7 Repos
Tools for identifying sensitive data within cloud storage platforms.
Distinguishing note: Focuses on scanning cloud storage content.
Explore 7 awesome GitHub repositories matching devops & infrastructure · Cloud Storage Scanning. Refine with filters or upvote what's useful.
TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources t
Inspects files within cloud storage buckets to identify leaked secrets using identity roles.
Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor
Identifies sensitive information within cloud storage files and attachments.
Gobuster is a command-line security utility designed for brute-force discovery of hidden infrastructure and content. It operates by systematically testing wordlists against target network services to identify files, directories, subdomains, and cloud storage buckets. The tool utilizes a concurrent worker pool to execute these requests in parallel, ensuring efficient scanning across various network environments. The project distinguishes itself through a modular plugin architecture that supports multiple discovery modes, including HTTP, DNS, and TFTP. This design allows for protocol-agnostic r
Identifies publicly accessible storage buckets on cloud platforms by testing potential bucket names against service provider interfaces.
ClamAV ist eine Open-Source-Antivirus-Engine und ein Malware-Erkennungsscanner. Er identifiziert Trojaner, Viren und andere schädliche Software durch das Scannen von Dateien und Datenströmen anhand einer Datenbank bekannter Signaturen. Das System fungiert als Signatur-basierter Bedrohungserkenner, der die Implementierung von Threat Intelligence ermöglicht, indem Malware-Proben in umsetzbare Signaturen umgewandelt werden. Es unterstützt die Erstellung benutzerdefinierter Malware-Signaturen zur Identifizierung spezifischer oder spezialisierter Sicherheitsbedrohungen. Die Engine bietet Funktionen für Endpoint-Security-Monitoring und umfassende Malware-Erkennungsscans über Computersysteme hinweg.
Identifies trojans, viruses, and other malicious software across computer systems and files.
ClamAV - Documentation is here: https://docs.clamav.net
Scans objects in cloud storage buckets like Amazon S3 for viruses using automated pipelines.
S3Scanner is a security tool for auditing public access and misconfigured permissions across S3-compatible storage providers. It functions as a storage auditor and security scanner designed to identify open buckets, enumerate publicly accessible objects, and exfiltrate data from misconfigured cloud environments. The project is distinguished by its integration with message brokers, allowing it to consume target lists for large-scale cloud infrastructure audits. It also provides utilities for dumping the entire contents of misconfigured buckets to local directories and calculating the total siz
Performs security audits and permission checks against various cloud storage platforms and custom endpoints.
SubDomainizer ist ein Sicherheits-Scanning-Utility zur Kartierung von Webinfrastruktur und zur Identifizierung der Offenlegung sensibler Informationen. Es fungiert als Aufklärungstool, das Daten aus Webseiten, lokalen Dateien und Remote-Code-Hosting-Diensten aggregiert, um eine umfassende Bewertung der Angriffsfläche eines Ziels bereitzustellen. Das Tool ist darauf spezialisiert, versteckte Subdomains und Infrastruktur-Einstiegspunkte durch rekursives Web-Crawling und die Analyse von SSL-Zertifikatsmetadaten zu entdecken. Es sichert Umgebungen weiter ab, indem es Quellcode und externe Repositories auf exponierte API-Schlüssel, Passwörter und andere Anmeldedaten scannt, unter Verwendung einer Kombination aus Keyword-Pattern-Matching und Entropie-basierter Analyse. Über die Domänen- und Anmeldedaten-Entdeckung hinaus führt das Utility Cloud-Infrastruktur-Audits durch, um falsch konfigurierte oder öffentlich zugängliche Storage-Buckets zu erkennen. Durch die Integration dieser diversen Scanning-Techniken konsolidiert es die Ergebnisse in einem einheitlichen Bericht, um bei der Identifizierung potenzieller Sicherheitslücken und unautorisierter Infrastrukturoffenlegung zu unterstützen.
Scans web content and source files for cloud storage service addresses to detect misconfigured or publicly accessible buckets.