Gitleaks - Searches full repo history for secrets and keys

  •        83

Gitleaks audits local and remote repos by running regex checks against all commits.

https://github.com/zricethezav/gitleaks

Tags
Implementation
License
Platform

   




Related Projects

qark - Tool to look for several security related Android application vulnerabilities


Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.

Debian rough audits


Reports from security audit tools run on source code and other material in the Debian project along with notes. This is a stalled project. Other related projects include http://www.debian.org/security/audit/

brakeman - A static analysis security vulnerability scanner for Ruby on Rails applications


Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities. Check out Brakeman Pro if you are looking for a commercially-supported version with a GUI and advanced features.

Watcher: Web security testing tool and passive vulnerability scanner


A Fiddler plugin that passively checks web application's for a variety of security issues. Watcher acts as assistant to the web developer, tester, or security auditor, by quickly identifying real issues and hot-spots that commonly lead to security problems in web apps.

dawnscanner - Dawn is a static analysis security scanner for ruby written web applications


dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner version 1.6.6 has 235 security checks loaded in its knowledge base. Most of them are CVE bulletins applying to gems or the ruby interpreter itself. There are also some check coming from Owasp Ruby on Rails cheatsheet.


w3af - Web Application Attack and Audit Framework


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

Search Guard - Rock solid Elasticsearch security on all levels


Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

Wapiti - Web application vulnerability scanner / security auditor


Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. It is able to differentiate ponctual and permanent XSS vulnerabilities.

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)


This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

Network Security Toolkit (NST)


Network Security Toolkit (NST) is a bootable ISO image (Live DVD) based on Fedora 18 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanc

Nmap Parser


An nmap output parser for scan data using PERL. Nmap Parser is a PERL module that makes developing security and audit tools using nmap and PERL easier. nmap is one of the best security scanners.

Network Config Audit Tool


The goal of this project is to produce practical tools to assist network administraotr, network security practitioners and other interested parties in auditing security settings of routers and other network infrastructure devices.

Opa - Elegant language for Web


Opa is a concise and elegant language for writing scalable and distributed web applications. Opa pushes boundaries of the state of the art in web security by making its application immune to XSS attacks, SQL injections and more. Opa is designed to get you to your finished app faster, concentrating only on the interesting parts, without the hassle of writing the glue or of using a programming language against its original design.

UserUnlock


Allows standard users to unlock a locked windows workstation!

Ranger - Manage Data Security across the Hadoop Platform


Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. It provides centralized security administration to manage all security related tasks in a central UI or using REST APIs, Fine grained authorization, Centralize auditing of user access within Apache Hadoop, Apache Hive, Apache HBase and other Apache components.

Audit Test Project


audit-test is a test suite designed to provide automated testing for the light-weight audit framework that first appeared in the 2.6.4 kernel. It has been used regularly since RHEL4 and has most recently been updated for RHEL6.3 and SLES11. The test suite now covers functionality beyond audit and includes the automated tests required for the BSI OSPP, including labeled security and virtualization.

Automated Security Tools


Automated Security Tools (autosec) aims to provide automatic tools which network administrators may use to help check and test the security of their network.

SQL Server Label Security Toolkit


The Label Security Toolkit provides tools and techniques for using Microsoft® SQL Server (versions 2005 through 2012) to implement row-level security (RLS) and cell-level security (CLS) based on security labels. The major components of the Toolkit are: • The Label Polic...

inspec - InSpec: Auditing and Testing Framework


InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

bettercap - A complete, modular, portable and easily extensible MITM framework.


bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. All dependencies will be automatically installed through the RubyGems system but in some cases you might need to install some system dependency in order to make everything work.