An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/anthonyharrison/sbom4rust

SBOM4Rust generates a Software Bill of Materials (SBOM) for a Rust component.

cyclonedx devsecops rust sbom sbom-generator security spdx

Last synced: 28 Oct 2025

https://github.com/dimon222/py-gitsshgen

Automatic generation of SSH keys for VCS

automation git hacktoberfest python security ssh vcs

Last synced: 29 Oct 2025

https://github.com/dguo/digital-security-coach

:lock: Accessible crash course on digital security

cybersecurity guide haveibeenpwned security

Last synced: 17 Jun 2025

https://github.com/aw-junaid/android-security

Explore Android security: secure app development, reverse engineering, vulnerability testing, and best practices for data protection and encryption.

android android-rat androidsecurity hacking hacking-tool security vulnerabilities

Last synced: 01 Jul 2025

https://github.com/spaze/security-txt

security.txt (RFC 9116) generator, parser, validator

generator parser security security-txt securitytxt validator

Last synced: 06 Apr 2026

https://github.com/notoriousrebel/social_media_shamer

Breaches happen all the time, it would be a shame if people used those credentials for their social media accounts.

python3 redteam security

Last synced: 11 Apr 2025

https://github.com/winnpixie/log4noshell

A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate CVE-2021-44228 ("Log4Shell").

apache cve log4j patch security vulnerability

Last synced: 11 Jul 2025

https://github.com/geniuszly/cve-2022-45701

it is script designed to exploit certain vulnerabilities in routers by sending payloads through SNMP (Simple Network Management Protocol). The script automates the process of authorization, payload generation, and execution, allowing for remote command execution on the target device.

arris arris-modem arris-router buffer-overflow cve cve-2022-45701 cybersecurity ethical-hacking exploit exploit-development linux penetration-testing poc python security snmp vulnerability vulnerability-research

Last synced: 11 Apr 2025

https://github.com/middlewares/recaptcha

PSR-15 middleware to use Google reCAPTCHA for spam prevention

http middleware prevention psr-15 recaptcha security

Last synced: 06 May 2025

https://github.com/fiware/tutorials.roles-permissions

:closed_book: FIWARE 402: IDM - Application Roles and Permissions

fiware fiware-keyrock identity-management security tutorial

Last synced: 30 Apr 2025

https://github.com/john-b-yang/course-dev

Personal repository of teaching material

databases pedagogy security software-development

Last synced: 15 Jun 2025

https://github.com/globaleaks/globaleaks-eph-fs

An ephemeral ChaCha20-encrypted filesystem implementation using fusepy and cryptography suitable for privacy-sensitive applications, such as whistleblowing platforms.

chacha20 cryptography fuse-filesystem privacy security whistleblowing-software

Last synced: 14 Dec 2025

https://github.com/googlechromelabs/web-identity-demos

Demos for identity on the web. Built by the Chrome Developer Relations team and friends.

authentication autofill demo passkeys security

Last synced: 09 Jul 2025

https://github.com/itszeeshan/subdomainx

all-in-one subdomain enumeration and reconnaissance tool designed for modern cybersecurity professionals, penetration testers, and security researchers.

amass assetfinder bug-bounty cybersecurity dnsrecon findomain hacking httpx infosec nmap offensive-security osint penetration-testing port-scanning reconnaissance red-team security security-tools subdomain-discovery subfinder

Last synced: 09 Sep 2025

https://github.com/geniuszly/cve-2022-44149

it is script designed to interact with a router by sending a payload to its system tools. The script retrieves the router's configuration from environment variables to ensure security. It includes functions for generating an authorization header, sending a payload, and logging the process.

cve cve-2022-44149 cybersecurity ethical-hacking exploit exploit-development linux payload penetration-testing poc privilege-escalation security vulnerability vulnerability-research

Last synced: 11 Apr 2025

https://github.com/jsign/timing-attack

Timing attack proof-of-concept in Go

go security statistics timing-attack

Last synced: 18 Mar 2025

https://github.com/stackrox/jenkins-plugin

The StackRox Jenkins Plugin for image scanning and security

containers hacktoberfest jenkins k8s security stackrox

Last synced: 06 May 2025

https://github.com/sakryukov/storage-free-pass

Storage-Free Pass is a generator of highly secure passwords based on cryptographic hash and master password, which should be memorized; no password storage is involved

authentication criptographic-hash cryptography css html javascript security

Last synced: 07 May 2025

https://github.com/ashishb/checkdevicecredentials

Force device credential check before decrypting data

android android-security keystore security

Last synced: 02 May 2025

https://github.com/404notf0und/python-guide

Practice makes perfect

bugs coding python security tricks

Last synced: 12 Apr 2025

https://github.com/oktsec/oktsec

Security layer for AI agent-to-agent communication. Every message is signed, inspected, and logged. If it doesn't comply, it doesn't pass. No LLM. No cloud. Single binary. Your infra, your data.

ai-agents audit ed25519 golang identity inter-agent mcp open-source proxy security

Last synced: 02 Apr 2026

https://github.com/weixian-zhang/fuzzie

A VSCode GUI-based fuzzer for Rest API and GraphQL

fuzzing python3 rest-api security vscode-extension

Last synced: 30 Dec 2025

https://github.com/ryandaniels/ansible-role-dnsmasq-adblock

Use dnsmasq for adblocking with OpenVPN. Use this Ansible role after installing OpenVPN (PiVPN or Streisand, etc) on a RaspberryPi or a VPS for example.

adblock ansible ansible-role dnsmasq openvpn privacy raspberry-pi security ubuntu vpn

Last synced: 10 Apr 2025

https://github.com/jenkinsci/defensics-plugin

Defensics plugin for Jenkins

security test

Last synced: 19 Jun 2025

https://github.com/vdlp/oc-csrf-plugin

Adds CSRF protection to October CMS frontend.

csrf october-cms october-plugin octobercms php security

Last synced: 12 Apr 2025

https://github.com/kyopark2014/aws-security-token-service

It shows how to generate and use temporary security credential using AWS STS.

aws aws-lambda aws-sdk lambda security temporary-credentials

Last synced: 12 Apr 2025

https://github.com/habilelabs/cvss-v3.1-react

React CVSS v3.1 Base Score Calculator

cvss cvssv3 reactjs security security-vulnerability

Last synced: 20 Jun 2025

https://github.com/ahliweb/awcms

AWCMS (AhliWeb Content Management System) — an enterprise-grade, multi-tenant, ABAC-secured CMS built with React, Supabase, and modern web architecture.

abac audit-log cloudflare cms cms-framework enterprise-cms headless-cms multi-tenant postgresql react rls saas security supabase vite workflow-engine

Last synced: 08 Mar 2026

https://github.com/hrchlhck/kubemon

A tool for distributed container monitoring over Kubernetes.

docker kubemon kubernetes monitoring-tool security

Last synced: 01 Apr 2026

https://github.com/rm3l/container-scan-to-sarif

Converts Azure Container Scan Action output to SARIF, for an easier integration with tools like GitHub Code Scanning

container-scanning go golang sarif sarif-report security

Last synced: 26 Mar 2025

https://github.com/geeknik/jwt-scanner

A tool for detecting JWT algorithm confusion vulnerabilities in web applications

bugbounty confusion infosec jwt scanner security

Last synced: 23 Jun 2025

https://github.com/fkie-cad/bidcos-security-doc

A documentation of the Bidcos (homematic) radio protocol with focus on practical security aspects

eq3 home-automation homematic security urh

Last synced: 06 May 2025

https://github.com/cihatsolak/net7-jwt-token

Main project is audience dependent on access to other api projects. I am providing information about the structure and architecture of the jwt token.

entity-framework-core jwt-token migration net7 nlayer-architecture security webapi

Last synced: 06 May 2025

https://github.com/jwhitt3r/SIEMEz

A open-source Django Security Incident and Event Management System

django incident-response python python3 security siem

Last synced: 12 Jul 2025

https://github.com/przemub/cysectool

CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph.

optimization security

Last synced: 17 Jan 2026

https://github.com/strmprivacy/data-plane-helm-chart

Care about your data leaving your VPC/environment in SaaS mode? With our self-hosted option you can run our privacy focused Data Plane in your own Kubernetes Cluster. Just (1) sign-up, (2) request a self-hosted installation, (3) use our values.yaml on your own k8s clusters and (4) run your (customer) data inside your own cloud like 🪄

charts data helm kubernetes privacy security

Last synced: 23 Jun 2025

https://github.com/petr-panteleyev/password-manager

Desktop application to keep passwords and other sensitive information

aes-256 desktop-application java java-24 javafx javafx-application password-manager security

Last synced: 29 Apr 2025

https://github.com/kerberjg/chillinode

Node.js-based captive portal system for Linux

captive-portal linux network-management nodejs openwrt security

Last synced: 11 Apr 2025

https://github.com/didjacome/modules.azure

This repository aims to have modules and scripts created for Microsoft Azure administration

accounts assessment azure engineer management powershell rbac resources security snapshot

Last synced: 17 Jan 2026

https://github.com/neurophant/ouija

Python relay/proxy server and library to build reliable encrypted TCP/UDP tunnels with entropy control for TCP traffic

asyncio censorship cipher encrypted entropy http https network proxy relay security tcp tunnel udp

Last synced: 04 May 2025

https://github.com/turbot/steampipe-mod-snowflake-compliance

Run individual controls or full compliance benchmarks across all of your Snowflake accounts using Powerpipe and Steampipe.

compliance hacktoberfest powerpipe powerpipe-mod security snowflake snowflakedb steampipe steampipe-mod

Last synced: 11 Jul 2025

https://github.com/zuazo/encrypted_attributes-cookbook

Chef cookbook to install and load chef-encrypted-attributes gem.

chef cookbook credentials devops encrypted-attributes encryption gcm keys passwords pki plugin secrets security

Last synced: 13 Apr 2025

https://github.com/angelej/php-insider

A simple static application security testing (SAST) tool for locating dangerous sinks in php applications.

appsec php sast security static-code-analysis whitebox

Last synced: 06 Apr 2026

https://github.com/sammcj/github-app-installation-token

Generates Github tokens using a Github App install

actions authentication security token workflow

Last synced: 10 Apr 2025

https://github.com/nearata/flarum-ext-twofactor

A Flarum extension. Allow your users to enable two factor authentication.

flarum flarum-extension security two-factor

Last synced: 10 Apr 2025

https://github.com/spiral/security

[READ ONLY] RBAC security layer based on NIST definition, role/rule/permission associations, bulletproof. Subtree split of the Spiral Security component (see spiral/framework)

nist rbac security spiral

Last synced: 28 Oct 2025

https://github.com/tankerhq/sdk-python

Tanker Python SDK - mirror of https://gitlab.com/TankerHQ/sdk-python

cryptography encryption end-to-end privacy python sdk security tanker

Last synced: 09 Sep 2025

https://github.com/sjinks/wp-login-logger

WordPress plugin to log login attempts

login security session session-management wordpress-plugin

Last synced: 10 Apr 2025

https://github.com/clouddrove/.github

Meta repository for all clouddrove repositories

azure clouddrove devops git github hacktoberfest security

Last synced: 22 Apr 2025

https://github.com/hn275/file-encryptor

a small cli tool for file encryption, written in Rust.

aes-encryption commandline cryptography gcm key-derivation-function scrypt security

Last synced: 14 Oct 2025

https://github.com/kolteq/validating-admission-policies-pss

Kubernetes Pod Security Standards implemented using Kubernetes Validating Admission Policies. Support of Enforce Baseline and Restricted profiles natively with configurable policy exclusions.

compliance kubeapt kubernetes pod-security pod-security-admission security validating-admission-policy

Last synced: 04 Feb 2026

https://github.com/soulteary/stargate

A minimal ForwardAuth gateway for Traefik and Nginx that handles login sessions and request access control. / 面向 Traefik 和 Nginx 的极简 ForwardAuth 鉴权网关,负责会话与访问控制。

auth authentication authorization enjoy-with-stargate forwardauth gateway nginx reverse-proxy security sso traefik

Last synced: 11 Feb 2026

https://github.com/venura9/manage-nsg

GitHub Action to Manage NSG Rules allowing public running deployment to resources secured by Azure NSGs

nsg security

Last synced: 06 Feb 2026

https://github.com/codeconut-ltd/wordpress-plugin-default-config

WordPress plugin with some hardcoded, opinionated defaults for enhanced security and frontend performance. Reduced feature set that might not work with all plugins. Only use if you know what you need.

composer configuration configuration-management default-project opinionated-defaults ph7 php phpcs phpcs-wordpress plugin security security-hardening wordpress wordpress-development wordpress-plugin wordpress-security wordpress-settings

Last synced: 08 Oct 2025

https://github.com/smoren/url-security-manager-php

Class for building, parsing, signing, signature checking, encrypting and decrypting URLs

encryption security url-builder url-parser

Last synced: 15 Apr 2025

https://github.com/z3ntl3/ddos-denier

DDOS-Denier is a tool designed to evaluate incoming server attacks based on CPU load and automatically take countermeasures. Intended for Cloudflare websites.

api bot cloudflare ddos security

Last synced: 16 Aug 2025

https://github.com/mtk911/mailinator-scraper

A powershell script to scrap mailinator without API for sensitive emails

mailinator powershell powershell-script scanner scraper security security-tools

Last synced: 03 Jul 2025

https://github.com/actalog/mongodump

🍃 GitHub Action for creating a binary export of a database's contents

actions backup database github-actions mongodb mongodump security

Last synced: 27 Feb 2026

https://github.com/kumuluz/kumuluzee-security

KumuluzEE Security extension for easy integration with OAuth2/OpenID identity and access management providers.

cloud-native java javaee kumuluzee microservices oauth2 openid-connect security

Last synced: 17 Oct 2025

https://github.com/exxeta/flutter-security-toolkit

Mobile Security Toolkit for Flutter

flutter security security-tools

Last synced: 23 Oct 2025

https://github.com/zdnk/authorized

🔐 Simple way to authorize user actions on resources for Vapor 3

authorization security server-side-swift swift swift4 vapor vapor-3 vapor-swift

Last synced: 26 Apr 2025

https://github.com/situ-vault/situ-vault

Simple toolbox for working with encrypted secrets

fyne golang kustomize-plugin secret-distribution secret-management security vault

Last synced: 14 Jan 2026

https://github.com/ebrasha/abdal-security-headers

Abdal Security Headers is a powerful WordPress plugin that enhances your website's security through HTTP security headers. It provides an easy-to-use interface for managing security policies and protecting against common web vulnerabilities.

abdal abdal-security-group ebrahim-shafiei ebrasha hsts security security-headers wordpress wordpress-plugin wp

Last synced: 26 Jan 2026

https://github.com/hxsecurity/dongtai-core

Provides the Django Model class that the DongTai project depends on, the Django API abstract class of the DongTai project, the vulnerability detection engine, constants, documents, etc.

applicationsecuritymonitoring devsecops django dongtai dongtai-iast security

Last synced: 26 Apr 2025

https://github.com/shaialon/express-csp-generator

Content Security Policy Generator, Powered by RapidSec

csp security

Last synced: 03 Sep 2025

https://github.com/jpcertcc/huiloader-research

HUI Loader analysis research

malware security

Last synced: 05 Feb 2026

https://github.com/12122j/mcpvet

MCP security scanner — vet a Model Context Protocol server before you add it to Claude Code, Cursor, or Windsurf. Grades it A–F, catching credential theft, tool-poisoning, and install-script payloads by running it in a sealed sandbox. Zero deps.

ai-agent ai-security anthropic claude claude-code cli cursor honeytoken llm-security mcp mcp-security mcp-server mcpvet model-context-protocol prompt-injection sandbox security security-scanner supply-chain-security vet

Last synced: 14 Jul 2026

https://github.com/sadhasivamx/boar-hunting-yolov8

YoloV8-based boar detection system with Arduino-triggered buzzer for enhanced security.

arduino artificial-intelligence computer-vision custom machinelearning security yolov8

Last synced: 07 Oct 2025

https://github.com/sap-samples/btp-sac-forecast

This scenario is primarily intended to empower data driven decisions through analytics forecast using SAP Analytics Cloud, BTP extension application and SAP Build Work Zone, standard edition.

cloud-foundry sample sample-code sap-analytics-cloud sap-btp sap-build-work-zone-standard-edition sap-cap sap-hana-cloud security story

Last synced: 06 Feb 2026

https://github.com/nimdy/selks-install-from-source

How to install SELKS in Azure and AWS cloud services and pretty much anywhere with a internet connection

aws azure elasticsearch how-to kibana logstash monitoring network nsm security suricata

Last synced: 11 Mar 2026

https://github.com/alexfrancow/gomitm

:construction: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers written in go.

go golang http https martian mitm proxy security tcp

Last synced: 14 Oct 2025

https://github.com/kos0ng/cves

Repository regarding my security research

cve exploit security

Last synced: 28 Jul 2025

https://github.com/m-mizutani/aws-honeypot-templates

CloudFormation templates of low interaction honeypot on AWS

cloudformation honeypot security

Last synced: 27 Apr 2025

https://github.com/rulilg/litic

JS library to perform technical SEO and best practices analysis to your projects.

accessibility best-practices security seo technical-seo web-development

Last synced: 13 Oct 2025

https://github.com/mrcgrtz/create-security-txt

🔏 Create an RFC 9116 compliant security.txt file.

nodejs rfc-9116 security security-tools security-txt

Last synced: 25 Aug 2025

https://github.com/picobaz/pybruteforge

PyBruteForge: A powerful Python brute-force login tester for ethical security audits. Forge attacks with smart password patterns and CSV logging via a modular API-driven design. Strengthen your defenses—test ethically!

bruteforce cybersecurity ethical-hacking login-tester password-audit penetration-testing python security web-security

Last synced: 23 Oct 2025

https://github.com/nikanique/spring-rest-framework

Spring REST Framework (SRF) is a powerful library for Spring applications that brings the simplicity and flexibility of Django's REST Framework to Spring. SRF streamlines API development with powerful serialization, flexible filters, and seamless integration.

api cqrs data-jpa dto filter generator rest-api security serialization spring spring-boot validation

Last synced: 14 Jan 2026