Software Supply Chain Security

GHNavigator is a client-side browser-based tool designed to simplify exploring GitHub repositories and analyzing Personal Access Tokens (PATs). It works entirely in your browser without requiring any server dependencies, ensuring tokens never leave your session.

Key Capabilities

• Repository Browser: Navigate through repositories with an intuitive interface, view file structures, and group repos by organization.

• Token Analyzer: Validate token scopes, perform repo enumeration, and run bulk token checks securely.

Who Can Benefit

• Security Teams: Validate PATs and map repository access safely.

• Developers & DevOps: Manage and test tokens with clear visibility into their scope.

• Bug Bounty Hunters: Investigate and validate leaked tokens without risking exposure.

• Researchers: Explore repository structures and API behaviors efficiently.

Getting Started

Alternative Option

1. Clone the repository:

   git clone https://github.com/cyfinoid/ghnavigator.git

2. Open index.html in your browser.

3. Enter a GitHub token and begin exploring.

Security Considerations

• Tokens remain in your browser session only.

• No backend servers or tracking involved.

• Built with GitHub REST API v3 best practices.

🔑 Fast CLI to fingerprint SSH private keys and identify which Git hosting accounts they unlock.

KeyChecker analyzes a private key locally and validates it against popular Git hosting services to recover mapped usernames, detect weak keys, and optionally probe for private repositories with a wordlist. Everything runs on your machine.

Links

PyPI: https://pypi.org/project/keychecker/

Source: https://github.com/cyfinoid/keychecker

🕵️‍♂️ Discover who a domain really talks to — with zero data leaving your browser.

3ptracer is a browser-first, privacy-focused reconnaissance tool that gives you deep visibility into third-party services used by any domain.

With 3ptracer, you can:

✅ Run comprehensive DNS analysis: Perform live DoH queries and fetch multiple record types (A, AAAA, MX, NS, TXT, CNAME)
✅ Dig into Certificate Transparency logs: Identify shadow subdomains and historical usage
✅ Detect service providers: Automatically spot CDNs, DNS providers, cloud hosting, email services, and security solutions
✅ Analyze security posture: Check for misconfigured DMARC/SPF/DMKIM, and general risk indicators
✅ Visualize the web of dependencies: Get CNAME mappings, service categories, subdomain discovery stats, and historical patterns

Why it stands out:

🧠 Works fully in the browser
🔐 No data leaves your machine
📡 Real-time DNS resolution and fingerprinting
🖥️ No API keys, no shared rate limits
🌐 Built for OSINT investigators, security teams, and curious developers

Check it out: https://cyfinoid.github.io/3ptracer/
Source Code: https://github.com/cyfinoid/3ptracer

This is just the beginning. Explore it, break it, and tell us what you’d like to see next.

🚀 Introducing SBOM Play – your privacy-conscious SBOM explorer!

🔍 A lightweight, browser-based SBOM viewer that adds vulnerability insights, license analysis, and cross-repo visibility—all while keeping your data private.

With SBOM Play, you can:
✅ Visualize third-party dependencies across all your repositories
✅ Identify heavily reused dependencies (major/minor breakdown)
✅ Flag missing or incompatible licenses in your dependencies
✅ Get similar insights about your vendors’ dependencies
✅ Understand which components are most affected by known vulnerabilities
✅ Even compare these patterns across multiple organizations if you work with federated SBOMs

🧠 Bonus: It runs fully in the browser
🖥️ No server setup
🔐 No data leaves your machine
📦 LocalStorage for session data
🔍 Fully open source (inspect, fork, or self-host)

Check it out: https://cyfinoid.github.io/sbomplay/

Source Code : https://github.com/cyfinoid/sbomplay

We’re just getting started. Try it out and let us know what features you want next.