OSINT-Framework
shhgit
OSINT-Framework | shhgit | |
---|---|---|
6 | 7 | |
6,740 | 3,789 | |
3.1% | - | |
7.1 | 0.0 | |
16 days ago | 9 months ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OSINT-Framework
-
Maintained version of OSINT framework
Well I wouldn’t say it’s bad there are still a ton of resources on it that work, it’s not updated on a regular basis, but you can check out the GitHub for it here to see what has been updated: https://github.com/lockfale/OSINT-Framework
- Opsec for the Tran-Gun Enthusiaist
- A collection of several hundred online tools for OSINT
-
Awesome Hacker Search Engines
Might make more sense to add to an existing project like https://github.com/lockfale/osint-framework which has a fairly easy to use interface at https://osintframework.com/
- Best OSINT TOOLS For people search
-
nasıl hacker olabilirim
birde bunu nasıl kullanıcam https://github.com/lockfale/OSINT-Framework
shhgit
- Tencent WeChat is now a GitHub secret scanning partner
- Why do people use plain text for usernames and passwords on Github? A cautionary tale.
-
Searching across github
Shhgit is a really neat tool for this
- Around 50,000 GitHub credentials leaked as metadata inside commits
-
TruffleHog v3 – Detect and automatically verify over 600 credential types
There are a lot of secret detection tools out there. It probably is going to depend a lot on the specific features you care about. I personally really like shhgit[0] which is MIT licensed and is the tool I've found to most match my workflows.
[0]: https://github.com/eth0izzle/shhgit
-
My MetaMask Private Keys Stolen from GitHub Private Repo in 1 Hour
Assuming that the person you were working with didn't drain your wallet, there are many tools which can be used to actively monitor for commits being done on GitHub with secrets of sort.
The first one that comes to my mind is shhgit (https://github.com/eth0izzle/shhgit)
Anyone can self host it and then add multiple GitHub Dev keys to it. Then this can be used to monitor GitHub commits being done, majority of which can be categorized as "secrets".
- Ask HN: What are the best automated tools for keeping credentials out of GitHub?
What are some alternatives?
rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
git-secrets - Prevents you from committing secrets and credentials into git repositories
social-analyzer - API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
trufflehog - Find and verify secrets
sn0int - Semi-automatic OSINT framework and package manager
gitleaks - Protect and discover secrets using Gitleaks 🔑
GhostRecon - Popular OSINT framework. Works fine with kali linux and other Debian-based systems. Coded this as a teen, so not really reliable for real researches.
opencti - Open Cyber Threat Intelligence Platform
spiderfoot - SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
detect-secrets - A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
querytool - Querytool is an OSINT framework based on Google Spreadsheet. With this tool you can perform complex search of terms, people, email addresses, files and many more.
automerge-action - GitHub action to automatically merge pull requests that are ready