trufflesecurity / driftwoodView external linksLinks
Private key usage verification
β432Apr 4, 2025Updated 10 months ago
Alternatives and similar repositories for driftwood
Users that are interested in driftwood are comparing it to the libraries listed below
Sorting:
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Sep 14, 2021Updated 4 years ago
- π Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.β426Dec 5, 2025Updated 2 months ago
- β73Nov 22, 2021Updated 4 years ago
- πͺ CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.β965Jan 10, 2025Updated last year
- β418Oct 16, 2021Updated 4 years ago
- Contextual Content Discovery Toolβ3,085Apr 29, 2024Updated last year
- A Passive SSH back-end and scanner.β104Jun 18, 2025Updated 7 months ago
- Find, verify, and analyze leaked credentialsβ24,487Feb 7, 2026Updated last week
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutationsβ404Dec 24, 2022Updated 3 years ago
- Vandalize old emails. Like an NFT that's easy to prove ownership of.β35Jul 20, 2023Updated 2 years ago
- Automating situational awareness for cloud penetration tests.β2,289Feb 5, 2026Updated last week
- Unleash the power of cloudβ821Nov 19, 2024Updated last year
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ946Dec 31, 2021Updated 4 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systemsβ775Aug 19, 2024Updated last year
- Dump all available paths and/or endpoints on WADL file.β98Nov 24, 2025Updated 2 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β122Aug 20, 2023Updated 2 years ago
- Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.β1,284Sep 12, 2025Updated 5 months ago
- Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures tβ¦β213Mar 31, 2020Updated 5 years ago
- β709Nov 27, 2024Updated last year
- Rust-based high performance domain permutation generator.β297Dec 2, 2023Updated 2 years ago
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pagβ¦β530Apr 23, 2025Updated 9 months ago
- Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.β34Nov 8, 2021Updated 4 years ago
- Convolutional neural network for analyzing pentest screenshotsβ1,278Feb 19, 2024Updated last year
- Filter and enrich a list of subdomains by levelβ210Sep 25, 2023Updated 2 years ago
- Find cloud assets that no one wants exposed π βοΈβ349Jul 20, 2020Updated 5 years ago
- Tools to assess the DNS security of web applications��β127Oct 5, 2022Updated 3 years ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.β6,042Aug 14, 2024Updated last year
- Research on the enumeration of IAM permissions without logging to CloudTrailβ61Jun 11, 2021Updated 4 years ago
- A GraphQL enumeration and extraction toolβ134Jan 29, 2023Updated 3 years ago
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.β277Sep 20, 2024Updated last year
- β95Sep 18, 2021Updated 4 years ago
- A high performance TCP SYN port scanner.β318Mar 2, 2024Updated last year
- A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attβ¦β5,740Feb 5, 2026Updated last week
- Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlistsβ765Feb 12, 2023Updated 3 years ago
- π¦π Awesome list of secrets in environment variables π₯οΈβ901Sep 21, 2022Updated 3 years ago
- Amazingly fast response crawler to find juicy stuff in the source code! ππ₯β156Sep 18, 2023Updated 2 years ago
- Go scripts for checking API key / access token validityβ220Aug 3, 2021Updated 4 years ago
- WebStor efficiently enumerates all websites across your organizationβs networks and those in your DNS records - including cloud-hosted seβ¦β156Mar 31, 2024Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β749Dec 19, 2023Updated 2 years ago