The exposure of hard-coded credentials inside source code is listed as one of the most dangerous vulnerabilities, due to the possibility for an attacker to gain unauthorized access to internal and external services. The automatic identification of secrets inside public and private repositories still represents a challenging problem to tackle, due to the different nature of credentials and snippets and the lack of specific and reliable benchmark datasets. Previous works have focused on the use of regular expressions and entropy-based approaches for the discovery of a limited number and specific structured strings with distinct formats such as API Keys, but ignoring unstructured credentials such as passwords.