Detection Catalog

From leaked API keys to silent trackers, NULLO surfaces every risk in your text, URLs, and files.

22 detections

N.001

CriticalSecrets

AWS Access Key

An exposed Amazon Web Services access key ID and/or secret.

N.002

CriticalSecrets

GitHub Personal Access Token

A GitHub PAT grants programmatic access to repositories and user data.

N.003

CriticalSecrets

Stripe Secret Key

A Stripe sk_live or sk_test key embedded in code or config.

N.004

CriticalSecrets

Twilio Auth Token

A Twilio account SID / auth token pair found in source or config.

N.005

HighSecrets

Google API Key

A GCP API key exposed in client-side or server-side code.

N.006

HighSecrets

OpenAI / LLM API Key

An API key for OpenAI, Anthropic, Cohere, or similar LLM provider.

N.007

CriticalSecrets

Database Connection String

A full connection URI for PostgreSQL, MySQL, MongoDB, or Redis.

N.008

CriticalSecrets

Private SSH / PEM Key

A private RSA, Ed25519, or ECDSA key block embedded in a file.

N.009

PrivacyPII

Email Address

One or more email addresses found in text, code, or files.

N.010

PrivacyPII

Phone Number

Formatted or unformatted phone numbers (domestic and international).

N.011

CriticalPII

Social Security Number (SSN)

U.S. Social Security Numbers in common formats (XXX-XX-XXXX or plain).

N.012

CriticalPII

Credit Card Number

Luhn-valid card numbers for Visa, Mastercard, Amex, and Discover.

N.013

HighPII

Passport / National ID

Passport numbers or national identity document references.

N.014

PrivacyTrackers

Ad Network Pixel

Meta Pixel, Google Ads conversion tag, or similar ad-network tracking code.

N.015

PrivacyTrackers

Analytics Fingerprinting

Scripts that collect device fingerprint data beyond standard analytics.

N.016

HighTrackers

Session Replay Script

Hotjar, FullStory, or similar session-replay tools embedded on a page.

N.017

HighConfig

Open CORS Policy

Access-Control-Allow-Origin set to wildcard (*) on an API endpoint.

N.018

MediumConfig

Debug Mode Enabled

DEBUG=true or equivalent flag found in configuration or environment.

N.019

CriticalConfig

Default / Weak Credentials

Passwords like admin/admin, root/root, or commonly-known defaults in config files.

N.020

MediumHeaders

Missing HSTS Header

Strict-Transport-Security header is absent on a site served over HTTPS.

N.021

MediumHeaders

Missing Content-Security-Policy

No Content-Security-Policy header is set on the page response.

N.022

ConfigHeaders

Exposed Server Banner

The Server or X-Powered-By header reveals software name and version.