An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/psecio/canary

Canary: Input Detection and Response

canary detection security security-hardening security-tools

Last synced: 23 Jun 2025

https://github.com/hakdogan/apacheshiro

:key: Using Apache Shiro JDBC Realm with MySQL Database

security shiro

Last synced: 05 Oct 2025

https://github.com/jakejarvis/cloudflare-ufw-updater

๐Ÿ”ฅ ๐Ÿงฑ UFW rule updater to only allow HTTP and HTTPS traffic from Cloudflare IP address ranges

bash cloudflare firewall linux security shell ubuntu ufw

Last synced: 08 May 2025

https://github.com/NodeSecure/vulnera

Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).

audit nodesecure npm security vuln vulnerabilities

Last synced: 30 Aug 2025

https://github.com/spatie/email-concealer-cli

CLI tool for concealing e-mails in a file by replacing their domain

cli developer-tools email obfuscation security tool

Last synced: 22 Apr 2025

https://github.com/ayesh/statelesscsrf

Secret-key based state-less CSRF token generator and validator for PHP 7. State-less means you do not have to store the CSRF token in session or database.

csrf netsec php php7 security stateless token token-authetication

Last synced: 06 Nov 2025

https://github.com/sysdiglabs/k8s-security-configwatch

Git action to generate security lint report for Kubernetes workload YAML files on PR

git-workflow k8s security

Last synced: 13 Jul 2025

https://github.com/r3dxpl0it/CVE-2018-4407

IOS/MAC Denial-Of-Service [POC/EXPLOIT FOR MASSIVE ATTACK TO IOS/MAC IN NETWORK]

attack blueteam cve cyber-security cybersecurity denial-of-service exploit hacking hacking-tool ios macos network penetration-testing poc redteam security

Last synced: 22 Apr 2025

https://github.com/flydev-fr/blackhole

Block excessive crawlers, bots and spiders traffic on your web site ๐Ÿ‘พ

antibot anticrawler antispiders blackhole processwire security

Last synced: 15 Apr 2025

https://github.com/circl/imap-proxy

Modular IMAP proxy (including PyCIRCLeanMail and MISP forward modules)

circlean imap imap-protocol imap-proxy proxy security

Last synced: 04 Jul 2025

https://github.com/YinHangCode/homebridge-mi-gateway-security

XiaoMi Gateway Security plugin for HomeBridge.

aqara gateway homebridge homebridge-plugin security xiaomi

Last synced: 01 Apr 2025

https://github.com/padosoft/laravel-composer-security

Laravel command to test security vulnerabilities in your composer files.

composer laravel laravel-command laravel-package security

Last synced: 23 Apr 2025

https://github.com/nextcloud/end_to_end_encryption_rfc

๐Ÿ”’ Specification for end-to-end encryption used by Nextcloud sync & mobile apps

encryption encryption-rfc end-to-end-encryption nextcloud nextcloud-sync security

Last synced: 15 Jun 2025

https://github.com/gamemann/packet-flooder

A packet flooding/generating program I made that supports TCP, UDP, and ICMP packets. Includes functionality to change characteristics per packet and is also multithreaded.

c denial-of-service dos dos-attack fast flood flooding multithreading network packet packet-flood packet-flooder packet-generator packetflood pcktflood pcktgen pentest pentest-tool pentesting security

Last synced: 18 Mar 2025

https://github.com/olssonm/laravel-backup-shield

๐Ÿ”’Password protection (and encryption) for your laravel backups.

backup laravel-5-package laravel-backup security zip

Last synced: 11 Jan 2026

https://github.com/leondz/lm_risk_cards

Risks and targets for assessing LLMs & LLM vulnerabilities

llm llm-security red-teaming security vulnerability

Last synced: 01 Jul 2025

https://github.com/erlendellingsen/digitalocean-developer-firewall

Tool for developers to easily configure firewalls and gain access to their servers when using DigitalOcean cloud firewalls.

digitalocean digitalocean-droplets digitalocean-firewall droplets firewall firewall-management nodejs security server server-management

Last synced: 13 May 2025

https://github.com/snapt/traefik-nova-plugin

Traefik plugin to proxy requests to Snapt Nova for evaluation against the WAF.

security snapt traefik-plugin

Last synced: 15 Jan 2026

https://github.com/oisf/suricata-intel-index

Suricata rule and intel index

ids intel ips nsm rules security signatures suricata

Last synced: 31 Jan 2026

https://github.com/noraj/miniss

Displays a list of open listening sockets. It is a minimal alternative to ss or netstat.

crystal crystal-shard crystal-shards ctf ctf-tools cyber cybersecurity hacking hacking-tool network pentest pentesting security security-tools shard shards socket tool

Last synced: 07 Oct 2025

https://github.com/SalehLardhi/google-dorks-toolkit

GoogleDorks Toolkit is a powerful automated tool for google dorks, designed for pentration tester, ethical hackers and bug hunters to detect harmful security vulnerabilities using Google Dorks techniques. It has methods to bypass google captcha and search in a list of any possible program in wild.

bypass-google cybersecurity dorking-tool ghdb google google-captcha google-dork google-dorks google-hacking-database google-scraping googledork googledorks googlehacking googlesearch hackgoogle hacking python scraper security

Last synced: 01 Apr 2025

https://github.com/kickstarter/ruby-homograph-detector

๐Ÿ•ต๏ธโ€โ™€๏ธ๐Ÿ•ต๏ธโ€โ™‚๏ธ Ruby gem for determining whether a given URL is considered an IDN homograph attack

homograph-attack idn-homograph-attack security unicode

Last synced: 20 Oct 2025

https://github.com/sasanlabs/owasp-zap-jwt-addon

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

fuzzer hacktoberfest jwt jwt-scanner owasp scanning security security-tools zap-extension zaproxy

Last synced: 21 Sep 2025

https://github.com/masterflomaster1/jfxcrypto

๐Ÿ” 150+ Algorithms, Reactive GUI, and More: Text & File Encryption, Hashing, MAC, Key Generation, and Password Strength Evaluation. JCA, JCE with Bouncy Castle

aes aes-256 chacha20 cipher encryption enigma gui hash hmac java javafx md5 mvvm password pbkdf2 rc4 reactive salsa20 security sha-256

Last synced: 13 Jul 2025

https://github.com/salesforce/terraform-provider-policyguru

Terraform provider for Policy Sentry (IAM least privilege generator and auditor)

aws aws-security cloud cloudsecurity hacktoberfest iam salesforce security

Last synced: 15 Apr 2025

https://github.com/permify/targe

Open-source CLI for managing IAM (Identity and Access Management) operations with AI assistance.

authorization aws awscli azure cloud gcp iam security

Last synced: 14 Jun 2025

https://github.com/moloch--/wire-transfer

Encode binary as English text over HTTP(s)

encoder obfuscation obfuscator security security-tools

Last synced: 14 Apr 2025

https://github.com/the-mcgrail-foundation/mimedefang

MIMEDefang is an e-mail filtering tool that works with the Sendmail โ€œMilterโ€ library. MIMEDefang lets you express your filtering policies in Perl rather than C, making it quick and easy to filter or manipulate your mail.

antispam email filter perl security smtp

Last synced: 01 Jul 2025

https://github.com/khaosdoctor/enigmajs

Full implementation of the 1944 German cryptographic machine in TypeScript with a nice UI

cipher cryptography enigma enigma-cipher enigma-js enigma-machine enigma-simulator javascript security typescript vue

Last synced: 29 Apr 2025

https://github.com/Keeper-Security/keeper-sdk-dotnet

.Net and PowerShell version of Keeper Commander, a CLI and SDK interface for the Keeper Security platform.

commander dotnet password-manager passwords powershell security

Last synced: 05 May 2025

https://github.com/keeper-security/keeper-sdk-dotnet

.Net and PowerShell version of Keeper Commander, a CLI and SDK interface for the Keeper Security platform.

commander dotnet password-manager passwords powershell security

Last synced: 05 Apr 2025

https://github.com/sefinek/malicious-ip-addresses

A list of malicious IP addresses associated with botnets, cyberattacks, and the generation of artificial traffic on websites. Useful for network administrators and security companies to block threats and protect against DDoS attacks.

botnets cybersecurity ddos ddos-protection firewall google-adsense ip-list list malicious malicious-ips malicious-url malicious-url-detection network-monitoring protection security security-tools threat-detection traffic-analysis

Last synced: 25 Jul 2025

https://github.com/te-k/commands-for-sec

Useful commands for infosec

infosec security tips tldr

Last synced: 02 Feb 2026

https://github.com/delight-im/htaccess

.htaccess with reasonable defaults for most sites

apache apache2 htaccess security server

Last synced: 28 Jan 2026

https://github.com/theupdateframework/taps

TUF Augmentation Proposals (TAPs)

security software update

Last synced: 25 Feb 2026

https://github.com/fabaff/fsl-test-bench

FSL Test bench - Ansible playbook repository to setup a save environment for security auditing and testing. It can be used for teaching security testing methodologies, testing tools, learning, and playing.

ansible fedora fedora-security-lab pentesting playground security vulnerable

Last synced: 15 Apr 2025

https://github.com/datadog/nginx-datadog

Enhance NGINX Observability and Security with Datadog's Module

apm appsec datadog nginx observability security tracing

Last synced: 06 Feb 2026

https://github.com/rverton/gxss

Blind XSS service alerting over slack or email

blind-xss exfiltration pentesting security xss

Last synced: 09 Mar 2026

https://github.com/junkurihara/lecture-security_engineering

Slide decks and sample codes for a lecture of "Security Engineering", which are composed in terms of how to choose and deploy appropriate standardization security technologies in information systems.

lecture lecture-slides security university-course

Last synced: 14 Apr 2025

https://github.com/0xInfection/PewSWITCH

A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.

exploitation-framework freeswitch security sip-security unauthenticated-requests voip-telephony-providers

Last synced: 11 Jul 2025

https://github.com/apeleghq/lot

Sandbox for isolating ECMAScript code

browser csp deno ecmascript iframe isolation nodejs sandbox security vm webworker worker

Last synced: 08 May 2025

https://github.com/VerSprite/alpnpass

This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.

alpn mitm mitmproxy security security-tools ssl tls

Last synced: 11 Jul 2025

https://github.com/pwelch/virustotal_api

Ruby Gem for VirusTotal API

malware-analysis ruby security

Last synced: 15 Apr 2025

https://github.com/jenkinsci/azure-ad-plugin

Authentication and Authorization with Azure AD

azure hacktoberfest security user

Last synced: 06 Apr 2025

https://github.com/wolfssl/wolfssh-examples

Example applications using the wolfSSH Library.

embedded esp32 esp8266 examples getting-started iot security ssh ssh-examples wolfssh wolfssl

Last synced: 23 Aug 2025

https://github.com/Te-k/commands-for-sec

Useful commands for infosec

infosec security tips tldr

Last synced: 11 Mar 2025

https://github.com/bmedicke/quantum_cryptography

demonstration of quantum cryptography ๐Ÿˆ ๐Ÿ” , one-time pad communication via BB84. repo for our IT Security Master project

alice bb84-protocol beam-splitter bob cryptography docker docker-compose hardware jupyter-notebooks lasers master mcs mqtt photons quantum quantum-cryptography rabbitmq security theory thorlabs

Last synced: 02 Apr 2025

https://github.com/hunters-org/hunter-kit

Hunter-Kit is a cross platform security toolkit and framework that can automate most of the pentesting engagement from the recon to reporting phase

attacks autmation frameworks pentesting-tools reconnaissance security security-tools toolkit

Last synced: 12 Mar 2026

https://github.com/ariary/tacos

๐ŸŒฎ INTERACTIVE reverse shell everywhere! (Particularly digestible with socat multi-handler listener)

ctf golang infosec interactive pentest pentest-tool reverse-shell security socat

Last synced: 26 Apr 2025

https://github.com/javiercasares/wpvulnerability

Plugin WPVulnerability for WordPress. https://wordpress.org/plugins/wpvulnerability/

php security vulnerability wordpress wordpress-plugin

Last synced: 13 Jun 2025

https://github.com/rrd108/nuxt-api-shield

Nuxt API Rate Limiter / Brute Force Protection

nuxt nuxt-module rate-limiter security

Last synced: 10 Apr 2025

https://github.com/en14c/erebus

Poc for ELF64 runtime infection via GOT poisoning technique by elfmaster

c elf elf-binaries elf64 linux linux-system-programming process-injection proof-of-concept security virus x64-assembly

Last synced: 09 Jul 2025

https://github.com/asggo/spf

Parse SPF record and determine if client IP is allowed to send email.

dns go golang security sender-policy-framework spf spf-record

Last synced: 03 Feb 2026

https://github.com/vacuumlabs/cardano-ctf

A game where Cardano developers and enthusiasts can try to exploit purposely vulnerable smart contracts and learn about the most common security issues and how to prevent them.

cardano ctf decentralized-finance security smart-contracts vulnerabilities

Last synced: 12 Apr 2025

https://github.com/nekmo/pip-rating

Check the health of your project's requirements and get a score for each dependency.

dependencies hacktoberfest pip python rating requirements security security-audit security-tools vulnerabilities

Last synced: 13 Dec 2025

https://github.com/geekmasher/securitree.nvim

SecuriTree - Security Research Tool

neovim security

Last synced: 06 Mar 2026

https://github.com/univ-of-utah-marriott-library-apple/disable_sip

This script is used in the recovery partition to automatically disable SIP.

bash mac macadmin macadmins security system-integrity-protection

Last synced: 10 Apr 2025

https://github.com/techgaun/plug_secex

Plug that adds various HTTP Headers to make Phoenix/Elixir app more secure

elixir hex hex-downloads http-headers phoenix plug plug-secex security

Last synced: 13 Jun 2025

https://github.com/anthonysgro/geospoof

Browser extension to spoof your geolocation, timezone, and prevent WebRTC IP leaks.

browser firefox gecko geolocation privacy security spoof spoofing spoofing-detection timezone vpn

Last synced: 27 May 2026

https://github.com/claude-world/claude-skill-antivirus

Security scanner for Claude Code Skills โ€” 9 engines detect malicious patterns, data exfiltration, dangerous ops across 71K+ skills

claude-code claude-code-skills malware-detection nodejs npm scanner security

Last synced: 03 Apr 2026

https://github.com/grahamhelton/spoofpoint

Spoofpoint is a domain monitoring tool that allows you to generate a list of domains that are 1 character off of your domain (grahamhelton.com turns into -> grahamheIton.com ((The L is a capital I )), check a list of domains you already have, or check as single domain.

domain domain-monitoring security

Last synced: 22 Jan 2026

https://github.com/grafana/bugbounty

Grafana Labs bug bounty

bounty bug bugbounty grafana rewards security

Last synced: 19 Oct 2025

https://github.com/arall/vulnerabilities

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

dast sast security vulnerabilities vulnerability vulnerable vulnerable-app vulnerable-application

Last synced: 22 Jan 2026

https://github.com/gnat/csrf-starlette-fastapi

Dead simple CSRF security middleware for Starlette โญ and FastAPI โšก

async csrf fastapi htmx hyperscript python security starlette web

Last synced: 15 Apr 2025

https://github.com/tink-crypto/tink-tinkey

Utility that allows generating and manipulating Tink keysets

crypto cryptography java key-management security

Last synced: 27 Jan 2026

https://github.com/tigran-sargsyan-w/self-signed-cert-toolkit

A toolkit for generating self-signed digital certificates for signing PDFs, emails, software, and other content using tools like JSignPdf or any software that supports PKCS#12.

cert-generation certificate cli-tool code-signing digital-signature document-signing email-signature encryption openssl p12 pdf pdf-signature pkcs12 privacy security self-signed smime ssl tls x509

Last synced: 29 May 2026

https://github.com/deepal/node-dukpt

Node JS Library for Derived Unique Key Per Transaction (DUKPT) Encryption ๐Ÿ’ณ๐Ÿ”‘๐Ÿ›ก

aes decryption dukpt dukpt-encryption encryption javascript node-dukpt nodejs payments security

Last synced: 15 Oct 2025

https://github.com/hazcod/security-slacker

Pokes users about outstanding security risks found by Crowdstrike Spotlight or vmware Workspace ONE so they secure their own endpoint.

crowdstrike one security slack spotlight workspace ws1

Last synced: 19 Apr 2025

https://github.com/apriorit/access-app-data-android

A no-root solution to access Android app private data without root access. Browser history and instant messages example

android security

Last synced: 08 May 2025

https://github.com/rikyz90/shibaclaw

๐Ÿ›ก๏ธ Self-hosted AI agent with 5-layer prompt injection protection. Multi-channel, parallel agents, MCP, Docker-ready, LLM-agnostic.

agent-framework ai-agent ai-agents chatbot docker hardened-agent llm matrix mcp multi-agent ollama open-source openai openrouter prompt-injection python security self-hosted telegram-bot ultra-light

Last synced: 17 May 2026

https://github.com/parsiya/parsia-code

Contains random code and some of my older projects

code go python security

Last synced: 20 Apr 2026

https://github.com/WiPi-Hunter/PiUser

๐Ÿ‘จโ€๐Ÿ’ป๐Ÿ•ต๐Ÿป๐Ÿ‘ฉโ€๐Ÿ’ป Analyze user behavior against fake access points๐Ÿ“ก

access-point attacker blueteam corporations fake pentesting probe-requests redteam security user wifi

Last synced: 07 Apr 2025

https://github.com/simeononsecurity/windows-hardening-ctf

A windows hardening script that makes it difficult to compromise a Windows device. Only for use during Blue-Team Competitions.

automation ctf ctf-tools hardening security windows

Last synced: 15 Apr 2025

https://github.com/opensc/pam_p11

Authentication with PKCS#11 modules

authentication certificate opensc pam pgp security smartcard

Last synced: 26 Feb 2026

https://github.com/endorama/2ami

Your easy 2FA companion that keep the secrets secret.

cli google-authenticator hacktoberfest keychain keyring secrets secure security totp two-factor

Last synced: 15 Mar 2026