GitMiner alternatives

Looking for an alternative tool to replace GitMiner? During the review of GitMiner we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. gitleaks (repository search for secrets and keys)
  2. Gitrob (discovery of sensitive data in repositories)
  3. DMitry (information gathering tool)

These tools are ranked as the best alternatives to GitMiner.

Alternatives (by score)

85

gitleaks

Introduction

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

Project details

gitleaks is written in Golang.

Strengths and weaknesses

  • + More than 10 contributors
  • + More than 3000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Security assessment

    gitleaks review

    60

    Gitrob

    Introduction

    Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

    Project details

    Gitrob is written in Ruby.

    Strengths and weaknesses

    • + More than 1000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Data leak prevention
      • Information gathering
      • Penetration testing
      • Security assessment

      Gitrob review

      63

      DMitry

      Introduction

      This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.

      Project details

      DMitry is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        DMitry review

        64

        Domain Analyzer

        Introduction

        Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

        Project details

        Domain Analyzer is written in Python.

        Strengths and weaknesses

        • + More than 1000 GitHub stars
        • + Very low number of dependencies
        • + The source code of this software is available

          Typical usage

          • Information gathering
          • Penetration testing

          Domain Analyzer review

          64

          GasMask

          Introduction

          GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.

          Project details

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Information gathering

            GasMask review

            60

            Gitmails

            Introduction

            This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.

            Project details

            Gitmails is written in Python.

            Strengths and weaknesses

            • + Very low number of dependencies
            • + The source code of this software is available

              Typical usage

              • Email harvesting
              • Information gathering
              • Reconnaissance

              Gitmails review

              64

              RTA (Red Team Arsenal)

              Introduction

              RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.

              With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.

              Project details

              RTA is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available

              Typical usage

              • Information gathering
              • Penetration testing
              • Security assessment
              • System enumeration

              RTA review

              64

              Th3inspector

              Introduction

              This tool can be called a true 'inspector tool' as it helps to discover many types of data.

              • Website information
              • Domain and subdomain information
              • Mail server information and email
              • Phone details
              • IP addresses
              • Detection of used CMS

              Project details

              Th3inspector is written in Perl.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available

              Typical usage

              • Discovery of sensitive information
              • Information gathering

              Th3inspector review

              78

              Wappalyzer

              Introduction

              Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

              Project details

              Wappalyzer is written in Node.js.

              Strengths and weaknesses

              • + Has 300+ contributors
              • + More than 4000 GitHub stars
              • + Many releases available
              • + The source code of this software is available

                Typical usage

                • Information gathering
                • Reconnaissance
                • Software identification

                Wappalyzer review

                68

                git-secrets

                Introduction

                You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

                Project details

                git-secrets is written in shell script.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Data leak prevention
                  • Information leak prevention

                  git-secrets review

                  85

                  AIL framework

                  Introduction

                  AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

                  Project details

                  AIL framework is written in Python.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + The source code of this software is available

                    Typical usage

                    • Data extraction
                    • Data leak detection
                    • Information leak detection
                    • Security monitoring

                    AIL framework review

                    64

                    DNSteal

                    Introduction

                    DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

                    Project details

                    DNSteal is written in Python.

                    Strengths and weaknesses

                    • + More than 500 GitHub stars
                    • + The source code of this software is available
                    • - No releases on GitHub available
                    • - Full name of author is unknown

                    Typical usage

                    • Application security
                    • Data hiding

                    DNSteal review

                    85

                    Acra

                    Introduction

                    Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

                    Project details

                    Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

                    Strengths and weaknesses

                    • + Commercial support available
                    • + The source code of this software is available

                      Typical usage

                      • Data encryption
                      • Data leak prevention
                      • Data security
                      • Vulnerability mitigation

                      Acra review

                      64

                      BuQuikker

                      Introduction

                      BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

                      Project details

                      BuQuikker is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Data leak detection
                        • Security assessment

                        BuQuikker review

                        85

                        SMBMap

                        Introduction

                        SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

                        Project details

                        SMBMap is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Data leak detection
                          • Information gathering
                          • Penetration testing

                          SMBMap review

                          68

                          BlackBox

                          Introduction

                          Typically you do not want to store any secrets in a software repository or version control system repository. However when there is still a need to give people access to sensitive parts, then BlackBox helps to do this in a more secure way.

                          Project details

                          BlackBox is written in shell script.

                          Strengths and weaknesses

                          • + More than 50 contributors
                          • + More than 4000 GitHub stars
                          • + The source code of this software is available

                            Typical usage

                            • Password management
                            • Secure storage

                            BlackBox review

                            74

                            git-crypt

                            Introduction

                            This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

                            Project details

                            git-crypt is written in C++.

                            Strengths and weaknesses

                            • + More than 10 contributors
                            • + More than 3000 GitHub stars
                            • + The source code of this software is available

                              Typical usage

                              • Data encryption

                              git-crypt review

                              60

                              jak

                              Introduction

                              Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

                              Project details

                              jak is written in Python.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Data encryption

                                jak review

                                68

                                Detective

                                Introduction

                                Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.

                                Project details

                                Detective is written in Python.

                                Strengths and weaknesses

                                • + The source code of this software is available

                                  Typical usage

                                  • Data extraction
                                  • Information gathering

                                  Detective review

                                  70

                                  pastemon

                                  Introduction

                                  Tool like pastemon can detect specific texts on the Pastebin website, like corporate information or sensitive information. It can be used as an early warning system or detect compromises in your environment.

                                  Project details

                                  pastemon is written in Perl.

                                  Strengths and weaknesses

                                  • + The source code of this software is available
                                  • - Unknown project license

                                  Typical usage

                                  • Security monitoring

                                  pastemon review

                                  Some relevant tool missing as an alternative to GitMiner? Please contact us with your suggestion.