Find, verify, and analyze leaked credentials

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Prevents you from committing secrets and credentials into git repositories

Credentials recovery project

Enable Opencode to authenticate against Antigravity (Google's IDE) via OAuth so you can use Antigravity rate limits and access models like gemini-3-pro and claude-opus-4-5-thinking with your Google credentials.

A vault for securely storing and accessing AWS credentials in development environments

One place for all the default credentials to assist the Blue/Red teamers identifying devices with default password 🛡️

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications – at massive scale.

A collection of all the data i could extract from 1 billion leaked credentials from internet.

Configure AWS credential environment variables for use in other GitHub Actions.

Easily collect responses from ChatGPT scraper by providing a prompt along with valid Web Scraper API credentials.

Automatically gets credentials for Amazon ECR on docker push/docker pull

Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+ protocols.

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster

CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP

Extract credentials from lsass remotely

Know the dangers of credential reuse attacks.

A little utility for managing credentials in the cloud

Resources to help you keep secrets (API keys, database credentials, certificates, ...) out of source code and remediate the issue in case of a leaked API key. Made available by GitGuardian.

Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...

With Django Hijack, admins can log in and work on behalf of other users without having to know their credentials.

Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials.

The easiest way to access AWS.

Authentication built for Nuxt 3! Easily add authentication via OAuth providers, credentials or Email Magic URLs!

Perform a MitM attack and extract clear text credentials from RDP connections