explaingit

bee-san/pywhat

7,215PythonAudience · developerComplexity · 1/5Setup · easy

TLDR

A Python command-line tool that scans any text, file, or directory and identifies what kinds of structured data it contains, emails, API keys, wallet addresses, IP addresses, and dozens of other patterns, in seconds.

Mindmap

mindmap
  root((pywhat))
    What it identifies
      API keys
      Wallet addresses
      Email addresses
      IP addresses
    Input
      Text strings
      Files
      Directories
    Output
      Category tags
      Rarity scores
      JSON export
    Use Cases
      Bug bounty
      Security audits
      PCAP analysis
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Scan a cloned repository recursively to find accidentally exposed API keys, webhook URLs, or AWS credentials.

USE CASE 2

Analyze a network capture file (.pcap) to extract all email addresses, IP addresses, and credentials it contains.

USE CASE 3

Filter scan results by bug bounty tags to identify exploitable secrets in a web application's source files.

Tech stack

Python

Getting it running

Difficulty · easy Time to first run · 5min

In plain English

PyWhat is a Python command-line tool that takes any text, file, or directory and tells you what kinds of structured data it contains. Give it a string you do not recognize and it will identify whether it is a cryptocurrency wallet address, an email, an IP address, a credit card number, a social security number, a URL, an API key, or dozens of other patterns. Give it a file and it scans the contents for the same patterns. Give it a directory and it walks through every file recursively. One common use case shown in the README is analyzing network capture files (.pcap), which are recordings of network traffic captured during an investigation. Instead of reading through raw packet data manually, you can run PyWhat on the file and get back a categorized list of every email address, URL, phone number, and credential it finds, in seconds rather than minutes. Another use case is security research and bug bounty hunting. If you download a public repository or a website and want to check whether it accidentally contains exposed API keys, webhook URLs, or other secrets, PyWhat can scan the files and flag anything that matches known patterns for those types of data. You can filter the output to only show results tagged as relevant to bug bounties, cryptocurrencies, AWS credentials, or any other category. The tool supports filtering by both category tags and a rarity score, which lets you narrow results to either common or unusual matches. Results can be sorted, and output can be exported as JSON for further processing. There is also a Python API for embedding PyWhat into other tools programmatically. Installation is a single pip command. The project is written in Python and accepts contributions, particularly new regex patterns for recognizing additional types of data.

Copy-paste prompts

Prompt 1
Using PyWhat from the command line, scan a local directory recursively and export all discovered API keys and credentials as a JSON file.
Prompt 2
How do I run PyWhat on a .pcap network capture file to extract every email address and IP address found in the traffic?
Prompt 3
Show me how to use the PyWhat Python API to scan a string programmatically and filter results to show only cryptocurrency wallet addresses.
Open on GitHub → Explain another repo

← bee-san on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.