An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/hammackj/kekkan

Kekkan is a parser for NIST Version 2 CVE and CPE XML files.

nvd2 ruby security xml-parser

Last synced: 17 Mar 2026

https://github.com/chitinhq/shellforge

🔥 Forge local AI agents. Governed. Private. Unstoppable. — Ollama + AgentGuard + OpenShell + DefenseClaw

agentguard agentic-ai ai-agents apple-silicon defenseclaw governance local-llm ollama openshell security

Last synced: 19 Apr 2026

https://github.com/martinpankraz/sap-hacker-in-a-day

Content supporting the DSAG workshop "SAP hacker in a day" 3rd December 2024

azure entra-id hands-on-lab identity mfa-bypass red-teaming sap sap-hack security

Last synced: 19 Apr 2026

https://github.com/tink-crypto/tink-java-awskms

Extension to Tink Java that provides AWS-KMS integration

aws-kms crypto cryptography java security

Last synced: 27 Jan 2026

https://github.com/cisagov/cool-sharedservices-cdm

Terraform code to create a site-to-site VPN tunnel between the COOL and the CISA CDM (Continuous Diagnostics and Mitigation) environment, as well as some related resources to feed COOL logging data to CDM.

cdm cisa security

Last synced: 14 Oct 2025

https://github.com/geeklearningio/bouncer

Highly Configurable Authorization Model

acl aspnet-core authorization dotnet dotnet-core security

Last synced: 28 Apr 2025

https://github.com/retr0kr0dy/malloc-bomb

Presenting the latest Linux bomb exploit: not a fork but a malloc-based threat. Delve into the intricacies of this novel vulnerability.

coding cybersecurity denial-of-service dos exploit forkbomb hacking infosec linux malloc pentesting security system-exploitation vulnerability

Last synced: 18 Jun 2026

https://github.com/radlab-dev-group/llm-router

LLM Router is a service that can be deployed on‑premises or in the cloud. It adds a layer between any application and the LLM provider. In real time it controls traffic, distributes a load among providers of a specific LLM, and enables analysis of outgoing requests from a security perspective (masking, anonymization, prohibited content).

automation cloud genai llm llm-balancing llm-gateway llm-gateway-system llm-router llm-router-models llm-router-plugins load-balancing local-llm local-llm-integration model-management on-prem pii prometheus rest-api security

Last synced: 14 May 2026

https://github.com/bad-antics/n01d-machine

🔒 n01d Machine - Secure Cross-Platform Virtual Machine Manager with Sandboxing, Tor, VPN & Network Isolation

privacy qemu rust sandbox security tauri tor virtualization vm vpn

Last synced: 08 Feb 2026

https://github.com/esc4icescesc/dmap

Distributed mapping of internet infrastructure

analytics collaboration rust rust-lang scanner security security-tools

Last synced: 04 Mar 2026

https://github.com/tonikelope/passport-trace-attack

Proof of concept of traceability attack against e-passport

epassport passport security traceability

Last synced: 23 Apr 2026

https://github.com/conijnio/aws-security-posture

Keep a historic overview of your compliance scores per workload

compliance security

Last synced: 05 Mar 2026

https://github.com/bocaletto-luca/pysecscope

PySecScope Author: Bocaletto Luca PySecScope is a comprehensive Linux enumeration tool with a Tkinter-based graphical user interface. Inspired by LinEnum, this tool gathers system, user, network, and service information, along with detailed security checks, and generates reports in multiple formats (Text, JSON, CSV). English and Italian languages.

admin-tool bocaletto-luca information-services linenum-expired linux multilanguage network pysecscope python real-time reports scan-modules security security-tools system-tools tkinter

Last synced: 25 Oct 2025

https://github.com/tink-crypto/tink-java-gcpkms

Extension to Tink Java that provides Google Cloud KMS integration

crypto cryptography gcp-kms google-cloud-kms java security

Last synced: 27 Jan 2026

https://github.com/webmd-health-services/carbon.cryptography

Cross-platform PowerShell module that makes encrypting and decrypting strings (using standard cryptographic algorithms) and managing certificates easy.

aes-crypto aes-encryption certificates cryptography dpapi powershell powershell-core powershell-module rsa-cryptography rsa-encryption securestring security x509 x509certificates

Last synced: 15 Oct 2025

https://github.com/shopstack-projects/shopstack-security-hmac

Authenticate Shopify requests using the provided HMAC.

authentication hmac security shopify shopify-apps

Last synced: 08 Oct 2025

https://github.com/dev-sec/cnspec-collection-baselines

DevSec Security Baselines provide battle tested hardening checks for Linux, SSH, nginx, MySQL in cnspec

hardening security

Last synced: 31 Aug 2025

https://github.com/bsm/httpx

Useful and opinionated helpers for building secure HTTP services

chi golang http internal security

Last synced: 28 Feb 2026

https://github.com/kukoboris/ubuntu-security-setup

Скрипт для автоматизированной настройки безопасности и оптимизации серверов Ubuntu

bash-script hardening security server-setup ubuntu

Last synced: 29 Apr 2026

https://github.com/mahaloz/mahaloz.re

My hacking blog: https://mahaloz.re

decompilers security vuln-analysis

Last synced: 08 Feb 2026

https://github.com/discourse/ruby-landlock

Landlock bindings for Ruby

landlock linux sandbox security

Last synced: 25 Jun 2026

https://github.com/byxor/passflip

Lightweight password manager that doesn't store anything

password-manager python3 security

Last synced: 24 Oct 2025

https://github.com/v-checha/openiframe

Build Iframe. Ignore X-Frame-Options, Content-Security-Policy, X-Content-Type-Options, X-Xss-Protection etc.

content-security-policy iframe iframe-api protection security security-policy x-content-security-policy x-content-type-options x-frame-options

Last synced: 13 Oct 2025

https://github.com/airlock/microgateway-running-example

Running example of Airlock Microgateway, a Kubernetes-native WAAP (Web Application and API Protection) solution

airock devops ergon gateway-api k8s kubernetes microgateway oidc openapi security waap waf

Last synced: 22 Apr 2025

https://github.com/goafabric/callee-service

🌱 Very tiny SPRING Service without Persistence - Also includes a native image build

aspect native oidc openapi prometheus rest-api security spring-boot tracing

Last synced: 04 Mar 2026

https://github.com/abhinandan-khurana/vulncon_2021

A fully-responsive website for the International Cyber Security Conference and a 24-hour Jeopardy-style CTF: VULNCON 2021, organised by the open source Cyber Security Community "N00B_4rMY" annually.

conference ctf cybersecurity infosec international security

Last synced: 14 Feb 2026

https://github.com/thresher-sh/thresher

OSS Projects are cool, vulnerabilities and threats arent. AI scan environment for scanning OSS projects for threats, malware, security issues.

ai ai-agents entropy malware malware-analysis scanning security supply-chain-security vulnerability

Last synced: 04 Apr 2026

https://github.com/0xjjpa/deniable-website

👀 deniable.website / An usage example of Web Cryptography API

cryptography security web

Last synced: 23 Feb 2026

https://github.com/grantseltzer/prism

Container based binary analysis tool

binary-analysis containers prism security snapshot

Last synced: 15 Feb 2026

https://github.com/gensecaihq/kubekavach

Developer-first K8s security scanner with instant pod replay. Debug prod issues locally in seconds. AI-powered explanations. CERT-IN compliant for Indian orgs.

cert-in container cybersecurity india kubernetes kubernetes-cluster security

Last synced: 09 Oct 2025

https://github.com/dryewo/fahrscheine-bitte

Clojure library for checking OAuth2 access tokens

access-token api clojure compojure oauth2 security swagger1st

Last synced: 22 Apr 2025

https://github.com/jonzeolla/lab-securitydataanalysis

An introductory lab to Security Data Analysis (using Apache Metron (incubating)).

apache-metron data-analysis lab metron security

Last synced: 03 Jul 2025

https://github.com/indspl0it/blue-tap

Blue-Tap is a comprehensive Bluetooth and BLE penetration testing toolkit designed specifically for security assessments of automotive In-Vehicle Infotainment (IVI) systems. It provides a complete attack lifecycle — from passive device discovery through active exploitation, data extraction, and automated report generation.

ble bluetooth fuzzing ivi pentesting security vulnerability-research

Last synced: 17 Apr 2026

https://github.com/nozaq/security-organizations-jp

日本国内のセキュリティ関連機関・団体をまとめていきます。

compliance cybersecurity security threat-intelligence vulnerabilities

Last synced: 29 Jan 2026

https://github.com/computer-lab/ctf

Computer Lab CTF

ctf hacking security wargame

Last synced: 11 Mar 2025

https://github.com/e3prom/kryptoxin

A security-oriented payload encryption tool written in Python.

aes cryptography encryption encryptor penetration-testing pentesting programming red-team security

Last synced: 13 May 2025

https://github.com/woile/gopass-presentation

Use this to spread information about gopass

gopass secrets security

Last synced: 19 Jan 2026

https://github.com/maldevel/misc

Miscellaneous scripts, code and other random stuff

hardening it linux miscellaneous security

Last synced: 16 Mar 2026

https://github.com/e-zk/page

password manager using age for encryption

age encryption go password-manager secrets security

Last synced: 14 Jan 2026

https://github.com/aegisjsproject/component

Base component using `@shgysk8zer0/aegis` & `@shgysk8zer0/aegis-styles`

aegis constructable-stylesheets custom-elements sanitizer-api security web-components

Last synced: 23 Oct 2025

https://github.com/yoozzeek/actix-csrf-middleware

CSRF protection middleware for Actix Web. Supports double submit cookie and synchronizer token patterns (with actix-session).

actix actix-web csrf csrf-protection middleware rust security web

Last synced: 30 May 2026

https://github.com/EricR/solanalyzer

SolAnalyzer is a static analyzer for the Solidity programming language, with a focus on finding security bugs.

ethereum security solidity static-analysis

Last synced: 21 Oct 2025

https://github.com/mikebionic/smart-iot

An IoT system tools with remote control rest-api and automation

arduino automation image-processing iot master-slave-architecture orangepi python raspberrypi rest-api security

Last synced: 09 Apr 2025

https://github.com/neocky/it-security-for-humans

:guard: IT Security Guidelines for Humans written in an understandable language with examples

cybersecurity it-security security security-tools system-administration zero-trust zero-trust-network

Last synced: 01 Mar 2026

https://github.com/stormsinbrewing/savvy-devsecops

GitHub native DevSecOps CI/CD best practices include automated security testing, code analysis, and policy enforcement using GitHub Actions, coupled with secure IaC and container security measures. This entails managing secrets, enforcing access control, and implementing incident response and monitoring, all while fostering continuous learning.

aws build codeql dependab devops devsecops docker github github-actions kubernetes nodejs renovate sast security

Last synced: 01 Jun 2026

https://github.com/celenityy/better-vanadium

My recommendations for the ultimate configuration of the Vanadium web browser to maximize privacy, security, and usability. :)

ads android android-application anti-fingerprinting anti-tracking aosp aosp-android chromium chromium-browser divested grapheneos hardened hardening mulch privacy privacy-protection security security-hardening tracking vanadium

Last synced: 04 Aug 2025

https://github.com/zapalm/auto-indexer

PHP auto indexer: the tool against directory traversal security vulnerability. It recursively adds a index.php file in all given directories.

cli-utility directory-traversal-vulnerability hacktoberfest php-library security vulnerability

Last synced: 24 Apr 2025

https://github.com/bootique/bootique-shiro

Provides Apache Shiro integration with Bootique.

bootique java security shiro

Last synced: 19 Oct 2025

https://github.com/shemul/dns-over-tls

A DNS over TLS proxy that accepts simple (conventional) DNS requests and proxy it to a DNS servers running with DNS over TLS (DoT)

dns dns-over-tls docker golang security

Last synced: 18 Jan 2026

https://github.com/d4rklynk/simpleprivacy.fr

Voici mon site web. Il est dédié à regagner sa vie privée sur Internet, compréhensible pour les personnes qui n'ont pas de connaissances en informatique.

hugo privacy security

Last synced: 24 Apr 2025

https://github.com/lirantal/serverless-goof-azure

Oreilly's Serverless security example application - serverless-goof todo app

owasp security serverless snyk

Last synced: 23 Apr 2025

https://github.com/elektro-wolle/check-certs

Simple checker for new certificates for a given set of domain-names

monitoring security tls-certificate

Last synced: 15 Apr 2026

https://github.com/mrcrunchybeans/youth-secure-checkin

A secure, flexible check-in/check-out system for youth organizations including Trail Life, scouting groups, churches, schools, and community programs. Features family management, event tracking, QR code checkout, label printing, and comprehensive security controls.

check-in-out ministry security

Last synced: 12 Feb 2026

https://github.com/nwestfall/netsparkerscanrunner

Quickly and easily a Netsparker Scan using your Netsparker Cloud Account

netsparker node scan security

Last synced: 14 Apr 2025

https://github.com/azure/vscode-osconfig

This extension provides a rich authoring experience for Azure Device OS Configuration documents.

azure azure-iot azure-osconfig desired-state-configuration edge-security security vscode vscode-extension

Last synced: 04 Sep 2025

https://github.com/maandree/autopasswd

Reproducable password generator

password-generator security

Last synced: 12 Jul 2026

https://github.com/moolen/secco

:shield: auto-generate seccomp profiles for Kubernetes

ebpf kubernetes seccomp security

Last synced: 04 Feb 2026

https://github.com/msdousti/owasp-java

A seriously flawed Java project for teaching "OWASP Top 10 - 2017" concepts.

css intellij-idea java javascript jsp maven mysql owasp-top-10 payara-server security servlet web

Last synced: 07 Oct 2025

https://github.com/severityc/discord-2fa-receiver

This script receives Discord 2FA codes and outputs it via terminal. It refreshes the available codes for people to use for their Discord account.

2024 2fa 2fa-bypass 2fa-client-python 2fa-codes 2fa-receiver 2fabypass 2factor beta codes cybersecurity discord discord-2fa discord-script online-safety python safety security topt

Last synced: 09 Apr 2025

https://github.com/theshantanupandey/jaku

JAKU (呪) — Autonomous Security & Quality Intelligence Agent for vibe-coded apps. XSS, SQLi, prompt injection, QA testing, and attack chain correlation in one command.

ai-security dast penetration-testing playwright prompt-injection qa-automation security testing vulnerability-scanner

Last synced: 14 Jul 2026

https://github.com/geeknik/ctfuzz

Content-type differential fuzzer written in Go.

bug-bounty go research security

Last synced: 14 Jul 2026

https://github.com/amkisko/grape_rails_logger.rb

Unified, Rails-compatible JSON request logging for Grape APIs with ActiveRecord timing, parameter filtering, and structured context.

activerecord grape logging monitoring rails security structured-logging

Last synced: 15 Apr 2026

https://github.com/vijayymmeena/passwordx

Use the cli to generate strong passwords or add them to nodejs projects

nodejs password-generator security

Last synced: 05 Jul 2025

https://github.com/jakejarvis/careful-downloader

🕵️‍♀️ Downloads a file and its checksums, validates the hash, and optionally extracts it if safe.

checksum download extract file hash javascript npm security

Last synced: 03 Jul 2025

https://github.com/keywaysh/cli

Keyway CLI - Sync secrets with your team and infra

cli devtools secrets-management security

Last synced: 17 Mar 2026

https://github.com/joxit/dns-server

Block ads and malwares at DNS level with your private DNS Server

dns dns-over-https dns-over-tls dns-server privacy rust rust-lang security security-tools

Last synced: 14 May 2026

https://github.com/authzed/workshops

The repository for self-guided SpiceDB workshops

ai authorization permissions security spicedb

Last synced: 10 Aug 2025

https://github.com/coding-hui/iam

IAM - Identity and access management system, cloud native friendly, multiple authentication methods

cloud gin golang iam oauth2 security

Last synced: 12 Apr 2025

https://github.com/mathix420/nimingcypher

Encryption module for instant messaging :eagle:

messaging python3 security

Last synced: 10 Apr 2025

https://github.com/tijme/blog-v2

My blog about cyber security, hacking, software engineering and much more.

blog cyber hacking jekyll programming redteam security tiber

Last synced: 12 Aug 2025

https://github.com/alisaduncan/angular-owasp-secure-coding

Code for Pluralsight course "Secure Coding with OWASP in Angular"

angular security

Last synced: 30 Oct 2025

https://github.com/codenoid/elixir-two-factor-auth

Library for generating QR-Code, Random Secret and Verify Time Based Password

2fa-security password security two-factor-authentication

Last synced: 15 Sep 2025

https://github.com/rootsami/ratkiez

A CLI tool to rat on all AWS keys with creation date, last used date, and attached policies.

aws awscli keys scan security

Last synced: 01 Aug 2025

https://github.com/volkansah/sqlp-edu

Example Python script that demonstrates a simple example of a Cross-Site Scripting (XSS) exploit for educational purposes only. This script is intended to be used responsibly, for learning and understanding the security implications of XSS attacks, and should not be used for any illegal or unethical activities.

bypass cross-site-scripting ehtical-hacking-tools exploit exploitation explotation hacking hacking-tool hacking-tools penetration-testing pentesting phishing python security sql-xss vulnerability xss xss-attacks xss-exploitation xss-injection

Last synced: 11 Jul 2025

https://github.com/turbot/steampipe-mod-oci-compliance

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS across all of your Oracle Cloud Infrastructure accounts using Powerpipe and Steampipe.

cis cis-benchmark compliance hacktoberfest oci oracle-cloud oracle-cloud-infrastructure powerpipe powerpipe-mod security sql steampipe steampipe-mod

Last synced: 06 Mar 2026

https://github.com/andrea11/openv

openv a tool to automatically load secrets from .env files using 1password CLI under the hood

1password secrets security

Last synced: 08 Aug 2025

https://github.com/center-key/bookstore

Grails 3.0 sample application

grails groovy sample security starter-template

Last synced: 07 May 2025

https://github.com/anderseknert/opa-sign-verify

Demo of OPA bundle signature creation and verification

bundle-signing bundle-verification bundles opa open-policy-agent security

Last synced: 07 Sep 2025

https://github.com/5gsec/security-intents

Repository to hold security intents in standard template format.

5g blueprints intents k8s kubernetes o-ran security

Last synced: 14 Aug 2025

https://github.com/illdefined/sensitive

Simple Rust memory allocator for sensitive information

memory-allocator security

Last synced: 13 Apr 2025