za-z\-_]{35} |
AIzaSyDaGmWKa4Ds... |
| RSA Private Key | -----BEGIN RSA PRIVATE KEY----- |
Full PEM format |
| MongoDB URI | mongodb://user:pass@host |
Connection strings |
| Service | Pattern | Example |
|---|---|---|
| Twilio SID | AC[a-fA-F0-9]{32} |
ACxxxxxxxxxxxxxxxx... |
| SendGrid | SG\.[a-zA-Z0-9_\-]{22}\.... |
SG.xxxxx.yyyyy |
| NPM Token | npm_[a-zA-Z0-9]{36} |
npm_xxxxxxxxxxxx... |
| GitLab Token | glpat-[A-Za-z0-9_\-]{20} |
glpat-xxxxxxxx... |
| Discord Bot | [MN][a-zA-Z\d]{23}\.... |
MTEzB... |
| Heroku API | 36-char UUID format | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| Service | Pattern | Example |
|---|---|---|
| JWT Token | eyJ[a-zA-Z0-9_-]*\.eyJ... |
eyJhbGciOiJIUzI1Ni... |
| Generic API Key | api[_-]?key.*[a-zA-Z0-9]{32,} |
Various formats |
| Secret Key | secret[_-]?key.*[a-zA-Z0-9]{16,} |
Various formats |
| Access Token | access[_-]?token.* |
Various formats |
MX Scanner organizes outputs professionally with automatic timestamping:
mx_results/
โ
โโโ goog_scan_20240327_203800/ # Auto-generated folder
โ โ
โ โโโ ๐ results.json # Complete JSON report
โ โ โโโ meta # Tool info, PI constant
โ โ โโโ summary # Statistics
โ โ โโโ secrets[] # All discovered secrets
โ โ โโโ vulnerabilities[] # Security issues
โ โ
โ โโโ ๐ report.html # Professional HTML report
โ โ โโโ Futuristic design, interactive
โ โ
โ โโโ ๐ secrets_found.json # Secrets only
โ โโโ ๐ vulnerabilities_found.json # Vulnerabilities only
โ โโโ ๐ scanned_urls.txt # All scanned URLs
โ โโโ ๐ scanned_files.txt # Local scan files
โ
โโโ twil_scan_20240327_204500/
โ โโโ ...
โ
โโโ local_scan_20240327_210000/
โโโ ...
{first_4_chars_of_target}_scan_{YYYYMMDD}_{HHMMSS}/
Examples:
goog_scan_20240327_203800โ google.com scantwil_scan_20240327_204500โ twilio.com scanloca_scan_20240327_210000โ Local file scan
MX Scanner features a professional color-coded output system for immediate visual recognition:
| Color | Severity | ANSI Code | Visual |
|---|---|---|---|
| ๐ด | Critical | \033[91m |
Immediate Action Required |
| ๐ | High | \033[38;5;208m |
Urgent Attention |
| ๐ก | Medium | \033[93m |
Should Be Reviewed |
| ๐ข | Low | \033[92m |
Informational |
| ๐ต | Info | \033[96m |
Status Messages |
| โช | Success | \033[92m |
Completed Tasks |
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ MX SCANNER v5.0 - AUTOMATION FRAMEWORK โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ ๐ฏ Targets: 15 โ
โ ๐งต Threads: 50 โ
โ ๐ Language: EN โ
โ ๐ก๏ธ Smart Filter: Active โ
โ ๐ PI = 3.14159265358979 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ก Scanning Targets...
๐ [Critical] AWS Access Key ID @ Line 42
๐ [Critical] GitHub Personal Access Token @ Line 87
๐ [High] SendGrid API Key @ Line 156
๐ก [Medium] JWT Token @ Line 203
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ Scan Complete! โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ ๐ Secrets Found: 15 โ
โ ๐ก๏ธ False Positives Filtered: 42 โ
โ โญ Risk Score: 87 โ
โ โฑ๏ธ Duration: 45.32 seconds โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
MX Scanner is designed for seamless integration with popular security tools:
# With subfinder + httpx
subfinder -d target.com -silent | httpx -silent | python3 mx_scanner_v5.py
# With waybackurls
cat domains.txt | waybackurls | python3 mx_scanner_v5.py
# With katana
katana -u https://target.com -silent | python3 mx_scanner_v5.py
# With nuclei results
cat nuclei_results.txt | python3 mx_scanner_v5.py# GitHub Actions Example
name: Secret Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: pip install aiohttp
- name: Run MX Scanner
run: python3 mx_scanner_v5.py --local ./ --output ./scan-results
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: scan-results
path: ./scan-results/The JSON output is structured for easy programmatic access:
{
"meta": {
"tool": "MX Scanner v5.0",
"pi": 3.14159265358979
},
"summary": {
"secrets": 15,
"risk_score": 87,
"false_positives_filtered": 42
},
"secrets": [
{
"id": 1,
"secret_type": "AWS Access Key ID",
"severity": "Critical",
"url": "https://target.com/config.js",
"line_number": 42,
"match": "AKIAZ1234567890ABCDH",
"entropy": 3.68
}
]
}MX Scanner uses the mathematical constant ฯ (Pi) for enhanced precision in calculations:
PI = 3.14159265358979323846def calculate_entropy(data: str) -> float:
"""
Shannon entropy calculation with PI normalization
"""
counts = Counter(data)
length = len(data)
entropy = 0.0
for count in counts.values():
probability = count / length
entropy -= probability * math.log2(probability)
# Normalize using PI for enhanced precision
normalized = entropy * (math.log(PI) / math.log(2))
return round(entropy, 4)risk_score = (
(critical_count * 10) +
(high_count * 5) +
(medium_count * 3) +
(low_count * 1)
) * (PI / 3) # PI-normalized for precision| Feature | Status | Expected Release |
|---|---|---|
| ๐ค AI-Powered Detection | ๐ In Progress | Q2 2024 |
| ๐ Plugin System | ๐ In Progress | Q2 2024 |
| ๐ฑ Mobile App Integration | ๐ Planned | Q3 2024 |
| ๐ Web Dashboard | ๐ Planned | Q3 2024 |
| ๐ณ Docker Container | ๐ Planned | Q2 2024 |
| โ๏ธ Cloud Version | ๐ Planned | Q4 2024 |
We're building a complete security toolkit:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ ๏ธ MX SECURITY SUITE โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ ๐น MX Subdomain Enumerator - Advanced subdomain discovery โ
โ ๐น MX Vulnerability Scanner - Automated vulnerability scan โ
โ ๐น MX Port Scanner - High-speed port scanning โ
โ ๐น MX Directory Buster - Smart directory enumeration โ
โ ๐น MX SQL Injector - Automated SQL injection tests โ
โ ๐น MX XSS Hunter - Advanced XSS detection โ
โ ๐น MX Cloud Auditor - Cloud misconfiguration scan โ
โ ๐น MX Secret Manager - Secure secret storage โ
โ ๐น MX API Fuzzer - API security testing โ
โ ๐น MX SSL Analyzer - SSL/TLS security assessment โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Contributions are welcome! Here's how you can help:
- ๐ Report Bugs - Open an issue with details
- ๐ก Suggest Features - Share your ideas
- ๐ง Submit PRs - Fix bugs or add features
- ๐ Improve Docs - Help us clarify documentation
- โญ Star the Repo - Show your support
# Fork and clone
git clone https://github.com/YOUR_USERNAME/mx-scanner.git
# Create feature branch
git checkout -b feature/amazing-feature
# Make changes and test
python3 mx_scanner_v5.py --debug --local ./test_files
# Commit and push
git commit -m "Add amazing feature"
git push origin feature/amazing-feature
# Open Pull Request- Follow PEP 8 style guide
- Add tests for new features
- Update documentation
- Keep code clean and modular
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2024 Mohamed Musa Mohamed
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software...
IMPORTANT: This tool is intended for educational purposes and authorized security testing only. The author is not responsible for any misuse or damage caused by this tool.
- โ Use on systems you own or have explicit permission to test
- โ Follow responsible disclosure practices
- โ Comply with all applicable laws and regulations
- โ Never use for unauthorized access
- โ Never use for malicious purposes
