Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API keys, and authentication tokens. It functions as a Git secret scanner that analyzes both local file systems and Git commit history to prevent credential leaks. The tool distinguishes itself through a decoding pipeline that transforms base64 and hex strings into plaintext to find obfuscated secrets. It further reduces false positives using proximity-based validation and fingerprint-based suppression to filter out known or baseline findings. The system covers a broad range of detec
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for
Gitrob is a tool that scans public GitHub repositories for potentially sensitive files. It clones repositories and walks through their full commit history to flag files matching signatures for sensitive content, including files that may have been deleted in later commits.
michenriksen/gitrob की मुख्य विशेषताएं हैं: Historical Commit Scanning, Sensitive File Discovery, Findings Browsing Interfaces, Assessment Session Files, In-Memory Serving, Reconnaissance Tools, Cloud and Git Security, Reconnaissance and OSINT।
michenriksen/gitrob के ओपन-सोर्स विकल्पों में शामिल हैं: zricethezav/gitleaks — Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API… blacklanternsecurity/bbot — This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions… m4ll0k/secretfinder — SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript… awslabs/git-secrets — Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating… gwen001/github-subdomains. edoardottt/cariddi — Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.