Sn1per
gitleaks
Our great sponsors
Sn1per | gitleaks | |
---|---|---|
5 | 35 | |
7,517 | 15,225 | |
- | 2.8% | |
6.1 | 8.2 | |
24 days ago | 7 days ago | |
Shell | Go | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Sn1per
-
Surface management tools
For now the best tool I have found is this one: https://github.com/1N3/Sn1per
-
somone please help me improving my log file nom Parser code?
Starting PostgreSQL 13 database server: main. [94m[*][0m Loaded configuration file from /usr/share/sniper/sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Loaded configuration file from /root/.sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Saving loot to /usr/share/sniper/loot/workspace/nosva [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Scanning 192.158.1.38 [94m[[0m[92mOK[0m[94m][0m [91m ____ [0m [91m _________ / _/___ ___ _____[0m [91m / ___/ __ \ / // __ \/ _ \/ ___/[0m [91m (__ ) / / // // /_/ / __/ / [0m [91m /____/_/ /_/___/ .___/\___/_/ [0m [91m /_/ [0m [93m + -- --=[ https://sn1persecurity.com[0m [93m + -- --=[ Sn1per v9.0 by u/xer0dayz[0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE WEB VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, CSP Not Enforced, http://192.158.1.38/, P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE NETWORK VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, Interesting Ports Found, 192.158.1.38, 21 8080 9090 7070 [92m====================================================================================[0 m•x[92m[2022-08-22](15:56)[0mx• ==================================================================================== •?((¯°·..• Sc0pe Vulnerability Report by u/xer0dayz •._.·°¯))؟• ==================================================================================== Critical: 0 High: 1 Medium: 0 Low: 1 Info: 2 Score: 8 ==================================================================================== P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38:80/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, ==================================================================================== [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m SCAN COMPLETE! [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx•
-
Are there any good automated attack tools besides Pentera?
Sn1per https://github.com/1N3/Sn1per
-
Tools for github recon?
Sniper All-in-one Pentesting tool
-
WebMap : A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
This is awesome you have made your own tool a feat I have yet to do. If you are looking for pen-test automation you should check out Sn1per I love this tool.
gitleaks
-
How to use Lefthooks in your node project?
install gitleaks in your machine gitleaks
-
I Analyzed StackOverflow for Secrets
> gitleaks : fatal error: runtime: out of memory
Should be fixed now: https://github.com/gitleaks/gitleaks/pull/1292. Thanks for highlighting this simple change I've been putting off :)
-
[Help Needed] Securing Customized Gitleaks and Backend Communication?
I work in IT and we're enhancing our 'Shift Left Security' approach to prevent sensitive data leaks in our GitHub repositories. We've customized Gitleaks to send git-related information (like remote repository, author details, commit hash etc.) to our backend after each commit. This setup helps us monitor Gitleaks usage among our developers. (gitleaks)
-
Go Security Scanner
Cool. What features/capabilities are different compared to gitleaks?
-
My boss keeps committing his creds into git
To add my anecdote, testing out Trufflehog versus Gitleaks and detect-secrets the other tools seemed superior on detection rate and easier to work with.
-
Tools for very basic security audits
Some tools to consider: Gitleaks - open-source secret scanner for git repositories, files, and directories. Retire.js - dependency check tool for client JS code. Censys - It’s a search engine that you can use, for example, to scan any IP address and check open ports, software versions, location of the servers, etc. If you want to check more tools, you can download this free ebook with a list of recommended security tools: https://brightinventions.pl/blog/app-security-free-ebook/ The listed tools are free or offer free trials.
-
About secret scanning
bonuses: - https://github.com/trufflesecurity/trufflehog - https://github.com/gitleaks/gitleaks
-
Someone has access to my private repos = I lost 140k
I GET IT I need to follow best practice and not upload any sensitive information, even if its a private repo. But through my 10 yeras of coding it happened twice. However these keys only lived in 2 areas: my laptop and GITHUB. My laptop is pretty secured, and the timing of the above events just make me really think someone internally at Github is running https://github.com/gitleaks/gitleaks on private repos he / she has access to.
-
any open source that checks security vulnerabilities in code?
Maybe https://github.com/gitleaks/gitleaks is what you are looking for
-
Securing the software supply chain in the cloud
Gitleaks
What are some alternatives?
rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
trufflehog - Find and verify credentials
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Vulnnr - Vulnnr - Vulnerability Scanner And Mass Exploiter, created for pentesting.
git-secrets - Prevents you from committing secrets and credentials into git repositories
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
GhostRecon - Popular OSINT framework. Works fine with kali linux and other Debian-based systems. Coded this as a teen, so not really reliable for real researches.
husky - git hooks made easy
LazyRecon - An automated approach to performing recon for bug bounty hunting and penetration testing.
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.