rsearch is a high-performance, multi-threaded security scanner designed to detect secrets, keys, and sensitive information in local files and remote URLs. It combines Shannon entropy analysis with fast multi-pattern matching to find both unknown and known secrets while minimizing false positives.
rsearch targets both explicit secret indicators (keywords, tokens) and implicit secrets (high-entropy strings). It is optimized for large codebases and binary artifacts by leveraging memory mapping and parallel scanning.
Key capabilities:
- High-performance keyword search via Aho-Corasick
- Entropy-based secret detection using Shannon entropy
- Recursive directory scanning with respect for
.gitignore - Remote URL streaming and scanning
- Configurable output including machine-readable JSON and colorized human output
Prerequisites: Rust toolchain (rustup).
Build from source:
git clone https://github.com/SSL-ACTX/rsearch.git
cd rsearch
cargo build --release
# run the binary
./target/release/rsearch --helpInstall globally:
cargo install --path .At minimum, provide one or more targets (-t) and choose a scanning mode (--entropy or -k).
Basic usage:
rsearch -t <path_or_url> [OPTIONS]Examples:
- Scan a directory for high-entropy secrets:
rsearch -t ./src --entropy- Scan a remote file for keywords:
rsearch -t https://example.com/app.js -k API_KEY -k secret- Emit machine-readable JSON to a file (single file):
rsearch -t ./repo --entropy --json --output ./results.jsonTip
Use this quick command to scan the current repository for high-entropy secrets and stream results as NDJSON (low memory):
rsearch -t . --entropy --json --output ./results.ndjson --output-format ndjson -j 4Tip
If you prefer a single JSON file with all results (small projects), use --output-format single and a .json output path.
rsearch -t ./repo --entropy --json --output ./results.json --output-format singleNote
--output-format per-file will create one JSON file per scanned source inside the directory you provide to --output.
[!NOTE]
Core logic is now organized under src/lib.rs with focused modules for CLI, scanning, output, entropy, keyword search, and utilities. The binary entry point in src/main.rs is intentionally thin.
[!TIP]
All unit tests are consolidated in src/lib.rs under the #[cfg(test)] module to keep test discovery in one place.
Important flags:
-t, --target <TARGET>: Target file, directory, or URL (required; may be repeated)-k, --keyword <KEYWORD>: Keyword to search for (repeatable)--entropy: Enable entropy-based secret detection--threshold <FLOAT>: Entropy threshold (default: 4.5)-c, --context <BYTES>: Context window size (default: 80)-j, --threads <N>: Number of threads (0 = auto)--json: Emit JSON output--output <PATH>: Path or directory for JSON output (behavior depends on--output-format)--output-format <single|ndjson|per-file>: Output mode for JSON (default:single)--no-color: Disable colorized output for CI and non-TTY environments-x, --exclude <PATTERN>: Exclude glob patterns (repeatable). Lock files are excluded by default.--emit-tags <TAGS>: Comma-separated tag emissions (e.g.url). Adds tagged findings without treating them as secrets.
Three JSON output modes are supported:
single: Collects all matches and writes a single JSON array to--outputat the end.ndjson: Streams newline-delimited JSON to--outputas matches are discovered (low memory footprint).per-file: Writes one JSON file per scanned source into the directory specified by--output.
For large repositories or CI runs prefer ndjson to avoid high memory usage.
rsearch is I/O-bound; its throughput is limited by disk and network. It minimizes allocations in the hot path and uses a shared thread pool for scanning.
Tips:
- Use
-jto increase parallelism on multi-core systems. - Use
ndjsonoutput for very large runs to avoid accumulating results in memory.
This project is licensed under the AGPL-3.0 License. See LICENSE for details.
Author: Seuriin (SSL-ACTX)
v0.2.0