Gitleaks - Searches full repo history for secrets and keys

  •        85

Gitleaks audits local and remote repos by running regex checks against all commits.

https://github.com/zricethezav/gitleaks

Tags
Implementation
License
Platform

   




Related Projects

Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing


A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags. This tool is based heavily upon the work made public in Mike Czumak's (T_v3rn1x) OSCP review (link) along with considerable influence and code taken from Re4son's mix-recon (link). Virtual host scanning is originally adapted from teknogeek's work which is heavily influenced by jobertabma's virtual host discovery script (link). Further Virtual Host scanning code has been adapted from a project by Tim Kent and I, available here (link).

NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.


NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database. Originally authored by @tcsstool and now maintained by @codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".

qark - Tool to look for several security related Android application vulnerabilities


Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.

VHostScan - A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages


A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. First presented at SecTalks BNE in September 2017 (slidedeck). Dependencies will then be installed and VHostScan will be added to your path. If there is an issue regarding running python3 setup.py build_ext, you will need to reinstall numpy using pip uninstall numpy and pip install numpy==1.12.0. This should resolve the issue as there are sometimes issues with numpy being installed through setup.py.


Debian rough audits


Reports from security audit tools run on source code and other material in the Debian project along with notes. This is a stalled project. Other related projects include http://www.debian.org/security/audit/

aircrack-ng - WiFi security auditing tools suite


Aircrack-ng is a complete suite of tools to assess WiFi network security. All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications


Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.

Watcher: Web security testing tool and passive vulnerability scanner


A Fiddler plugin that passively checks web application's for a variety of security issues. Watcher acts as assistant to the web developer, tester, or security auditor, by quickly identifying real issues and hot-spots that commonly lead to security problems in web apps.

dawnscanner - Dawn is a static analysis security scanner for ruby written web applications


dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner version 1.6.6 has 235 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.

w3af - Web Application Attack and Audit Framework


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

Wapiti - Web application vulnerability scanner / security auditor


Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)


This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

Search Guard - Elasticsearch plugin that offers encryption, authentication, and authorisation


Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

mysql-audit - AUDIT Plugin for MySQL


A MySQL plugin from McAfee providing audit capabilities for MySQL, designed with an emphasis on security and audit requirements. The plugin may be used as a standalone audit solution or configured to feed data to external monitoring tools. If reporting a bug, please describe the problem verbosely. Try to see if it reproduces and include a detailed description on how to reproduce.

arachni - Web Application Security Scanner Framework


Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

Network Security Toolkit (NST)


Network Security Toolkit (NST) is a bootable ISO image (Live DVD) based on Fedora 18 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanc

Nmap Parser


An nmap output parser for scan data using PERL. Nmap Parser is a PERL module that makes developing security and audit tools using nmap and PERL easier. nmap is one of the best security scanners.

Network Config Audit Tool


The goal of this project is to produce practical tools to assist network administraotr, network security practitioners and other interested parties in auditing security settings of routers and other network infrastructure devices.