Skip to content
SecretPNG

Scan Files for Sensitive Data Before You Share Them

The riskiest files are the ones you think are clean: the log with a token in line 4,000, the spreadsheet with a customer email column you forgot, the config with a live connection string. This scanner checks files locally for patterns that look like secrets and personal data, and shows masked findings so you can fix problems before the file leaves your hands. Nothing is uploaded — a scanner that exfiltrated what it scans would be the problem, not the solution.

The actual tool runs in our ad-free secure workspace — nothing on this page processes your file.

Open Sensitive-File Scanner

What this tool does

  • Scans text-bearing files for credit-card numbers (validated with the Luhn checksum to cut false alarms), API keys, private key blocks, JWTs, SSN-formatted numbers, emails, and phone numbers.
  • Masks every finding in the results — you see enough to locate the problem, not a second copy of the secret.
  • Explains each finding: what pattern matched, where, and why it is risky.
  • Lets you dismiss false positives, because heuristics are honest guesses, not verdicts.
  • Handles common formats: plain text, CSV, JSON, source code, DOCX, XLSX, and PDFs with extractable text.
  • Summarizes results so 'is this file safe to send?' gets a reviewable answer.

Your privacy on this tool

Stays on your device

  • Files are read and scanned entirely in your browser — the scanner runs where the file already is.
  • Findings, including the masked snippets, exist only on your screen and are never transmitted.
  • No fingerprints, hashes, or telemetry about your files' contents are collected.

Reaches our server: nothing

This tool makes no upload. Your content is processed entirely in your browser.

How to use it

  1. Open the scanner at /app/sensitive-file-scanner.
  2. Drop in the files you are about to share — logs, exports, configs, documents.
  3. Review the masked findings, grouped by severity and type.
  4. Dismiss anything you can confirm is a false positive.
  5. Fix the real hits at the source: redact the document, rotate the leaked key, or delete the column.
  6. Re-scan the fixed file to confirm it comes back clean before sending.
Open Sensitive-File Scanner

Common uses

  • Checking application logs for tokens and connection strings before attaching them to a public bug report.
  • Scanning a CSV export before sending it to a vendor, catching the personal-data columns you forgot were there.
  • Sweeping a codebase folder for hardcoded credentials before making the repository public.
  • Verifying a redacted document actually scans clean, as a second check after redaction.
  • Checking config files and .env-style files before pasting them into a support ticket or chat.
  • Reviewing files received from others before forwarding them onward under your name.

Supported formats

  • Plain text
  • CSV
  • JSON
  • Source code
  • PDF (extractable text)
  • DOCX
  • XLSX

Works in all modern browsers; large log files scan fastest in desktop browsers.

Limitations & security notes

Limitations

  • The scanner is heuristic: it finds patterns, not meaning. It cannot detect a secret that does not look like one (a password that resembles an ordinary word) and it will occasionally flag harmless data that resembles a pattern.
  • A clean scan lowers risk; it is not a guarantee. Treat it as a strong pre-flight check, not a certification.
  • Scanned-image PDFs without a text layer cannot be scanned — there is no text to inspect.
  • Binary formats beyond the supported list are skipped rather than half-scanned.
  • SecretPNG is in beta and has not been independently audited.

Security notes

  • Masked findings are deliberate: a results screen full of plaintext secrets would itself be a leak (screenshots of it, shoulder surfing, screen shares).
  • Card-number candidates are Luhn-validated, which eliminates most random 16-digit noise — but test card numbers and some IDs still pass Luhn, so review before panicking.
  • If the scanner finds a live credential in a file that already left your control, rotation beats deletion: assume the leaked key is compromised and replace it.
  • Run scans before the moment of sending, when fixing is cheap — not after, when it is incident response.
  • Local scanning means you can safely check even your most sensitive files; there is no server on the other end learning what you almost leaked.

Frequently asked questions

What exactly can the scanner detect?
Pattern families with recognizable structure: payment-card numbers (checked against the Luhn algorithm), well-known API key formats, PEM-style private key blocks, JWTs, US Social Security number formats, email addresses, and phone numbers. Each finding names the pattern that matched so you can judge it in context.
Will it catch every secret in my file?
No, and you should distrust any tool that claims it would. Heuristics catch things that look like secrets; a human-chosen password sitting in a sentence looks like language. Use the scanner to catch the mechanical leaks — keys, tokens, numbers — and your own review for the contextual ones.
Why are the results masked? I want to see what it found.
You see the location, the pattern type, and enough surrounding context to find it in the source file — but the sensitive value itself is partially hidden. This keeps the results screen itself shareable and screenshot-safe. The full value is in your original file, exactly where the finding points.
Is my file analyzed on your servers?
No. The entire scan runs in your browser's memory. That is a hard requirement for a tool like this: sending files full of potential secrets to a third party for 'checking' would be precisely the exposure the tool exists to prevent.
It flagged something that isn't sensitive. Is the tool broken?
That is expected behavior for a heuristic scanner — an order number can look like a card number, a random string can resemble a token. Dismiss the finding and move on. The design errs toward showing you too much rather than missing something real, and the dismiss action exists precisely for this.

Related tools

Last reviewed: 2026-07-14Open Sensitive-File Scanner

SecretPNG is in beta and has not been independently audited. Security status.