Kali
Source Code Management Attack Toolkit – SCMKit is a toolkit that can be used to attack SCM systems. SCMKit allows the user to specify the SCM system and attack module to use, along with specifying valid credentials (username/password or API key) to the respective SCM system. Currently, the SCM systems that SCMKit supports are GitHub …
Continue reading “SCMKit : Source Code Management Attack Toolkit”
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally. Features It searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and service account files AWS keys Azure keys and service …
Continue reading “GitLab Watchman : Monitoring GitLab For Sensitive Data Shared Publicly”
shhgit finds secrets and sensitive files across GitHub (including Gists), GitLab and BitBucket committed in near real time. There are many great tools available to help with this depending on which side of the fence you sit. On the adversarial side, popular tools such as gitrob and truggleHog focus on digging in to commit history …
Continue reading “shhgit : Finds Secrets & Sensitive Files Across GitHub”
