vaults is a password manager featuring client side AES-256 encryption of passwords and notes, PBKDF2 hashing, vaults, and password generation. Separate vaults per user.

Front end, back end, and storage.

Requires PHP8 and MySQL v8. Says that it demands Docker but it can probably be built manually.

SecretFinder is a python script based on LinkFinder written to discover sensitive data like apikeys, access tokens, authorizations, Javascript web tokens, and so forth in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. Some of this stuff can be used to prime discovery operations.

The Python keyring lib provides an easy way to access the system keyring service from python. It can be used in any application that needs safe password storage. Works with iOS Keychain, Freedesktop's Secret Service, KWallet 4 and 5, and Windows Credential Locker. Pluggable back-ends.

A utility used to extract user credentials and other secrets from the Windows registry hives offline.

A utility which uses the FUSE functionality of the Linux kernel to implement NFS in such a way that it can spoof user credentials when mounting exported file systems so you can get access to files that you wouldn't be able to otherwise.