chebuya / sastsweep
Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
☆203Updated 2 months ago
Alternatives and similar repositories for sastsweep:
Users that are interested in sastsweep are comparing it to the libraries listed below
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens☆153Updated last month
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆214Updated 3 weeks ago
- A smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery☆179Updated last month
- Certainly is a offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scena…☆147Updated 4 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆157Updated 2 months ago
- Search for sensitive data in Postman public library.☆194Updated 2 weeks ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆328Updated last month
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆113Updated last year
- A streamlined tool for discovering private TLDs for security research.☆170Updated this week
- Dredging up secrets from the depths of the file system☆118Updated 2 months ago
- A research project to add some brrrrrr to Burp☆100Updated this week
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆97Updated 2 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆408Updated this week
- boostsecurityio/lotp☆110Updated last month
- ☆294Updated 5 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆299Updated this week
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆186Updated last week
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆222Updated 4 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆132Updated 2 weeks ago
- SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.☆75Updated 2 months ago
- AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.☆51Updated 2 weeks ago
- A Pentest Collaboration and Reporting Tool☆53Updated last week
- API Security Vulnerability Scanner designed to help you secure your APIs.☆106Updated this week
- Gourlex is a simple tool that can be used to extract URLs and paths from web pages.☆181Updated 9 months ago
- ☆110Updated last year
- A Powerful Network Reconnaissance Tool for Security Professionals☆100Updated 2 weeks ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆266Updated last month
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆230Updated this week
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆94Updated last week
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆330Updated last year