Skyscanner / whispers
Identify hardcoded secrets in static structured text
☆480Updated 11 months ago
Related projects: ⓘ
- Scan your code for security misconfiguration, search for passwords and secrets.☆633Updated last year
- A container analysis and exploitation tool for pentesters and engineers.☆619Updated 11 months ago
- A graph-based tool for visualizing effective access and resource relationships in AWS environments.☆905Updated last year
- Threat matrix for CI/CD Pipeline☆730Updated 2 months ago
- Peirates - Kubernetes Penetration Testing tool☆1,206Updated last week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆790Updated last year
- A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in…☆445Updated 2 weeks ago
- OWASP Domain Protect - prevent subdomain takeover☆392Updated last month
- A tool for quickly evaluating IAM permissions in AWS.☆1,406Updated last month
- Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.☆465Updated 7 months ago
- A honey token manager and alert system for AWS.☆315Updated 2 years ago
- Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.☆519Updated 5 months ago
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆583Updated 4 years ago
- A Continuous Threat Modeling methodology☆303Updated 2 years ago
- A tool for standing up (and tearing down!) purposefully insecure cloud infrastructure☆644Updated 11 months ago
- Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace☆725Updated 3 years ago
- A Blazing fast Security Auditing tool for Kubernetes☆985Updated 5 months ago
- all paths lead to clouds☆635Updated 11 months ago
- The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Conta…☆260Updated last year
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆840Updated this week
- Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized en…☆1,112Updated 2 months ago
- ☆277Updated this week
- Documenting your Threat Models with HCL☆397Updated 2 weeks ago
- Private key usage verification☆402Updated 8 months ago
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆259Updated 2 months ago
- Slack enumeration and exposed secrets detection tool☆302Updated this week
- Kubernetes focused container assessment and context discovery tool for penetration testing☆427Updated 3 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆759Updated last week
- Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure D…☆145Updated 4 years ago
- An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share th…☆185Updated 3 years ago