https://github.com/crowdsecurity/crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://github.com/crowdsecurity/crowdsec

attacks-prevention detection linux protection security

Last synced: 7 months ago
JSON representation

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

• Host: GitHub
• URL: https://github.com/crowdsecurity/crowdsec
• Owner: crowdsecurity
• License: mit
• Created: 2020-05-15T09:38:05.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2025-05-06T14:40:13.000Z (7 months ago)
• Last Synced: 2025-05-06T20:23:35.133Z (7 months ago)
• Topics: attacks-prevention, detection, linux, protection, security
• Language: Go
• Homepage: https://crowdsec.net
• Size: 160 MB
• Stars: 10,239
• Watchers: 113
• Forks: 499
• Open Issues: 195
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Security: SECURITY.md
  • Governance: .github/governance.yml

Awesome Lists containing this project

• awesome-repositories - crowdsecurity/crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. (Go)
• awesome-security - CrowdSec - CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community (Network / IDS / IPS / Host IDS / Host IPS)
• Self-Hosting-Guide - CrowdSec - Locally scans log files and optionnaly requests, detecting and blocking malicious behaviors. AppSec capabilities to enable virtual-patching and turn your install into a WAF. Share attacks signals and benefit from real time blocklist of the most agressive IPs attacking CrowdSec's network. (Install from Source / Security)
• awesome-privacy - CrowdSec - An open-source, modernized and collaborative fail2ban. (Uncategorized / Imgur)
• fucking-awesome-privacy - CrowdSec - An open-source, modernized and collaborative fail2ban. (Uncategorized / Imgur)
• open-source-intelligence - CrowdSec - An open source, free, and collaborative IPS/IDS software written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. ([↑](#-table-of-contents) Other Tools / [↑](#-table-of-contents) Telegram)
• awesome-starred - crowdsecurity/crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. (Go)
• DevSecOps - https://github.com/crowdsecurity/crowdsec) - source, lightweight software, detecting peers with aggressive behaviours to prevent them from accessing your systems. | | (Network Intrusion Prevention)
• awesome-selfhost-docker - CrowdSec
• awesome-docker - Crowdsecurity/crowdsec
• awesome-starts - crowdsecurity/crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. (security)
• venom - `CrowdSec` - CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community (Network / IDS / IPS / Host IDS / Host IPS)
• awesome-osint - CrowdSec - An open source, free, and collaborative IPS/IDS software written in Go, able to analyze visitor behavior & provide an adapted response to all kinds of attacks. ([↑](#-table-of-contents) Other Tools / [↑](#-table-of-contents) GitHub)
• awesome-hacking-lists - crowdsecurity/crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. (Go)

README

          

















  







_CrowdSec is an open-source and participative security solution offering crowdsourced server detection and protection against malicious IPs. Detect and block with our Security Engine, contribute to the network, and enjoy our real-time community blocklist._







## Features & Advantages

### Versatile Security Engine

[CrowdSec Security Engine](https://doc.crowdsec.net/docs/next/intro/) is an all-in-one [IDS/IPS](https://doc.crowdsec.net/docs/next/log_processor/intro) and [WAF](https://doc.crowdsec.net/docs/next/appsec/intro).

It detects bad behaviors by analyzing log sources and HTTP requests, and allows active remedation thanks to the [Remediation Components](https://doc.crowdsec.net/u/bouncers/intro).

[Detection rules are available on our hub](https://hub.crowdsec.net) under MIT license.

### CrowdSec Community Blocklist



The "Community Blocklist" is a curated list of IP addresses identified as malicious by CrowdSec. The Security Engine proactively block the IP addresses of this blocklist, preventing malevolent IPs from reaching your systems.

[![CrowdSec Community Blocklist](https://doc.crowdsec.net/assets/images/data_insights-1e7678f47cb672122cc847d068b6eadf.png)](https://doc.crowdsec.net/docs/next/central_api/community_blocklist)



### Console - Monitoring & Automation of your security stack

[![CrowdSec Console](https://doc.crowdsec.net/assets/images/visualizer-summary-c8087e2eaef65d110bad6a7f274cf953.png)](https://doc.crowdsec.net/u/console/intro)

### Multiple Platforms support

[![Multiple Platforms support](https://github.com/crowdsecurity/crowdsec-docs/blob/main/crowdsec-docs/static/img/supported_platforms.png)](https://doc.crowdsec.net/)

## Outnumbering hackers all together

By sharing the threat they faced, all users are protecting each-others (hence the name Crowd-Security). Crowdsec is designed for modern infrastructures, with its "*Detect Here, Remedy There*" approach, letting you analyze logs coming from several sources in one place and block threats at various levels (applicative, system, infrastructural) of your stack.

CrowdSec ships by default with scenarios (brute force, port scan, web scan, etc.) adapted for most contexts, but you can easily extend it by picking more of them from the **[HUB](https://hub.crowdsec.net)**. It is also easy to adapt an existing one or create one yourself.

## Installation

[Follow our documentation to install CrowdSec in a few minutes on Linux, Windows, Docker, OpnSense, Kubernetes, and more.](https://doc.crowdsec.net/)

## Resources

 - [Console](https://app.crowdsec.net): Supercharge your CrowdSec setup with visualization, management capabilities, extra blocklists and premium features.

 - [Documentation](https://doc.crowdsec.net): Learn how to exploit your CrowdSec setup to deter more attacks.

 - [Discord](https://discord.gg/crowdsec): A question or a suggestion? This is the place.

 - [Hub](https://hub.crowdsec.net): Improve your stack protection, find the relevant remediation components for your infrastructure.

 - [CrowdSec Academy](https://academy.crowdsec.net/): Learn and grow with our courses.

 - [Corporate Website](https://crowdsec.net): For everything else.