A vast collection of security tools for bug bounty, pentest and red teaming

#codeanalysis

ggshield on offsec.tools
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

GitHacker on offsec.tools
GitHacker

A Git source leak exploit tool that restores the entire Git repository, including data from stash.

Nosey Parker on offsec.tools
Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

Mosca on offsec.tools
Mosca

Manual search tool to find bugs like a grep unix command.

EarlyBird on offsec.tools
EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

detect-secrets on offsec.tools
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

drek on offsec.tools
drek

A static-code-analysis tool for performing security-focused code reviews.

Sourcegraph on offsec.tools
Sourcegraph

Search millions of open source repositories.

localdataHog on offsec.tools
localdataHog

String-based secret-searching tool, high entropy and regexes.

StaCoAn on offsec.tools
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Yet Another Robber on offsec.tools
Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

Whispers on offsec.tools
Whispers

Identify hardcoded secrets in static structured text.

TruffleHog on offsec.tools
TruffleHog

Find credentials all over the place.