SecretScanner – Find Secrets And Passwords In Container Images And File Systems

Deepfence SecretScanner can find any potential secrets in container images or file systems. What are Secrets? Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud based services), applications, storage, databases and other kinds of critical data for an organization.Read More

ApkLeaks – Scanning APK File For URIs, Endpoints And Secrets

Scanning APK file for URIs, endpoints & secrets. Installation To install apkLeaks, simply: $ git clone https://github.com/dwisiswant0/apkleaks$ cd apkleaks/$ pip install -r requirements.txt Or download at release tab. Dependencies This package works in Python2 (not Python3). Install global packages: Linux $ sudo apt-get install libssl-dev swig -y OSX $ brew install openssl swig Windows YouRead More

GitDorker – A Tool To Scrape Secrets From GitHub Through Usage Of A Large Repository Of Dorks

GitDorker is a tool that utilizes the GitHub Search API and an extensive list of GitHub dorks that I’ve compiled from various sources to provide an overview of sensitive information stored on github given a search query. The Primary purpose of GitDorker is to provide the user with a clean and tailored attack surface toRead More

SharpSecDump – .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket’S Secretsdump.Py

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket’s secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against 🙂 Usage SharpSecDump.exe -target=192.168.1.15 -u=admin -p=Password123 -d=test.local Required Flags -target – Comma seperated list of IP’s / hostnamesRead More

Stegcloak – Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords

StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and encrypting with Zero Width Characters. It can be used to safely watermark strings, invisible scripts on webpages, texts on social media or for any other covert communication. Completely invisible!. See how it works in-depth hereRead More

Vault – A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management

Please note: We take Vault’s security and our users’ trust very seriously. If you believe you have found a security issue in Vault, please responsibly disclose by contacting us at [email protected] Website: https://www.vaultproject.io IRC: #vault-tool on Freenode Announcement list: Google Groups Discussion list: Google Groups Documentation: https://www.vaultproject.io/docs/ Tutorials: HashiCorp’s Learn Platform Certification Exam: Vault AssociateRead More

Guardedbox – Online Client-Side Manager For Secure Storage And Secrets Sharing

GuardedBox is an open-source online client-side manager for secure storage and secrets sharing.It allows users to upload secrets to a centralized server and retrieve them at anytime and from anywhere. It also allows users to share their secrets with other users, individually or via groups.Secrets are stored encrypted server-side. The encryption is performed client-side byRead More

Dufflebag – Search Exposed EBS Volumes For Secrets

Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around!The tool is organized as an Elastic Beanstalk (“EB”, not to be confused with EBS) application, and definitely won’t work ifRead More

X