{"id":15116526,"url":"https://github.com/secutils-dev/secutils","last_synced_at":"2025-09-27T22:30:47.456Z","repository":{"id":163498402,"uuid":"579149176","full_name":"secutils-dev/secutils","owner":"secutils-dev","description":"Secutils.dev is an open-source, versatile, yet simple security toolbox for engineers and researchers","archived":false,"fork":false,"pushed_at":"2025-09-20T14:53:43.000Z","size":73670,"stargazers_count":75,"open_issues_count":25,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-20T16:29:29.297Z","etag":null,"topics":["api","certificate-authority","certificates","cyber-threat-intelligence","developer-tools","dsa","ec","open-security","pem","pkcs12","pkcs8","rsa-cryptography","rust","security","security-tools","x509"],"latest_commit_sha":null,"homepage":"https://secutils.dev","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secutils-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-12-16T19:37:30.000Z","updated_at":"2025-09-20T14:53:47.000Z","dependencies_parsed_at":"2023-10-14T19:42:06.822Z","dependency_job_id":"57b93ff1-2d82-4dcb-afc5-dc6f7c9bcc8d","html_url":"https://github.com/secutils-dev/secutils","commit_stats":{"total_commits":278,"total_committers":1,"mean_commits":278.0,"dds":0.0,"last_synced_commit":"f62635c1d51824a31ba09ef374d0814310de559f"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/secutils-dev/secutils","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secutils-dev%2Fsecutils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secutils-dev%2Fsecutils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secutils-dev%2Fsecutils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secutils-dev%2Fsecutils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secutils-dev","download_url":"https://codeload.github.com/secutils-dev/secutils/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secutils-dev%2Fsecutils/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277302051,"owners_count":25795357,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-27T02:00:08.978Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","certificate-authority","certificates","cyber-threat-intelligence","developer-tools","dsa","ec","open-security","pem","pkcs12","pkcs8","rsa-cryptography","rust","security","security-tools","x509"],"created_at":"2024-09-26T01:44:25.262Z","updated_at":"2025-09-27T22:30:47.450Z","avatar_url":"https://github.com/secutils-dev.png","language":"Rust","readme":"# \u003cimg src=\"https://raw.githubusercontent.com/secutils-dev/secutils/main/assets/logo/secutils-logo-initials.png\" alt=\"Secutils.dev\" width=\"22\"\u003e [Secutils.dev](https://secutils.dev) \u0026middot; [![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://github.com/secutils-dev/secutils/blob/main/LICENSE) [![Build Status](https://github.com/secutils-dev/secutils/actions/workflows/ci.yml/badge.svg)](https://github.com/secutils-dev/secutils/actions)\n\nSecutils.dev is an open-source, versatile, yet simple security toolbox for engineers and researchers built by\napplication security engineers.\n\n## Why Secutils.dev?\n\nBig security solutions are impressive, but often too expensive, complex, and kind of overkill for us regular engineers.\nOn the other hand, there's a bunch of handy tools and scripts tackling specific security problems - they're simple and\naffordable, but trying to juggle them is hard and messy. Secutils.dev aims to be the sweet spot between hefty solutions\nand scattered tools. It's open, user-friendly, and your go-to toolbox filled with carefully selected utilities commonly\nused in daily work, whether you're operating solo or part of a big team.\n\nSecutils.dev adheres to [open security principles](https://en.wikipedia.org/wiki/Open_security) and offers:\n\n* Guided experience for complex security concepts\n* [Request responders](https://secutils.dev/docs/guides/webhooks) for rapid mocking of HTTP APIs and webhooks\n* [Templates](https://secutils.dev/docs/guides/digital_certificates) for certificates and private keys to test\n  cryptographic security protocols\n* [Content Security Policy (CSP) management](https://secutils.dev/docs/guides/web_security/csp), enabling the import and\n  creation of policies from scratch\n* Tools for [web page content and resource tracking](https://secutils.dev/docs/guides/web_scraping/page), content tracking, and\n  more\n\n![Secutils.dev Webhooks](https://github.com/secutils-dev/.github/blob/main/profile/webhooks.png?raw=true)\n\n![Secutils.dev Web Scraping](https://github.com/secutils-dev/.github/blob/main/profile/web_scraping.png?raw=true)\n\n![Secutils.dev Digital Certificates](https://github.com/secutils-dev/.github/blob/main/profile/digital_certificates.png?raw=true)\n\n![Secutils.dev Web Security](https://github.com/secutils-dev/.github/blob/main/profile/web_security.png?raw=true)\n\n## Getting started\n\nBefore running the Secutils.dev server, you need to configure the database and [Ory Kratos](https://github.com/ory/kratos) connections. If you don't have a PostgreSQL\nand an Ory Kratos servers running, you [can run them locally with the following Docker Compose file:](https://docs.docker.com/language/rust/develop/)\n\n```shell\ndocker-compose -f ./dev/docker/postgres-and-kratos.yml --env-file ./.env up --build --force-recreate\n```\n\nTo remove everything and start from scratch, run:\n\n```shell\ndocker-compose -f ./dev/docker/postgres-and-kratos.yml --env-file ./.env down --volumes --remove-orphans\n```\n\nMake sure to replace `POSTGRES_HOST_AUTH_METHOD=trust` in Docker Compose file with a more secure authentication method if you're\nplanning to use a local database for an extended period. For the existing database, you'll need to provide connection details in the\nTOML configuration file as explained below.\n\nOnce all services are configured, you can start the Secutils.dev server with `cargo run`. By default, the\nserver will be accessible via http://localhost:7070. Use `curl` to verify that the server is up and running:\n\n```shell\ncurl -XGET http://localhost:7070/api/status\n---\n{\"version\":\"1.0.0-beta.1\",\"level\":\"available\"}\n```\n\nThe server can be configured with a TOML configuration file. See the example below for a basic configuration:\n\n```toml\nport = 7070\n\n[db]\nname = 'secutils'\nhost = 'localhost'\nport = 5432\nusername = 'postgres'\npassword = 'password'\n\n# Connection details for Ory Kratos services.\n[components]\nkratos_url = 'http://localhost:4433/'\nkratos_admin_url = 'http://localhost:4434/'\n\n# A list of preconfigured users. Once a user with the specified email signs up, \n# the server will automatically assign the user the specified handle and tier.\n[security.preconfigured_users]\n\"admin@mydomain.dev\" = { handle = \"admin\", tier = \"ultimate\" }\n\n# The configuration of the Deno runtime used to run responder scripts.\n[js_runtime]\nmax_heap_size = 10_485_760 # 10 MB\nmax_user_script_execution_time = 30_000 # 30 seconds\n\n# SMTP server configuration used to send emails (signup emails, notifications etc.).\n[smtp]\naddress = \"xxx\"\nusername = \"xxx\"\npassword = \"xxx\"\n\n[utils]\nwebhook_url_type = \"path\"\n```\n\nIf you saved your configuration to a file named `secutils.toml`, you can start the server with the following command:\n\n```shell\ncargo run -- -c secutils.toml\n```\n\nYou can also use `.env` file to specify the location of the configuration file and database connection details required\nfor development and testing:\n\n```dotenv\n# Refer to https://github.com/launchbadge/sqlx for more details.\nDATABASE_URL=postgres://postgres@localhost/secutils\n\n# Path to the configuration file.\nSECUTILS_CONFIG=${PWD}/secutils.toml\n\n# Secret key used to sign and verify JSON Web Tokens for API access\n# openssl rand -hex 16\nSECUTILS_SECURITY__JWT_SECRET=8ffe0cc38d7ff1afa78b6cd5696f2e21\n\n# JWT used by Kratos to authenticate requests to the API.\n# Requires config: security.operators = [\"@kratos\"]\n# Generated with: cargo run -p secutils-jwt-tools generate --secret 8ffe0cc38d7ff1afa78b6cd5696f2e21 --sub @kratos --exp 1year\nSELFSERVICE_FLOWS_REGISTRATION_AFTER_PASSWORD_HOOKS_0_CONFIG_AUTH_CONFIG_VALUE=\"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3NDcyMDExNTcsInN1YiI6IkBrcmF0b3MifQ.O506N__dZu7ZM6p-rEr_QkMn3jp0mRyBwKP7jstRHV8\"\nSELFSERVICE_FLOWS_REGISTRATION_AFTER_WEBAUTHN_HOOKS_0_CONFIG_AUTH_CONFIG_VALUE=\"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3NDcyMDExNTcsInN1YiI6IkBrcmF0b3MifQ.O506N__dZu7ZM6p-rEr_QkMn3jp0mRyBwKP7jstRHV8\"\nCOURIER_HTTP_REQUEST_CONFIG_AUTH_CONFIG_VALUE=\"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3NDcyMDExNTcsInN1YiI6IkBrcmF0b3MifQ.O506N__dZu7ZM6p-rEr_QkMn3jp0mRyBwKP7jstRHV8\"\n```\n\n### Web UI\n\nInstall all the required dependencies with `npm --prefix components/secutils-webui i` and run the UI in watch mode with `npm --prefix components/secutils-webui run watch`. The UI should be accessible at http://localhost:7171.\n\n## Documentation\n\nInstall all the required dependencies with `npm --prefix components/secutils-docs i` and run the docs UI in watch mode with `npm --prefix components/secutils-docs run watch`. The docs UI should be accessible at http://localhost:7373.\n\nThe documentation for Secutils.dev is also hosted at [secutils.dev/docs](https://secutils.dev/docs).\n\n### Usage\n\nAt this point, it is recommended to use the Secutils.dev APIs through the Web UI, but you can also generate a JSON Web Token and use the \nAPIs directly with `curl` or any other HTTP client. To generate a token, run the following command:\n\n```shell\ncargo run -p secutils-jwt-tools generate \\\n  --secret 8ffe0cc38d7ff1afa78b6cd5696f2e21 \\\n  --sub user@secutils.dev --exp 30days\n---\neyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MTgyNjYxNTQsInN1YiI6InVzZXJAc2VjdXRpbHMuZGV2In0.e9sHurEyxhonOcR8dVVhmXdAWi287XReMiWUEVZuFwU\n---\ncurl -XGET --header \\\n  \"Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MTgyNjYxNTQsInN1YiI6InVzZXJAc2VjdXRpbHMuZGV2In0.e9sHurEyxhonOcR8dVVhmXdAWi287XReMiWUEVZuFwU\" \\\n  http://localhost:7070/api/status\n```\n\n### Re-initialize local database\n\nTo manage **development** database, you need to install\nthe [SQLx's command-line utility](https://github.com/launchbadge/sqlx/tree/main/sqlx-cli):\n\n```shell\ncargo install --force sqlx-cli\n\n# Drops, creates, and migrates the database referenced\n# in the `DATABASE_URL` from the `.env` file.\nsqlx database drop\nsqlx database create\nsqlx migrate run\n```\n\n### Docker\n\nBuild images with the following commands:\n\n```shell\n# Host architecture\ndocker build --tag secutils-api:latest .\ndocker build --tag secutils-webui:latest -f Dockerfile.webui .\ndocker build --tag secutils-docs:latest -f Dockerfile.docs .\n\n# Cross-compile to ARM64 architecture\ndocker build --platform linux/arm64 --tag secutils-api:latest .\ndocker build --platform linux/arm64 --tag secutils-webui:latest -f Dockerfile.webui .\ndocker build --platform linux/arm64 --tag secutils-docs:latest -f Dockerfile.docs .\n\n# Cross-compile to ARM64 musl architecture\ndocker build --platform linux/arm64 --tag secutils-api:latest -f Dockerfile.aarch64-unknown-linux-musl .\n```\n\n## Shoutouts\n\nSecutils.dev wouldn't be possible without the following amazing projects and tools:\n\n| Name                                                                                                  | Description                                                                                                                                                                                                                                                               |\n|-------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ![JetBrains logo](https://resources.jetbrains.com/storage/products/company/brand/logos/jetbrains.png) | JetBrains develops fantastic developer tools that I use daily to build Secutils.dev. While the products aren't open-source or free by default, they provide a generous free license for open-source project maintainers. [Check it out!](https://jb.gg/OpenSourceSupport) |\n| ![Ory Kratos logo](https://raw.githubusercontent.com/ory/meta/master/static/logos/logo-kratos.svg)    | [Ory Kratos](https://github.com/ory/kratos) is an open-source alternative to Auth0, Okta, or Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more.                                      |\n| To be continued...                                                                                    |                                                                                                                                                                                                                                                                           |\n\n## Community\n\n- ❓ Ask questions on [GitHub Discussions](https://github.com/secutils-dev/secutils/discussions)\n- 🐛 Report bugs on [GitHub Issues](https://github.com/secutils-dev/secutils/issues)\n- 📣 Stay up to date on new features and announcements on [Twitter](https://twitter.com/secutils)\n  or [Mastodon](https://fosstodon.org/@secutils)\n","funding_links":[],"categories":["Rust"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecutils-dev%2Fsecutils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecutils-dev%2Fsecutils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecutils-dev%2Fsecutils/lists"}