oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β76Updated 7 months ago
Alternatives and similar repositories for codetotal:
Users that are interested in codetotal are comparing it to the libraries listed below
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β49Updated 2 months ago
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ72Updated last year
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 3 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β115Updated last year
- boostsecurityio/lotpβ119Updated 2 weeks ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated this week
- Security tool against dependency typosquatting attacksβ39Updated last week
- WAF bypass PoCβ46Updated last year
- β110Updated last year
- Nuclei plugins to audit Chrome extensionsβ64Updated 8 months ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β112Updated 3 weeks ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated 3 weeks ago
- A tool to uncover undocumented APIs from the AWS Console.β99Updated 4 months ago
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructureβ46Updated last year
- Manager of third-party sources of Semgrep rules πβ81Updated 8 months ago
- Dependency Combobulatorβ93Updated last year
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β61Updated 9 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.β47Updated 6 months ago
- Determine privileges from cloud credentials via brute-force testing.β67Updated 7 months ago
- β17Updated 2 years ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application aβ¦β156Updated 4 months ago
- OWASP ASVS Security Evaluation Templates with Nucleiβ30Updated this week
- Semgrep-based Policy Controller for Kubernetesβ47Updated 2 weeks ago
- Burp Suite extension for testing Passkey systems.β65Updated last month
- Discover vulnerabilities and container image misconfiguration in production environments.β55Updated last month
- β58Updated last year
- Tool for obfuscating and deobfuscating data.β69Updated last year
- β175Updated 4 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ102Updated 2 months ago