Tag Archives: Sensitive Information

Talisman – Tool to Prevent Secrets from Getting Checked in

Talisman is a tool is to validate code changes that are to be pushed out of a local Git repository on a developer’s workstation.

Vault – Framework to Manage Secrets

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords

Dnsteal – DNS Exfiltration Tool for sending files over DNS

Dnsteal is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. This can be useful during a Redteam

DumpsterDiver – Tool to Search Secrets in Various Files

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords.

truffleHog – Searches Git Repositories for Credentials

truffleHog is a tool that you search through git repositories for secrets, digging deep into commit history and branches.

Egression – Tool to Test Egress Controls

EGRESSION is a tool that provides an instant view of how easy it is to upload sensitive data from any given network.

AIL framework – Analysis Information Leak framework

AIL framework is a modular framework to analyze potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams.