DotDrop - Sensitive File Detector

Detects exposed sensitive files (.git, .env, SSH keys, AWS credentials). Essential security tool for researchers & developers.

# DotDrop - Sensitive File Detector Automatically scan websites for exposed sensitive files and security vulnerabilities. Perfect for security researchers, developers, and bug bounty hunters. ## 🔍 What It Detects DotDrop scans for 80+ types of exposed files including: - **Version Control**: .git/, .svn/, .hg/ - **Credentials**: .env, .htpasswd, SSH keys (id_rsa) - **Cloud Keys**: AWS, GCP, Azure credentials - **Database Files**: SQL dumps, MongoDB backups - **Configuration**: Docker, Kubernetes, CI/CD configs - **Backups**: ZIP, TAR, SQL backup files ## ✨ Key Features - **Traffic Light System**: 🟢 Safe / 🟠 Not Scanned / 🔴 Vulnerable - **Real-time Scan Progress**: See exactly what's being checked - **One-Click Copy**: Export findings as formatted Markdown reports - **Detection Age Tracking**: "2h ago", "3d ago" timestamps - **Stealth Mode**: Slower scanning to avoid rate limiting - **Batch Scanning**: Test multiple domains at once - **Export Options**: JSON, CSV, or Markdown formats - **Statistics Dashboard**: Track vulnerable sites and severity breakdown - **100% Local**: Zero data collection, complete privacy ## 🔒 Privacy & Security ✅ All processing happens locally on your device ✅ No data sent to external servers ✅ No analytics or tracking ✅ Open source - inspect the code yourself ✅ Minimal permissions (only what's needed) ## 🎯 Perfect For - Security researchers conducting vulnerability assessments - Developers checking their own sites for exposed files - Bug bounty hunters finding security issues - DevOps teams auditing infrastructure - Anyone concerned about web security ## 🚀 How It Works 1. Browse normally - DotDrop scans automatically 2. Check the icon - Color indicates security status 3. Click to view - See detailed findings 4. Export results - Copy or download reports ## 🛡️ False Positive Prevention Advanced 5-layer validation system ensures accurate detection: - HTTP 200 status verification - Content-Type checking - File size validation - HTML error page detection - Content pattern analysis ## 📊 Professional Features - **Severity Levels**: Critical, Medium, Low color-coded alerts - **Pattern Groups**: Enable/disable specific detection categories - **Detection History**: Track all findings over time - **Customizable Settings**: Auto-scan, critical-only mode - **Badge Counter**: Shows number of exposed files found ## 🌐 Use Cases **For Developers:** Test your own websites before deployment to catch exposed configuration files, credentials, or backup files that shouldn't be public. **For Security Researchers:** Quickly identify common security misconfigurations during reconnaissance. Export findings for professional reports. **For Bug Bounty Hunters:** Automate the detection of low-hanging fruit vulnerabilities. Copy findings directly to bug reports with one click. ## ⚡ Lightweight & Fast - Minimal resource usage - Fast parallel scanning - Clean, professional UI - No bloat or unnecessary features ## 🔧 Technical Details - Manifest V3 compliant - Works on all HTTP/HTTPS sites - Respects browser security policies --- **Disclaimer**: This tool is for ethical security research and educational purposes only. Always obtain proper authorization before testing websites you don't own.