Know the dangers of credential reuse attacks.

Detect and validate 400+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, smb, smtp, snmp, socks5, ssh, telnet, vnc)

Credentials gathering tool automating remote procdump and parse of lsass process.

Crawler (Bot) searching for credential leaks on paste sites.

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.

Identify hardcoded secrets in static structured text

LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.

Search & Parse Password Leaks

A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models 🔒

Generate credentials for Opera's "browser VPN"

Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository

A CloudFormation custom resource provider for deploying secrets and keys

Identify hardcoded secrets in static structured text (version 2)

Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with a mounted windows drive.

A simple Python script that reads a text file with lots of e-mails and passwords, and tries to check if those credentials are valid by trying to login on IMAP servers.

Used to create, issue, revoke, or validate certificates (or any other PDF file) on the public Bitcoin blockchain.

Extract credentials and other useful info from network captures

Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers.