Security
Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.
- GitHub: https://github.com/topics/security
- Wikipedia: https://en.wikipedia.org/wiki/Computer_security
- Aliases: security-tools, security-vulnerability, security-audit,
- Last updated: 2026-06-11 00:27:45 UTC
- JSON Representation
https://github.com/MobSF/mobsfscan
mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
android appsec codereview ios java kotlin mobile-sast objective-c sast security static-analysis swift
Last synced: 01 Apr 2025
https://github.com/rek7/fireELF
fireELF - Fileless Linux Malware Framework
backdoor exploit-development exploitation exploitation-framework framework linux malware malware-development pentesting python redteam security security-tools
Last synced: 28 Mar 2025
https://github.com/sgasser/pasteguard
AI gets the context. Not your secrets. Open-source privacy proxy for LLMs.
anthropic browser-extension chatgpt claude data-protection llm open-webui openai pii presidio privacy secrets security
Last synced: 04 Jun 2026
https://github.com/SteeltoeOSS/Samples
Steeltoe samples and reference application collection
asp cloud-foundry connector discovery dotnet hacktoberfest management microservice music-store security service-discovery steeltoe-components steeltoe-connectors
Last synced: 09 May 2025
https://github.com/fingerprintjs/external-protocol-flooding
Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing
browser-fingerprinting exploit fingerprinting identification privacy security vulnerability
Last synced: 14 Apr 2025
https://github.com/steeltoeoss/samples
Steeltoe samples and reference application collection
asp cloud-foundry connector discovery dotnet hacktoberfest management microservice music-store security service-discovery steeltoe-components steeltoe-connectors
Last synced: 15 May 2025
https://github.com/dolevf/graphw00f
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
enumeration fingerprinting graphql information-gathering penetration-testing security
Last synced: 08 Oct 2025
https://github.com/tenzir/vast
Tenzir is the data pipeline engine for security teams.
dataops hacktoberfest incident-response investigation netflow pcap pipelines secdataops security siem sigma soc suricata threathunting zeek
Last synced: 01 Mar 2025
https://github.com/Paul-Reed/cloudflare-ufw
Script to update UFW with Cloudflare IPs
cloudflare security ufw-firewall
Last synced: 28 Mar 2025
https://github.com/auth0/simplekeychain
A simple Keychain wrapper for iOS, macOS, tvOS, and watchOS
Last synced: 14 May 2025
https://github.com/cyberark/fuzzyai
A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential jailbreaks in their LLM APIs.
ai ai-red-team fuzzing jailbreak jailbreaking llm llm-evaluation llm-security llms security
Last synced: 22 Jul 2025
https://github.com/coldcard/firmware
❄️ Firmware and simulator for Coldcard Hardware Wallet
bitcoin bitcoin-wallet cryptocurrency cryptography security
Last synced: 15 May 2025
https://github.com/houbb/sensitive
🔐Sensitive log tool for java, based on java annotation. (基于注解的 java 日志脱敏工具框架,更加优雅的日志打印。支持自定义哈希、支持基于 log4j2 插件的统一脱敏、支持 logback 插件统一脱敏)
dfa fastjson java java-annotation json log log4j2 log4j2-plugin logback security sensitive sensitive-data-security slf4j
Last synced: 12 Apr 2025
https://github.com/datadog/dd-trace-py
Datadog Python APM Client
apm ci datadog debugging error-monitoring observability profiling python security tracing
Last synced: 14 Apr 2026
https://github.com/gamemann/xdp-firewall
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
anti-ddos bpf ddos ddos-attacks ddos-mitigation ddos-protection denial-of-service distributed-denial-of-service dos dos-attack dos-protection ebpf fast firewall fw kernel linux network security xdp
Last synced: 15 May 2025
https://github.com/netflix-skunkworks/diffy
:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Last synced: 16 May 2025
https://github.com/Netflix-Skunkworks/diffy
:no_entry: (DEPRECATED) Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Last synced: 29 Apr 2025
https://github.com/envkey/envkey
Simple, end-to-end encrypted configuration and secrets management
config configuration-management devops docker end-to-end-encryption environment-variables golang infrastructure kubernetes nodejs python ruby secrets-management security shell-scripts
Last synced: 15 May 2025
https://github.com/okta-graveyard/repo-supervisor
Scan your code for security misconfiguration, search for passwords and secrets. :mag:
blueteam redteam secret-management secrets secrets-detection security serverless
Last synced: 02 Oct 2025
https://github.com/janssenproject/jans
The Janssen Project is a home for open source IAM components, featuring Auth Server (OAuth/OpenID), Agama low-code identity orchestration, and the Cedarling policy decision point. The "Janssen Server" distributions bundle IAM components under one control plane.
access-management api iam identity kubernetes oauth2 openid-connect security sso
Last synced: 06 Jun 2026
https://github.com/Fuzzapi/fuzzapi
Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
api automation fuzzer rails ruby security security-vulnerability
Last synced: 02 Apr 2025
https://github.com/ovotech/gitoops
all paths lead to clouds
bloodhound cicd company-kaluza hacktheplanet redteam security
Last synced: 02 Apr 2025
https://github.com/SkipToTheEndpoint/OpenIntuneBaseline
Community-driven baseline to accelerate Intune adoption and learning.
device-config intune microsoft security
Last synced: 10 Apr 2025
https://github.com/esapi/esapi-java-legacy
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
Last synced: 13 May 2025
https://github.com/electroniccats/catsniffer
CatSniffer is an original multiprotocol and multiband board for sniffing, communicating, and attacking IoT (Internet of Things) devices using the latest radio IoT protocols. It is a highly portable USB stick that integrates TI CC1352, Semtech SX1262, and an RP2040 for V3 or a Microchip SAMD21E17 for V2
ble hardware lora matter rp2040 samd21 security security-tools sidewalk sniffers zigbee
Last synced: 15 May 2025
https://github.com/jotygill/openpyn-nordvpn
Easily connect to and switch between, OpenVPN servers hosted by NordVPN on Linux (+patch leakes)
autovpn easyvpn nord nord-vpn nordvpn openvpn openvpn-connection privacy security vpn vpn-connections
Last synced: 09 Oct 2025
https://github.com/MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
application-security appsec cybersecurity deliverability dmarc email-security emails infosec penetration-testing penetration-testing-tools pentesting phishing python python3 redteam security spf
Last synced: 03 Apr 2025
https://github.com/openmls/openmls
Rust implementation of the Messaging Layer Security (MLS) protocol
Last synced: 06 Apr 2025
https://github.com/axafrance/oidc-client
Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
axa context-api front-end-development javascript js library nextjs oauth2 oidc-client ope openid openid-client openid-connect react reactjs redux security
Last synced: 28 Jan 2026
https://github.com/defaultnamehere/cookie_crimes
Read local Chrome cookies without root or decrypting
cookies osx-security security security-tools
Last synced: 05 Apr 2025
https://github.com/rewanthtammana/Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
android android-security application-security damn-vulnerable-bank hacking hacktoberfest infosec pentesting security vulnerable-android-apps vulnerable-application
Last synced: 08 Apr 2025
https://github.com/TryCatchHCF/PacketWhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
cryptography data-exfiltration dlp exfiltration hacking hacking-tools pentest-tool pentesting red-team security security-tools steganography
Last synced: 30 Mar 2025
https://github.com/GoFetchAD/GoFetch
GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
active-directory blackhat2017 bloodhound gofetch powershell security
Last synced: 13 May 2025
https://github.com/hahwul/a2sv
Auto Scanning to SSL Vulnerability
hacking scanner security ssl vulnerability
Last synced: 02 Apr 2025
https://github.com/trycatchhcf/packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
cryptography data-exfiltration dlp exfiltration hacking hacking-tools pentest-tool pentesting red-team security security-tools steganography
Last synced: 13 Mar 2025
https://github.com/blacklanternsecurity/badsecrets
A library for detecting known secrets across many web frameworks
appsec asp-net cryptography django express-js flask javaserver-faces jwt peoplesoft python rails secrets security symfony telerik-ui
Last synced: 14 May 2025
https://github.com/gosecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
dtd hacktoberfest security xxe
Last synced: 04 Apr 2025
https://github.com/w3c/trusted-types
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
dom javascript polyfill security trusted-types w3c xss
Last synced: 15 May 2025
https://github.com/GoSecure/dtd-finder
List DTDs and generate XXE payloads using those local DTDs.
dtd hacktoberfest security xxe
Last synced: 02 Apr 2025
https://github.com/madneal/articles-translator
:books:Translate the distinct technical blogs. Please star or watch. Welcome to join me.
article codeql css javascript memory-management npm parcel pwa react security security-tools vue web web-security webpack
Last synced: 15 May 2025
https://github.com/shelld3v/jsshell
JSshell - JavaScript reverse/remote shell
blindxss bugbounty hacking javascript js pentest python python3 security shell xss xss-exploitation
Last synced: 04 Apr 2025
https://github.com/anna-is-cute/paste
A sensible, modern pastebin.
anonymity pastebin rust security self-hosted
Last synced: 05 Apr 2025
https://github.com/bishopfox/badpods
A collection of manifests that will create pods with elevated privileges.
assessment exploitation hostipc hostnetwork hostpath hostpid kubernetes penetration-testing pods podspec privileged security
Last synced: 04 Apr 2025
https://github.com/w3c/webappsec-trusted-types
A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.
dom javascript polyfill security trusted-types w3c xss
Last synced: 09 Mar 2025
https://github.com/dwisiswant0/ppfuzz
A fast tool to scan client-side prototype pollution vulnerability written in Rust. 🦀
bugbounty bugbounty-tool bugbountytips chromium prototype-pollution rust rust-tools security security-tools vulnerability-scanners
Last synced: 16 May 2025
https://github.com/devise-security/devise-security
A security extension for devise, meeting industry-standard security demands for web applications.
activerecord devise devise-modules hacktoberfest mongoid password-expiration passwords rails ruby security session-management
Last synced: 12 May 2025
https://github.com/ncsa/ssh-auditor
The best way to scan for weak ssh passwords on your network
auditing brute-force discover security ssh
Last synced: 16 Jan 2026
https://github.com/auth0/SimpleKeychain
A simple Keychain wrapper for iOS, macOS, tvOS, and watchOS
Last synced: 04 Apr 2025
https://github.com/ESAPI/esapi-java-legacy
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
Last synced: 10 May 2025
https://github.com/gamemann/XDP-Firewall
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
anti-ddos bpf ddos ddos-attacks ddos-mitigation ddos-protection denial-of-service distributed-denial-of-service dos dos-attack dos-protection ebpf fast firewall fw kernel linux network security xdp
Last synced: 02 Apr 2025
https://github.com/gemini-cli-extensions/security
Google's Security extension for the Gemini CLI that finds vulnerabilities in your code changes and pull requests.
gemini gemini-cli gemini-cli-extensions google security
Last synced: 11 Mar 2026
https://github.com/maldevel/pentestkit
Tools, scripts and tips useful during Penetration Testing engagements.
assessment hacking kali-linux network notes penetration-testing pentesting scripts security system tools web
Last synced: 18 Oct 2025
https://github.com/maldevel/PenTestKit
Tools, scripts and tips useful during Penetration Testing engagements.
assessment hacking kali-linux network notes penetration-testing pentesting scripts security system tools web
Last synced: 13 Mar 2025
https://github.com/opengovern/opensecurity
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.
audit cloud-security compliance container-security cspm devsecops optimization oss policy-as-code security security-auditing-tool
Last synced: 12 Jan 2026
https://github.com/0x783kb/Threat-Analysis-Handbook
常见的攻击行为监测特征及方法,涵盖端点和流量,未包含PowerShell和Sysmon。预祝运营生活愉快!
attck security security-operation soc threat-hunting
Last synced: 28 Sep 2025
https://github.com/0x783kb/Security-Operation-Book
常见的攻击行为监测特征及方法,涵盖端点和流量,未包含PowerShell和Sysmon。预祝运营生活愉快!
attck security security-operation soc threat-hunting
Last synced: 13 Mar 2025
https://github.com/google/webauthndemo
An example Node.js Relying Party implementation of the WebAuthn specification
authentication authentication-backend example google-appengine relying-party security webauthn webauthn-library
Last synced: 05 May 2025
https://github.com/wallarm/api-firewall
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
api api-firewall api-gateway api-security api-waf api-wrapper apigateway firewall openapi openapi-security openapi-spec openapi-specification proxy rest-security security security-tools swagger waf web-application-firewall web-application-security
Last synced: 14 May 2025
https://github.com/eth-sri/securify2
Securify v2.0
datalog ethereum security smart-contract solidity static-analysis vulnerability
Last synced: 23 Jul 2025
https://github.com/D0g3-Lab/H1ve
An Easy / Quick / Cheap Integrated Platform
awd awd-platform ctf platform security
Last synced: 12 Jul 2025
https://github.com/hynek/argon2-cffi
Secure Password Hashes for Python
argon2 cffi password password-hash python security
Last synced: 09 Apr 2026
https://github.com/smallcham/sec-admin
分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
exploits infosec python scanner security security-audit vulnerability-scanners
Last synced: 16 Jan 2026
https://github.com/nhas/wag
Simple Wireguard 2FA
2fa firewall linux management-portal mfa network networking privacy security self-hosted ui virtual-network vpn vpn-server wireguard wireguard-admin wireguard-vpn
Last synced: 15 May 2025
https://github.com/coyim/coyim
coyim - a safe and secure chat client
anonymity coyim desktop encrypt golang instant-messaging multiplatform otr privacy security tor xmpp
Last synced: 12 Jan 2026
https://github.com/AxaFrance/oidc-client
Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
axa context-api front-end-development javascript js library nextjs oauth2 oidc-client ope openid openid-client openid-connect react reactjs redux security
Last synced: 06 Aug 2025
https://github.com/jas502n/0day-security-software-vulnerability-analysis-technology
0day安全_软件漏洞分析技术
0day binary hack security software vulnerability
Last synced: 18 Jan 2026
https://github.com/Tmpertor/Raven-Storm
Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.
attacks botnet ddos ddos-attack-tools ddos-attacks ddos-script ddos-tool denial-of-service dos mitm penetration-tests pentesting protection python security security-tools server stress-testing termux web-security
Last synced: 30 Apr 2025
https://github.com/anyeduke/enterprise-security-skill
用于记录企业安全规划,建设,运营,攻防的相关资源
enterprise enterprise-security-skill osint security
Last synced: 02 Apr 2025
https://github.com/falcosecurity/falcosidekick
Connect Falco to your ecosystem
docker falco falco-event hacktoberfest kubernetes response-engine security
Last synced: 09 Mar 2026
https://github.com/jobhope/TechnicalNote
Repository to store what we have studied. :book: We want everyone to get a job through TechnicalNote.
algorithm computer-architecture computer-science cpp data-structures database design-patterns github java linear-algebra network operating-system programming-language security software-engineering sort tech-interview technical-notes web windows
Last synced: 05 May 2025
https://github.com/urbanadventurer/urlcrazy
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
domainname hacking infosec kali-linux osint phishing ruby security typo-domains typosquatting
Last synced: 04 Apr 2025
https://github.com/linux-audit/audit-userspace
Linux audit userspace repository
Last synced: 02 Feb 2026
https://github.com/spatie/laravel-welcome-notification
Send a welcome notification to new users
auth laravel mail onboarding password security welcome
Last synced: 14 May 2025
https://github.com/factionsecurity/faction
Pen Test Report Generation and Assessment Collaboration
application-security hacking penetration-testing penetration-testing-tools pentesting reporting security security-audit security-automation security-report security-reporting security-tools security-vulnerability
Last synced: 11 Mar 2026
https://github.com/YosaiProject/yosai
A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
authentication authorization python rbac security sessionmanagement totp two-factor twofactorauth
Last synced: 22 Apr 2025
https://github.com/CodeSentryAI/lockbud
Detect concurrency and memory bugs and possible panic locations in Rust projects
bug-detection rust security static-analyzer
Last synced: 09 Jun 2026
https://github.com/rek7/mxtract
mXtract - Memory Extractor & Analyzer
c-plus-plus cpp cpp11 credentials exploitation linux malware memory-hacking pentesting redteam regex security security-tools stealing
Last synced: 04 Apr 2025
https://github.com/trailofbits/twa
A tiny web auditor with strong opinions.
auditing hacktoberfest security web-security
Last synced: 15 May 2025
https://github.com/rek7/mXtract
mXtract - Memory Extractor & Analyzer
c-plus-plus cpp cpp11 credentials exploitation linux malware memory-hacking pentesting redteam regex security security-tools stealing
Last synced: 30 Mar 2025
https://github.com/clearcontainers/runtime
OCI (Open Containers Initiative) compatible runtime using Virtual Machines
container containers cri-o docker kvm oci qemu-kvm security virtual-machine virtualization
Last synced: 30 Mar 2025
https://github.com/TheHackerDev/race-the-web
Tests for race conditions in web applications. Includes a RESTful API to integrate into a continuous integration pipeline.
appsec devops-tools infosec race-conditions security security-tools
Last synced: 02 Apr 2025
https://github.com/eth-sri/securify2?tab=readme-ov-file
Securify v2.0
datalog ethereum security smart-contract solidity static-analysis vulnerability
Last synced: 21 Oct 2025
https://github.com/EBWi11/AgentSmith-HIDS
By Kprobe technology Open Source Host-based Intrusion Detection System(HIDS), from E_Bwill.
anti-rootkit connect-hook create-file-hook detect-porcess-injection dns-query-hook execve-hook hids intrusion-detection kprobes load-lkm-hook security
Last synced: 02 Apr 2025
https://github.com/StamusNetworks/scirius
Scirius is a web application for Suricata ruleset management and threat hunting.
cybersecurity detection gui interface management network-intrusion-detection network-security python security signatures suricata suricata-rules threat-hunting user-interface
Last synced: 01 Apr 2025
https://github.com/OpenVPN/openvpn3-linux
OpenVPN 3 Linux client - This is a mirror of https://codeberg.org/OpenVPN/openvpn3-linux/
dbus linux openvpn security vpn vpn-client vpn-tunnel
Last synced: 28 Mar 2025
https://github.com/robustnlp/cipherchat
A framework to evaluate the generalization capability of safety alignment for LLMs
alignment chatgpt gpt-4-0613 jailbreak large-language-models llm security
Last synced: 21 Apr 2025
https://github.com/rhinobase/hono-rate-limiter
Rate Limit middleware for Hono Server
api hono honojs middleware nodejs rate-limiter rate-limiting rest-api security serverless web
Last synced: 25 Dec 2025
https://github.com/lesnuages/hershell
Multiplatform reverse shell generator
exploit reverse-shell security
Last synced: 16 Dec 2025
https://github.com/drduh/purse
GnuPG asymmetric password manager
bash bash-script encryption file-encryption gnupg gpg password password-manager security unix
Last synced: 04 Apr 2025
