# Secret Scanning and Leak Detection > Search results for `search public code repositories for accidentally leaked credentials` on awesome-repositories.com. 118 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/search-public-code-repositories-for-accidentally-leaked-credentials **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/search-public-code-repositories-for-accidentally-leaked-credentials).** ## Results - [dxa4481/trufflehog](https://awesome-repositories.com/repository/dxa4481-trufflehog.md) (26,790 ⭐) — TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources they control. The tool covers a broad discovery surface, including the scanning of Elastic clusters, Postman workspaces, and Hugging Face resources. It provides capabilities for binary and document scanning, secret type classification, and the creation of custom detection rules using regular expressions and entropy filters. Automation is supported through CI/CD security scanning and pre-commit hooks to block credentials from entering a codebase before they are merged. - [git-ecosystem/git-credential-manager](https://awesome-repositories.com/repository/git-ecosystem-git-credential-manager.md) (9,021 ⭐) — This project is a Git credential helper that automates the storage and retrieval of authentication secrets for remote repository operations. It functions as an OAuth token manager and an operating system vault storage interface to ensure authentication secrets are encrypted at rest. The tool acts as a cross-platform authentication broker, enabling the sharing of secure credentials between a host operating system and a Linux subsystem. It also serves as an enterprise proxy gateway, routing authentication traffic through corporate proxy servers to reach restricted repository endpoints. The system manages identity through multi-factor authentication and handles account binding for providers such as GitHub and Azure Repos. It further integrates with native system password managers and provides the ability to validate security certificates for remote hosts. - [harisekhon/devops-bash-tools](https://awesome-repositories.com/repository/harisekhon-devops-bash-tools.md) (8,062 ⭐) — DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests and optimize image sizes, as well as utilities for batch processing Git repositories and enforcing commit standards. Beyond cloud and pipeline management, the toolset covers a broad range of capabilities including system administration, development environment setup, and security auditing for identity permissions and secret leakage. It also provides utilities for media manipulation, data processing, and the automation of language runtime installations. - [guxd/deep-code-search](https://awesome-repositories.com/repository/guxd-deep-code-search.md) (283 ⭐) — DeepCS: Deep Code Search - [expo/expo](https://awesome-repositories.com/repository/expo-expo.md) (50,111 ⭐) — Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules without manual intervention. It also features a file-based routing system that maps directory structures directly to navigation paths, and an over-the-air update service that enables the deployment of JavaScript and asset changes directly to user devices, bypassing traditional app store review cycles. Beyond these core capabilities, the platform offers a wide range of integrated services for managing project metadata, environment variables, and persistent data storage. It includes a robust set of UI components and utilities for handling hardware-level features such as camera access, geolocation, audio and video playback, and push notifications. Developers can also leverage managed cloud services to orchestrate custom build profiles and automate CI/CD workflows. The project is managed via a command-line interface that facilitates project setup, native module integration, and the generation of custom development builds. Documentation and tooling are provided to support both standalone applications and the integration of Expo into existing native projects. - [wolfia-app/gpt-code-search](https://awesome-repositories.com/repository/wolfia-app-gpt-code-search.md) (208 ⭐) — gpt-code-assistant is an open-source coding assistant leveraging language models to search, retrieve, explore and understand any codebase. - [zricethezav/gitleaks](https://awesome-repositories.com/repository/zricethezav-gitleaks.md) (27,739 ⭐) — Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API keys, and authentication tokens. It functions as a Git secret scanner that analyzes both local file systems and Git commit history to prevent credential leaks. The tool distinguishes itself through a decoding pipeline that transforms base64 and hex strings into plaintext to find obfuscated secrets. It further reduces false positives using proximity-based validation and fingerprint-based suppression to filter out known or baseline findings. The system covers a broad range of detection capabilities, including recursive archive extraction and commit-history traversal. It supports automated workflows for integration into continuous integration and delivery pipelines, allowing for custom secret detection rules and the generation of structured scan reports for compliance auditing. - [coollabsio/coolify](https://awesome-repositories.com/repository/coollabsio-coolify.md) (57,055 ⭐) — This project is a self-hosted platform-as-a-service that provides a centralized management interface for deploying, configuring, and monitoring containerized applications and databases on private infrastructure. It functions as a visual control plane, automating the end-to-end lifecycle of services from source code to production. By managing container orchestration, networking, and resource allocation, it allows users to maintain full control over their own hardware while streamlining the delivery of software. The platform distinguishes itself through its agentless architecture, which uses secure shell connections to execute administrative tasks and manage remote servers without requiring persistent local software. It integrates directly with version control systems to trigger automated build and deployment pipelines, including the creation of temporary, isolated preview environments for every pull request. This workflow is supported by a declarative engine that uses templates to standardize the deployment of complex multi-container architectures and persistent database engines. Beyond core orchestration, the system handles the operational requirements of hosted services by managing dynamic reverse-proxy routing and automated SSL certificate lifecycles. It provides a comprehensive suite of infrastructure management tools, including browser-based terminal access for debugging, automated system dependency installation, and persistent state management via a central database. These capabilities ensure that infrastructure remains synchronized and consistent across multiple remote environments. - [rinvex/repository](https://awesome-repositories.com/repository/rinvex-repository.md) (0 ⭐) — Rinvex Repository is a simple, intuitive, and smart implementation of Active Repository with extremely flexible & granular caching system for Laravel, used to abstract the data layer, making applications more flexible to maintain. - [docker-archive-public/docker.labs](https://awesome-repositories.com/repository/docker-archive-public-docker-labs.md) (11,904 ⭐) — This project is a comprehensive collection of tutorials and guided laboratories designed to teach containerization, networking, and security using Docker. It serves as a learning path for building portable images and executing isolated processes. The materials provide specific guides for managing container clusters and scaling services through Docker Swarm and overlay networks. It includes a security handbook for implementing image scanning and secret management, as well as laboratories dedicated to modernizing legacy applications by wrapping older software installers into containers. The content covers a broad range of capabilities including the configuration of continuous integration pipelines, the deployment of cloud-native applications, and the setup of private image registries. It also provides instructional workflows for performing live debugging of applications within containerized environments. - [yelp/detect-secrets](https://awesome-repositories.com/repository/yelp-detect-secrets.md) (4,429 ⭐) — detect-secrets is a modular secret scanning tool that identifies hard-coded credentials and sensitive information in source code. It combines multiple detection strategies—regular expression pattern matching, Shannon entropy calculation, and a machine learning classifier—to find potential secrets, and uses a baseline-driven delta analysis to distinguish newly introduced secrets from pre-existing ones, reducing noise from legacy credentials. The tool integrates directly into development workflows through a git pre-commit hook that blocks commits introducing unbaselined secrets, and can be incorporated into CI/CD pipelines for automated scanning during builds. Its plugin-based detection architecture allows loading modular detection plugins at runtime, each implementing a distinct scanning strategy, and supports custom plugins for organization-specific patterns. An audit trail mapping system records each detection verdict as a true or false positive entry, enabling downstream tracking of remediation progress and false positive suppression. Additional capabilities include inline secret allowlisting to mark specific lines for the scanner to ignore, scan exclusion rules to reduce false positives by ignoring specific file paths or patterns, and secret audit labeling to interactively classify each detection and generate a migration checklist. The tool also manages a known secret baseline that creates and updates a snapshot of all currently detected secrets, allowing new secrets to be flagged while ignoring pre-existing ones. - [elastic/detection-rules](https://awesome-repositories.com/repository/elastic-detection-rules.md) (2,508 ⭐) — This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-based testing framework to validate rule syntax and accuracy before deployment. The system covers a broad range of security operations, including threat intelligence integration, cloud posture auditing, and security event correlation. It also provides capabilities for anomaly detection, entity risk analysis, and the coordination of security incidents through case management and alert noise suppression. - [oulman/terraform-credentials-vault](https://awesome-repositories.com/repository/oulman-terraform-credentials-vault.md) (5 ⭐) — Terraform credentials helper for Vault - [usestrix/strix](https://awesome-repositories.com/repository/usestrix-strix.md) (20,138 ⭐) — Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agnostic routing, it supports a wide range of local and cloud-based model providers, enabling users to tailor analysis depth and reasoning capabilities to their specific security requirements. This orchestration is complemented by the ability to inject structured knowledge packages into agents, allowing for highly targeted vulnerability research and customized testing methodologies. The system provides a broad capability surface that combines static code analysis with dynamic runtime testing. It includes integrated headless browser automation for simulating user behavior, proxy-based traffic interception for inspecting and replaying network communication, and infrastructure mapping tools for reconnaissance. These features are unified within a sandboxed environment that supports custom script execution, terminal access, and real-time telemetry export for auditing and reporting. The project is designed for integration into existing development workflows, offering features like incremental codebase analysis, secret detection, and pipeline-native exit code reporting. It provides a centralized interface for managing scan intensity, authenticated testing, and the generation of structured security reports with proof-of-concept evidence. - [bridgecrewio/checkov](https://awesome-repositories.com/repository/bridgecrewio-checkov.md) (8,798 ⭐) — Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security policies using Python or YAML and includes a policy generation utility to create new static analysis checks. The tool's capability surface covers a wide range of cloud templates, including Terraform plans, AWS SAM, CloudFormation, Azure ARM, and Bicep files. It also handles container security via Dockerfile and image auditing, and Kubernetes auditing through the analysis of manifests, Helm charts, and Kustomize files. Additionally, it performs software composition analysis to identify known CVEs in package dependencies and uses regex and entropy to detect hardcoded secrets. Automation is supported via native integrations for CI/CD pipelines, git hooks, and IDEs, with results exportable in formats such as JSON, JUnit XML, SARIF, and Markdown. - [ecomfe/echarts-for-weixin](https://awesome-repositories.com/repository/ecomfe-echarts-for-weixin.md) (7,500 ⭐) — This is a chart library for rendering interactive data visualizations within WeChat Mini Programs using the Apache ECharts engine. It provides a set of visual components that use 2D canvas interfaces to render line, bar, pie, and scatter plots. The library utilizes a 2D canvas interface to increase drawing speed and resolve visual layering issues. It implements an interactive charting component that supports touch-based data interaction, allowing users to see detailed contextual information through formatted tooltips when tapping or hovering over data points. The project covers mobile data visualization and the creation of data dashboards, using adapter-based API mapping and event-bridge messaging to integrate the graphics engine into the mini-program environment. - [sap/credential-digger](https://awesome-repositories.com/repository/sap-credential-digger.md) (364 ⭐) — A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock: - [subhashchy/the-accidental-cto](https://awesome-repositories.com/repository/subhashchy-the-accidental-cto.md) (3,168 ⭐) — The Accidental CTO is a comprehensive collection of guides and frameworks focused on distributed systems architecture, resilience engineering, and system observability. It provides strategies for scaling applications from thousands to millions of users while maintaining high availability. The project offers specific methodologies for managing data volume through replication, sharding, and caching. It includes a framework for analyzing cloud infrastructure spending and evaluating transitions to self-hosted environments to reduce operational expenses. The resource covers the implementation of resilience patterns such as circuit breakers and graceful degradation to prevent total system failure. It also details the establishment of observability pipelines using metrics, logs, and traces to monitor system health and service level objectives. - [alishahryar1/free-claude-code](https://awesome-repositories.com/repository/alishahryar1-free-claude-code.md) (34,843 ⭐) — This project is a multi-provider AI gateway and proxy server that intercepts and routes requests between AI clients and various large language model providers. It functions as an API protocol translator and model router, mapping incoming requests to specific upstream providers or local runners to provide a unified interface for multiple models. The system distinguishes itself by bridging chat platforms and command line interfaces, converting messages from chat services into managed command line sessions. It further optimizes traffic by executing certain web search and fetch requests locally and translating message formats, streaming events, and tool schemas between different provider standards. The proxy includes capabilities for voice input and output processing, including audio-to-text transcription. It also provides a local web interface for managing provider keys, validates requests via authorization tokens, and implements a transport-class abstraction to support the integration of custom backend services. - [six2dez/reconftw](https://awesome-repositories.com/repository/six2dez-reconftw.md) (7,226 ⭐) — reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent execution across different cloud providers and features a checkpoint system to resume interrupted workflows from the last point of failure. The toolkit covers a broad range of capabilities, including passive and active subdomain enumeration, open-source intelligence gathering, and network infrastructure analysis. It also incorporates automated vulnerability scanning for common web flaws and CVEs, differential asset tracking to identify new targets, and the generation of security reports using artificial intelligence. The environment can be deployed via container orchestration and integrated into CI/CD pipelines for recurring security checks. - [forbiddenprogrammer/conti-pentester-guide-leak](https://awesome-repositories.com/repository/forbiddenprogrammer-conti-pentester-guide-leak.md) (0 ⭐) — This repository was created to archive leaked leaked pentesting materials, which were previously given to Conti ransomware group affilates: - [awesome-skills/code-review-skill](https://awesome-repositories.com/repository/awesome-skills-code-review-skill.md) (1,043 ⭐) — This project is a specialized instruction set for AI coding agents designed to perform structured, language-specific code reviews. It functions as an automated tool that evaluates source code against predefined checklists to identify security, performance, and architectural inconsistencies across diverse technology stacks. The system distinguishes itself by employing a multi-phase analysis pipeline that moves from high-level architectural assessments to granular, line-by-line inspections. It utilizes a severity-based taxonomy to categorize findings, clearly separating blocking security issues from optional stylistic improvements to provide actionable, consistent feedback for developers. Beyond core analysis, the framework standardizes the review process by applying context-aware documentation and language-specific guidelines. It incorporates collaborative techniques to improve communication between developers, ensuring that feedback is delivered in a structured, template-driven format that reduces friction and supports team-wide code quality standards. - [deepfence/secretscanner](https://awesome-repositories.com/repository/deepfence-secretscanner.md) (3,270 ⭐) — SecretScanner is a security tool designed to search filesystems and container images for unprotected passwords, API keys, and other sensitive data. It functions as a static secret detector and container image scanner that identifies hardcoded credentials by matching content against a database of known secret types. The tool inspects container image layers to find secrets hidden within the filesystem hierarchy and parses local directories and host-mounted paths. It provides the ability to export scan findings in machine-readable JSON format for automated analysis and processing. The scanning engine utilizes pattern-based string matching and multi-threaded file traversal to process data. Users can adjust scan parameters such as thread counts, file size limits, and path exclusions to manage the scope and performance of the search. - [public-apis-dev/public-apis](https://awesome-repositories.com/repository/public-apis-dev-public-apis.md) (0 ⭐) — Public APIs — A collaborative list of public APIs for developers. - [securego/gosec](https://awesome-repositories.com/repository/securego-gosec.md) (8,866 ⭐) — gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptographic implementations, and insecure network or filesystem configurations. The engine also provides mechanisms for vulnerability management, including the ability to define custom security rules, enforce import blocklists, and suppress false positives using inline code annotations. Analysis results can be exported in multiple machine-readable formats to integrate with reporting tools and security workflows. - [adobe-fonts/source-code-pro](https://awesome-repositories.com/repository/adobe-fonts-source-code-pro.md) (20,412 ⭐) — Source Code Pro is a collection of monospaced OpenType font families designed for programming, user interface clarity, and coding environments. These typefaces are engineered to provide high legibility in software editors and terminal applications. The project includes a variable font family that allows for continuous adjustments of weight and style within a single file. It provides specialized typography for user interface design to ensure consistency across diverse digital layouts. The system covers monospaced typography design and web integration, supporting the generation and export of font files in multiple formats for compatibility across different operating systems and browsers. - [coding-horror/basic-computer-games](https://awesome-repositories.com/repository/coding-horror-basic-computer-games.md) (11,073 ⭐) — This project is a programming education resource and a collection of vintage game ports. It provides a library of classic computer game implementations and algorithmic problems translated into modern memory-safe scripting languages for educational study and execution. The collection focuses on the implementation of game logic and the practice of fundamental computer science algorithms. It includes diverse examples of procedural content generation, such as random mazes and text-based art, alongside mathematical visualizations. The project covers a wide array of simulation categories, including board games, sports modeling, casino gambling, and combat strategy. It also includes educational modules for arithmetic and physics kinematics, as well as utilities for probability simulation and pseudo-random number generation. - [gitlabhq/gitlabhq](https://awesome-repositories.com/repository/gitlabhq-gitlabhq.md) (24,433 ⭐) — This project is a Git DevOps platform and repository manager providing a complete toolset for hosting Git repositories, managing project tasks, and automating software delivery pipelines. It functions as a self-hosted version control system with integrated access controls, an issue tracker for project management, and a CI/CD pipeline orchestrator. The platform distinguishes itself by integrating DevSecOps capabilities, specifically a security scanner designed to detect secret leaks and API keys during the code review process. It coordinates the entire DevOps lifecycle, linking version control and task tracking directly to automated testing and final software delivery. The system covers a broad range of operational capabilities, including continuous integration and delivery pipelines, collaborative code review workflows, and integrated project tracking via boards and wikis. It also includes infrastructure tools for role-based access control, resource-intensive request proxying, and the orchestration of reproducible test environments. - [micheleangioni/phalcon-repositories](https://awesome-repositories.com/repository/micheleangioni-phalcon-repositories.md) (0 ⭐) — Phalcon Repositories lets you easily build repositories for your Phalcon models, for both SQL and Mongo drivers. - [infisical/infisical](https://awesome-repositories.com/repository/infisical-infisical.md) (27,374 ⭐) — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports complex security workflows by integrating with external identity providers for federated authentication and offering a reverse tunneling gateway that allows secure access to private network resources without exposing inbound ports. Additionally, the system includes an event-driven audit engine that maintains an immutable record of all configuration changes and access requests to support compliance requirements. Beyond core secret storage, the platform provides comprehensive orchestration capabilities, including automated secret injection into containerized environments and infrastructure pipelines. It also features integrated public key infrastructure management for the lifecycle of digital certificates and automated scanning to detect hardcoded secrets in source code and CI pipelines. The platform supports flexible deployment models, allowing teams to either utilize managed cloud services or self-host the infrastructure within their own private networks. It provides a broad ecosystem of SDKs and a command-line interface to facilitate integration across various programming languages and deployment workflows. - [abdelrahmanrafaat/repositories-maker](https://awesome-repositories.com/repository/abdelrahmanrafaat-repositories-maker.md) (0 ⭐) — ##Repositories Maker## - [benbusby/whoogle-search](https://awesome-repositories.com/repository/benbusby-whoogle-search.md) (11,552 ⭐) — Whoogle-search is a self-hosted, containerized metasearch engine designed to provide search results while stripping away advertisements, tracking scripts, and cookies. It functions as a privacy-focused proxy that fetches results from major search providers, ensuring that user activity remains isolated from the original service providers. The platform distinguishes itself through granular traffic management and request-level security. It masks user identity by rotating browser identification strings and routing queries through intermediate proxies. Users can further customize their experience by applying domain-based filtering, configuring language and location settings, and utilizing custom shortcut commands to navigate directly to specific online services. The system supports extensive interface customization and provides a standardized JSON output for integration with external software. It also includes automated traffic redirection to privacy-preserving frontends for various social and media platforms, further minimizing data exposure. The application is designed for deployment as a self-contained service, utilizing container orchestration to manage resource limits and enforce security privileges. It includes built-in authentication and security headers to restrict unauthorized access to the hosted instance. - [asgeirtj/system_prompts_leaks](https://awesome-repositories.com/repository/asgeirtj-system-prompts-leaks.md) (42,673 ⭐) — This project is a centralized repository for the collection and analysis of system instructions and behavioral configurations extracted from large language models and AI-powered software. It serves as a research archive that documents the internal directives, operational constraints, and safety protocols that define how various artificial intelligence agents interact with users. The repository distinguishes itself through a crowdsourced approach to data aggregation, maintaining a historical record of configuration changes across a wide range of proprietary models and coding assistants. By organizing these findings into structured, version-controlled datasets, it enables security researchers and developers to audit model alignment, investigate potential information disclosure risks, and observe the structural patterns used in production-grade prompt engineering. The project covers a broad capability surface, including the study of hidden behavioral constraints and the auditing of autonomous agent guidelines. It utilizes standardized, human-readable tabular storage to ensure that the collected data remains accessible for comparative analysis. The entire dataset is presented through a searchable, static web interface that tracks updates and modifications over time. - [deveel/deveel.repository](https://awesome-repositories.com/repository/deveel-deveel-repository.md) (3 ⭐) — Implementations of the repository pattern for .NET to support the domain-driven modeling - [davila7/claude-code-templates](https://awesome-repositories.com/repository/davila7-claude-code-templates.md) (20,933 ⭐) — Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust CLI toolkit for managing the entire agent lifecycle, from discovery and installation to execution and performance monitoring. By utilizing standardized protocols and modular function definitions, it enables seamless integration of external services and local tools into the assistant's capabilities. Beyond core agent management, the platform offers extensive support for workflow automation, including event-driven hooks, custom slash commands, and automated testing pipelines. It incorporates security-focused features such as granular permission enforcement, sandbox execution environments, and automated secret scanning to ensure safe operation. The system also provides observability tools, including real-time dashboards for tracking agent performance, token usage, and conversation history. - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting. Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide. - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform covers a broad range of security domains, including injection flaws, cross-site scripting, weak cryptography, and insecure network configurations. It further includes capabilities for secrets detection and the generation of structured security and privacy compliance reports. Integration is supported via a pipeline scanner that manages process exit codes for CI/CD automation. - [leaking/wegit](https://awesome-repositories.com/repository/leaking-wegit.md) (0 ⭐) - [infobyte/faraday](https://awesome-repositories.com/repository/infobyte-faraday.md) (6,523 ⭐) — Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to aggregate findings. Additionally, it provides bidirectional synchronization with external ticketing systems via webhooks to maintain consistency between vulnerability states and remediation tasks. Broad capabilities include automated scan scheduling, role-based access control, and identity federation via SAML 2.0 and LDAP. The system also features template-driven report generation for executive and compliance documents, as well as a Model Context Protocol server to expose management data to AI assistants. The project is written in Python and integrates with PostgreSQL for data storage and Elasticsearch for high-performance querying. - [davemachado/public-api](https://awesome-repositories.com/repository/davemachado-public-api.md) (1,654 ⭐) — Public API for the public-apis Github project - [andersao/l5-repository](https://awesome-repositories.com/repository/andersao-l5-repository.md) (4,205 ⭐) — Laravel 5 - Repositories to abstract the database layer - [comodosecurity/openedr](https://awesome-repositories.com/repository/comodosecurity-openedr.md) (2,603 ⭐) — OpenEDR is an endpoint detection and response platform designed to collect telemetry and monitor system activity to identify security breaches. It functions as a host-based intrusion detection system and telemetry collector, gathering detailed data on process, network, and file activity. The system includes a dockerized security stack that bundles search, logging, and visualization tools into containers for analyzing endpoint telemetry. It features a security event visualizer that maps process lineage and indexes logs to facilitate root-cause analysis of attacks. The platform provides capabilities for monitoring system API calls, file and registry access, and network traffic. It incorporates security breach detection and alerting through customizable telemetry filtering rules and policy configurations. To maintain system integrity, it employs a dedicated self-protection provider to prevent unauthorized modifications to monitoring agents and configurations. - [florinciocirlan/rxjs-leak-finder](https://awesome-repositories.com/repository/florinciocirlan-rxjs-leak-finder.md) (1 ⭐) — Find leaked RxJS subscriptions in your Angular dev-mode app. One line in main.ts, no Chrome extension. - [entireio/cli](https://awesome-repositories.com/repository/entireio-cli.md) (2,753 ⭐) — This project is a Git-based AI session tracker and context manager designed to record AI agent interactions, transcripts, and tool usage directly into Git repositories. It functions as a system for capturing and indexing the reasoning behind code changes, linking AI prompts and responses to specific code commits to preserve developer intent. The tool distinguishes itself by using Git as a primary storage layer for session metadata, utilizing shadow branches and checkpoints to track agent state without polluting the main commit log. It includes specialized capabilities for auditing AI contributions, allowing users to trace specific lines of code back to the original prompt and verify the ratio of agent versus human authorship. The software covers a broad surface of capabilities, including automated Git hook management, repository mirroring across different transports, and secret redaction via entropy analysis. It also provides observability tools for visualizing session history in the terminal, managing agent plugin discovery, and restoring session states across different Git worktrees. - [chrisk44/hijacker](https://awesome-repositories.com/repository/chrisk44-hijacker.md) (2,512 ⭐) — Hijacker is a Wi-Fi security auditing suite designed for scanning wireless networks, capturing traffic, and recovering credentials. It provides a set of tools for detecting nearby access points and clients, intercepting WPA handshakes, and recovering WPA and WEP passwords. The project features a visual security audit interface that allows for the execution of specialized tools without using a command-line terminal. It includes a dedicated WPS pin recovery tool for extracting access point pins using pixie-dust attacks via external adapters. The toolkit covers network reconnaissance, including signal strength detection and target management with MAC address aliasing. It also provides capabilities for attack simulation, such as sending spoofed deauthentication frames to disconnect clients or performing network denial-of-service tests. Additional functionality includes managing wireless hardware configurations, such as toggling monitor mode and installing chipset firmware for packet injection. - [hound-search/hound](https://awesome-repositories.com/repository/hound-search-hound.md) (5,846 ⭐) — Lightning fast code searching made easy - [bloomrpc/bloomrpc](https://awesome-repositories.com/repository/bloomrpc-bloomrpc.md) (8,998 ⭐) — BloomRPC is a graphical user interface client for discovering, testing, and querying gRPC service endpoints. It functions as an API tester that allows for sending requests and validating responses through a visual interface without the need to write manual client code. The tool supports service discovery via the gRPC reflection API or by parsing protobuf definition files to generate request and response structures. It translates human-readable JSON input into binary protobuf format and utilizes an HTTP/2 transport layer to communicate with backend services. The application provides capabilities for API exploration, service testing, and client development prototyping. It is delivered as a cross-platform desktop application. - [trufflesecurity/trufflehog](https://awesome-repositories.com/repository/trufflesecurity-trufflehog.md) (24,630 ⭐) — Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platform distinguishes itself through a privacy-focused architecture that relies on cryptographic fingerprinting to track and deduplicate findings without ever transmitting or storing raw sensitive values. It supports distributed scanning via independent agents that connect to a central dashboard, allowing for localized analysis while maintaining network isolation. Furthermore, the system provides automated incident response capabilities, including secret rotation and revocation, which help organizations minimize the window of vulnerability for compromised credentials. Beyond core detection, the project offers a broad capability surface for enterprise-wide access governance and security compliance. It includes modular detection logic for custom rule definitions, integration with external identity providers for role-based access control, and extensive monitoring across cloud storage, container infrastructure, and collaboration platforms. The system also provides detailed metadata tracing to link findings to specific users, pipelines, or commits, facilitating efficient remediation and auditability across large-scale development environments. - [kxstudio/repository](https://awesome-repositories.com/repository/kxstudio-repository.md) (0 ⭐) - [rebootuser/linenum](https://awesome-repositories.com/repository/rebootuser-linenum.md) (7,835 ⭐) — LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries and world-writable files, and the auditing of user and group permissions. The tool also performs secret scanning for private keys and cloud credentials, analyzes scheduled tasks and network services, and exports findings into text reports for offline analysis.