boostsecurityio / lotpLinks
boostsecurityio/lotp
β126Updated last month
Alternatives and similar repositories for lotp
Users that are interested in lotp are comparing it to the libraries listed below
Sorting:
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated last month
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently β¦β280Updated 3 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β118Updated last year
- β182Updated last month
- β110Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalationβ104Updated last year
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbiβ¦β249Updated 2 weeks ago
- HASH (HTTP Agnostic Software Honeypot)β137Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β41Updated last year
- Octoscan is a static vulnerability scanner for GitHub action workflows.β210Updated last month
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive filesβ218Updated last month
- A tool to uncover undocumented APIs from the AWS Console.β102Updated last month
- β178Updated last month
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ105Updated 4 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessmentsβ141Updated 4 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated 2 years ago
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.β102Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where wβ¦β108Updated 6 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRFβ58Updated last year
- An AWS metadata enumeration tool by Plerionβ97Updated last year
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application aβ¦β159Updated 6 months ago
- β193Updated 6 months ago
- Protect against subdomain takeoverβ92Updated last year
- Cloud agnostic IAM permissions enumeratorβ148Updated last month
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.β358Updated this week
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β47Updated 9 months ago
- Semgrep-based Policy Controller for Kubernetesβ47Updated last month
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.β55Updated 4 months ago
- Recon tool for cloud provider attribution. Supports AWS, Azure, Google, Cloudflare, and Digital Ocean.β168Updated 7 months ago
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpointsβ116Updated last year