An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/picobaz/pybruteforge

PyBruteForge: A powerful Python brute-force login tester for ethical security audits. Forge attacks with smart password patterns and CSV logging via a modular API-driven design. Strengthen your defenses—test ethically!

bruteforce cybersecurity ethical-hacking login-tester password-audit penetration-testing python security web-security

Last synced: 23 Oct 2025

https://github.com/mondoohq/terraform-provider-mondoo

Terraform Mondoo provider

security terraform

Last synced: 02 Apr 2026

https://github.com/onzack/kube-defcon

A tool to visualize network policy information from the Kubernetes Master API

docker kubernetes network-policy security visualization

Last synced: 26 Oct 2025

https://github.com/tse-wei-chen/hs-sql-agent

A high-performance C# SQL Agent MCP that eliminates LLM hallucinations and security risks. Instead of letting the AI write raw SQL, it extracts parameters to generate deterministic, injection-free queries across 6 major databases—complete with a visual Admin UI and enterprise guardrails.

accuracy admin-panel ai-safety ai-safety-design anti-hallucination firebird mcp mcp-server mcp-servers mysql nl2sql oracle postgres postgresql security sql-agent sql-server sqlite

Last synced: 30 May 2026

https://github.com/venura9/manage-nsg

GitHub Action to Manage NSG Rules allowing public running deployment to resources secured by Azure NSGs

nsg security

Last synced: 06 Feb 2026

https://github.com/jamiesonio/defectdojo-mcp

An experimental ModelContextProtocol server connecting LLMs to DefectDojo for AI-powered security workflows. Enables natural language interaction with vulnerability data, simplifies security analysis, and automates reporting through a lightweight middleware integration.

appsec defectdojo devsecops fastmcp mcp security security-automation

Last synced: 01 May 2026

https://github.com/getarcis/arcis

Inside-the-app security middleware for Node.js, Python, and Go. 20+ attack vectors. One install, three languages, MIT.

bot-detection cli django express fastapi middleware nodejs npm owasp prompt-injection pypi python rate-limiting sast security sql-injection ssrf supply-chain-security web-security xss

Last synced: 06 Jun 2026

https://github.com/soulteary/stargate

A minimal ForwardAuth gateway for Traefik and Nginx that handles login sessions and request access control. / 面向 Traefik 和 Nginx 的极简 ForwardAuth 鉴权网关,负责会话与访问控制。

auth authentication authorization enjoy-with-stargate forwardauth gateway nginx reverse-proxy security sso traefik

Last synced: 11 Feb 2026

https://github.com/kevinrabun/judges

MCP server with specialized judges to evaluate AI-generated code for security, cost, scalability, cloud readiness, and best practices.

ai-agent ai-code-review ai-generated-code code-quality code-review judge mcp mcp-server security software-architecture static-analysis typescript

Last synced: 05 Apr 2026

https://github.com/rad-security/clawkeeper

Open-source security scanner for AI agent hosts. Audits macOS and Linux machines for misconfigurations, credential exposure, and network hardening — 42 checks across 5 phases with auto-fix.

ai-agents bash devsecops hardening linux macos openclaw scanner security

Last synced: 12 Jun 2026

https://github.com/katosh/agent_sandbox

Sandbox AI agents on HPC systems with slurm.

ai-agents bubblewrap firejail hpc landlock sandbox security slurm

Last synced: 05 May 2026

https://github.com/protokol/guardian

Transaction Based Permission Management (Users and Group) OnChain

ark blockchain configurable permissions security user-management

Last synced: 19 Oct 2025

https://github.com/kumuluz/kumuluzee-security

KumuluzEE Security extension for easy integration with OAuth2/OpenID identity and access management providers.

cloud-native java javaee kumuluzee microservices oauth2 openid-connect security

Last synced: 17 Oct 2025

https://github.com/gowww/secure

🔑 Security utilities, CSP, HPKP, HSTS and other security wins

csp go golang good-practices hpkp hsts http https policy secure security ssl

Last synced: 01 Mar 2026

https://github.com/edsoncelio/ctf-guide

Information guide about CTF: https://edsoncelio.github.io/ctf-guide/

computer-engineering criptography pentest security

Last synced: 06 Feb 2026

https://github.com/piecioshka/is-responding

🛠 A tool to find active endpoint use an enumeration strategy

cli security

Last synced: 17 Jun 2026

https://github.com/0xbitx/dedsec_shred

DEDSEC_SHRED is a Linux-based tool for securely erasing files and directories

delete encryption-decryption file-shredder files linux-tool remove security

Last synced: 08 Feb 2026

https://github.com/theruziev/security_interface

Simple API for authentication and authorization.

python-3-6 python-asyncio security

Last synced: 17 Mar 2026

https://github.com/mablanco/docker-rapidscan

Docker image for Rapidscan, a multi-tool web vulnerability scanner

docker pentesting security

Last synced: 02 Jun 2026

https://github.com/5GSEC/security-intents

Repository to hold security intents in standard template format.

5g blueprints intents k8s kubernetes o-ran security

Last synced: 16 Jun 2026

https://github.com/jef/gh-audit-org-keys

🔑 Provides list of public SSH keys of an organization

github-api john-the-ripper openssl security ssh

Last synced: 03 Apr 2026

https://github.com/lauslim12/attendance

🔐 Secure full-stack + REST API implementation of 2FA in the form of an attendance system

api authentication authorization express full-stack multi-factor-authentication nextjs owasp production security totp typescript

Last synced: 10 May 2026

https://github.com/skx/mod_blacklist

A simple Apache module to blacklist remote hosts.

apache2 blacklist c firewall security

Last synced: 16 Mar 2026

https://github.com/aran112000/nope-php

Nope! A lightweight tool for monitoring your log files and dynamically blocking nuisance or malicious IPs based on easy to define, dynamic rules which you control

anti-bot attack-prevention ban-hosts ban-management ips linux log-analyzer monitoring php php-cli rate-limiting security

Last synced: 22 Apr 2025

https://github.com/authress/authress-local

Local running version of an Authorization API in a container

api authentication authorization authress container offline sdk security

Last synced: 13 May 2025

https://github.com/sindecker/pentest-playbook

The Penetration Testing Playbook — Beginner to Intermediate Field Guide. 359 pages, 731 code examples, 37+ compliance frameworks. Read free on GitHub.

active-directory beginner bug-bounty burp-suite ctf cybersecurity ethical-hacking hacking infosec oscp oscp-prep owasp penetration-testing pentest red-team security security-tools web-security

Last synced: 18 Apr 2026

https://github.com/kubeshop/monokle-action

Run this GitHub action to validate your Kubernetes resources with the Monokle SARIF validator.

devsecops github-actions kubernetes sarif sarif-report scanner security validation

Last synced: 07 Apr 2025

https://github.com/vaibhavpandeyvpz/phuck

Single-file shell to f__k vulnerable PHP servers, solely for educational and research purposes. Powered by Bootstrap and React.js, features a file browser and browser based, SSH like terminal.

administraction file-manager hacking security shell ssh sysadmin terminal

Last synced: 24 Apr 2025

https://github.com/rknf404/chromium-hardening-guide

Harden chromium (somewhat)

chromium chromium-browser security

Last synced: 15 Apr 2025

https://github.com/swedishmike/dmarcparser

A quick and dirty implementation to get DMARC reports into Splunk for further analysis

dmarc dmarc-reports email python security spam-prevention splunk splunk-sdk

Last synced: 08 May 2025

https://github.com/mhmdiaa/acumen

A clean UI with a modular structure to enhance security researchers' ability to work with data

penetration-testing penetration-testing-tools pentesting recon security security-tools user-interface visualization web-application-security

Last synced: 19 Apr 2025

https://github.com/Nearata/flarum-ext-twofactor

A Flarum extension. Allow your users to enable two factor authentication.

flarum flarum-extension security two-factor

Last synced: 28 Mar 2025

https://github.com/jul10l1r4/identificador-cve-2018-11759

This exploit for CVE 2018-11759, vulnerability in apache mod_jk, module for load-balancer

apache2 cve cve-2018-11759 load-balancer module protection safe security security-testing

Last synced: 16 May 2025

https://github.com/software-engineering-and-security/confuzzion

Confuzzion is a Java Virtual Machine (JVM) fuzzer generating Java programs to find bugs and vulnerabilities in the Java VM.

bug code-generation crashes fuzzer java java-virtual-machine java-virtual-machine-fuzzer jvm jvm-fuzzer jvm-fuzzing security soot testing type-confusion vulnerabilities vulnerability

Last synced: 27 Jul 2025

https://github.com/kaanguru/lock4it

Offline hardware and software asset management tool for IT professionals.

cross-platform password-manager privacy pwa pwa-apps security skeleton svelte sveltekit tailwindcss typescript

Last synced: 01 Sep 2025

https://github.com/olliecheng/passwordbreachchecker

A small unofficial extension to check passwords you type in against the database at HaveIBeenPwned (Chrome only for now)

browser-extension chrome-extension extension password-security security

Last synced: 26 Jun 2025

https://github.com/tech-at-du/acs-3230-web-security

🔐 This course covers key concepts in internet data security and best practices for keeping information safe. Students will examine historical hacks, learn how to analyze websites and web architectures for classical security vulnerabilities, and learn how to defend against security attacks.

security

Last synced: 08 Jul 2026

https://github.com/authress/authress-sdk.py

The Python Authress SDK provides authorization as a service with fully compatible REST apis.

authorization authorization-backend authorization-framework authorization-middleware authorization-server authorizationservice authress python security

Last synced: 13 May 2025

https://github.com/volkansah/minigrex

MiniGreX will be designed with security in mind, and the code will be written to minimize the risk of SQL injection attacks and other security vulnerabilities. To ensure maximum security, we recommend keeping the CMS up-to-date with the latest security patches and using strong passwords for all user accounts.

authentication cms cms-backend cms-framework codeigniter content-management content-management-system hacker mariadb mysql php pod posgresql prepared-statements security security-audit security-tools user-interface usermanagement xss-filter

Last synced: 12 Apr 2025

https://github.com/bocaletto-luca/bug-github-farms-points

Auto Farms Points BUG in Github Author: Bocaletto Luca Hi there! I’m Luca (@bocaletto-luca), and I’ve put together this repo to demonstrate a surprising “feature” (or vulnerability?) in GitHub’s contribution model. With a single workflow file, you can automatically farm commits, issues, PRs, wiki edits, releases and comments every hour—artificially

bocaletto-luca bug farms github github-bug hack hacking points security yaml

Last synced: 27 Apr 2026

https://github.com/rabbit-company/passwordgenerator-js

Password generator implemented in JavaScript (ES6).

generator password security strength

Last synced: 13 Jul 2025

https://github.com/muayyad-alsadi/oneway

a tool to drop privileges for docker entry-points

containers docker init-system jail privileges security

Last synced: 18 May 2026

https://github.com/hleliofficiel/exaaiagent

ExaAiAgent — Advanced AI-powered penetration testing framework with Docker sandbox, multi-agent workflows, and 50+ integrated cybersecurity tools.

ai-agent bug-bounty cybersecurity hacking llm pentesting prompt-injection python security vulnerability-scanner

Last synced: 01 Apr 2026

https://github.com/lytexdev/seal-pi

🦭 Seal-Pi: Security Camera 🦭

camera flask raspberry-pi seal-pi security

Last synced: 13 Apr 2025

https://github.com/rarecoil/mqtt-packet-fuzzy

Radamsa-backed, hooked mqtt-packet for blind MQTT protocol fuzzing on Mac, Linux and Windows.

fuzzing mqtt mqtt-packet mqttjs radamsa security

Last synced: 01 Jul 2025

https://github.com/teh9/laravel-tg-2fa

A simple implementation of a two-factor authentication via Telegram for Laravel

2fa auth authentication laravel login php security telegram two-factor

Last synced: 22 Aug 2025

https://github.com/narrowspark/automatic-security-audit

[READ ONLY] :warning: A composer plugin that checks if your application has known security vulnerabilities.

audit automatic composer composer-plugin narrowspark-automatic security security-advisories

Last synced: 13 Jan 2026

https://github.com/bitdefender/hvmi-blog

A place where the HVMI team writes about memory introspection and other fun stuff.

hypervisor introspection reverse-engineering security virtualization virtualization-based-security

Last synced: 15 Apr 2025

https://github.com/mellow-hype/keysniffer-poc

Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.

infosec keysniffer linux proof-of-concept security

Last synced: 09 Jul 2025

https://github.com/njokuscript/blowfishjs

A Typescript/Javascript library for interacting with the Blowfish APIs

javascript security solana web3

Last synced: 19 Apr 2025

https://github.com/reconmap/mobile-client

React-native based mobile client for Reconmap

android infosec mobile pentesting react-native security vulnerabilities

Last synced: 10 Sep 2025

https://github.com/mchmarny/sds-demo

Software Delivery Shield demo illustrating end-to-end solution for secure software supply chain

demo devops gcp sds security supply-chain

Last synced: 05 Aug 2025

https://github.com/janloebel/nipca

Network IP Camera Application Programming Interface (NIPCA) - Client

client ip-camera ipcamera javascript nipca node security

Last synced: 15 Jul 2025

https://github.com/picobaz/nexusbrute

NexusBrute: A modular Node.js brute-force login tester for ethical security audits. Simulate password attacks with smart patterns, auto-CSRF handling, and CSV logging. Harden your systems—use with permission only!

bruteforce cybersecurity ethical-hacking login-tester nodejs password-audit penetration-testing security web-security

Last synced: 06 Jan 2026

https://github.com/derhuerst/generate-node-policy-file

Generate a Node.js policy file for your code.

json nodejs security

Last synced: 15 Apr 2025

https://github.com/rideu/ndot

DNS over DoT relay. Designed for DHCP-configurable routers that supports custom DNS servers.

csharp dns dns-over-tls rfc1035 rfc7858 security security-tools

Last synced: 15 Jul 2025

https://github.com/nilportugues/php-uuid

Use this class to encapsulate the latest and more secure Uuid versions

composer php php7 secure security uuid uuid-generator uuid4 uuid5

Last synced: 14 Jul 2025

https://github.com/dimosr/monitorito

A browser extension for visualisation and monitoring of browser HTTP traffic

browser graph plugin security visualisation

Last synced: 21 Apr 2025

https://github.com/nolze/imagesteg

A simple image steganalysis (steganography analysis) tool in Python with web-based GUI

ctf security steganalysis steganography

Last synced: 13 Aug 2025

https://github.com/muqsit/2fa

[In-dev] Two-factor authentication for your PocketMine-MP (PMMP) server. Currently there are no documentations or doc comments.

2fa mfa pmmp pocketmine-mp security

Last synced: 05 Aug 2025

https://github.com/kaansk/go-euvd

Comprehensive and zero dependency Go client for the ENISA EU Vulnerability Database (EUVD) API. Instantly access real-time vulnerability data, security advisories, CVSS scores, and more.

api-client cvss enisa epss european-union euvd go golang incident-response open-source oss security threat-intelligence vulnerability vulnerabilitymanagement

Last synced: 16 Jul 2025

https://github.com/fabian-hk/secure-two-party-computation

Python implementation of the TPC protocol from the paper "Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation"

google-protocol-buffers multi-party-computation network-communication python3 secure-computation security tpc two-party-computation

Last synced: 14 Apr 2025

https://github.com/kos0ng/cves

Repository regarding my security research

cve exploit security

Last synced: 28 Jul 2025

https://github.com/nikanique/spring-rest-framework

Spring REST Framework (SRF) is a powerful library for Spring applications that brings the simplicity and flexibility of Django's REST Framework to Spring. SRF streamlines API development with powerful serialization, flexible filters, and seamless integration.

api cqrs data-jpa dto filter generator rest-api security serialization spring spring-boot validation

Last synced: 14 Jan 2026

https://github.com/ufukty/ovpn-auth

Simple to use, easy to deploy 2FA login for OpenVPN servers

authentication golang openvpn password security totp two-factor-authentication

Last synced: 17 Jan 2026

https://github.com/sattyamjjain/agent-audit-kit

Static scanner for MCP-connected AI agent pipelines — 194 rules across 11 categories, 12 compliance frameworks, OWASP Agentic 10/10 + MCP 10/10, GitHub Action, SARIF, 48h CVE-to-rule SLA.

ai-agent ai-agent-security ai-safety ai-security claude-code github-action mcp mcp-security owasp sarif scanner security security-scanner static-analysis supply-chain-security tool-poisoning

Last synced: 23 May 2026

https://github.com/t94j0/polymorphic_compression_malware

Warning, this is malware. Don't do something stupid with it

hacking malware security

Last synced: 07 Mar 2026

https://github.com/marcreichel/password-exposed-rule

Laravel Validation rule to check that a password hasn't been exposed

data-breach haveibeenpwned laravel laravel-framework laravel-package password security validation

Last synced: 13 Jan 2026

https://github.com/fodinabor/esposecsignauth

Module for EspoCRM that uses SecSign for Two-Factor Authentication.

2fa espocrm security

Last synced: 01 Aug 2025

https://github.com/haikelfazzani/otp

🔐 Zero dependencies Deno/Bun/Node/Browser module for TOTP and HOTP generator based on RFC 6238 and RFC 4226 🗝️

2fa browser bun cryptography deno hotp nodejs one-time-password otp rfc-6238 rfc4226 security totp web-crypto web-cryptography-api

Last synced: 13 May 2025

https://github.com/shaialon/express-csp-generator

Content Security Policy Generator, Powered by RapidSec

csp security

Last synced: 03 Sep 2025

https://github.com/jpts/coredns-enum

Discover K8s Services & Pods through DNS Records in CoreDNS

coredns enumeration kubernetes networking security

Last synced: 12 May 2025

https://github.com/righettod/code-snippets-security-utils

Provides different utilities methods to apply processing from a security perspective.

appsecurity code-snippets java security

Last synced: 31 Aug 2025

https://github.com/situ-vault/situ-vault

Simple toolbox for working with encrypted secrets

fyne golang kustomize-plugin secret-distribution secret-management security vault

Last synced: 14 Jan 2026

https://github.com/luisschwab/smaug

smaug 🐉 guards your coins and sends you an email if they move

bitcoin network security

Last synced: 24 Jan 2026

https://github.com/exxeta/flutter-security-toolkit

Mobile Security Toolkit for Flutter

flutter security security-tools

Last synced: 23 Oct 2025

https://github.com/netlify/plugin-csp-nonce

Build plugin to use a nonce for the script-src directive of your site's Content Security Policy.

csp netlify security

Last synced: 26 Oct 2025

https://github.com/rulilg/litic

JS library to perform technical SEO and best practices analysis to your projects.

accessibility best-practices security seo technical-seo web-development

Last synced: 13 Oct 2025

https://github.com/sowoi/check-nextcloud-security

Check the security level of your Nextcloud instance with the Nextcloud Security API

icinga icinga2 icinga2-plugin nagios-checks nagios-plugin nextcloud nextcloud-server python3 scan security

Last synced: 11 Jun 2026

https://github.com/actalog/mongodump

🍃 GitHub Action for creating a binary export of a database's contents

actions backup database github-actions mongodb mongodump security

Last synced: 27 Feb 2026