oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β76Updated 7 months ago
Alternatives and similar repositories for codetotal:
Users that are interested in codetotal are comparing it to the libraries listed below
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β49Updated 2 months ago
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ72Updated last year
- Dependency Combobulatorβ93Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.β47Updated 6 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated 3 weeks ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated this week
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 3 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β61Updated 9 months ago
- Manager of third-party sources of Semgrep rules πβ81Updated 8 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ103Updated 2 months ago
- WAF bypass PoCβ47Updated last year
- β110Updated last year
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).β27Updated last month
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services β¦β49Updated 2 years ago
- β61Updated 3 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β115Updated last year
- A project to visualize the software supply chainβ44Updated last year
- Discover vulnerabilities and container image misconfiguration in production environments.β55Updated last month
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilitiesβ26Updated last week
- boostsecurityio/lotpβ119Updated 3 weeks ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ112Updated last month
- Burp Suite extension for testing Passkey systems.β65Updated last month
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ91Updated last month
- β58Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β40Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β46Updated 7 months ago
- A GraphQL enumeration and extraction toolβ130Updated 2 years ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.β40Updated this week
- Nuclei plugins to audit Chrome extensionsβ64Updated 8 months ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.β56Updated 3 years ago