salesforce / lobster-pot
Scans every git push to your Github organisations to find unwanted secrets.
☆88Updated last year
Related projects: ⓘ
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.☆74Updated 2 years ago
- ☆43Updated this week
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 2 years ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container☆84Updated 5 years ago
- Serverless honeytoken 🕵🏻♂️☆78Updated last year
- sgCheckup generates nmap output based on scanning your AWS Security Groups for unexpected open ports.☆81Updated 3 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆138Updated 3 years ago
- Salesforce object access auditor☆105Updated last year
- AWSXenos will list all the trust relationships in all the IAM roles, S3 buckets, and more☆60Updated 3 months ago
- 'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.☆61Updated 5 years ago
- Salesforce Policy Deviation Checker☆29Updated 3 years ago
- ☆108Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆74Updated 3 weeks ago
- Assorted tools for security-related task for git repositories☆59Updated 2 years ago
- GCP CSPM using Google Sheets☆33Updated 3 months ago
- ☆60Updated last year
- Scans Slack for API tokens, credentials, passwords, and more using YARA rules☆37Updated 3 years ago
- Research on the enumeration of IAM permissions without logging to CloudTrail☆60Updated 3 years ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- Splash Pseudo Lambda Shell☆95Updated 4 years ago
- Compares and analyzes GCP IAM roles.☆76Updated 3 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆147Updated 3 weeks ago
- This repo gives an overview of some GCP metadata API attack and defend patterns☆76Updated 4 years ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆127Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆56Updated last year
- Dockerfile Security Checker using OPA Rego policies with Conftest☆58Updated 2 years ago
- Clean accounts over permissions in GCP infra at scale☆70Updated last year
- AWS docs, guides, and other tools☆76Updated last year
- Lightspin AWS IAM Vulnerability Scanner☆96Updated 3 years ago
- Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.☆92Updated 10 months ago