The `advanced_content_scanner.rs` module already contains fantastic regex signatures for 24 different types of API keys and secrets. However, it only applies these signatures to content it actively crawls on the live website.
Attackers frequently find organization secrets accidentally committed to public GitHub or GitLab repositories. We should leverage our existing secret regex engine against source code repositories via API dorking.
1. 2. - -3. - -4.
Source code leaks are a primary vector for initial access. Providing automated GitHub reconnaissance that feeds directly into the engine's proprietary secret regex dictionaries bridges the gap between Web Assessment and Open Source Intelligence (OSINT).