oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
☆73Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for codetotal
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)☆39Updated 2 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- Manager of third-party sources of Semgrep rules 🗂☆76Updated 3 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆97Updated 9 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆86Updated 9 months ago
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks☆57Updated 2 years ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated 2 months ago
- Nuclei plugins to audit Chrome extensions☆64Updated 3 months ago
- Dependency Combobulator☆88Updated 10 months ago
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆70Updated 9 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆129Updated last year
- Clean accounts over permissions in GCP infra at scale☆71Updated last year
- SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle☆105Updated last year
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆125Updated this week
- Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets☆154Updated this week
- ☆109Updated last year
- WAF bypass PoC☆43Updated last year
- OWASP Foundation Web Respository☆19Updated 3 weeks ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆55Updated 7 months ago
- Create tar/zip archives that try to exploit zipslip vulnerability.☆45Updated last month
- An extension to use Semgrep inside Burp Suite.☆87Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆39Updated 2 months ago
- OWASP Foundation Web Respository☆37Updated 2 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆57Updated last year
- ☆58Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Security☆62Updated last year
- A curated list of argument injection vectors☆37Updated 2 months ago
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by me☆17Updated 3 months ago
- ☆17Updated 2 years ago