Alternatives and similar repositories for CrossCheck

Users that are interested in CrossCheck are comparing it to the libraries listed below

• sensepost / depscanner
  Detect public repository dependencies in the GitHub repositories with an orphan required library.
  ☆20Updated 5 months ago
• synacktiv / gh-hijack-runner
  A python script to create a fake GitHub runner and hijack pipeline jobs to leak CI/CD secrets.
  ☆29Updated last year
• nccgroup / cowcloud
  ☆60Updated 2 years ago
• MegaManSec / Squid-Security-Audit
  A detailed repository of vulnerabilities that I discovered in The Squid Caching Proxy.
  ☆23Updated last year
• carlospolop / Bruteforce-GCP-Permissions
  Use the GCP testIamPermissions functionality to bruteforce and discover your permissions
  ☆42Updated 5 months ago
• nccgroup / cq
  ☆116Updated 2 years ago
• nodyhub / zipslipper
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆48Updated last year
• synacktiv / DepFuzzer
  ☆92Updated last month
• markkcc / crxaminer
  Examine Chrome extensions for security issues
  ☆88Updated 2 weeks ago
• prjblk / aura-dump
  Dumps Salesforce objects if provided with credentials.
  ☆21Updated 4 months ago
• doyensec / oidc-ssrf
  An Evil OIDC Server
  ☆54Updated 3 years ago
• pentagridsec / archive_pwn
  A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes
  ☆43Updated this week
• aaron-costello / ServiceNow-Schema
  A shortlist of core ServiceNow tables.
  ☆15Updated 2 years ago
• vulnerable-apps / awesome-vulnerable
  A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
  ☆47Updated 2 years ago
• stephenbradshaw / aws_url_signer
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆58Updated 2 years ago
• JeffJerseyCow / eviloauth
  OAuth 2.0 exploitation, attack and research tools.
  ☆12Updated last year
• SygniaLabs / Qemuno
  Qemuno Framework
  ☆24Updated 3 years ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆138Updated last month
• Icex0 / OpenFirebase
  Automated Firebase security scanner to check for unauthorized read and write access on firestore, realtime databases, storage buckets and…
  ☆32Updated 2 months ago
• adelapazborrero / slack_jack
  Hijack a slack bot to phish your way in
  ☆57Updated 4 months ago
• Orange-OpenSource / decret
  DEbian Cve REproducer Tool
  ☆27Updated 4 months ago
• hdm / ctail
  Tail Certificate Transparency logs and extract hostnames
  ☆124Updated 5 months ago
• LowOrbitSecurity / gubble
  gubble is a tool designed to audit Google Workspace group settings. It analyzes settings such as who can join, view membership, post mess…
  ☆79Updated 6 months ago
• SonarSource / argument-injection-vectors
  A curated list of argument injection vectors
  ☆41Updated 10 months ago
• praetorian-inc / noseyparker-explorer
  Interactive results explorer and annotation tool for Nosey Parker
  ☆42Updated 5 months ago
• RomelSan / hackers-dont-give-a-shit
  Hackers Don't Give A Shit
  ☆16Updated 5 years ago
• 5f0ne / pdf-examiner
  Provides an overview of the inner file structure of a PDF
  ☆25Updated 3 years ago
• bilals12 / clusterfuck
  ☆39Updated 3 weeks ago
• s0rcy / semgrep-rules
  Collection of Semgrep rules for security analysis
  ☆11Updated last year
• dwisiswant0 / CVE-2025-49844
  CVE-2025-49844 – Redis Lua Parser Use-After-Free
  ☆60Updated last month