Recon Tool: PassDetective

Recon Tool: PassDetective

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 2 Minutes


PassDetective by aydinnyunus, is a command-line tool designed to scan your shell command history for potential security risks by identifying mistakenly written passwords, API keys, and secrets. The tool utilizes regular expressions to detect sensitive information within the command history, helping users avoid accidental exposure of confidential data.



go install

Kali Linux

sudo apt install PassDetective

See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course



Scans shell command history to detect mistakenly written passwords
Identifies API keys and secrets using regular expressions
Provides a secure way to review your command history and prevent accidental exposure of sensitive information




Extract Shell History


After you have install requirements , you can simply analyze the image via:

$ PassDetective extract -all

Extract Secrets

If you want to specify directory use this command:

$ PassDetective extract –secrets –zsh


Regular Expressions

PassDetective uses the following regular expressions to identify potential sensitive information:

“Cloudinary” : “cloudinary://.*”,
“Firebase URL”: “.*”,
“Slack Token”: “(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})”,
“RSA private key”: “—–BEGIN RSA PRIVATE KEY—–“,
“SSH (DSA) private key”: “—–BEGIN DSA PRIVATE KEY—–“,
“SSH (EC) private key”: “—–BEGIN EC PRIVATE KEY—–“,
“PGP private key block”: “—–BEGIN PGP PRIVATE KEY BLOCK—–“,
“Amazon AWS Access Key ID”: “AKIA[0-9A-Z]{16}”,
“Amazon MWS Auth Token”: “amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}”,
“AWS API Key”: “AKIA[0-9A-Z]{16}”,
“Facebook Access Token”: “EAACEdEose0cBA[0-9A-Za-z]+”,
“Facebook OAuth”: “[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*[‘|”][0-9a-f]{32}[‘|”]”,
“GitHub”: “[g|G][i|I][t|T][h|H][u|U][b|B].*[‘|”][0-9a-zA-Z]{35,40}[‘|”]”,
“Generic API Key”: “[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*[‘|”][0-9a-zA-Z]{32,45}[‘|”]”,
“Generic Secret”: “[s|S][e|E][c|C][r|R][e|E][t|T].*[‘|”][0-9a-zA-Z]{32,45}[‘|”]”,
“Google API Key”: “AIza[0-9A-Za-z\-_]{35}”,
“Google Cloud Platform API Key”: “AIza[0-9A-Za-z\-_]{35}”,
“Google Cloud Platform OAuth”: “[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com”,
“Google Drive API Key”: “AIza[0-9A-Za-z\-_]{35}”,
“Google Drive OAuth”: “[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com”,
“Google (GCP) Service-account”: “”type”: “service_account””,
“Google Gmail API Key”: “AIza[0-9A-Za-z\-_]{35}”,
“Google Gmail OAuth”: “[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com”,
“Google OAuth Access Token”: “ya29\.[0-9A-Za-z\-_]+”,
“Google YouTube API Key”: “AIza[0-9A-Za-z\-_]{35}”,
“Google YouTube OAuth”: “[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com”,
“Heroku API Key”: “[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}”,
“MailChimp API Key”: “[0-9a-f]{32}-us[0-9]{1,2}”,
“Mailgun API Key”: “key-[0-9a-zA-Z]{32}”,
“Password in URL”: “[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}[“‘\s]”,
“PayPal Braintree Access Token”: “access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}”,
“Picatic API Key”: “sk_live_[0-9a-z]{32}”,
“Slack Webhook”: “[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}”,
“Stripe API Key”: “sk_live_[0-9a-zA-Z]{24}”,
“Stripe Restricted API Key”: “rk_live_[0-9a-zA-Z]{24}”,
“Square Access Token”: “sq0atp-[0-9A-Za-z\-_]{22}”,
“Square OAuth Secret”: “sq0csp-[0-9A-Za-z\-_]{43}”,
“Twilio API Key”: “SK[0-9a-fA-F]{32}”,
“Twitter Access Token”: “[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}”,
“Twitter OAuth”: “[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[‘|”][0-9a-zA-Z]{35,44}[‘|”]”


Source :


Clone the repo from here: GitHub Link


Recent Tools

Recon Tool: ReconSpider

December 8, 2023

ReconSpider is one of the most advanced Open Source Intelligence …

Offensive Security Tool: ThreatMapper

December 1, 2023

ThreatMapper is a platform for runtime threat management and attack …

Digital Forensics Tool: Universal Radio Hacker (URH)

November 23, 2023

The Universal Radio Hacker (URH) is a complete suite for …

Recon Tool: subby

November 17, 2023

subby is an uber fast and simple subdomain enumeration tool …

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

The post Recon Tool: PassDetective first appeared on Black Hat Ethical Hacking.

About The Author