Tag Archives: Sensitive Information

Egress-Assess – Tool to Test Egress Detection Capabilities

Egress-Assess is a tool used to test egress data detection capabilities. Typical use case for Egress-Assess is to copy this tool in two locations.

Talisman – Tool to Prevent Secrets from Getting Checked in

Talisman is a tool is to validate code changes that are to be pushed out of a local Git repository on a developer’s workstation.

Vault – Framework to Manage Secrets

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords

Dnsteal – DNS Exfiltration Tool for sending files over DNS

Dnsteal is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests. This can be useful during a Redteam

DumpsterDiver – Tool to Search Secrets in Various Files

DumpsterDiver is a tool used to analyze big volumes of various file types in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords.

truffleHog – Searches Git Repositories for Credentials

truffleHog is a tool that you search through git repositories for secrets, digging deep into commit history and branches.

Egression – Tool to Test Egress Controls

EGRESSION is a tool that provides an instant view of how easy it is to upload sensitive data from any given network.