Alternatives and similar repositories for codetotal

Users that are interested in codetotal are comparing it to the libraries listed below

• binareio / FastCVE
  FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.
  ☆52Updated last month
• mllamazares / vulncov
  🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
  ☆39Updated 6 months ago
• lacioffi / GCP-pentest-lab
  A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities
  ☆27Updated 3 months ago
• iosifache / semgrep-rules-manager
  Manager of third-party sources of Semgrep rules 🗂
  ☆87Updated 11 months ago
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Updated 3 months ago
• RichardoC / gitlab-secrets
  This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…
  ☆47Updated 10 months ago
• nccgroup / ccs
  ☆111Updated 2 years ago
• praetorian-inc / konstellation
  Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.
  ☆23Updated last year
• SDA-SE / cluster-image-scanner
  Discover vulnerabilities and container image misconfiguration in production environments.
  ☆56Updated 3 weeks ago
• raesene / k8s_ssrf_portscanner
  ☆31Updated 2 years ago
• apiiro / combobulator
  Dependency Combobulator
  ☆93Updated last year
• SecureStackCo / visualizing-software-supply-chain
  A project to visualize the software supply chain
  ☆51Updated last year
• owasp-dep-scan / depscan-bin
  Binary builds for dep-scan - The Dependency Scanner
  ☆10Updated last year
• NodyHub / zipslipper
  Create tar/zip archives that try to exploit zipslip vulnerability.
  ☆47Updated 9 months ago
• hac01 / gcp-iam-brute
  ☆47Updated last year
• semgr8ns / semgr8s
  Semgrep-based Policy Controller for Kubernetes
  ☆47Updated 3 months ago
• doyensec / PoiEx
  🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends
  ☆73Updated last year
• KaanSK / go-epss
  A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).
  ☆28Updated 4 months ago
• ghostsecurity / waf-btk
  WAF bypass PoC
  ☆48Updated last year
• nccgroup / cowcloud
  ☆57Updated 2 years ago
• pocahon / jsontoneo
  ☆12Updated 3 months ago
• trickest / containers
  Automated privilege escalation of the world's most popular Docker images.
  ☆66Updated last year
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆61Updated 2 years ago
• yacwagh / FAAST
  Prototype of Full Agentic Application Security Testing, FAAST = SAST + DAST + LLM agents
  ☆55Updated 2 months ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆127Updated 2 months ago
• hashicorp-forge / semgrep-rules
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆41Updated last year
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆119Updated last year
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆42Updated last year
• AbstractClass / CloudPrivs
  Determine privileges from cloud credentials via brute-force testing.
  ☆69Updated 10 months ago
• RefactorSecurity / vscode-security-notes
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆133Updated 3 months ago