godaddy / tartufoView external linksLinks
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
☆511Jan 22, 2026Updated 3 weeks ago
Alternatives and similar repositories for tartufo
Users that are interested in tartufo are comparing it to the libraries listed below
Sorting:
- Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.☆1,097Updated this week
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆42Dec 12, 2023Updated 2 years ago
- Nuclei plugins to audit Chrome extensions☆65Jul 16, 2024Updated last year
- Web Security Scanner☆374Nov 13, 2025Updated 3 months ago
- ☆567Mar 28, 2024Updated last year
- There were no proper POCs for CVE-2023-30533 so I made one. (Reported by Vsevolod Kokorin)☆12Aug 9, 2023Updated 2 years ago
- NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.☆28Nov 12, 2023Updated 2 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆463Mar 28, 2024Updated last year
- Light-weight web security scanner☆150Nov 22, 2025Updated 2 months ago
- Nuclei templates for honeypots detection.☆198Nov 7, 2023Updated 2 years ago
- ☆14Mar 20, 2025Updated 10 months ago
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆438Dec 30, 2025Updated last month
- Extension functionality for the NightHawk operator client☆26Oct 31, 2023Updated 2 years ago
- Golang weaponization for red teamers.☆516Jan 17, 2024Updated 2 years ago
- Secret Magpie - Secret Detection Tool☆245Jul 10, 2024Updated last year
- LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and e…☆378Dec 5, 2023Updated 2 years ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆402Dec 22, 2025Updated last month
- This repository is to provide a write-up and PoC for CVE-2023-41717.☆12Aug 31, 2023Updated 2 years ago
- Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.☆2,284Nov 14, 2025Updated 3 months ago
- Remove duplicate URLs by retaining only the unique combinations of hostname, path, and parameter names☆40May 5, 2024Updated last year
- Discover hidden debugging parameters and uncover web application secrets☆248Feb 4, 2026Updated last week
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,755May 22, 2024Updated last year
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆165Oct 28, 2025Updated 3 months ago
- Crawlector is a threat hunting framework designed for scanning websites for malicious objects.☆124Dec 13, 2025Updated 2 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆898Updated this week
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆749Dec 19, 2023Updated 2 years ago
- Secrets scanner that understands code☆193Nov 2, 2023Updated 2 years ago
- The useful exploit finder☆825Jan 19, 2026Updated 3 weeks ago
- ☆114Jun 8, 2023Updated 2 years ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆141Jan 28, 2024Updated 2 years ago
- Gampung tools for find nuclei template from github☆12Sep 6, 2023Updated 2 years ago
- ☆49Mar 21, 2023Updated 2 years ago
- ☆11Jul 28, 2020Updated 5 years ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆75Sep 12, 2023Updated 2 years ago
- DomainTrail is a fast subdomain enumeration tool that uses effective passive and active techniques.☆41Apr 18, 2024Updated last year
- A experimental cli tool to encrypt & decrypt files/directories.☆35Dec 30, 2025Updated last month
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!☆975Jan 12, 2024Updated 2 years ago
- Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSR…☆131Sep 6, 2024Updated last year