feeltheajf / trufflehog3

Related projects: ⓘ

• Santandersecurityresearch / DrHeader
  drHEADer helps with the audit of security headers received in response to a single request or a list of requests.
  ☆105Updated this week
• appsecco / attacking-cloudgoat2
  A step-by-step walkthrough of CloudGoat 2.0 scenarios.
  ☆132Updated 4 years ago
• cr0hn / festin
  FestIn - Open S3 Bucket Scanner
  ☆227Updated 3 years ago
• nccgroup / ccs
  ☆108Updated last year
• cr0hn / dockerfile-security
  Static security checker for Dockerfiles
  ☆92Updated 6 months ago
• WeAreCloudar / s3-account-search
  S3 Account Search
  ☆234Updated 3 months ago
• BlazingWind / OWASP-ASVS-4.0-testing-guide
  ☆118Updated 10 months ago
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆110Updated last year
• shabarkin / aws-enumerator
  The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testin…
  ☆172Updated 2 years ago
• lightspin-tech / red-shadow
  Lightspin AWS IAM Vulnerability Scanner
  ☆96Updated 3 years ago
• TinderSec / gh-workflow-auditor
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆147Updated 3 weeks ago
• 4ARMED / kubeletmein
  Security testing tool for Kubernetes, abusing kubelet credentials on public cloud providers.
  ☆159Updated 10 months ago
• assetnote / ghostbuster
  Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
  ☆259Updated 2 months ago
• pseudo-security / slacksecrets
  Scans Slack for API tokens, credentials, passwords, and more using YARA rules
  ☆37Updated 3 years ago
• righteousgambit / quiet-riot
  Unauthenticated enumeration of AWS, Azure, and GCP Principals
  ☆196Updated 2 months ago
• alexivkin / kubepwn
  Kubernetes Pwnage for all
  ☆54Updated 3 years ago
• domain-protect / domain-protect-gcp
  Protect against subdomain takeover
  ☆92Updated 3 months ago
• BishopFox / dufflebag
  Search exposed EBS volumes for secrets
  ☆278Updated last year
• RhinoSecurityLabs / Cloud-Security-Research
  Cloud-related research releases from the Rhino Security Labs team.
  ☆350Updated 4 years ago
• mxm0z / awesome-sec-s3
  A collection of awesome AWS S3 tools that collects and enumerates exposed S3 buckets
  ☆289Updated 3 months ago
• Swordfish-Security / Pentest-In-Docker
  Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
  ☆78Updated 3 years ago
• dxa4481 / truffleHogRegexes
  These are the regexes that power truffleHog
  ☆209Updated last year
• BishopFox / smogcloud
  Find cloud assets that no one wants exposed 🔎 ☁️
  ☆330Updated 4 years ago
• prisma-cloud / IAMFinder
  IAMFinder enumerates and finds users and IAM roles in a target AWS account.
  ☆107Updated 3 years ago
• cyberark / kubernetes-rbac-audit
  Tool for auditing RBACs in Kubernetes
  ☆212Updated 7 months ago
• NotSoSecure / cloud-service-enum
  ☆222Updated 2 months ago
• koenrh / s3enum
  Fast and stealthy Amazon S3 bucket enumeration tool for pentesters.
  ☆215Updated 3 months ago
• salesforce / metabadger
  Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
  ☆137Updated 6 months ago
• madhuakula / hacker-container
  The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Conta…
  ☆261Updated last year
• DefectDojo / defectdojo_api
  Python API library for DefectDojo
  ☆40Updated last year