oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
☆76Updated 5 months ago
Alternatives and similar repositories for codetotal:
Users that are interested in codetotal are comparing it to the libraries listed below
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆89Updated 11 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆113Updated last year
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆101Updated this week
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)☆41Updated last week
- Nuclei plugins to audit Chrome extensions☆64Updated 6 months ago
- boostsecurityio/lotp☆110Updated last month
- ☆50Updated last month
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated last month
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆104Updated last month
- Dependency Combobulator☆89Updated last year
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks☆57Updated 2 years ago
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆129Updated this week
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆38Updated this week
- Create tar/zip archives that try to exploit zipslip vulnerability.☆47Updated 3 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆59Updated 6 months ago
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me☆17Updated 5 months ago
- Sharing software supply chain security open source projects☆42Updated 2 years ago
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure☆46Updated last year
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆22Updated 6 months ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆48Updated last year
- Scans your Github Actions for security issues☆56Updated last month
- A blazing fast Blind SQL Injection optimization and automation framework.☆122Updated 2 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆45Updated 5 months ago
- ☆17Updated 2 years ago
- Manager of third-party sources of Semgrep rules 🗂☆77Updated 5 months ago
- ☆58Updated last year
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆138Updated 3 years ago
- ☆15Updated 6 months ago
- A collection of my Semgrep rules☆48Updated last year