GitMiner alternatives

Looking for an alternative tool to replace GitMiner? During the review of GitMiner we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. gitleaks (repository search for secrets and keys)
  2. Gitrob (discovery of sensitive data in repositories)
  3. DMitry (information gathering tool)

These tools are ranked as the best alternatives to GitMiner.

Alternatives (by score)

85

gitleaks

Introduction

Gitleaks scans the repository, including history, for secrets and other sensitive data. This can be useful for both developers as security professionals to discover any leaks.

Project details

gitleaks is written in Golang.

Strengths and weaknesses

  • + More than 10 contributors
  • + More than 3000 GitHub stars
  • + The source code of this software is available

    Typical usage

    • Security assessment

    gitleaks review

    60

    Gitrob

    Introduction

    Especially open source developers may share their code in a public repository like GitHub. This is a great way to collaborate between the developer(s) and the community. The risk of sharing code is that sensitive data is part of the repository and uploaded by accident. GitRob helps to detect this kind of accidental leaks.

    Project details

    Gitrob is written in Ruby.

    Strengths and weaknesses

    • + More than 1000 GitHub stars
    • + The source code of this software is available

      Typical usage

      • Data leak prevention
      • Information gathering
      • Penetration testing
      • Security assessment

      Gitrob review

      63

      DMitry

      Introduction

      This small utility can retrieve information from the WHOIS database, to see who owns an IP address or domain name. Besides that, it can obtain information from the system itself, like the uptime. DMitry also has the option to search for email addresses, perform a TCP port scan, and use modules specified by the user.

      Project details

      DMitry is written in C.

      Strengths and weaknesses

      • + The source code of this software is available

        DMitry review

        64

        Domain Analyzer

        Introduction

        Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

        Project details

        Domain Analyzer is written in Python.

        Strengths and weaknesses

        • + More than 1000 GitHub stars
        • + Very low number of dependencies
        • + The source code of this software is available

          Typical usage

          • Information gathering
          • Penetration testing

          Domain Analyzer review

          64

          GasMask

          Introduction

          GasMask is an open source intelligence gathering tool (OSINT). It can be used to discover more information about a particular target. The sources it uses include search engines like Bing, Google, and Yandex. Additionally it retrieves information from GitHub, YouTube, and social media platforms like Twitter.

          Project details

          Strengths and weaknesses

          • + The source code of this software is available

            Typical usage

            • Information gathering

            GasMask review

            60

            Gitmails

            Introduction

            This tool can be used to perform reconnaissance on a company or individual target by looking into software repositories. Meta-data like commit activity can reveal who is working for a particular company. This tool helps to extract emails from software repositories.

            Project details

            Gitmails is written in Python.

            Strengths and weaknesses

            • + Very low number of dependencies
            • + The source code of this software is available

              Typical usage

              • Email harvesting
              • Information gathering
              • Reconnaissance

              Gitmails review

              64

              RTA (Red Team Arsenal)

              Introduction

              RTA is helpful to automate scanning public resources of a company. As the project name implies, this may be used during red teaming, like a penetration test. That obviously does not limit its use, as it is similarly useful by the blue team.

              With its integration with Nessus and other tools, RTA is more of a toolkit. This can be seen in its functionality, like subdomain enumeration and information gathering capabilities.

              Project details

              RTA is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available

              Typical usage

              • Information gathering
              • Penetration testing
              • Security assessment
              • System enumeration

              RTA review

              64

              Th3inspector

              Introduction

              This tool can be called a true 'inspector tool' as it helps to discover many types of data.

              • Website information
              • Domain and subdomain information
              • Mail server information and email
              • Phone details
              • IP addresses
              • Detection of used CMS

              Project details

              Th3inspector is written in Perl.

              Strengths and weaknesses

              • + The source code of this software is available
              • - No releases on GitHub available

              Typical usage

              • Discovery of sensitive information
              • Information gathering

              Th3inspector review

              100

              Wappalyzer

              Introduction

              Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

              Project details

              Wappalyzer is written in Node.js.

              Strengths and weaknesses

              • + Has 300+ contributors
              • + More than 4000 GitHub stars
              • + Many releases available
              • + The source code of this software is available

                Typical usage

                • Information gathering
                • Reconnaissance
                • Software identification

                Wappalyzer review

                60

                git-secrets

                Introduction

                You would most likely use git-secrets in development teams or as an individual developer. The primary goal is to prevent accidentally submitting authentication details or otherwise sensitive information to your software repositories.

                Project details

                git-secrets is written in shell script.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Data leak prevention
                  • Information leak prevention

                  git-secrets review

                  60

                  AIL framework

                  Introduction

                  AIL is a modular framework which helps to analyze potential information leaks. The framework is flexible and supports different kinds of data formats and sources. For example, one of the sources is the collection of pastes from Pastebin. A tool like AIL is commonly used to detect or even prevent data leaks.

                  Project details

                  AIL framework is written in Python.

                  Strengths and weaknesses

                  • + More than 10 contributors
                  • + The source code of this software is available

                    Typical usage

                    • Data extraction
                    • Data leak detection
                    • Information leak detection
                    • Security monitoring

                    AIL framework review

                    64

                    DNSteal

                    Introduction

                    DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

                    Project details

                    DNSteal is written in Python.

                    Strengths and weaknesses

                    • + More than 500 GitHub stars
                    • + The source code of this software is available
                    • - No releases on GitHub available
                    • - Full name of author is unknown

                    Typical usage

                    • Application security
                    • Data hiding

                    DNSteal review

                    89

                    git-crypt

                    Introduction

                    This tools allows you to store your secrets (such as keys or passwords) in the same repository as your code.

                    Project details

                    git-crypt is written in C++.

                    Strengths and weaknesses

                    • + More than 10 contributors
                    • + More than 3000 GitHub stars
                    • + The source code of this software is available

                      Typical usage

                      • Data encryption

                      git-crypt review

                      60

                      jak

                      Introduction

                      Typically developers may want to store some secrets, like authentication details, in in their repository. With jak this can happen in a slightly more secure way, by encrypting the data.

                      Project details

                      jak is written in Python.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Data encryption

                        jak review

                        60

                        Detective

                        Introduction

                        Detective helps to find information that you are not supposed to see. It focuses on information disclosure and sensitive data exposure vulnerabilities.

                        Project details

                        Detective is written in Python.

                        Strengths and weaknesses

                        • + The source code of this software is available

                          Typical usage

                          • Data extraction
                          • Information gathering

                          Detective review

                          70

                          pastemon

                          Introduction

                          Tool like pastemon can detect specific texts on the Pastebin website, like corporate information or sensitive information. It can be used as an early warning system or detect compromises in your environment.

                          Project details

                          pastemon is written in Perl.

                          Strengths and weaknesses

                          • + The source code of this software is available
                          • - Unknown project license

                          Typical usage

                          • Security monitoring

                          pastemon review

                          100

                          Acra

                          Introduction

                          Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

                          Project details

                          Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

                          Strengths and weaknesses

                          • + Commercial support available
                          • + The source code of this software is available

                            Typical usage

                            • Data encryption
                            • Data leak prevention
                            • Data security
                            • Vulnerability mitigation

                            Acra review

                            64

                            BuQuikker

                            Introduction

                            BuQuikker is a security tool to scan the Amazon S3 storage service. Its goal is to find open and unprotected S3 buckets.

                            Project details

                            BuQuikker is written in Python.

                            Strengths and weaknesses

                            • + The source code of this software is available

                              Typical usage

                              • Data leak detection
                              • Security assessment

                              BuQuikker review

                              60

                              SMBMap

                              Introduction

                              SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

                              Project details

                              SMBMap is written in Python.

                              Strengths and weaknesses

                              • + The source code of this software is available

                                Typical usage

                                • Data leak detection
                                • Information gathering
                                • Penetration testing

                                SMBMap review

                                Some relevant tool missing as an alternative to GitMiner? Please contact us with your suggestion.