#secrets

Nuclei templates on offsec.tools
Sponsor
Nuclei templates

Community curated list of templates for the Nuclei engine to find security vulnerabilities.

gf on offsec.tools
Featured
gf

A wrapper around grep to avoid typing common patterns.

jsluice on offsec.tools
jsluice

Extract URLs, paths, secrets, and other interesting bits from JavaScript.

Pspy on offsec.tools
Pspy

Unprivileged Linux process snooping.

APKLeaks on offsec.tools
APKLeaks

Scanning APK file for URIs, endpoints & secrets.

subjs on offsec.tools
subjs

Fetches javascript file from a list of URLS or subdomains.

HackBrowserData on offsec.tools
HackBrowserData

Decrypt passwords/cookies/history/bookmarks from the browser.

murphysec on offsec.tools
murphysec

An open source tool focused on software supply chain security.

repo-supervisor on offsec.tools
repo-supervisor

Scan your code for security misconfiguration, search for passwords and secrets.

talisman on offsec.tools
talisman

Validate the outgoing changeset for things that look suspicious such as tokens, passwords and keys.

git-secrets on offsec.tools
git-secrets

Prevents you from committing secrets and credentials into git repositories.

postmaniac on offsec.tools
postmaniac

Postman OSINT tool to extract creds, token, username, email & more from Postman Public Workspaces.

Blacklist3r on offsec.tools
Blacklist3r

Identify usage of pre-shared Machine Keys in a application for encryption and decryption.

badsecrets on offsec.tools
badsecrets

A library for detecting known secrets across many web frameworks.

google-authenticator-exporter on offsec.tools
google-authenticator-exporter

Get the TOTP secrets exported by Google Authenticator.

vcsmap on offsec.tools
vcsmap

Plugin-based tool to scan public version control systems for sensitive information.

MicroBurst on offsec.tools
MicroBurst

A collection of scripts for assessing Microsoft Azure security.

Invoke-PowerThIEf on offsec.tools
Invoke-PowerThIEf

An Internet Explorer post exploitation library.

jsleak on offsec.tools
jsleak

Find secrets, paths or links in the source code.

keyhacks.sh on offsec.tools
keyhacks.sh

Automation of tokens/api keys testing.

github-regexp on offsec.tools
github-regexp

Basically a regexp over a GitHub search.

SecretFinder on offsec.tools
SecretFinder

SecretFinder is a script based on LinkFinder, written to find sensitive data in JavaScript files.

mimikittenz on offsec.tools
mimikittenz

A post-exploitation powershell tool for extracting juicy info from memory.

dumpcreds on offsec.tools
dumpcreds

May be used to extract various credentials from running processes.

AWSloot on offsec.tools
AWSloot

Pull secrets from an AWS environment.

gitleaks on offsec.tools
gitleaks

Protect and discover secrets using Gitleaks.

ggshield on offsec.tools
ggshield

Find multiple types of hardcoded secrets & types of infrastructure-as-code misconfigurations.

Nosey Parker on offsec.tools
Nosey Parker

Command-line tool that finds secrets and sensitive information in textual data and Git history.

detect-secrets on offsec.tools
detect-secrets

An enterprise friendly way of detecting and preventing secrets in code.

EarlyBird on offsec.tools
EarlyBird

Sensitive data detection tool capable of scanning source code repositories.

Mosca on offsec.tools
Mosca

Manual search tool to find bugs like a grep unix command.

Aranea on offsec.tools
Aranea

OSINT tool used for web crawling or examining JavaScript files for likely useful data.

AdvancedKeyHacks on offsec.tools
AdvancedKeyHacks

API key/token exploitation made easy.

LeakLooker-X on offsec.tools
LeakLooker-X

Discover, browse and monitor database/source code leaks.

grep.app on offsec.tools
grep.app

Searches code from over a half million public repositories on GitHub.

Sourcegraph on offsec.tools
Sourcegraph

Search millions of open source repositories.

Firebase-Extractor on offsec.tools
Firebase-Extractor

A tool written in python for scraping firebase data.

padding-oracle-attacker on offsec.tools
padding-oracle-attacker

Execute padding oracle attacks with support for concurrent network requests and an elegant UI.

PCredz on offsec.tools
PCredz

This tool extracts secrets from a pcap file or from a live interface.

Slack Watchman on offsec.tools
Slack Watchman

Monitoring your Slack workspaces for sensitive informations.

localdataHog on offsec.tools
localdataHog

String-based secret-searching tool, high entropy and regexes.

git-wild-hunt on offsec.tools
git-wild-hunt

A tool to hunt for credentials in GitHub wild AKA git*hunt.

Shotlooter on offsec.tools
Shotlooter

Find sensitive data inside the screenshots uploaded to prnt.sc.

Hamburglar on offsec.tools
Hamburglar

Collect useful information from urls, directories, and files.

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

Hawkeye on offsec.tools
Hawkeye

Filesystem analysis tool/directory looking for interesting stuff.

StaCoAn on offsec.tools
StaCoAn

Crossplatform tool which help to perform static code analysis on mobile applications.

Sniff-Paste on offsec.tools
Sniff-Paste

Pastebin OSINT harvester.

archaeologit on offsec.tools
archaeologit

Scans the history of GitHub repositories to find sensitive things.

Betterscan on offsec.tools
Betterscan

Code Scanning/SAST/static analysis/linting using many tools/scanners with one report.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

cariddi on offsec.tools
cariddi

Crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more.

git-all-secrets on offsec.tools
git-all-secrets

Capture all the git secrets by leveraging multiple open source git searching tools.

GitGot on offsec.tools
GitGot

Rapidly search through troves of public data on GitHub for sensitive secrets.

Gitrob on offsec.tools
Gitrob

Reconnaissance tool for GitHub organizations.

GitMiner on offsec.tools
GitMiner

Tool for advanced mining for content on Github.

Rusty Hog on offsec.tools
Rusty Hog

A suite of secret scanners built in Rust for performance.

Whispers on offsec.tools
Whispers

Identify hardcoded secrets in static structured text.

Yet Another Robber on offsec.tools
Yet Another Robber

Yar is a tool for plunderin' organizations, users and/or repositories...

dufflebag on offsec.tools
dufflebag

Search exposed EBS volumes for secrets.

secret-bridge on offsec.tools
secret-bridge

Monitors Github for leaked secrets.

GitHunter on offsec.tools
GitHunter

A tool for searching a Git repository for interesting content.

MSDorkDump on offsec.tools
MSDorkDump

Google Dork File Finder.

JS-Scan on offsec.tools
JS-Scan

A .js scanner, built in PHP, designed to scrape urls and other info.

steghide on offsec.tools
steghide

Steganography program that hides secrets in the least significant bits of a file.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

SecretMagpie on offsec.tools
SecretMagpie

Secret Detection Tool.

BFAC on offsec.tools
BFAC

Check for backup artifacts that may disclose the web-application's source code.

shhgit on offsec.tools
shhgit

Secrets detection for your GitHub, GitLab and Bitbucket repositories.

gitGraber on offsec.tools
gitGraber

Monitor GitHub to search and find sensitive data in real time.

DumpsterDiver on offsec.tools
DumpsterDiver

Tool to search secrets in various filetypes.

fuzzuli on offsec.tools
fuzzuli

Find critical backup files by creating a dynamic wordlist based on the domain.

TruffleHog on offsec.tools
TruffleHog

Find credentials all over the place.