ScrubForge — Use Case

Network Config Anonymizer for AI: Paste Safely, Troubleshoot Faster

Sysadmins use AI assistants to debug routing issues, trace ACL mismatches, and untangle VPN configs. The workflow is fast — until you remember your config is full of credentials. ScrubForge removes secrets locally before the config leaves your machine.

What's Actually in Your Config

A typical running config contains far more sensitive data than most people stop to think about before pasting:

Enable secret hashes
VTY line passwords
SNMP community strings
BGP neighbor MD5 keys
OSPF authentication keys
IPsec pre-shared keys
RADIUS / TACACS+ secrets
IKEv2 PSKs and profiles

None of these need to reach an AI server for troubleshooting to work. The AI needs the structure of your config — interface names, subnets, routing protocols, ACL logic. Not the actual credentials.

How to Anonymize Before You Paste

1

Export your running config

Pull the config from your device. On Cisco IOS: show running-config. On FortiGate: System → Configuration → Download. Most vendors have a CLI export or web UI option.

2

Open ScrubForge in Chrome

Click the ScrubForge icon in your toolbar. It opens as a local panel — no upload, no external server, no account needed.

3

Paste your config and scrub

Paste the raw config into ScrubForge. It detects credential patterns and replaces each secret with a consistent placeholder token like SCRUBBED_SECRET_1.

4

Copy the sanitized output

Copy the scrubbed config. The full structure is intact — IP addresses, interface names, routing policies — but no live credential remains.

5

Paste into your AI assistant

Paste the sanitized config into ChatGPT, Claude, Copilot, a support ticket, or a Reddit post. The AI gets full context to troubleshoot without ever seeing real secrets.

Why Consistent Tokens Matter

ScrubForge uses the same token everywhere the same secret appeared. If SCRUBBED_PSK_1 appears in both the IKE proposal and the tunnel interface, the AI can still follow the relationship — it just cannot recover the actual value.

Before — raw config
username admin secret 5 $1$abc$xyz123
snmp-server community publ1c RO
crypto isakmp key S3cr3tK3y address 10.0.0.1
After — ScrubForge output
username admin secret 5 SCRUBBED_HASH_1
snmp-server community SCRUBBED_SNMP_1 RO
crypto isakmp key SCRUBBED_KEY_1 address 10.0.0.1

The AI still sees the full config structure — interfaces, routing, ACLs, policy. It can identify misconfigurations, flag contradictions, and suggest fixes. It just cannot see the credentials themselves.

Anonymize configs. Keep credentials local.

ScrubForge is a free Chrome extension. Runs entirely in your browser — no upload, no account, no server.

Install ScrubForge →

Frequently Asked Questions

Does ScrubForge send my config to any server?

No. ScrubForge runs entirely in your browser using local JavaScript. Your config never leaves your machine — not even to Wendygo Studio's servers.

Can the AI still help me troubleshoot if credentials are removed?

Yes. Network issues — routing loops, ACL mismatches, VPN phase mismatches, VLAN misconfiguration — are almost never caused by the credential values themselves. The AI needs the structure of the config, not the secrets.

Which network device formats does ScrubForge support?

ScrubForge detects credential patterns in Cisco IOS/IOS-XE, FortiGate, Juniper JunOS, and generic text configs. Any file containing credential-like patterns (passwords, keys, secrets) gets sanitized.

What does ScrubForge replace credentials with?

Each secret is replaced with a consistent placeholder token — for example SCRUBBED_SECRET_1. The same token is used everywhere the same original value appeared, so cross-references in the config remain meaningful to the AI.