Welcome to SecPad
This is a completely local-first note-taking application designed for speed, privacy, and
simplicity. It is an application specialized for offensive and defensive cybersecurity
professionals. All data is primarily stored within your browser, ensuring immediate access
and full control over your information.
Notes App is entirely free to use.
However, if you find it valuable and would like to support its continued development, you
may support the app.
Buy me a coffee
Vulnerability Research & Acceptable Use
We welcome security researchers! You are allowed and encouraged to hunt for
vulnerabilities and report them to: lucasvm.ti@gmail.com. Researchers
who discover and responsibly disclose flaws will have their names added to our Wall of
Fame (Mural) below.
Legal Warning: Any action that compromises the functioning of the
application, such as Distributed Denial of Service (DDoS) attacks, attempts to break the
application infrastructure, or causing any damage to data availability and integrity, is
strictly prohibited and subject to legal action.
Wall of Fame
No entries yet.
Features
Section Management
- Sections: Organize your workspace seamlessly, acting similar to
separate browser tabs for different workflows.
- Sections Scroll: When your sections exceed the available horizontal
screen space, simply click and drag anywhere in the section bar area, or use your mouse
wheel, to scroll left and right.
- Reorder Sections: Click and hold a section, drag it vertically first
(up/down), then move it horizontally (left/right) to snap it into your desired location,
then release.
- List View: All your sections and notes are also available in a
hierarchical, organized view list. You can easily transfer notes to different sections
from this hub.
Note Controls
- Drag and Drop: Click and hold the handle of any note to move it. You
can also multi-select notes with Ctrl + Shift + Click
to move several at once.
- Toggle/Collapse: Click the arrow icon in the note header to expand or collapse it.
Notes directly below will be automatically pulled up or pushed down. The proximity limit for this behavior can be adjusted in Settings. This distance creates a unity of organization: notes within this range are handled as a logical group, ensuring that related items move together to maintain your layout's structure even if they are not perfectly aligned or touching.
- Focus Note: If a note is partially off-screen, simply click it to
automatically bring it into full view. The Focus scroll offset can be adjusted in Settings.
Text Formatting & Blocks
- Bulleted Lists: Type * + Space at the start of a
line to create bulleted points.
- Numbered Lists: Type 1. + Space at the start of a
line to begin a numbered list.
- Checkboxes: Type < + Space at the start of a
line to create an interactive to-do item.
- Toggle Blocks: Type > + Space to make content
collapsible.
- Format Conversions: Select existing text and click the list/checkbox
buttons in the toolbar to automatically format them line-by-line.
Advanced Functionality
- Environment Variables: Available via the "Vars" (cylinder) icon button.
Set global key/value pairs (like
IP=10.10.10.10) useful in templates.
- Variable Injection: When hovering over formatted code blocks, click the
float icon to copy the content with all matching environment variables automatically
evaluated and injected.
- Easy Copy: Toggle via Alt + C. Selected blocks
become fully clickable elements that instantly copy their content to your clipboard.
Keyboard Shortcuts
Ctrl + 1 to 4 Apply one of
the four predefined colors.
Ctrl + ' Apply color-picker defined
color.
Ctrl + B Toggle bold.
Ctrl + U Toggle underline.
Ctrl + \ Remove all
formatting.
Ctrl + E Toggle to code formatting or
remove code formatting.
Ctrl + Shift + Click
Select and drag multiple notes simultaneously.
Ctrl + Alt + Click BETA Multi-cursor selection.
Alt + N Create a new note.
Alt + S Create a new section.
Alt + C Toggle Easy Copy (click to
copy).
* + Space Bulleted list.
1. + Space Numbered list.
< + Space Checkbox.
> + Space Toggle Block.
Enter In lists, creates a new item. Press
Enter on empty items to exit the list.
Security & Synchronization
Local Storage & Backup
- Process: By default, all data is written locally directly to
`localStorage` in your browser. Auto-saving continuously commits your session
transparently.
- Export & Import: Your workspace can be completely written out as a JSON
file via the Export button, and restored at any point utilizing the Import
functionality. Using encryption during export guarantees safe transport.
Cloud Synchronization
Our cloud sync operates under a Zero-Knowledge Architecture.
- How it works: The entire JSON object comprising your workspace is
compressed to minimize size and reduce predictability of the data before it undergoes
AES-GCM 256-bit encryption locally in your browser. The server handles exclusively
encrypted blobs and never perceives the keys.
- Authentication & Restoring: You authenticate using your Google or
GitHub account. To completely restore and decrypt your data pulled from the cloud, you
must provide the exact configuration: your Encryption Password and
Salt (if a custom salt was used).
- Restrictions: Within the cloud environment, you cannot repeat Database
Notes titles for the same user, ensuring consistent document tracking and retrieval
patterns.
Remember: If you lose these keys, your
information is rendered mathematically unrecoverable.
Collaboration & Sharing
- Sharing by Nickname: You can grant read-only access to any of your
cloud documents by entering a user's exact Nickname in the Collaborators section. The
authorized document will immediately populate in their "Shared with Me" tab.
- Access & Privacy: Because sharing utilizes only exact nicknames indexed
anonymously rather than searchable emails, user enumeration is completely prevented.
Shared documents enforce severe read-only constraints mathematically guaranteed by Cloud
Firestore Rules.
- Desynchronize Button: While reviewing a document shared with you, you
will find a Desynchronize action in the control center. Utilizing this
tool cleanly severs the synchronization link to the cloud session while deliberately
retaining the document's text offline into your personal interface, allowing you to
instantly inherit a workable, private copy.