git-secrets alternatives

This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

Gauntlt allows you to run different attacks on your code with the goal to build better software and withstand the biggest threats in existence.

This tool can be used to identify possible DLP failures. It uses different data exfiltration techniques, which could (or not) trigger a DLP solution.

GitMiner is a tool to scan for sensitive data that is leaked via software repositories. Examples of sensitive data are authentication details such as passwords or connection settings.

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

Tool like pastemon can detect specific texts on the Pastebin website, like corporate information or sensitive information. It can be used as an early warning system or detect compromises in your environment.

The typical users have at least a multitude of ten when it comes to passwords. Ensuring that every website has a unique password and remembering, is almost impossible. Passwords managers like Buttercup help with the generation and secure storage of these secrets. It is freely available and open source, making it a good alternative for commercial options.

Most applications with a connection to a database or other software component, need some form of authentication. Often the related credentials are stored in a configuration file. A secret manager like Confidant will provide an alternative, by storing the details in a database. Only applications that need to access the secrets are allowed to obtain them. Often system administrators are denied access to them.

Password managers help to store sensitive data. This may include passwords, secret questions with their answers, or other private information.

Storing passwords within a team security can be a challenging task. TeamVault is a password manager with the goal to be easy to use, flexible, and adhering to several security principles. These include a solid base for the data encryption, support for folders, and role-based access control (RBAC).

Vault is a secret management tool created by HashiCorp. It allows storing secrets, such as key/value pairs, AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and other sensitive details. These secrets are typically used by software components and scripts. The benefit of using a secret management tool is that they no longer need to be stored in configuration files. Main features include leasing, key revocation, key rolling, and auditing.

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.