m14r41 / scan4secretsLinks
SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.
☆108Updated 5 months ago
Alternatives and similar repositories for scan4secrets
Users that are interested in scan4secrets are comparing it to the libraries listed below
Sorting:
- ☆96Updated 10 months ago
- AI/LLM local model integration for analysis of reconftw results☆91Updated 9 months ago
- Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!☆154Updated 4 months ago
- ☆47Updated 11 months ago
- Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit☆331Updated 3 months ago
- This repository contains my writeups for the labs in PortSwigger's Web Security Academy platform. Each lab writeup includes the lab's nam…☆104Updated 6 months ago
- ☆195Updated 9 months ago
- An advanced JWT extraction & decoding tool for bug bounty hunters! 🏴☠️☆45Updated 10 months ago
- Advanced CORS Header Checker Tool with Vulnerability Detection and Bypass Attempts☆66Updated 8 months ago
- IDOR Scanner is a Burp Suite extension that automates the detection and enumeration of potentially vulnerable numeric fields to identify …☆43Updated 11 months ago
- 🚀 ORedirectMe is a robust and efficient tool designed to detect Open Redirect vulnerabilities in web applications.☆17Updated last year
- Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the int…☆140Updated last year
- Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques, such as: SPF records and DNS history. By default, Unw…☆98Updated 7 months ago
- A modular external attack surface mapping tool integrating tools for automated reconnaissance and bug bounty workflows.☆76Updated 10 months ago
- Search for all leaked keys/secrets using one regex! bugbounty☆182Updated 10 months ago
- ☆33Updated 9 months ago
- ☆65Updated last year
- Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environment…☆144Updated last year
- MailSecOps is an email and mail gateway security testing tool. With this script, you can perform mail spoofing, relay tests and security …☆56Updated last year
- ⚡ XSSuccessor is a powerful, asynchronous Cross-Site Scripting (XSS) detection tool.☆55Updated last year
- I-Espresso is a tool that enables users to generate Portable Executable (PE) files from batch scripts. Leveraging IExpress, it demonstrat…☆85Updated last year
- SubCerts is a simple tool that uses certificate transparency logs (via crt.sh) to extract subdomains of a given domain.☆75Updated last month
- Laravel RCE Exploitation Toolkit☆55Updated 3 months ago
- This script automates SQL injection testing using SQLMap with AI-powered decision making.☆29Updated 7 months ago
- Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-3847…☆121Updated last year
- A cheatsheet of tools and commands that I use to pentest Active Directory.☆52Updated 3 years ago
- 📲 Apepe is a project developed to help to capture informations from a Android app through his APK file. It can be used to extract the co…☆141Updated 3 months ago
- Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc…☆86Updated 10 months ago
- BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers and security testers. It automates enu…☆110Updated 7 months ago
- ☆109Updated 11 months ago