A vast collection of security tools for bug bounty, pentest and red teaming

#secrets

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

github-regexp on offsec.tools
github-regexp

Basically a regexp over a GitHub search.

SecretFinder on offsec.tools
SecretFinder

SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.

mimikittenz on offsec.tools
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

dumpcreds on offsec.tools
dumpcreds

May be used to extract various credentials from running processes.

AWSloot on offsec.tools
AWSloot

Pull secrets from an AWS environment.

#aws   #cloud   #secrets  

ggshield on offsec.tools
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

Nosey Parker on offsec.tools
Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

Mosca on offsec.tools
Mosca

Manual search tool to find bugs like a grep unix command.

EarlyBird on offsec.tools
EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

detect-secrets on offsec.tools
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

Aranea on offsec.tools
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

LeakLooker-X on offsec.tools
LeakLooker-X

Discover, browse and monitor database/source code leaks.

AdvancedKeyHacks on offsec.tools
AdvancedKeyHacks

API Key/Token Exploitation Made easy.

padding-oracle-attacker on offsec.tools
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

Firebase-Extractor on offsec.tools
Firebase-Extractor

A tool written in python for scraping firebase data.

Sourcegraph on offsec.tools
Sourcegraph

Search millions of open source repositories.

grep.app on offsec.tools
grep.app

Searches code from over a half million public repositories on GitHub.

PCredz on offsec.tools
PCredz

This tool extracts secrets from a pcap file or from a live interface.

Slack Watchman on offsec.tools
Slack Watchman

Monitoring your Slack workspaces for sensitive informations.

localdataHog on offsec.tools
localdataHog

String-based secret-searching tool, high entropy and regexes.

git-wild-hunt on offsec.tools
git-wild-hunt

A tool to hunt for credentials in GitHub wild AKA git*hunt.

Shotlooter on offsec.tools
Shotlooter

Find sensitive data inside the screenshots uploaded to prnt.sc.

Hamburglar on offsec.tools
Hamburglar

Collect useful information from urls, directories, and files.

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

Sniff-Paste on offsec.tools
Sniff-Paste

Pastebin OSINT harvester.

StaCoAn on offsec.tools
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Hawkeye on offsec.tools
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

archaeologit on offsec.tools
archaeologit

Scans the history of GitHub repositories to find sensitive things.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

GitHunter on offsec.tools
GitHunter

A tool for searching a Git repository for interesting content.

#git   #secrets  

secret-bridge on offsec.tools
secret-bridge

Monitors Github for leaked secrets.

dufflebag on offsec.tools
dufflebag

Search exposed EBS volumes for secrets.

#aws   #cloud   #ebs   #elastic   #secrets  

Yet Another Robber on offsec.tools
Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

Whispers on offsec.tools
Whispers

Identify hardcoded secrets in static structured text.

Rusty Hog on offsec.tools
Rusty Hog

A suite of secret scanners built in Rust for performance.

GitMiner on offsec.tools
GitMiner

Tool for advanced mining for content on Github.

Gitrob on offsec.tools
Gitrob

Reconnaissance tool for GitHub organizations.

git-all-secrets on offsec.tools
git-all-secrets

Capture all the git secrets by leveraging multiple open source git searching tools.

GitGot on offsec.tools
GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

MSDorkDump on offsec.tools
MSDorkDump

Google Dork File Finder.

JS-Scan on offsec.tools
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

steghide on offsec.tools
steghide

Steganography program that hides secrets in the least significant bits of a file.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

SecretMagpie on offsec.tools
SecretMagpie

Secret Detection Tool.

BFAC on offsec.tools
BFAC

Check for backup artifacts that may disclose the web-application's source code.

gf on offsec.tools
gf

A wrapper around grep to avoid typing common patterns.

gitGraber on offsec.tools
gitGraber

Monitor GitHub to search and find sensitive data in real time.

shhgit on offsec.tools
shhgit

Secrets detection for your GitHub, GitLab and Bitbucket repositories.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.

TruffleHog on offsec.tools
TruffleHog

Find credentials all over the place.