xssmap
tartufo
xssmap | tartufo | |
---|---|---|
1 | 4 | |
144 | 459 | |
2.1% | 0.2% | |
10.0 | 6.2 | |
almost 2 years ago | 2 months ago | |
Python | Python | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xssmap
-
Docker explained for pentesters
Let's take a look at an example. We assume that we want to create an environment to automate several tools, including xira. The contents of the directory holding our scripts:
tartufo
- Show HN: Tartufo, the godaddy Git secrets linter
- GitHub Access Token Exposure
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
You could set up something like https://github.com/godaddy/tartufo in a pre-commit hook. Not sure if github has a way to hook into the push hooks on server side, they might though.
- Tartufo – effective finds secrets accidentally committed
What are some alternatives?
dheater - D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)
whispers - Identify hardcoded secrets in static structured text
embark - EMBArk - The firmware security scanning environment
deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
oxo - OXO is a security scanning orchestrator for the modern age.
leaky-repo - Benchmarking repo for secrets scanning
masscan_as_a_service - masscan as a service
secrets - A command-line tool to prevent committing secret keys into your source code [Moved to: https://github.com/sirwart/ripsecrets]
bandit - Bandit is a tool designed to find common security issues in Python code.
kscp - Kubernetes Secrets Control Plane
gitleaks - Protect and discover secrets using Gitleaks 🔑
Pathfinder - Search Strategy analysis and more for spatial navigation data in rodents