An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/fiware/tutorials.roles-permissions

:closed_book: FIWARE 402: IDM - Application Roles and Permissions

fiware fiware-keyrock identity-management security tutorial

Last synced: 30 Apr 2025

https://github.com/nearata/flarum-ext-twofactor

A Flarum extension. Allow your users to enable two factor authentication.

flarum flarum-extension security two-factor

Last synced: 10 Apr 2025

https://github.com/ryandaniels/ansible-role-dnsmasq-adblock

Use dnsmasq for adblocking with OpenVPN. Use this Ansible role after installing OpenVPN (PiVPN or Streisand, etc) on a RaspberryPi or a VPS for example.

adblock ansible ansible-role dnsmasq openvpn privacy raspberry-pi security ubuntu vpn

Last synced: 10 Apr 2025

https://github.com/jwhitt3r/SIEMEz

A open-source Django Security Incident and Event Management System

django incident-response python python3 security siem

Last synced: 12 Jul 2025

https://github.com/itszeeshan/subdomainx

all-in-one subdomain enumeration and reconnaissance tool designed for modern cybersecurity professionals, penetration testers, and security researchers.

amass assetfinder bug-bounty cybersecurity dnsrecon findomain hacking httpx infosec nmap offensive-security osint penetration-testing port-scanning reconnaissance red-team security security-tools subdomain-discovery subfinder

Last synced: 09 Sep 2025

https://github.com/youhaveme9/apkinfo

A python script to extract high level and critical informations from AndroidManifest.xml or apk

android decompiler reverse-engineering security

Last synced: 04 Sep 2025

https://github.com/kos0ng/cves

Repository regarding my security research

cve exploit security

Last synced: 28 Jul 2025

https://github.com/patrickfav/bkdf

BCrypt based key derivation function to improve BCrypt as a cryptographic primitive for password hashing and key derivation

bcrypt cryptography hkdf java kdf password security

Last synced: 09 Apr 2025

https://github.com/sattyamjjain/agent-audit-kit

Static scanner for MCP-connected AI agent pipelines — 194 rules across 11 categories, 12 compliance frameworks, OWASP Agentic 10/10 + MCP 10/10, GitHub Action, SARIF, 48h CVE-to-rule SLA.

ai-agent ai-agent-security ai-safety ai-security claude-code github-action mcp mcp-security owasp sarif scanner security security-scanner static-analysis supply-chain-security tool-poisoning

Last synced: 23 May 2026

https://github.com/zdnk/authorized

🔐 Simple way to authorize user actions on resources for Vapor 3

authorization security server-side-swift swift swift4 vapor vapor-3 vapor-swift

Last synced: 26 Apr 2025

https://github.com/ketsapiwiq/siem-infra

Vulnerability detection, OSquery, fully-fledged Wazuh ELK stack with Linux and Windows Wazuh + osquery enrollment via Ansible.

ansible elasticsearch kibana osquery security siem vulnerability-detection wazuh

Last synced: 23 Apr 2025

https://github.com/emilioforrer/go-stack

Production-ready Go scaffold template with clean architecture, lifecycle-managed dependency injection (samber/do), HTTP server (net/http + Huma/OpenAPI), CLI scaffolding, 45+ AI agent skills for Claude/Copilot/OpenCode, and built-in DevOps security tooling.

agentic-coding ai-agent ai-skills claude clean-architecture cli code-quality codex copilot dependency-injection go golang microservices openapi opencode production-ready security starter-kit template vertical-slice-architecture

Last synced: 30 May 2026

https://github.com/grottopress/samba

Single Sign On authentication for Lucky framework

authentication crystal lucky-framework oauth2 security sso

Last synced: 22 Apr 2025

https://github.com/jpcertcc/huiloader-research

HUI Loader analysis research

malware security

Last synced: 05 Feb 2026

https://github.com/software-engineering-and-security/confuzzion

Confuzzion is a Java Virtual Machine (JVM) fuzzer generating Java programs to find bugs and vulnerabilities in the Java VM.

bug code-generation crashes fuzzer java java-virtual-machine java-virtual-machine-fuzzer jvm jvm-fuzzer jvm-fuzzing security soot testing type-confusion vulnerabilities vulnerability

Last synced: 27 Jul 2025

https://github.com/patricktulskie/concuss

Throw a bunch of headers at a web app and see what sticks

malformed-headers pentest ruby security security-auto security-tools testing webapp-security

Last synced: 28 Apr 2025

https://github.com/soufantech/arx

Arx is an access control library for Node.js apps, strongly focused on efficiency, type safety and overall composability.

access-control authorisation permissions policy security

Last synced: 12 Apr 2025

https://github.com/sjinks/yubico-otp

PHP 7/8-friendly alternative to the official php-yubico client

2fa authentication otp php security yubico yubico-otp

Last synced: 10 Apr 2025

https://github.com/cbrnrd/krypton

🔒 A CLI tool for easy cryptography

cli command-line-tool cryptography encryption ruby security

Last synced: 22 Apr 2025

https://github.com/TheAmazingPT/passman

A dmenu frontend for password-store (Pass: The Standard Unix Password Manager)

bash dmenu linux manager pass password password-store security unix

Last synced: 22 Apr 2025

https://github.com/hugobatista/tailhoogram

Send Tailscale webhook events to Telegram using Cloudflare Workers

audit cloudflare cloudflare-workers events security tailnet tailscale telegram webhook

Last synced: 26 May 2026

https://github.com/mtk911/mailinator-scraper

A powershell script to scrap mailinator without API for sensitive emails

mailinator powershell powershell-script scanner scraper security security-tools

Last synced: 03 Jul 2025

https://github.com/potatoqualitee/disarepotools

🦅 DISA Patch Repository Tools - List, download files and install files from DISA patch repositories using your smartcard

disa security

Last synced: 27 Oct 2025

https://github.com/shinesolutions/aem-test-suite

AEM infrastructure test suite covering acceptance, recovery, security guideline testing scenarios

acceptance aem aem-opencloud performance recovery security testing

Last synced: 06 Mar 2026

https://github.com/vaibhavpandeyvpz/phuck

Single-file shell to f__k vulnerable PHP servers, solely for educational and research purposes. Powered by Bootstrap and React.js, features a file browser and browser based, SSH like terminal.

administraction file-manager hacking security shell ssh sysadmin terminal

Last synced: 24 Apr 2025

https://github.com/atbashee/atbash-octopus

Atbash Octopus version; declarative permission based Java EE Security

declarative java javaee javafx microprofile octopus permissions security

Last synced: 06 Jul 2025

https://github.com/nimdy/selks-install-from-source

How to install SELKS in Azure and AWS cloud services and pretty much anywhere with a internet connection

aws azure elasticsearch how-to kibana logstash monitoring network nsm security suricata

Last synced: 11 Mar 2026

https://github.com/melardev/c_win32_bindshell_sync

BindShell written in C using Win32API and blocking sockets

bind-shell c networking pipe poc process-pipes reverse-shell security shell socket win32 win32api

Last synced: 13 Apr 2025

https://github.com/hxsecurity/dongtai-core

Provides the Django Model class that the DongTai project depends on, the Django API abstract class of the DongTai project, the vulnerability detection engine, constants, documents, etc.

applicationsecuritymonitoring devsecops django dongtai dongtai-iast security

Last synced: 26 Apr 2025

https://github.com/shaialon/express-csp-generator

Content Security Policy Generator, Powered by RapidSec

csp security

Last synced: 03 Sep 2025

https://github.com/hitsz-ids/dbmasker

DBMasker 是一个针对主流数据库系统的 Java 开源项目,旨在提供统一且安全的访问接口。

data data-security database mask sdk security

Last synced: 26 Apr 2025

https://github.com/sjinks/wp-login-logger

WordPress plugin to log login attempts

login security session session-management wordpress-plugin

Last synced: 10 Apr 2025

https://github.com/sr-lab/pin-bank

Numeric PINs counted and sorted by frequency as they occur in the RockYou dataset.

analysis frequency list password pin security

Last synced: 03 Mar 2026

https://github.com/authress/authress-local

Local running version of an Authorization API in a container

api authentication authorization authress container offline sdk security

Last synced: 13 May 2025

https://github.com/picobaz/nexusbrute

NexusBrute: A modular Node.js brute-force login tester for ethical security audits. Simulate password attacks with smart patterns, auto-CSRF handling, and CSV logging. Harden your systems—use with permission only!

bruteforce cybersecurity ethical-hacking login-tester nodejs password-audit penetration-testing security web-security

Last synced: 06 Jan 2026

https://github.com/openwall/owl

Openwall GNU/*/Linux (Owl) is a small security-enhanced Linux distribution for servers. Owl has effectively reached its end-of-life, but its legacy lives on in a few other distributions (most notably, ALT Linux) and upstream projects. This is a tentative export of the Owl CVS repository into Git, which will possibly be redone later.

hardening linux security userland

Last synced: 09 Apr 2025

https://github.com/fivexl/terraform-aws-ssl-checker

Simple SSL check and expiring certificates reminder with additional DNS check and host availability check.

heartbleed lambda security ssl terraform terraform-module tls tls-certificate-checker tls-scan tls13

Last synced: 09 Apr 2025

https://github.com/goblgobl/authen

Add 2FA to an existing authentication flow

authentication go microservice security self-hosted

Last synced: 16 Jan 2026

https://github.com/zufardhiyaulhaq/asdf-trivy

Trivy plugin for the asdf version manager

asdf asdf-plugin security security-tools trivy

Last synced: 12 Apr 2025

https://github.com/hqarroum/open-sniffer

:nose: A POSIX utility used to read and dissect network packets.

security sniffer

Last synced: 19 Apr 2025

https://github.com/z3ntl3/ddos-denier

DDOS-Denier is a tool designed to evaluate incoming server attacks based on CPU load and automatically take countermeasures. Intended for Cloudflare websites.

api bot cloudflare ddos security

Last synced: 16 Aug 2025

https://github.com/marcominerva/dataprotectionsample

This example shows how to use the DataProtection APIs with ASP.NET Core

aspnetcore cryptography csharp data-protection dotnet minimal-api security

Last synced: 09 Apr 2025

https://github.com/mrcgrtz/create-security-txt

🔏 Create an RFC 9116 compliant security.txt file.

nodejs rfc-9116 security security-tools security-txt

Last synced: 25 Aug 2025

https://github.com/YosaiProject/pyramid_yosai

Yosai integration with the Pyramid Web Framework

pyramid python security web-application yosai

Last synced: 13 May 2025

https://github.com/aw-junaid/fuzzing-for-security-testing

Learn fuzzing techniques for vulnerability discovery: AFL, libFuzzer, and custom fuzzers. Includes examples, tools, and tips for effective software testing.

fuzz-testing fuzzing security security-fuzzing

Last synced: 06 Jan 2026

https://github.com/hotaydev/enygmah

The only tool your project needs to guarantee security and quality. Open-source and free.

analysis application-security automated-testing dependency-analysis secops security security-audit security-automation security-tools

Last synced: 15 May 2025

https://github.com/hleliofficiel/exaaiagent

ExaAiAgent — Advanced AI-powered penetration testing framework with Docker sandbox, multi-agent workflows, and 50+ integrated cybersecurity tools.

ai-agent bug-bounty cybersecurity hacking llm pentesting prompt-injection python security vulnerability-scanner

Last synced: 01 Apr 2026

https://github.com/kaanguru/lock4it

Offline hardware and software asset management tool for IT professionals.

cross-platform password-manager privacy pwa pwa-apps security skeleton svelte sveltekit tailwindcss typescript

Last synced: 01 Sep 2025

https://github.com/kolteq/validating-admission-policies-pss

Kubernetes Pod Security Standards implemented using Kubernetes Validating Admission Policies. Support of Enforce Baseline and Restricted profiles natively with configurable policy exclusions.

compliance kubeapt kubernetes pod-security pod-security-admission security validating-admission-policy

Last synced: 04 Feb 2026

https://github.com/clouddrove/.github

Meta repository for all clouddrove repositories

azure clouddrove devops git github hacktoberfest security

Last synced: 22 Apr 2025

https://github.com/righettod/code-snippets-security-utils

Provides different utilities methods to apply processing from a security perspective.

appsecurity code-snippets java security

Last synced: 31 Aug 2025

https://github.com/richbl/motion-surveillance

Ruby-based video security surveillance system using Motion (a software motion detector)

email image iot motion motion-detection motion-detector motion-surveillance ruby security surveillance video video-surveillance

Last synced: 10 Oct 2025

https://github.com/venura9/manage-nsg

GitHub Action to Manage NSG Rules allowing public running deployment to resources secured by Azure NSGs

nsg security

Last synced: 06 Feb 2026

https://github.com/ddrimus/http-threat-blocklist

A daily-updated blocklist of IP addresses involved in malicious HTTP attacks that bypassed multiple security layers. Ideal for protecting web servers against probing, exploits, and bot traffic.

blocklist cybersecurity firewall malware security threat-intelligence

Last synced: 31 Jan 2026

https://github.com/sowoi/check-nextcloud-security

Check the security level of your Nextcloud instance with the Nextcloud Security API

icinga icinga2 icinga2-plugin nagios-checks nagios-plugin nextcloud nextcloud-server python3 scan security

Last synced: 11 Jun 2026

https://github.com/sammakumbe/burp-idor

A powerful Python tool for identifying Insecure Direct Object Reference (IDOR) vulnerabilities in Burp Suite traffic exports.

ai bugbounty burp burp-suite hacking heuristics hugging-face huggingface idor python qa security testing yaml

Last synced: 04 May 2026

https://github.com/picobaz/pybruteforge

PyBruteForge: A powerful Python brute-force login tester for ethical security audits. Forge attacks with smart password patterns and CSV logging via a modular API-driven design. Strengthen your defenses—test ethically!

bruteforce cybersecurity ethical-hacking login-tester password-audit penetration-testing python security web-security

Last synced: 23 Oct 2025

https://github.com/protokol/guardian

Transaction Based Permission Management (Users and Group) OnChain

ark blockchain configurable permissions security user-management

Last synced: 19 Oct 2025

https://github.com/0xjonaseb11/dn404_marketplace.3.0

A DN404 Marketplace built on ERC404 token standard inspired by Pandora coin

auditing dn404 erc404 ethereum marketplaces nfts security smartcontracts solidity tokens

Last synced: 21 Apr 2026

https://github.com/sea-n/nctu-109b-comp-sec

109 Spring - Computer Security Capstone

homework nctu security

Last synced: 24 Apr 2025

https://github.com/sadhasivamx/boar-hunting-yolov8

YoloV8-based boar detection system with Arduino-triggered buzzer for enhanced security.

arduino artificial-intelligence computer-vision custom machinelearning security yolov8

Last synced: 07 Oct 2025

https://github.com/cyberark/escape-the-cloud

Web Application for CyberArk Cloud Escape Room CTF challenge

aws challenge cloud conjbot-skip conjbot-skip-vulnrreport ctf security

Last synced: 03 May 2025

https://github.com/lambda2/breezer

🔒 Lock your Gemfile dependencies to safe versions

ci gemfile ruby security

Last synced: 18 Jan 2026

https://github.com/appsflyer/srealip

Go package for securely extracting HTTP client's real public IP

go golang http ip security

Last synced: 10 Oct 2025

https://github.com/smoren/url-security-manager-php

Class for building, parsing, signing, signature checking, encrypting and decrypting URLs

encryption security url-builder url-parser

Last synced: 15 Apr 2025

https://github.com/picobaz/pyformblaster

PyFormBlaster: A sleek Python web form fuzzer for ethical security audits. Blast forms with random and malicious inputs to uncover XSS, SQL Injection, and more. Features auto-field detection, CSV logging, and modular config. Test responsibly!

cybersecurity ethical-hacking form-fuzzer fuzzing penetration-testing python security web-security

Last synced: 09 Oct 2025

https://github.com/codeconut-ltd/wordpress-plugin-default-config

WordPress plugin with some hardcoded, opinionated defaults for enhanced security and frontend performance. Reduced feature set that might not work with all plugins. Only use if you know what you need.

composer configuration configuration-management default-project opinionated-defaults ph7 php phpcs phpcs-wordpress plugin security security-hardening wordpress wordpress-development wordpress-plugin wordpress-security wordpress-settings

Last synced: 08 Oct 2025

https://github.com/katosh/agent_sandbox

Sandbox AI agents on HPC systems with slurm.

ai-agents bubblewrap firejail hpc landlock sandbox security slurm

Last synced: 05 May 2026

https://github.com/robertdebock/ansible-role-investigate

Install and configure investigation tools on your system.

ansible investigate molecule playbook security tox

Last synced: 24 Apr 2025

https://github.com/nikanique/spring-rest-framework

Spring REST Framework (SRF) is a powerful library for Spring applications that brings the simplicity and flexibility of Django's REST Framework to Spring. SRF streamlines API development with powerful serialization, flexible filters, and seamless integration.

api cqrs data-jpa dto filter generator rest-api security serialization spring spring-boot validation

Last synced: 14 Jan 2026

https://github.com/rarecoil/mqtt-packet-fuzzy

Radamsa-backed, hooked mqtt-packet for blind MQTT protocol fuzzing on Mac, Linux and Windows.

fuzzing mqtt mqtt-packet mqttjs radamsa security

Last synced: 01 Jul 2025

https://github.com/actalog/mongodump

🍃 GitHub Action for creating a binary export of a database's contents

actions backup database github-actions mongodb mongodump security

Last synced: 27 Feb 2026

https://github.com/k3rnel-dev/katanaframework

Katana-Framework это фреймворк для энтузиастов по тестированию на проникновение на данный момент еще находится в разработке.

framework hack hacking malware metasploit pentest pentesting post-exploitation security

Last synced: 28 Jun 2025