Searches through git repositories for high entropy strings and secrets, digging deep into commit history
☆514May 19, 2026Updated last month
Alternatives and similar repositories for tartufo
Users that are interested in tartufo are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆41Dec 12, 2023Updated 2 years ago
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,340Jun 25, 2026Updated last week
- Nuclei plugins to audit Chrome extensions☆66Jul 16, 2024Updated last year
- ☆570Mar 28, 2024Updated 2 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆42Oct 3, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆11Jul 28, 2020Updated 5 years ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆168Oct 28, 2025Updated 8 months ago
- Web Security Scanner☆385Nov 13, 2025Updated 7 months ago
- Extension functionality for the NightHawk operator client☆27Oct 31, 2023Updated 2 years ago
- There were no proper POCs for CVE-2023-30533 so I made one. (Reported by Vsevolod Kokorin)☆12Aug 9, 2023Updated 2 years ago
- NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.☆29Nov 12, 2023Updated 2 years ago
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆463Mar 28, 2024Updated 2 years ago
- LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and e…☆379Dec 5, 2023Updated 2 years ago
- Crawlector is a threat hunting framework designed for scanning websites for malicious objects.☆123Dec 13, 2025Updated 6 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Golang weaponization for red teamers.☆524Jan 17, 2024Updated 2 years ago
- A Go-based Exploit Framework☆442Updated this week
- Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.☆2,340Feb 21, 2026Updated 4 months ago
- Nuclei templates for honeypots detection.☆196Nov 7, 2023Updated 2 years ago
- ☆114Jun 8, 2023Updated 3 years ago
- ☆309Mar 15, 2025Updated last year
- Light-weight web security scanner☆150May 8, 2026Updated last month
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆77Apr 4, 2026Updated 3 months ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆443Dec 30, 2025Updated 6 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- DomainTrail is a fast subdomain enumeration tool that uses effective passive and active techniques.☆41Apr 18, 2024Updated 2 years ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆417Apr 27, 2026Updated 2 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆903Jun 19, 2026Updated 2 weeks ago
- ☆48Mar 21, 2023Updated 3 years ago
- Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSR…☆133Sep 6, 2024Updated last year
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,849May 22, 2024Updated 2 years ago
- JavaScript beacons and C2 to be used for XSS payload or post exploitation implants on webapp servers or desktop software to monitor users…☆466Jun 15, 2026Updated 2 weeks ago
- Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based …☆104Jul 22, 2025Updated 11 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆755Dec 19, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.☆33Oct 13, 2022Updated 3 years ago
- Secrets scanner that understands code☆169Jun 4, 2026Updated last month
- Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in…☆516Aug 7, 2024Updated last year
- Secret Magpie - Secret Detection Tool☆243Jul 10, 2024Updated last year
- IntelliJ Plugin that offers an infinite canvas to organize code bookmarks☆18May 31, 2025Updated last year
- Discover hidden debugging parameters and uncover web application secrets☆249Feb 4, 2026Updated 5 months ago
- Secrets scanner that understands code☆192Nov 2, 2023Updated 2 years ago