trufflesecurity / force-push-scannerLinks
Scan for secrets in dangling commits on GitHub using GH Archive data.
☆222Updated last week
Alternatives and similar repositories for force-push-scanner
Users that are interested in force-push-scanner are comparing it to the libraries listed below
Sorting:
- tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …☆229Updated 5 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆284Updated 5 months ago
- Secrets Ninja is an GUI tool for validating & investigating API keys discovered during pentesting & bug bounty hunting.☆64Updated last week
- A multifaceted security tool which leverages Public GitHub REST APIs for OSINT, Forensics, Pentesting and more.☆146Updated 2 months ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆220Updated last month
- GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.☆376Updated last week
- Identify hardcoded secrets in static structured text (version 2)☆91Updated 5 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆119Updated last year
- Abuse trust-boundaries to bypass firewalls and network controls☆326Updated last month
- An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.☆176Updated last year
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆142Updated 3 weeks ago
- Stalker, the Extensible Attack Surface Management tool.☆86Updated 3 weeks ago
- A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.☆319Updated this week
- SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.☆124Updated 5 months ago
- A research project to add some brrrrrr to Burp☆180Updated 5 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆162Updated 8 months ago
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens☆161Updated 7 months ago
- boostsecurityio/lotp☆128Updated 3 months ago
- FrogPost: postMessage Security Testing Tool☆90Updated 2 months ago
- Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty in WebSocket☆78Updated last week
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆107Updated last year
- Burp Suite extension for testing Passkey systems.☆71Updated 3 months ago
- ☆205Updated last year
- Feed it a number. Your cloned voice does the social engineering, while you sip your coffee. A ghost that talks on the phone for you.☆95Updated last month
- Sasori is a dynamic web crawler powered by Puppeteer, designed for lightning-fast endpoint discovery.☆143Updated 11 months ago
- Certainly is a offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scena…☆188Updated 10 months ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆216Updated 3 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆680Updated 2 weeks ago
- Read Chromium data (namely, cookies and local storage) straight from disk, without spinning up the browser.☆121Updated 2 months ago
- Security tool against dependency typosquatting attacks☆53Updated this week