Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/euphrat1ca/security-list

If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中,如果有什么好的意见或建议,请在Issues反馈,感谢您的参与。

checklist geek kali security

Last synced: 27 Jan 2026

https://github.com/euphrat1ca/Security-List

If you have any good suggestions or comments during the search process, please feedback some index experience in issues. Thank you for your participation.查阅过程中,如果有什么好的意见或建议,请在Issues反馈,感谢您的参与。

checklist geek kali security

Last synced: 02 Apr 2025

https://github.com/cr0hn/dockerscan

Docker security analysis & hacking tools

docker docker-registry hacking registry scan security

Last synced: 15 May 2025

https://github.com/FSecureLABS/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 17 Aug 2025

https://aquasecurity.github.io/starboard/

Superseded by https://github.com/aquasecurity/trivy-operator

cloud-native custom-resource-definition kubernetes security starboard

Last synced: 08 May 2025

https://github.com/aquasecurity/starboard

Superseded by https://github.com/aquasecurity/trivy-operator

cloud-native custom-resource-definition kubernetes security starboard

Last synced: 12 May 2025

https://github.com/libressl/portable

LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.

c cryptography libressl openbsd openssl security ssl tls

Last synced: 11 Apr 2025

https://github.com/susam/mintotp

Minimal TOTP generator in 20 lines of Python

2fa cryptography hotp minimalist python3 security totp

Last synced: 14 May 2025

https://github.com/eliotsykes/rails-security-checklist

:key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

checklist rails rails-security rails-security-checklist ruby-on-rails security security-audit security-hardening

Last synced: 08 Apr 2025

https://github.com/reverseclabs/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 16 May 2025

https://github.com/ReversecLabs/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 10 May 2025

https://github.com/invariantlabs-ai/mcp-scan?tab=readme-ov-file

Constrain, log and scan your MCP connections for security vulnerabilities.

agent ai mcp modelcontextprotocol security

Last synced: 20 Jan 2026

https://github.com/webpwnized/mutillidae

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

10 application appsec cybersecurity owasp owasp-top-10 penetration-testing security top training web

Last synced: 14 May 2025

https://github.com/raikia/fiercephish

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

email hacking netsec phishing security

Last synced: 08 Apr 2025

https://github.com/Raikia/FiercePhish

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

email hacking netsec phishing security

Last synced: 02 Apr 2025

https://github.com/andrewjkerr/security-cheatsheets

🔒 A collection of cheatsheets for various infosec tools and topics.

bash cheatsheets security

Last synced: 14 Feb 2026

https://github.com/openclarity/openclarity

OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure

cloud exploits kubernetes leaked-secrets malware rootkits sbom scanner security supply-chain virtual-machine vulnerabilities

Last synced: 15 Dec 2025

https://github.com/jeffzh3ng/fuxi

Penetration Testing Platform

penetration-testing pentest-tool security vulnerability

Last synced: 16 May 2025

https://github.com/scito/extract_otp_secrets

Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.

2fa csv google-authenticator json mfa otp otpauth proto3 protobuf python qr-codes qrcode recovery security security-tools standwithukraine tfa totp two-factor two-factor-authentication

Last synced: 14 May 2025

https://github.com/Aabyss-Team/ARL

ARL官方仓库备份项目:ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。

arl cyber-security security security-tools

Last synced: 05 Apr 2025

https://github.com/tnballo/high-assurance-rust

A free book about developing secure and robust systems software.

book reliability rust security systems-programming

Last synced: 08 Apr 2025

https://github.com/aws-cloudformation/cloudformation-guard

Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0

cfn-guard cloudformation compliance governance k8s policy-as-code policy-rule-evaluation security terraform

Last synced: 13 May 2025

https://github.com/WithSecureLabs/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 26 Mar 2025

https://github.com/withsecurelabs/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 08 Apr 2025

https://github.com/trycompai/comp

AI Native platform to get companies compliant - Vanta & Drata Alternative

ai audit authjs compliance drata gdpr iso27001 nextjs open open-source prisma security soc2 t3-stack tailwindcss turborepo vanta zod

Last synced: 01 Apr 2026

https://github.com/bit4woo/python_sec

python安全和代码审计相关资料收集 resource collection of python security and code review

code-review dangerous-python-functions django python python-django python-security security

Last synced: 16 May 2025

https://github.com/dockovpn/dockovpn

🔐 Out of the box stateless openvpn-server docker image which starts in less than 2 seconds

docker docker-image inmemory openvpn openvpn-server out-of-the-box security stateless vpn vpn-server

Last synced: 15 May 2025

https://github.com/circl/ail-framework

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project

ail-framework analysis data-mining information-leak information-security leak privacy security security-incidents

Last synced: 14 May 2025

https://github.com/fkie-cad/fact_core

Firmware Analysis and Comparison Tool

firmware-analysis firmware-tools security security-automation

Last synced: 14 May 2025

https://github.com/wellyshen/react-cool-starter

😎 🐣 A starter boilerplate for a universal web app with the best development experience and a focus on performance and best practices.

boilerplate code-splitting css-modules es6 express jest performance react react-hooks react-router redux redux-toolkit security server-side-rendering starter testing-library-react typescript unit-testing universal webpack

Last synced: 15 May 2025

https://fkie-cad.github.io/FACT_core/

Firmware Analysis and Comparison Tool

firmware-analysis firmware-tools security security-automation

Last synced: 01 Apr 2025

https://github.com/infobyte/evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.

evilgrade fake mitm payload penetration pentest security update

Last synced: 16 May 2025

https://github.com/yampelo/beagle

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.

dfir digital-forensics forensic-analysis graph incident-response security threat-hunting

Last synced: 15 May 2025

https://github.com/jon-becker/heimdall-rs

Heimdall is an advanced EVM smart contract toolkit specializing in bytecode analysis and extracting information from unverified contracts.

cfg decoder decompiler disassembler eth ethereum evm rust security solidity toolkit yul

Last synced: 14 May 2025

https://github.com/CIRCL/AIL-framework

AIL framework - Analysis Information Leak framework. Project moved to https://github.com/ail-project

ail-framework analysis data-mining information-leak information-security leak privacy security security-incidents

Last synced: 14 Apr 2025

https://github.com/TakeScoop/SwiftyRSA

RSA public/private key encryption in Swift

encryption ios mobile rsa security swift tvos watchos

Last synced: 02 Aug 2025

https://github.com/alphasoc/flightsim

A utility to safely generate malicious network traffic patterns and evaluate controls.

intrusion-detection monitoring security testing-tools

Last synced: 08 Apr 2025

https://github.com/aserto-dev/topaz

Cloud-native authorization for modern applications and APIs

abac access-control api authorization cloud-native golang opa rbac rebac security zanzibar

Last synced: 30 Jan 2026

https://github.com/takescoop/swiftyrsa

RSA public/private key encryption in Swift

encryption ios mobile rsa security swift tvos watchos

Last synced: 14 May 2025

https://github.com/netflix/hubcommander

A Slack bot for GitHub organization management -- and other things too

bot chatops github privileges python security slack slack-bot travis-ci

Last synced: 08 Apr 2025

https://github.com/Jon-Becker/heimdall-rs

Heimdall is an advanced EVM smart contract toolkit specializing in bytecode analysis and extracting information from unverified contracts.

cfg decoder decompiler disassembler eth ethereum evm rust security solidity toolkit yul

Last synced: 25 Mar 2025

https://github.com/Netflix/hubcommander

A Slack bot for GitHub organization management -- and other things too

bot chatops github privileges python security slack slack-bot travis-ci

Last synced: 03 Apr 2025

https://github.com/open-source-labs/Spearmint

Testing, simplified. || An inclusive, accessibility-first GUI for generating clean, semantic Javascript tests in only a few clicks of a button.

accessibility axe-core darkmode electron endpoint-testing enzyme hooks jest open-source puppeteer react security test-driven-development testing testing-tools vue web-accessibility

Last synced: 11 Mar 2025

https://github.com/tillson/git-hound

Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos and orgs.

bugbounty git githound github osint secrets security security-tools

Last synced: 12 Apr 2025

https://github.com/open-source-labs/spearmint

Testing, simplified. || An inclusive, accessibility-first GUI for generating clean, semantic Javascript tests in only a few clicks of a button.

accessibility axe-core darkmode electron endpoint-testing enzyme hooks jest open-source puppeteer react security test-driven-development testing testing-tools vue web-accessibility

Last synced: 15 May 2025

https://github.com/cisagov/log4j-scanner

log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

cve-2021-44228 cve-2021-45046 log4j security security-tools

Last synced: 28 Sep 2025

https://github.com/k8gege/k8cscan

K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

cobalt-strike crack exploit ftp getshell hacking ipc mssql mysql netscan oracle password pentest poc portscan scanner security smb subdomain wmi

Last synced: 16 May 2025

https://github.com/ion28/bluespawn

An Active Defense and EDR software to empower Blue Teams

active-defense anti-virus blue-team edr mitre-attack security security-tools threat-hunting windows

Last synced: 16 May 2025

https://github.com/honmashironeko/ProxyCat

一款部署于云端或本地的代理池中间件,可将静态代理IP灵活运用成隧道IP,提供固定请求地址,一次部署终身使用

cyber-security cyber-security-tool proxy proxypool security security-tools

Last synced: 21 Oct 2025

https://github.com/nette/latte

☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

content-aware html latte nette nette-framework php safety security security-hole template-engine xss

Last synced: 02 Apr 2026

https://github.com/aquasecurity/trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

devsecops github-actions scanner scanning security tools vulnerability

Last synced: 01 Apr 2026

https://github.com/k8gege/K8CScan

K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动

cobalt-strike crack exploit ftp getshell hacking ipc mssql mysql netscan oracle password pentest poc portscan scanner security smb subdomain wmi

Last synced: 13 Mar 2025

https://github.com/ION28/BLUESPAWN

An Active Defense and EDR software to empower Blue Teams

active-defense anti-virus blue-team edr mitre-attack security security-tools threat-hunting windows

Last synced: 30 Mar 2025

https://github.com/adysec/nuclei_poc

Nuclei POC,每日更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有19w+POC,已校验格式的有效性并去重(验证的是格式的有效性)

daily exploit exploits fingerprint hack-tools hacker hacking nuclei nuclei-templates poc scanner security security-scanner

Last synced: 16 May 2025

https://github.com/miguelgrinberg/Flask-HTTPAuth

Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

authentication flask flask-httpauth python security tokens

Last synced: 15 Mar 2025

https://github.com/miguelgrinberg/flask-httpauth

Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

authentication flask flask-httpauth python security tokens

Last synced: 09 Apr 2025

https://github.com/php-casbin/php-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .

abac access-control acl auth authorization framework middlewares permission php rbac roles security

Last synced: 13 May 2025

https://github.com/simeononsecurity/windows-optimize-harden-debloat

Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.

automation cyber debloat debotnet harden hardening hardware-requirements microsoft mitigations privacy privacy-script security stig-compliant stigs telemetry windows windows-10 windows-defender windows-desktop windows10

Last synced: 14 May 2025

https://github.com/dhavalkapil/heap-exploitation

This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.

book heap security

Last synced: 16 May 2025

https://github.com/DhavalKapil/heap-exploitation

This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.

book heap security

Last synced: 13 Mar 2025

https://github.com/coreinfrastructure/best-practices-badge

🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)

badge best-practices floss foss open-source openssf ossf rails security supply-chain

Last synced: 14 May 2025

https://github.com/square/sudo_pair

Plugin for sudo that requires another human to approve and monitor privileged sudo sessions

authentication compliance linux pairing pam rust security sudo

Last synced: 15 May 2025

https://github.com/simeononsecurity/Windows-Optimize-Harden-Debloat

Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.

automation cyber debloat debotnet harden hardening hardware-requirements microsoft mitigations privacy privacy-script security stig-compliant stigs telemetry windows windows-10 windows-defender windows-desktop windows10

Last synced: 09 Apr 2025

https://github.com/guyoung/captfencoder

Captfencoder is opensource a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.

cipher crypto ctf cybersecurity decode decoder electron encode encoder fltk hacking-tool hash misc network-security opensource rust security security-tools toolkit

Last synced: 16 May 2025

https://github.com/vincentcox/bypass-firewalls-by-dns-history

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

bugbounty bypassing dns-record network-security security security-tools

Last synced: 16 May 2025

https://github.com/al0ne/suricata-rules

Suricata IDS rules 用来检测红队渗透/恶意行为等,支持检测CobaltStrike/MSF/Empire/DNS隧道/Weevely/菜刀/冰蝎/挖矿/反弹shell/ICMP隧道等

ids security signatures suricata suricata-rule

Last synced: 18 Feb 2026

https://github.com/codingo/interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread

Last synced: 08 Apr 2025

https://github.com/fkie-cad/FACT_core

Firmware Analysis and Comparison Tool

firmware-analysis firmware-tools security security-automation

Last synced: 04 May 2025

https://github.com/3ndg4me/autoblue-ms17-010

This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

eternal-blue-exploits hacking hacktoberfest python security

Last synced: 08 Apr 2025

https://github.com/codingo/Interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

bugbounty cidr-notation enumeration hacking hacking-tool linux multithreading oscp oscp-tools penetration-testing security security-tools service-enumeration thread

Last synced: 07 Apr 2025

https://github.com/guyoung/CaptfEncoder

Captfencoder is opensource a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.

cipher crypto ctf cybersecurity decode decoder electron encode encoder fltk hacking-tool hash misc network-security opensource rust security security-tools toolkit

Last synced: 13 Mar 2025

https://github.com/vernu/vps-audit

lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers.

auditi bash ci-cd debian devops ec2 infrastructure linux monitoring opensource performance-monitoring security security-audit security-tools server shell system-administration ubuntu vps

Last synced: 14 May 2025

https://github.com/php-casbin/php-casbin?utm_source=gold_browser_extension

An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .

abac access-control acl auth authorization framework middlewares permission php rbac roles security

Last synced: 25 Mar 2025

Security Awesome Lists
the-book-of-secret-knowledge 74 Awesome-Hacking 85 awesome-security 330 awesome-web-security 405 awesome-ctf 220 awesome-hacker-search-engines 549 android-security-awesome 228 awesome-privacy 1,018 awesome-incident-response 218 Awesome-WAF 175 DevSecOps 184 awesome-security-hardening 205 awesome-infosec 215 awesome-cybersecurity-blueteam 252 WebHackersWeapons 431 backend-cheats 961 awesome-sec-talks 265 awesome-vehicle-security 222 awesome-api-security 202 awesome-nodejs-security 210 awesome-game-security 92 awesome-iot-hacks 70 awesome-cloud-security 154 awesome-embedded-and-iot-security 131 alternative-frontends 119 awesome-iam 249 DevSecOps 48 awesome-golang-security 34 Awesome-Cybersecurity-Datasets 54 Awesome-FL 2,808 awesome-windows-domain-hardening 70 Crypto-OpSec-SelfGuard-RoadMap 473 awesome-azure-architecture 299 osx-and-ios-security-awesome 57 awesome-executable-packing 754 awesome-llm-security 101 awesome-aws-security 168 awesome-ethereum-security 81 awesome-vulnerable-apps 95 awesome-lists 737 awesome-he 90 Awesome-Jailbreak-on-LLMs 353 MobileHackersWeapons 73 awesome-security-GRC 81 awesome-anti-forensic 143 security-apis 112 awesome-python-security 35 awesome-opa 222 graph-adversarial-learning-literature 314 awesome-runners 36
Security Categories
Uncategorized 4,258 fl in top-tier journal 3,147 :books: Literature 2,467 Tools 1,399 fl in top ml conference and journal 1,269 Pentesting 1,174 Attack 1,047 Operating Systems 1,013 Other Lists 707 Papers 518 Weapons 512 Resources 487 Threat Hunting: 480 **Мероприятия** 466 fl in top ai conference and journal 460 fl in top cv conference and journal 452 Malware Analysis 430 Defense 428 Adversarial Examples for Machine Learning 405 fl on graph data and graph neural networks 404