oxsecurity / codetotalLinks
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β78Updated 11 months ago
Alternatives and similar repositories for codetotal
Users that are interested in codetotal are comparing it to the libraries listed below
Sorting:
- Dependency Combobulatorβ93Updated last year
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ73Updated last year
- β111Updated 2 years ago
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.β53Updated last month
- Kubernetes Pwnage for allβ57Updated 4 years ago
- Discover vulnerabilities and container image misconfiguration in production environments.β56Updated last month
- Manager of third-party sources of Semgrep rules πβ87Updated 11 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β119Updated last year
- β57Updated 2 years ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ105Updated 5 months ago
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 7 months ago
- boostsecurityio/lotpβ128Updated 3 months ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.β24Updated last week
- WAF bypass PoCβ48Updated last year
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Updated 3 years ago
- Create tar/zip archives that try to exploit zipslip vulnerability.β47Updated 9 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated 3 months ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target containerβ106Updated 6 years ago
- Scan DockerHub images that match a keyword to find secrets.β60Updated 4 years ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.β56Updated 3 years ago
- Secrets scanner that understands codeβ188Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated 2 years ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β42Updated last year
- πA cutting edge context aware GraphQL API fuzzing tool!β143Updated 3 weeks ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.β41Updated this week
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilitiesβ27Updated 3 months ago
- Blogpost series showcasing interesting cloud - web app security bugsβ49Updated 2 years ago
- β81Updated last week
- Anti-Takeover is a sub domain monitoring tool for (blue/purple) team / internal security team which uses cloud flare. Currently Anti-Takeβ¦β12Updated 5 years ago
- A collection of my Semgrep rulesβ49Updated 2 years ago