rgmz
Follow
Secrets
Examples of Custom Secret Scanning Patterns
Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
Provides a consistent API around some existing scanning tools to integrate them with the rest of the tool kit
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
Things that would cause a git leaks scan to freak out
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
Scanning APK file for URIs, endpoints & secrets.
Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
Identify hardcoded secrets in static structured text (version 2)
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, col…
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
A command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
CredSweeper is a tool to detect credentials in any directories or files. CredSweeper could help users to detect unwanted exposure of credentials (such as token, passwords, api keys etc.) in advance…
list of regex patterns for oauth / api tokens with provided source
Find, verify, and analyze leaked credentials
Some usefull Scripts and Executables for Pentest & Forensics
Find secrets in orphaned and dangling commits