← All tools
Detect exposed private keys
A leaked private key undermines everything it protects — TLS, SSH, signing, and more. GhostCred finds exposed .pem/.key files, SSH keys, and certificates in your code.
Scan for private keys — freeWhat this checks
- ✓RSA/EC private keys (-----BEGIN PRIVATE KEY-----)
- ✓SSH private keys and .pem / .pfx / .p12 files
- ✓TLS certificates with bundled private keys
- ✓Signing and encryption keys in the repo
Why it matters
Private keys can't just be rotated quietly — exposure often means re-issuing certs and rebuilding trust. Find them first.
Free first scan. No signup. Results in ~60 seconds.
Scan for private keys — free