The main mission of SecretsBuster is to provide a service that allows developers, application or website owners, and security enthusiasts to protect their applications from secret leaks.
However, this idea was born from our experience in offensive security, and we believe it is our duty to also protect companies that do not use our service.
Through various Bug Bounty programs, we continuously collect and enrich a list of domains that we periodically check using the SecretsBuster analysis engine. We only use these domains and related reports that we have requested, never those you submitted. We then report the discovered vulnerabilities in two ways:
- Through Bug Bounty platforms when the company participates in them and the exploitation of leaked secrets can lead to a severe breach
- By direct contact with the vulnerable company in other cases
We will soon publish an initial report on this program, and, spoiler alert!, we are the firsts to be surprised by the magnitude of the results already obtained in such a short time!
Through the SecretsBuster service and our Responsible Disclosure Program (RDP), we hope to contribute to securing the internet, one secret at a time.