Tag

secrets-scanner

Oldest Newest URL A-Z URL Z-A Title A-Z Title Z-A Random
ghosttype
https://github.com/xFreed0m/ghosttype

Local forensic scanner that extracts credentials from AI tool conversation history. For authorized red team and DLP use only.

Local forensic scanner that extracts and verifies credentials from AI tool conversation history. Detection + verification powered by TruffleHog.

 
ai-agent devsecops open-source pentest red-team secrets-scanner security
Added 1 week ago
layerleak
https://github.com/Brumbelow/layerleak

layerleak the Docker Hub Secret Scanner.

Traditional secret scanners often treat a container image as a flat blob or depend on a local Docker daemon. This project is designed around OCI image internals

 
command-line container docker foss mit-licensed oci open-source secret secrets-scanner security
Added 2 months ago
Betterleaks
https://betterleaks.com/

A Better Secrets Scanner. Detect Leaked API Keys & Credentials. A Better Secrets Scanner built for configurability and speed.

Betterleaks is a tool for detecting secrets like passwords, API keys, and tokens in git repos, files, and whatever else you wanna throw at it via stdin. If you wanna learn more about how the detection engine works check out this blog: Regex is (almost) all you need.

Related contents:

 
command-line devsecops foss git mit-licensed open-source secret secrets-scanner security
Added 2 months ago
Nord Stream
https://github.com/synacktiv/nord-stream

Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.

Related contents:

 
azure-devops foss github gitlab-ci gpl3-licensed open-source pentest secret secrets-scanner
Added 2 months ago
bagel
https://boostsecurityio.github.io/bagel/

Bagel is a cross-platform CLI that inspects developer workstations and produces a structured report of security findings. It allows developers to understand their attack surface and what could be of interest to a malicious actor.

Related contents:

 
audit bash command-line foss gpl3-licensed open-source secrets-scanner security shell shell-history vulnerability-scanner
Added 2 months ago
CredSweeper
https://github.com/Samsung/CredSweeper

CredSweeper is an advanced credential detection tool designed to identify exposed credentials such as passwords, API keys, tokens, and other sensitive information across source code, configuration files, documents, and binary assets. CredSweeper scans regular files, embedded data in containers, and files added in Git commits. The tool combines pattern-based detection, machine learning–based validation, and deep file inspection to deliver comprehensive and accurate security scanning for modern codebases and repositories.

Related contents:

 
container foss git mit-licensed open-source secrets-scanner security
Added 3 months ago
Titus
https://github.com/praetorian-inc/titus

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 459 detection rules with live credential validation.

 
apache2-licensed burp-suite command-line foss open-source secret secrets-scanner security
Added 3 months ago
TruffleHog
https://trufflesecurity.com/trufflehog

Find and verify secrets. Find leaked credentials.

TruffleHog is the most powerful secrets Discovery, Classification, Validation, and Analysis tool. In this context secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more...

Related contents:

 
agpl3-licensed command-line devsecops foss github-action open-source osint secint secret secrets-scanner security
Added 1 year ago