godaddy / tartufo
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
☆497Updated 3 weeks ago
Alternatives and similar repositories for tartufo:
Users that are interested in tartufo are comparing it to the libraries listed below
- CI/CD Security Analyzer☆655Updated last month
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆216Updated 2 weeks ago
- cloudgrep is grep for cloud storage☆324Updated last month
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆516Updated last month
- A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration☆319Updated 2 weeks ago
- tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …☆221Updated last month
- Slack enumeration and exposed secrets detection tool☆373Updated 3 months ago
- boostsecurityio/poutine☆261Updated last month
- Gram is Klarna's own threat model diagramming tool☆319Updated 2 weeks ago
- find dangling domains in a multi cloud environment☆140Updated last week
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆115Updated last year
- A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.☆305Updated last week
- FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).☆181Updated 8 months ago
- Validate the isolation posture of your container environment.☆262Updated last week
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆285Updated 11 months ago
- A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in…☆505Updated 2 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆273Updated last month
- A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalo…☆373Updated 6 months ago
- 🚀 Policy driven vetting of open source packages with malicious code analysis☆309Updated this week
- Awesome secure by default libraries to help you eliminate bug classes!☆687Updated 3 weeks ago
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆269Updated 6 months ago
- An Open Letter to the OWASP Board☆106Updated last year
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆200Updated 2 months ago
- A security layer for Git repositories☆502Updated this week
- PostgreSQL Database Security Assessment Tool☆236Updated 5 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆608Updated this week
- A tool for preventing the installation of malicious PyPI and npm packages☆132Updated this week
- Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration☆293Updated this week
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆134Updated 3 weeks ago
- AWS Attack Path Management Tool - Walking on the Moon☆242Updated 3 months ago