SecretScanner Logo

SecretScanner

0
Free
Visit Website

SecretScanner is a standalone tool that retrieves and searches container and host filesystems, matching the contents against a database of approximately 140 secret types. It can find unprotected secrets in container images or file systems. Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud based services), applications, storage, databases and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key etc. are secrets. Secrets should be strictly kept private. However, sometimes attackers can easily access secrets due to flawed security policies or inadvertent mistakes by developers.

FEATURES

ALTERNATIVES

A tool that uses NLP and ML to identify potential software vulnerabilities from git commit messages

A list of vulnerable applications for testing and learning

Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.

An open source project for static analysis of vulnerabilities in application containers

A tool to capture all the git secrets by leveraging multiple open source git searching tools.

XGuardian XARA Security Scanner for OSX with URL scheme, Bundle ID, and keychain hijack checks.

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

A collection of resources for securing AWS environments using the CIS Amazon Web Services Foundations Benchmark 1.1