godaddy / tartufo
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
☆496Updated last month
Alternatives and similar repositories for tartufo:
Users that are interested in tartufo are comparing it to the libraries listed below
- tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …☆214Updated 2 weeks ago
- CI/CD Security Analyzer☆647Updated 4 months ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆216Updated last month
- Gram is Klarna's own threat model diagramming tool☆319Updated this week
- boostsecurityio/poutine☆254Updated last week
- Attack surface detector that identifies endpoints by static analysis☆656Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆507Updated this week
- GitHub Actions Pipeline Enumeration and Attack Tool☆584Updated this week
- Policy driven vetting of open source packages with malicious code analysis☆256Updated this week
- An open-source collection of API key rotation tutorials.☆63Updated 2 months ago
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆133Updated this week
- Secrets scanner that understands code☆188Updated last year
- Security Auditor Utility for GraphQL APIs☆425Updated this week
- ☆163Updated 5 months ago
- Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams☆42Updated 2 weeks ago
- A curated list of awesome GraphQL Security frameworks, libraries, software and resources☆319Updated last year
- Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's …☆557Updated this week
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆114Updated last year
- RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…☆146Updated 3 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆270Updated 2 weeks ago
- Identify hardcoded secrets in static structured text (version 2)☆90Updated 2 weeks ago
- An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.☆174Updated 9 months ago
- cloudgrep is grep for cloud storage☆324Updated 2 weeks ago
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆124Updated this week
- A simple touchID prompt'er for use in shell scripts.☆96Updated 8 months ago
- find dangling domains in a multi cloud environment☆141Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆674Updated 2 weeks ago
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆283Updated 10 months ago
- A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.☆303Updated this week
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆447Updated 10 months ago