Pricing

Pay per usage

Nhost Security Scanner — Find public Hasura GraphQL leaks

Probes a public Nhost project's Hasura GraphQL endpoint for tables readable by anon role. Detects the #1 cause of Nhost data leaks: forgotten Hasura permission policies. Returns table-level counts + curl reproducer. Counts only. -- By Renzo Madueno, https://rotatepilot.com

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Renzo Madueno

Actor stats

Bookmarked

Total users

Monthly active users

14 days ago

Last modified

Hasura Security Scanner — anon-role GraphQL leaks

renzomacar/hasura-security-scanner

Probes a public Hasura GraphQL endpoint for tables readable by the anon role. Works for self-hosted, Hasura Cloud, and frameworks on top. Counts only. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

Supabase RLS Security Scanner — Find anonymous data leaks

renzomacar/supabase-rls-scanner

Probes a public Supabase project for Row-Level-Security misconfigurations. Detects tables readable by the anon key — the #1 cause of Supabase data leaks. Returns row counts + a curl reproducer per finding. Counts only, no row data exfiltrated. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

Strapi Security Scanner — Find public collection-type leaks

renzomacar/strapi-security-scanner

Probes a public Strapi instance for misconfigured Public role permissions. Detects content-types readable without auth via /api/{collection}. Returns counts + curl reproducer. Counts only. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

Directus Security Scanner — Find public-role collection leaks

renzomacar/directus-security-scanner

Probes a public Directus instance for misconfigured Public-role permissions. Detects collections readable without auth via /items/{collection}. Returns counts + curl reproducer. Counts only. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

PocketBase Security Scanner — Find public collection leaks

renzomacar/pocketbase-security-scanner

Probes a public PocketBase instance for misconfigured collection rules. Detects collections readable without auth via /api/collections/*/records. Returns counts + curl reproducer. Counts only, no data exfiltrated. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

Payload CMS Security Scanner — Find public collection leaks

renzomacar/payload-security-scanner

Probes a public Payload CMS instance for collections readable without auth. Default templates leave read access wide open during development. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

Convex Security Scanner — Find public-query data leaks

renzomacar/convex-security-scanner

Probes a public Convex deployment for queries that return data without auth. Convex queries are public-by-default unless you check auth inside the handler. Returns counts + reproducer. -- By Renzo Madueno, https://rotatepilot.com

Renzo Madueno

GraphQL Extractor

jupri/graphql-extractor

💫 Universal GraphQL Scraper

cat

YouTube Channel & Video Scraper - Stats, Views, Trending

renzomacar/youtube-scraper

Extract data from YouTube channels and individual videos. Get subscriber counts, video titles, view counts, like counts, comment counts, publish dates, descriptions, tags, and thumbnails. Ideal for influencer research, content ana -- By Renzo Madueno, https://rotatepilot.com/cadet-programs-2026

Renzo Madueno

TikTok Profile, Hashtag & Video Scraper - Views, Likes, Music

renzomacar/tiktok-scraper

Scrape TikTok profiles and video posts. Extract follower counts, total likes, video descriptions, view counts, comment counts, share counts, hashtags, and music info. Supports profile and hashtag-based scraping for influencer mark -- By Renzo Madueno, https://rotatepilot.com/cadet-programs-2026

Renzo Madueno