Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

awesome-security

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
https://github.com/sbilly/awesome-security

Last synced: 3 days ago
JSON representation

  • Network

    • Security Information & Event Management

      • FIR - Fast Incident Response, a cybersecurity incident management platform.
      • LogESP - Open Source SIEM (Security Information and Event Management system).
      • OSSIM - OSSIM provides all of the features that a security professional needs from a SIEM offering – event collection, normalization, and correlation.

    • Sniffer

      • netsniff-ng - netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.
      • Live HTTP headers - Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations.
      • netsniff-ng - netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

    • VPN

      • OpenVPN - OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
      • Firezone - Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
      • TorForge - Advanced transparent Tor proxy with kernel-level iptables routing, post-quantum encryption (Kyber768), kill switch, steganography mode, and AI-powered circuit selection.

  • Operating Systems

  • Other Awesome Lists

  • Red Team Infrastructure Deployment

    • Development

      • Redcloud - A automated Red Team Infrastructure deployement using Docker.
      • Axiom - Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security.

  • Social Engineering

    • Forensics

      • Gophish - An Open-Source Phishing Framework.

  • Terminal

    • Development

      • shellfirm - It is a handy utility to help avoid running dangerous commands with an extra approval step. You will immediately get a small prompt challenge that will double verify your action when risky patterns are detected.
      • shellclear - It helps you to Secure your shell history commands by finding sensitive commands in your all history commands and allowing you to clean them.

  • Threat Intelligence

    • Forensics

      • Tor Bulk Exit List - CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. [TOR Node List](https://www.dan.me.uk/tornodes) / [DNS Blacklists](https://www.dan.me.uk/dnsbl) / [Tor Node List](http://torstatus.blutmagie.de/)
      • leakedin.com - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
      • MISP - Open Source Threat Intelligence Platform - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries ([taxonomies](https://www.misp-project.org/taxonomies.html), [threat-actors and various malware](https://www.misp-project.org/galaxy.html)), an extensive data model to share new information using [objects](https://www.misp-project.org/objects.html) and default [feeds](https://www.misp-project.org/feeds/).
      • PhishStats - Phishing Statistics with search for IP, domain and website title.
      • Threat Jammer - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
      • Internet Storm Center - The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
      • AutoShun - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
      • leakedin.com - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
      • FireEye OpenIOCs - FireEye Publicly Shared Indicators of Compromise (IOCs)
      • virustotal - VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
      • CIFv2 - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).
      • Threat Jammer - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
      • Cyberowl - A daily updated summary of the most frequent types of security incidents currently being reported from different sources.
      • AlienVault Open Threat Exchange - AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.
      • OpenVAS NVT Feed - The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS.
      • AutoShun - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
      • DNS-BH - The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.
      • Cyware Threat Intelligence Feeds - Cyware’s Threat Intelligence feeds brings to you the valuable threat data from a wide range of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence. Our threat intel feeds are fully compatible with STIX 1.x and 2.0, giving you the latest information on malicious malware hashes, IPs and domains uncovered across the globe in real-time.

  • Web

    • Development

      • API Security in Action - Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020)
      • Secure by Design - Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release fall 2017)
      • Understanding API Security - Free eBook sampler that gives some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them.
      • OAuth 2 in Action - Book that teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server.
      • GuardRails - A GitHub App that provides security feedback in Pull Requests.
      • Full Stack Python Security - A comprehensive look at cybersecurity for Python developers
      • Security Checklist by OWASP - A checklist by OWASP for testing web applications based on assurance level. Covers multiple topics like Architecture, IAM, Sanitization, Cryptography and Secure Configuration.
      • OWASP ZAP Node API - Leverage the OWASP Zed Attack Proxy (ZAP) within your NodeJS applications with this official API.
      • Bearer - Scan code for security risks and vulnerabilities leading to sensitive data exposures.
      • Checkov - A static analysis tool for infrastucture as code (Terraform).
      • KICS - Scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.
      • Insider CLI - A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js).
      • Pompelmi - Node.js file-upload malware scanner with MIME sniffing, ZIP-bomb protection and optional YARA rules.

    • Runtime Application Self-Protection

      • Sqreen - Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection.
      • OpenRASP - An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is observed under heavy server load.

    • Scanning / Pentesting

      • Spyse - Spyse is an OSINT search engine that provides fresh data about the entire web. All the data is stored in its own DB for instant access and interconnected with each other for flexible search.
      • ZAP - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.
      • w3af - w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
      • Spyse - Spyse is an OSINT search engine that provides fresh data about the entire web. All the data is stored in its own DB for instant access and interconnected with each other for flexible search.
      • OWASP Testing Checklist v4 - List of some controls to test during a web vulnerability assessment. Markdown version may be found [here](https://github.com/amocrenco/owasp-testing-checklist-v4-markdown/blob/master/README.md).
      • Recon-ng - Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework.
      • PTF - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
      • Infection Monkey - A semi automatic pen testing tool for mapping/pen-testing networks. Simulates a human attacker.
      • ACSTIS - ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
      • padding-oracle-attacker - padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI.
      • is-website-vulnerable - finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
      • PhpSploit - Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features.
      • Keyscope - Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust
      • Cyclops - The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.
      • Scanmycode CE (Community Edition) - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)
      • recon - a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts
      • CakeFuzzer - The ultimate web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.
      • Trust Scan - URL security scanner with WHOIS, SSL, threat intelligence (URLhaus, PhishTank, Spamhaus), and 40+ scam/phishing pattern detection. Includes optional AI analysis via Ollama. ([Demo](https://aibuilds.net))
      • react2shell-scanner - Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Scans React 19.x and Next.js projects for critical remote code execution flaws.
      • shai-hulud-scanner - Detect indicators of compromise from the Shai Hulud 2.0 npm supply chain attack that compromised 796+ packages. Performs comprehensive security checks for malicious files, hashes, and patterns.

    • Web Application Firewall

      • BunkerWeb - BunkerWeb is a full-featured open-source web server with ModeSecurity WAF, HTTPS with transparent Let's Encrypt renewal, automatic ban of strange behaviors based on HTTP codes, bot and bad IPs block, connection limits, state-of-the-art security presets, Web UI and much more.
      • NAXSI - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.
      • sql_firewall
      • ironbee - IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).
      • Curiefense - Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.
      • open-appsec - open-appsec is an open source machine-learning security engine that preemptively and automatically prevents threats against Web Application & APIs.
Programming Languages
Python 45 Go 23 C 8 Rust 8 TypeScript 7 JavaScript 6 Java 6 C++ 5 Shell 4 Ruby 2
Categories
Network 122 Web 41 Other Awesome Lists 39 Endpoint 37 EBooks 21 Threat Intelligence 18 Datastores 14 DevOps 7 Operating Systems 5 Big Data 5 Red Team Infrastructure Deployment 2 Terminal 2 Blue Team Infrastructure Deployment 1 Exploits & Payloads 1 Fraud prevention 1 Social Engineering 1
Sub Categories
Online resources 39 Scanning / Pentesting 39 Other Security Awesome Lists 33 Development 31 Forensics 30 Docker Images for Penetration Testing & Security 20 Mobile / Android / iOS 17 Monitoring / Logging 16 Fast Packet Processing 16 IDS / IPS / Host IDS / Host IPS 14 Honey Pot / Honey Net 13 Full Packet Capture / Forensic 7 Other Common Awesome Lists 6 Web Application Firewall 6 Anti-Virus / Anti-Malware 5 Security Information & Event Management 4 VPN 3 Sniffer 3 Firewall 3 Anti-Spam 3 Privacy & Security 2 Runtime Application Self-Protection 2 Authentication 2 Network architecture 1 Configuration Management 1 Content Disarm & Reconstruct 1
Keywords
security 59 security-tools 28 awesome 24 awesome-list 21 cybersecurity 15 devsecops 13 hacking 12 devops 12 python 10 golang 10 vulnerability 8 android 8 security-automation 7 appsec 7 vulnerability-scanners 7 rust 7 owasp 7 javascript 7 privacy 7 kubernetes 7 waf 6 penetration-testing 6 security-audit 6 infosec 6 scanner 6 list 6 threat-hunting 6 incident-response 6 forensics 6 pentesting 5 siem 5 security-scanner 5 cryptography 5 cloud 5 dfir 5 compliance 5 aws 5 docker 5 static-analysis 5 malware 4 sast 4 cli 4 vulnerability-detection 4 web-security 4 containers 4 osint 4 secops 4 encryption 4 pentest 4 nodejs 4