#secrets

Nuclei templates
sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

LeakLooker-X
featured
LeakLooker-X

Discover, browse and monitor database/source code leaks.

LEAKEY
LEAKEY

Bash script which checks and validates for leaked credentials.

HARpwn
HARpwn

Designed to streamline the extraction and sanitization of HARTokens from HTTP archives.

Porch-Pirate
Porch-Pirate

The most comprehensive Postman recon / OSINT client and framework.

DeepSecrets
DeepSecrets

Secrets scanner that understands code.

postleaks
postleaks

Search for sensitive data in Postman public library.

gittyleaks
gittyleaks

Find sensitive information for a git repo.

sonarqube
sonarqube

Continuous inspection.

Semgrep
Semgrep

Lightweight static analysis for many languages.

MapperPlus
MapperPlus

An advanced source map extractor based on headless browser.

GSIL
GSIL

GitHub Sensitive Information Leakage.

MANSPIDER
MANSPIDER

Spider entire networks for juicy files sitting on SMB shares.

OpenBuckets
OpenBuckets

Online platform for finding open buckets in cloud storage systems effortlessly.

BucketLoot
BucketLoot

An automated S3-compatible bucket inspector.

sourcemapper
sourcemapper

Extract JavaScript source trees from source map files.

HasMySecretLeaked
HasMySecretLeaked

Search across 20 million exposed secrets in public GitHub repositories, gists, issues and comments.

Redacted Request
Redacted Request

Enhance the security and confidentiality of HTTP request handling within the Burp Suite.

jsluice
jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

Pspy
Pspy

Unprivileged Linux process snooping.

SMBAT
SMBAT

Find secrets in file and secret files among the SMB target shares.

APKLeaks
APKLeaks

Scanning APK file for URIs, endpoints & secrets.

subjs
subjs

Fetches javascript file from a list of URLS or subdomains.

HackBrowserData
HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser.

murphysec
murphysec

An open source tool focused on software supply chain security.

repo-supervisor
repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets.

talisman
talisman

Validate the outgoing changeset for things that look suspicious such as tokens, passwords and keys.

git-secrets
git-secrets

Prevents you from committing secrets and credentials into git repositories.

postmaniac
postmaniac

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.

Blacklist3r
Blacklist3r

Identify usage of pre-shared Machine Keys in a application for encryption and decryption.

badsecrets
badsecrets

A library for detecting known secrets across many web frameworks.

google-authenticator-exporter
google-authenticator-exporter

Get the TOTP secrets exported by Google Authenticator.

vcsmap
vcsmap

Plugin-based tool to scan public version control systems for sensitive information.

MicroBurst
MicroBurst

A collection of scripts for assessing Microsoft Azure security.

Invoke-PowerThIEf
Invoke-PowerThIEf

An Internet Explorer post exploitation library.

jsleak
jsleak

Find secrets, paths or links in the source code.

keyhacks.sh
keyhacks.sh

Automation of tokens/api keys testing.

github-regexp
github-regexp

Basically a regexp over a GitHub search.

SecretFinder
SecretFinder

SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.

mimikittenz
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

dumpcreds
dumpcreds

May be used to extract various credentials from running processes.

AWSloot
AWSloot

Pull secrets from an AWS environment.

gitleaks
gitleaks

Protect and discover secrets using Gitleaks.

ggshield
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

Nosey Parker
Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

detect-secrets
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

EarlyBird
EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

Mosca
Mosca

Manual search tool to find bugs like a grep unix command.

Aranea
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

AdvancedKeyHacks
AdvancedKeyHacks

API key/token exploitation made easy.

grep.app
grep.app

Searches code from over a half million public repositories on GitHub.

Sourcegraph
Sourcegraph

Search millions of open source repositories.

Firebase-Extractor
Firebase-Extractor

A tool written in python for scraping firebase data.

padding-oracle-attacker
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

PCredz
PCredz

This tool extracts secrets from a pcap file or from a live interface.

Slack Watchman
Slack Watchman

Monitoring your Slack workspaces for sensitive informations.

localdataHog
localdataHog

String-based secret-searching tool, high entropy and regexes.

git-wild-hunt
git-wild-hunt

A tool to hunt for credentials in GitHub wild AKA git*hunt.

Shotlooter
Shotlooter

Find sensitive data inside the screenshots uploaded to prnt.sc.

Hamburglar
Hamburglar

Collect useful information from urls, directories, and files.

Photon
Photon

Incredibly fast crawler designed for OSINT.

Hawkeye
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

StaCoAn
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Sniff-Paste
Sniff-Paste

Pastebin OSINT harvester.

archaeologit
archaeologit

Scans the history of GitHub repositories to find sensitive things.

Betterscan
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Hackingtool
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

cariddi
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

git-all-secrets
git-all-secrets

Capture all the git secrets by leveraging multiple open source git searching tools.

GitGot
GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

Gitrob
Gitrob

Reconnaissance tool for GitHub organizations.

GitMiner
GitMiner

Tool for advanced mining for content on Github.

Rusty Hog
Rusty Hog

A suite of secret scanners built in Rust for performance.

Whispers
Whispers

Identify hardcoded secrets in static structured text.

Yet Another Robber
Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

dufflebag
dufflebag

Search exposed EBS volumes for secrets.

secret-bridge
secret-bridge

Monitors Github for leaked secrets.

GitHunter
GitHunter

A tool for searching a Git repository for interesting content.

MSDorkDump
MSDorkDump

Google Dork File Finder.

JS-Scan
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

steghide
steghide

Steganography program that hides secrets in the least significant bits of a file.

DataExtractor
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

SecretMagpie
SecretMagpie

Secret Detection Tool.

BFAC
BFAC

Check for backup artifacts that may disclose the web-application's source code.

gf
gf

A wrapper around grep to avoid typing common patterns.

shhgit
shhgit

Secrets detection for your GitHub, GitLab and Bitbucket repositories.

gitGraber
gitGraber

Monitor GitHub to search and find sensitive data in real time.

DumpsterDiver
DumpsterDiver

Tool to search secrets in various filetypes.

fuzzuli
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

TruffleHog
TruffleHog

Find credentials all over the place.