Credentials & Secrets // Detector
Find plaintext passwords in your files
FileSentinel hunts for passwords and login credentials saved in the clear so they can be rotated or removed before they leak.
What it detects
What FileSentinel finds
FileSentinel recognises credential patterns such as password fields, connection strings, and key/value pairs where a secret follows a label like password, passwd, or pwd. It reads inside code, config, and document files, scoring each hit so the obvious leaks rise to the top.
Where it hides
- Config and .env files
- Source code and scripts
- Text, Word, and PDF notes
- Exports and backups
// RESULTS — findings scored by confidence and severity
Why it matters
The risk of leaked passwords
A plaintext password in a file is a standing invitation to lateral movement and account takeover. They linger in config files, scripts, notes, and exported backups long after anyone remembers writing them.
- Config files and connection strings (.env, .ini, .config)
- Scripts and source code committed with hardcoded logins
- Notes, READMEs, and handover documents
- Database and system export files
How FileSentinel handles it
Built-in detection, scored and local
FileSentinel reads inside your files on your own machine, flags passwords with a confidence and severity score, and helps you remediate. Built-in detectors cover the common cases, and a custom rule builder lets you add plain-text or regex detectors for anything specific to your work.
Score
Every finding gets a confidence and severity score, so real passwords rise above coincidental matches.
OCR
With OCR on, FileSentinel reads text inside images and scanned PDFs, catching passwords in screenshots and scans.
Remediate
Redact values, mark false positives, or export a CSV, HTML, or PDF report, then share with confidence.
Private by design
Your files never leave your PC
Scanning, OCR, and remediation all happen on-device. FileSentinel makes no network connections to do its work, so the very data you are trying to protect never has to leave your machine to be checked. No server, no cloud, no upload step.
More FileSentinel scanners
Find and clean more sensitive data
Questions & answers
Find passwords FAQ
How do I find passwords & plaintext credentials in my files on Windows?
Install FileSentinel from the Microsoft Store, point it at a folder or drive, and start a scan. FileSentinel reads inside your files, flags passwords & plaintext credentials, and scores each finding by confidence and severity so the real risks rise to the top.
Is scanning for passwords & plaintext credentials private?
Yes. FileSentinel runs entirely on your device. Scanning, OCR, and remediation all happen locally with no uploads and no cloud, so the data you are trying to protect never has to leave to be checked.
What kinds of credentials does FileSentinel catch?
It catches labelled password fields, connection strings, and key/value secrets in code, config, and documents. For credential formats unique to your stack, the custom rule builder lets you add plain-text or regex detectors and flag them as Crown Jewels.
What file types does FileSentinel check for passwords & plaintext credentials?
FileSentinel reads inside documents, spreadsheets, text, and PDFs, and with OCR enabled it reads text inside images and scanned PDFs too, so passwords & plaintext credentials captured in a screenshot or scan is caught as well.
Get FileSentinel
Find Passwords & Plaintext Credentials in Files
Install FileSentinel from the Microsoft Store and scan your files for sensitive data, all on your Windows PC with nothing uploaded.