dionach/reposcanner

Stars
158
Rank 236,063 (Top 5 %)
Language
Python
License
GNU General Publi...
Created about 7 years ago
Updated about 4 years ago

dionach/reposcanner

dionach

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Python script to scan Git repos for interesting strings

Reposcanner

Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspired by truffleHog.

Installation

The python Git module is required (python3-git on Debian).

Docker

docker build -t reposcanner .
docker run -it --rm reposcanner -h
docker run -it --rm reposcanner -r <repository>

Usage

./reposcanner -r <repository>

Options:

optional arguments:
  -h, --help                     show this help message and exit
  -r REPO, --repo REPO           Repo to scan
  -c COUNT, --count COUNT        Number of commits to scan (default all)
  -e ENTROPY, --entropy ENTROPY  Minimum entropy to report (default 4.3)
  -l LENGTH, --length LENGTH     Maxmimum line length (default 500)
  -b BRANCH, --branch BRANCH     Scan a specific branch
  -v, --verbose                  Verbose output

Example:

./reposcanner.py -r https://github.com/Dionach/reposcanner -v -a -c 30

CMSmap

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.

NtdsAudit

An Active Directory audit utility

PhEmail

PhEmail is a python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test

PANhunt

PANhunt searches for credit card numbers (PANs) in directories.

StripHeaders

A Native-Code module for IIS 7.0 and above, designed to easily remove unnecessary response headers and prevent information leakage of software and version information, which can be useful to an attacker.

pgexec

Script and resources to execute shell commands using access to a PostgreSQL service

PassHunt

Search drives for documents containing passwords

pwdumpstats

Script to output stats around weak passwords and password re-use from an NtdsAudit (pwdump) file

Splunk-Web-Shell

Splunk Web Shell

HeadersAnalyzer

Burp extension that checks for interesting and security headers

ShareAudit

A tool for auditing network shares in an Active Directory environment

CodeIgniterXor

CodeIgniter <=2.1.4 session cookie decryption vulnerability

magicmapping

Script to find exploitable magic methods for PHP object injection

FlashSec

Repository aimed to compile scripts and tools that can be used during penetration tests to assess the security of different flash related scenarios.