tartufo
oxo
tartufo | oxo | |
---|---|---|
4 | 3 | |
389 | 384 | |
2.1% | 0.8% | |
6.1 | 9.8 | |
21 days ago | 3 days ago | |
Python | Python | |
GNU General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tartufo
- Show HN: Tartufo, the godaddy Git secrets linter
- GitHub Access Token Exposure
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
You could set up something like https://github.com/godaddy/tartufo in a pre-commit hook. Not sure if github has a way to hook into the push hooks on server side, they might though.
- Tartufo – effective finds secrets accidentally committed
oxo
-
Open-Source Detector of CISA's Known Exploitable Vulnerabilities
That repo also has no license information that I can tell, although the pip install is Apache 2 <https://github.com/Ostorlab/ostorlab#readme>
- Open-Source Distributed Security Scanning Platform
-
Is this tool worth it ?
A few days ago, they announced they went open-source, I gave it a try and it looks cool. I run a network scan with multiple tools at the same time(nmap,tsunami,nuclei) and got back a full report with just a few commands.
What are some alternatives?
deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
snoop - Snoop — инструмент разведки на основе открытых данных (OSINT world)
secrets - A command-line tool to prevent committing secret keys into your source code [Moved to: https://github.com/sirwart/ripsecrets]
rapidscan - :new: The Multi-Tool Web Vulnerability Scanner.
whispers - Identify hardcoded secrets in static structured text
malwarescanner - Simple Malware Scanner written in python
kscp - Kubernetes Secrets Control Plane
xssmap - Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
gitleaks - Protect and discover secrets using Gitleaks 🔑
kcare-uchecker - A simple tool to detect outdated shared libraries
leaky-repo - Benchmarking repo for secrets scanning
agent_metasploit - Agent metasploit