GitMiner alternatives

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.

Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.

RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.

With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.

This tool can be called a true 'inspector tool' as it helps to discover many types of data.

• Website information
• Domain and subdomain information
• Mail server information and email
• Phone details
• IP addresses
• Detection of used CMS

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

Tool like pastemon can detect specific texts on the Pastebin website, like corporate information or sensitive information. It can be used as an early warning system or detect compromises in your environment.

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.