oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
☆73Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for codetotal
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆98Updated 9 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.☆53Updated 2 months ago
- ☆40Updated last month
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- ☆110Updated last year
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)☆39Updated 3 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated 3 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆55Updated 4 months ago
- Nuclei plugins to audit Chrome extensions☆64Updated 4 months ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆33Updated last month
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆71Updated 9 months ago
- WAF bypass PoC☆43Updated last year
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆131Updated last year
- ☆15Updated 4 months ago
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆127Updated this week
- Virtual environment for learning DevSecOps☆29Updated 7 years ago
- Manager of third-party sources of Semgrep rules 🗂☆76Updated 4 months ago
- A GraphQL enumeration and extraction tool☆128Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆86Updated 9 months ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆49Updated last year
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆39Updated 3 months ago
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIs☆69Updated 8 months ago
- Protect against subdomain takeover☆92Updated 5 months ago
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks☆57Updated 2 years ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆100Updated 9 months ago
- OWASP Foundation Web Respository☆19Updated last month
- ☆58Updated last year
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers…☆98Updated last week