controlplaneio / truffleproc
truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)
β117Updated last year
Alternatives and similar repositories for truffleproc:
Users that are interested in truffleproc are comparing it to the libraries listed below
- boostsecurityio/lotpβ123Updated 3 weeks ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated last month
- β110Updated last year
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where wβ¦β107Updated 5 months ago
- β180Updated 3 weeks ago
- Cloud agnostic IAM permissions enumeratorβ148Updated 3 weeks ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive filesβ218Updated 3 weeks ago
- HASH (HTTP Agnostic Software Honeypot)β140Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently β¦β278Updated 3 months ago
- POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRFβ58Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β41Updated last year
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.β54Updated 3 months ago
- β177Updated 2 weeks ago
- Protect against subdomain takeoverβ92Updated 11 months ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.β209Updated 3 weeks ago
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbiβ¦β245Updated last month
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.β101Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalationβ103Updated last year
- Tools to assess DNS security.β152Updated last year
- An AWS metadata enumeration tool by Plerionβ96Updated last year
- β47Updated 10 months ago
- β72Updated this week
- Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpointsβ115Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β47Updated 8 months ago
- HashiCorp-relevant rules for the Semgrep code analysis toolβ41Updated last year
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessmentsβ140Updated 4 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated last year
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.β320Updated last week
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application aβ¦β158Updated 5 months ago
- Secret Scanner for Slack, Jira, Confluence, Asana, Wrike, Linear, Zendesk, and GitHubβ57Updated 2 weeks ago