eth0izzle / shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
☆3,835Updated last year
Related projects ⓘ
Alternatives and complementary repositories for shhgit
- Reconnaissance tool for GitHub organizations☆5,934Updated 2 years ago
- A pretty sweet vulnerability scanner☆4,071Updated last month
- The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, su…☆3,311Updated 8 months ago
- Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.☆1,451Updated 8 months ago
- A Tool for Domain Flyovers☆5,639Updated 2 years ago
- Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application☆4,494Updated 9 months ago
- A high performance offensive security tool for reconnaissance and vulnerability scanning☆3,085Updated 5 months ago
- Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.☆5,074Updated 3 weeks ago
- Scan for misconfigured S3 buckets across S3-compatible APIs!☆2,559Updated this week
- HTTP parameter discovery suite.☆5,246Updated this week
- A Workflow Engine for Offensive Security☆5,334Updated 5 months ago
- The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, f…☆4,049Updated last month
- "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.☆4,856Updated 3 weeks ago
- An HTTP toolkit for security research.☆6,126Updated 6 months ago
- In-depth attack surface mapping and asset discovery☆12,034Updated 3 weeks ago
- A collection of custom security tools for quick needs.☆3,145Updated last year
- gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, G…☆2,025Updated 3 months ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆5,053Updated 2 months ago
- EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.☆4,979Updated 2 weeks ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.☆3,982Updated last week
- Find leaked secrets via github search☆2,815Updated 10 months ago
- Fast passive subdomain enumeration tool.☆10,237Updated this week
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆4,377Updated last month
- One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️☆5,625Updated last month
- A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)☆3,164Updated 7 months ago
- Awesome XSS stuff☆4,778Updated last week
- 🔥 Web-application firewalls (WAFs) from security standpoint.☆6,281Updated last week
- Subdomain Takeover tool written in Go☆1,909Updated last year
- File upload vulnerability scanner and exploitation tool.☆3,043Updated last year