Keyscope
✅ Automate your key and secret validation workflows 🤠 Over 30 different providers 🤖 Export to JSON, audit via CSV 🔑 Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust, powered by service_policy_kit. Current workflows supported: Validation 🦀 Why Rust? With Rust, "If it compiles, it works." and also, it compiles to many platforms. Rust is fast, has no VM, or unnecessary cruft (typically 5-8mb binaries with LOTS of code and libraries). Multi purpose, safe, and generalistic - makes for healthy and expressive mission critical code. Adding code or abstraction doesn't increase bloat, doesn't hurt performance, doesn't increase chance for bugs in a radical way (less edge cases). Amazing package manager: Cargo. Productive installing and running of tasks and examples. Rust is getting headlines in the security community as the go-to language for security tools. Equally interesting is offensive security + Rust here and here. 🚀 Quick Start Grab a release from releases, or install via Homebrew: brew tap spectralops/tap && brew install keyscope Using keyscope You can try out validating a key for a provider, say, Github (assuming the key is in the GIT
FEATURES
ALTERNATIVES
AWS IAM Access Analyzer is a tool for implementing and maintaining least privilege access in AWS environments through automated analysis and validation of IAM policies and permissions.
DumpsterDiver is a tool for analyzing big volumes of data to find hardcoded secrets like keys and passwords.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
An attacker can create a new IAM policy version and set it as the default version without requiring the iam:SetDefaultPolicyVersion permission.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.