Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/vincentcox/bypass-firewalls-by-DNS-history

Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.

bugbounty bypassing dns-record network-security security security-tools

Last synced: 08 Apr 2025

https://github.com/newaetech/chipwhisperer

ChipWhisperer - the complete open-source toolchain for side-channel power analysis and glitching attacks

chipwhisperer security side-channel

Last synced: 10 Apr 2025

https://github.com/damienbod/angular-auth-oidc-client

npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow

angular auth authentication authn identity implicit-flow npm oauth2 oidc openid openidconnect security

Last synced: 23 Apr 2025

https://github.com/nikitastupin/clairvoyance

Obtain GraphQL API schema even if the introspection is disabled

bug-bounty graphql penetration-testing security

Last synced: 15 May 2025

https://github.com/blst-security/cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

api api-security best-practices blst business-logic cli cyber cybersecurity firecracker http open-source openapi openapi3 security security-tools web-sec-scanner web-security websecurity

Last synced: 10 Apr 2025

https://github.com/hausec/powerzure

PowerShell framework to assess Azure security

azure infosec powershell security windows

Last synced: 16 May 2025

https://github.com/fabpot/local-php-security-checker

PHP security vulnerabilities checker

composer packagist php security

Last synced: 05 Oct 2025

https://github.com/nixawk/labs

Vulnerability Labs for security analysis

cve exploit security vulnerability

Last synced: 16 May 2025

https://github.com/snovvcrash/usbrip

Tracking history of USB events on GNU/Linux

forensics security usb-devices usb-events usb-history

Last synced: 14 Jan 2026

https://github.com/janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 11 Jan 2026

https://github.com/Janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 30 Mar 2025

https://github.com/stackrox/stackrox

The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.

containers hacktoberfest k8s kubernetes security

Last synced: 12 Dec 2025

https://github.com/Janusec/Application-Gateway

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 05 Apr 2025

https://github.com/nozaq/terraform-aws-secure-baseline

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

aws aws-auditing cis-benchmark devops hardening security security-hardening security-tools terraform terraform-module terraform-modules

Last synced: 11 Apr 2025

https://github.com/4x99/code6

码小六 - GitHub 代码泄露监控系统

github gsil laravel php security

Last synced: 08 Apr 2025

https://github.com/securityftw/cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

aws-audit aws-security azure azure-audit azure-security cloud-security gcp gcp-audit-report security security-audit security-tools

Last synced: 16 May 2025

https://github.com/blacklanternsecurity/trevorspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

365 autodiscover email exchange hacking microsoft oauth office password passwords proxy python security socks spray spraying trevor

Last synced: 13 May 2025

https://github.com/eliasgranderubio/dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

detecting-anomalous-activities docker malware-detection security static-analysis vulnerabilities

Last synced: 08 Apr 2025

https://github.com/delight-im/php-auth

Authentication for PHP. Simple, lightweight and secure.

auth authentication authorization login php registration security

Last synced: 13 Apr 2025

https://github.com/techjacker/repo-security-scanner

CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

golang security security-audit

Last synced: 16 May 2025

https://github.com/SecurityFTW/cs-suite

Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.

aws-audit aws-security azure azure-audit azure-security cloud-security gcp gcp-audit-report security security-audit security-tools

Last synced: 08 Apr 2025

https://github.com/google/fuzzbench

FuzzBench - Fuzzer benchmarking as a service.

benchmark-framework benchmarking evaluation fuzzing security

Last synced: 14 May 2025

https://github.com/ZupIT/horusec

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

analysis cd ci cli golang hacktoberfest java kotlin netcore python ruby sast sast-analysis scanner security security-development security-flaws static-analysis terraform vulnerabilities

Last synced: 01 Apr 2025

https://google.github.io/fuzzbench/

FuzzBench - Fuzzer benchmarking as a service.

benchmark-framework benchmarking evaluation fuzzing security

Last synced: 01 Apr 2025

https://github.com/nette/latte

☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

content-aware html latte nette nette-framework php safety security security-hole template-engine xss

Last synced: 14 May 2025

https://github.com/netflix/repokid

AWS Least Privilege for Distributed, High-Velocity Deployment

aws security

Last synced: 15 May 2025

https://github.com/Autumn-27/ScopeSentry

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

bug-bounty bugbounty bugbounty-tool crawler dirscanner infosec osint pagemonitor scanner scope-sentry security security-tools src subdomain-enumeration subdomain-takeovers urlscan vulnerability-scanners

Last synced: 07 Sep 2025

https://github.com/alichtman/stronghold

Easily configure macOS security settings from the terminal.

command-line command-line-tool hardening macos macos-setup osx security security-hardening

Last synced: 14 May 2025

https://github.com/jxy-s/herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

antivirus antivirus-evasion exploit exploit-development exploit-framework exploitation exploits process-doppelganging process-herpaderping process-hollowing process-migration security security-vulnerability vulnerability windows windows-10 windows-7 windows-defender

Last synced: 16 May 2025

https://github.com/nascentxyz/simple-security-toolkit?tab=readme-ov-file

A collection of practical security-focused guides and checklists for smart contract development

crypto security security-tools smart-contracts solidity

Last synced: 01 Jul 2025

https://github.com/ivanilves/xiringuito

SSH-based "VPN for poors"

access aws bastion-host network security ssh vpn

Last synced: 12 Apr 2025

https://github.com/iamcryptoki/snowden-archive

💥 A collection of all documents leaked by former NSA contractor and whistleblower Edward Snowden.

edward-snowden nsa security sidtoday snowden snowden-archive surveillance whistleblowing

Last synced: 30 Oct 2025

https://github.com/brainfucksec/kalitorify

Transparent proxy through Tor for Kali Linux OS

bash-script iptables kali-linux kalitorify security tor tor-proxy transparent-proxy

Last synced: 16 May 2025

https://github.com/uber-common/metta

An information security preparedness tool to do adversarial simulation.

adversarial celery infosec network networking python redis security simulation uber vagrant virtualbox yaml

Last synced: 12 Apr 2025

https://github.com/athena-os/athena

Athena OS is a Arch/Nix-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

archlinux cybersecurity hacking learning linux os payload pentesting security security-tools

Last synced: 14 May 2025

https://github.com/robthree/twofactorauth

PHP library for Two Factor Authentication (TFA / 2FA)

multi-factor php qrcode security totp two-factor twofactorauth

Last synced: 13 May 2025

https://github.com/Netflix/Repokid

AWS Least Privilege for Distributed, High-Velocity Deployment

aws security

Last synced: 02 Apr 2025

https://github.com/nascentxyz/simple-security-toolkit

A collection of practical security-focused guides and checklists for smart contract development

crypto security security-tools smart-contracts solidity

Last synced: 16 May 2025

https://github.com/masatokinugawa/filterbypass

Browser's XSS Filter Bypass Cheat Sheet

cheatsheet pentest security xss

Last synced: 23 Mar 2025

https://github.com/Netflix/repokid

AWS Least Privilege for Distributed, High-Velocity Deployment

aws security

Last synced: 13 Mar 2025

https://github.com/cisagov/lme

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. LME Docs can be found at https://cisagov.github.io/lme-docs/docs/

cybersecurity elastic elasticsearch elk elk-stack log logging network-analysis security security-tools zeek

Last synced: 14 Oct 2025

https://github.com/seashell/drago

☁️ Securely connect anything with WireGuard® and manage all your networks from a single place.

api client-server cloud configuration edge-computing golang iot linux mesh-networks networking rest-api security tunneling tuntap ui vpn wg-quick wireguard

Last synced: 16 May 2025

https://github.com/nix-community/lanzaboote

Secure Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]

efi nix nix-community-buildbot nixos nixpkgs rust security uefi

Last synced: 14 May 2025

https://github.com/safe3/uuwaf

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

api-gateway api-security application-security data-mask ddos hips modsecurity nginx owasp rasp security sql-injection uusec uusec-waf uuwaf waap waf web-application-firewall web-security-gateway xss

Last synced: 18 Jun 2025

https://github.com/gorilla/csrf

Package gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services 🔒

csrf csrf-protection csrf-tokens go golang gorilla gorilla-web-toolkit middleware security xsrf

Last synced: 13 May 2025

https://github.com/brainfuckSec/kalitorify

Transparent proxy through Tor for Kali Linux OS

bash-script iptables kali-linux kalitorify security tor tor-proxy transparent-proxy

Last synced: 09 May 2025

https://github.com/kolide/fleet

A flexible control server for osquery fleets

hacktoberfest host-instrumentation infosec macadmin osquery security

Last synced: 28 Sep 2025

https://github.com/cryptocat/cryptocat

Secure chat software for your computer.

chat cryptocat cryptography messaging secure security

Last synced: 16 May 2025

https://github.com/nccgroup/featherduster

An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

cryptanalysis crypto cryptography encryption exploit exploitation exploitation-framework exploits python security

Last synced: 16 May 2025

https://github.com/hausec/PowerZure

PowerShell framework to assess Azure security

azure infosec powershell security windows

Last synced: 15 Apr 2025

https://github.com/codeintelligencetesting/jazzer

Coverage-guided, in-process fuzzing for the JVM

clojure fuzzer fuzzing java jni jvm kotlin security

Last synced: 14 May 2025

https://github.com/blacklanternsecurity/TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

365 autodiscover email exchange hacking microsoft oauth office password passwords proxy python security socks spray spraying trevor

Last synced: 27 Sep 2025

https://github.com/CodeIntelligenceTesting/jazzer

Coverage-guided, in-process fuzzing for the JVM

clojure fuzzer fuzzing java jni jvm kotlin security

Last synced: 04 Apr 2025

https://github.com/Athena-OS/athena

Athena OS is a Arch/Nix-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

archlinux cybersecurity hacking learning linux os payload pentesting security security-tools

Last synced: 14 Mar 2025

https://github.com/redteampentesting/pretender

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

dhcpv6 dns go llmnr mdns netbios pentesting pretender relaying security spoofer

Last synced: 15 May 2025

https://github.com/decalage2/vipermonkey

A VBA parser and emulation engine to analyze malicious macros.

emulation macros malware-analysis parser pyparsing python security vba

Last synced: 16 May 2025

https://github.com/cybercog/laravel-ban

Laravel Ban simplify blocking and banning Eloquent models.

access arrest ban block cog eloquent forbid jail justice laravel package php prison restrict sanction security trait user

Last synced: 05 Oct 2025

https://github.com/delight-im/PHP-Auth

Authentication for PHP. Simple, lightweight and secure.

auth authentication authorization login php registration security

Last synced: 14 Mar 2025

https://github.com/GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build targets used on GrapheneOS.

android browser chromium grapheneos privacy security webview

Last synced: 19 Aug 2025

https://github.com/virb3/magisk-frida

🔐 Run frida-server on boot with Magisk, always up-to-date

android exploitation frida magisk reverse-engineering root security

Last synced: 14 May 2025

https://github.com/cyberark/kubesploit

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

agent c2 command-and-control containers golang http2 kubernetes penetration-testing-framework penetration-testing-tools post-exploitation red-teams redteam-tools security security-tools

Last synced: 28 Sep 2025

https://github.com/bricks-cloud/bricksllm

🔒 Enterprise-grade API gateway that helps you monitor and impose cost or rate limits per API key. Get fine-grained access control and monitoring per user, application, or environment. Supports OpenAI, Azure OpenAI, Anthropic, vLLM, and open-source LLMs.

ai anthropic api artificial-intelligence azure docker generative-ai golang gpt llm open-source openai postgresql privacy rest-api security self-hosted vllm ycombinator

Last synced: 14 Jan 2026

https://github.com/mufeedvh/binserve

A fast production-ready static web server with TLS (HTTPS), routing, hot reloading, caching, templating, and security in a single-binary you can set up with zero code.

actix handlebars http http-server rust rust-lang secure security server static static-server static-site static-site-generator static-website web web-server webserver

Last synced: 16 May 2025

https://github.com/xmirrorsecurity/opensca-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 14 May 2025

https://github.com/USBGuard/usbguard

USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)

blacklist c-plus-plus hacktoberfest linux rule-language security security-hardening usb usb-devices whitelist

Last synced: 15 Mar 2025

https://github.com/bareos/bareos

Bareos is a cross-network Open Source backup solution (licensed under AGPLv3) which preserves, archives, and recovers data from all major operating systems.

archiving backup backup-solution backup-utility bareos ceph compression cross-platform disaster-recovery encrypt gluster mysql postgresql python recover restore s3 security vmware

Last synced: 13 May 2025

https://github.com/XmirrorSecurity/OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 26 Apr 2025

https://github.com/WyAtu/Perun

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

pentest-tool pentesting redteam scanner security security-tool vulnerability-scanners

Last synced: 15 May 2025

https://github.com/momosecurity/rhizobia_j

JAVA安全SDK及编码规范

sdk security security-tools

Last synced: 12 Apr 2025

https://github.com/wyatu/perun

Perun是一款主要适用于乙方安服、渗透测试人员和甲方RedTeam红队人员的网络资产漏洞扫描器/扫描框架

pentest-tool pentesting redteam scanner security security-tool vulnerability-scanners

Last synced: 02 Apr 2025

https://github.com/decalage2/ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

emulation macros malware-analysis parser pyparsing python security vba

Last synced: 02 Sep 2025

https://github.com/fuatakgun/eufy_security

Home Assistant integration to manage Eufy Security devices as cameras, home base stations, doorbells, motion and contact sensors.

camera eufy eufycam eufysecurity home-assistant homeassistant homeassistant-integration rtsp security

Last synced: 14 May 2025

https://github.com/utkusen/wholeaked

a file-sharing tool that allows you to find the responsible person in case of a leakage

file-sharing osint privacy privacy-tools security

Last synced: 12 Apr 2025

https://github.com/momosecurity/rhizobia_J

JAVA安全SDK及编码规范

sdk security security-tools

Last synced: 11 Jul 2025

https://github.com/MegaManSec/SSH-Snake

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

bash cybersecurity exploitation exploitation-tool hacking hacking-tools pentesting post-exploitation redteam scanner security security-tools shell ssh ssh-hacking vulnerability-scanner worm

Last synced: 11 Apr 2025

https://github.com/google/oss-fuzz-gen

LLM powered fuzzing via OSS-Fuzz.

ai fuzzing llm security

Last synced: 27 Sep 2025

https://github.com/wireghoul/htshells

Self contained htaccess shells and attacks

apache exploit htaccess penetration-testing polyglot security webshell

Last synced: 16 May 2025

https://github.com/pypa/pip-audit

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

pip python security security-audit supply-chain

Last synced: 12 Dec 2025

https://github.com/burghardt/easy-wg-quick

Creates Wireguard configuration for hub and peers with ease

config configuration encryption generator ipv6 privacy qrcode security self-hosted vpn vpn-server wg-quick wireguard

Last synced: 15 May 2025

https://github.com/Gorilla/csrf

Package gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services 🔒

csrf csrf-protection csrf-tokens go golang gorilla gorilla-web-toolkit middleware security xsrf

Last synced: 12 Mar 2025

https://github.com/openvpn/openvpn3

OpenVPN 3 is a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.

security vpn vpn-client

Last synced: 13 Mar 2025

Security Awesome Lists
the-book-of-secret-knowledge 74 Awesome-Hacking 85 awesome-security 330 awesome-web-security 405 awesome-ctf 220 awesome-hacker-search-engines 545 android-security-awesome 224 awesome-privacy 1,419 awesome-incident-response 218 Awesome-WAF 173 DevSecOps 182 awesome-security-hardening 204 awesome-infosec 215 awesome-cybersecurity-blueteam 252 WebHackersWeapons 429 awesome-sec-talks 264 backend-cheats 961 awesome-vehicle-security 220 awesome-api-security 202 awesome-nodejs-security 203 awesome-game-security 92 awesome-iot-hacks 70 awesome-cloud-security 153 alternative-frontends 119 awesome-embedded-and-iot-security 131 awesome-iam 249 DevSecOps 48 awesome-golang-security 34 Awesome-FL 2,808 Awesome-Cybersecurity-Datasets 54 awesome-windows-domain-hardening 70 Crypto-OpSec-SelfGuard-RoadMap 473 awesome-azure-architecture 297 osx-and-ios-security-awesome 56 awesome-executable-packing 691 awesome-llm-security 101 awesome-aws-security 167 awesome-ethereum-security 81 awesome-vulnerable-apps 89 awesome-he 90 awesome-lists 737 Awesome-Jailbreak-on-LLMs 352 MobileHackersWeapons 73 security-apis 112 awesome-security-GRC 81 awesome-anti-forensic 143 awesome-python-security 35 graph-adversarial-learning-literature 314 awesome-opa 220 awesome-runners 36
Security Categories
Uncategorized 4,275 fl in top-tier journal 3,038 :books: Literature 2,268 Tools 1,401 fl in top ml conference and journal 1,227 Pentesting 1,113 Operating Systems 1,068 Attack 1,023 Other Lists 761 Papers 516 Weapons 510 Resources 490 Threat Hunting: 480 **Мероприятия** 466 fl in top ai conference and journal 460 Official 451 Malware Analysis 427 Defense 407 Blue Team 403 Adversarial Examples for Machine Learning 396