The curious little red teamer living on every endpoint.
What can this credential actually reach? — answered read-only, from a single leaked secret up to your whole environment. Credentials never leave the host, and findings show their evidence.
geiger — Is it still live, what does it reach, how bad?
Pipe it a .env, an SSH key, or a TruffleHog/Gitleaks report; it recognizes the secret, runs read-only recon, and ranks what each one reaches. Hundreds of credential types, no LLM, no account, one binary, dry-run by default.
Puck Scout — Investigate any endpoint by asking. The read-only investigation core you drive through your own LLM over MCP — deploy agents where you want, ask in plain English, get findings with evidence chains and containment steps. Open source, self-hosted, no crippled features.
Puck — Faster investigations with the blast radius mapped before you ask. Decimate investigation time and get continuous discovery to keep a current model of credentials and what they reach, promoting past investigations into permanent detections tuned to your environment. Commercial - gives you SSO and compliance assurances.