An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/dk26/strict-path-rs

Handle paths from external or unknown sources securely. Defends against 19+ real-world CVEs including symlinks, Windows 8.3 short names, and encoding tricks and exploits.

directory-traversal file-security filesystem-security path-traversal-prevention path-validation rust rust-crate security type-safety web-security

Last synced: 22 Apr 2026

https://github.com/zopefoundation/zope.security

Zope Security Framework

maintained proxy python security zope

Last synced: 10 Oct 2025

https://github.com/aligent/magento2-bypass-2fa

Magento module allowing two-factor authentication (2FA) to be bypassed for development purposes.

development magento2 security

Last synced: 11 Apr 2025

https://github.com/fvinas/tf_aws_lambda_ip_whitelist

An AWS Lambda-based mechanism to allow temporary IP whitelisting via security groups

aws-ec2 aws-lambda aws-security-group infrastructure lambda-functions security terraform-module whitelist

Last synced: 14 Apr 2025

https://github.com/jpmcb/pwnkit-go

Exploit for the PwnKit vulnerability, CVE-2021-4034, written in Go

cybersecurity infosec security

Last synced: 09 Aug 2025

https://github.com/heartsucker/rust-secure-session

Signed, encrypted session cookies for Iron

cryptography http iron rust security session

Last synced: 13 May 2025

https://github.com/zekker6/devsandbox

Sandbox for running untrusted dev tools. Filesystem isolation via bubblewrap, optional MITM proxy for traffic inspection. Perfect for AI coding assistants.

ai-coding-assistant bubblewrap claude-code development-tools linux mitm namespaces proxy sandbox security

Last synced: 29 Apr 2026

https://github.com/trvswgnr/crab-snitch

Get an alert on macOS if an application accesses your microphone or webcam.

macos personal security

Last synced: 08 Sep 2025

https://github.com/rattleycooper/warble

Steganography tool that can embed files into the pixel data of images, or the data chunk of a wav file.

obfuscation pentesting security steganography

Last synced: 31 Aug 2025

https://github.com/aw-junaid/golang-web-security

Secure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.

golang penetration-testing security websecurity

Last synced: 14 Apr 2025

https://github.com/infineon/ek-based-onboarding-optiga-tpm

Guide for Setting Up and Operating Device Onboarding with OPTIGA™ TPM Endorsement Key (EK)

raspberry-pi security tpm2

Last synced: 11 Jul 2025

https://github.com/visualbean/hibp.net

A simple .NET wrapper for the HIBP (Have I been pwned?) Api

csharp haveibeenpwned hibp netcore nuget security

Last synced: 10 Oct 2025

https://github.com/wp-cli/role-command

Adds, removes, lists, and resets roles and capabilities.

access cli hacktoberfest role security wordpress wp-cli wp-cli-package

Last synced: 12 Jun 2025

https://github.com/wravoc/goaccess-openbsd

OpenBSD theme for GoAccess Web Log analyzer with prompted ASN database download matching a pre-configured conf which excludes Web Monitoring services and also generates HTML reports.

analytics asn asn-lookup geoip http-requests log logs openbsd security security-tools

Last synced: 24 Oct 2025

https://github.com/safinsingh/midnight

🔧 An extensible Linux security auditing tool

cybersecurity docker go golang linux security

Last synced: 09 Mar 2026

https://github.com/snehmehta/smartotp

making otp smarter

flask innovation otp python security webapp

Last synced: 14 Aug 2025

https://github.com/bmedicke/reed

notes about 🔍 Reverse Engineering and 🔥 Exploit Development

debugging exploit-development reverse-engineering security

Last synced: 09 Oct 2025

https://github.com/aaearon/mcp-privilege-cloud

A production-ready Model Context Protocol (MCP) server for CyberArk Privilege Cloud integration. Enables AI assistants and MCP clients to securely interact with privileged account management, safe operations, and platform configurations through 8 comprehensive tools.

ai-integration claude-desktop cyberark cyberark-api cybersecurity fastmcp identity-management mcp mcp-server model-context-protocol oauth-authentication oauth2 pam password-vault platform-management privilege-cloud privileged-access-management privileged-accounts python security

Last synced: 18 Feb 2026

https://github.com/digitalruby/socketcloser

Close ipv4 and ipv6 sockets on Windows and Linux

ipv4 ipv6 linux network networking security sockets windows

Last synced: 24 Jul 2025

https://github.com/IBM/simrun

Attack Simulation Platform (ASP) for detection testing

attack-simulation cloud-security detection-engineering security security-automation threat-detection

Last synced: 26 Jun 2026

https://github.com/jamiesonio/defectdojo-mcp

An experimental ModelContextProtocol server connecting LLMs to DefectDojo for AI-powered security workflows. Enables natural language interaction with vulnerability data, simplifies security analysis, and automates reporting through a lightweight middleware integration.

appsec defectdojo devsecops fastmcp mcp security security-automation

Last synced: 01 May 2026

https://github.com/sowoi/check-nextcloud-security

Check the security level of your Nextcloud instance with the Nextcloud Security API

icinga icinga2 icinga2-plugin nagios-checks nagios-plugin nextcloud nextcloud-server python3 scan security

Last synced: 11 Jun 2026

https://github.com/rad-security/clawkeeper

Open-source security scanner for AI agent hosts. Audits macOS and Linux machines for misconfigurations, credential exposure, and network hardening — 42 checks across 5 phases with auto-fix.

ai-agents bash devsecops hardening linux macos openclaw scanner security

Last synced: 12 Jun 2026

https://github.com/tse-wei-chen/hs-sql-agent

A high-performance C# SQL Agent MCP that eliminates LLM hallucinations and security risks. Instead of letting the AI write raw SQL, it extracts parameters to generate deterministic, injection-free queries across 6 major databases—complete with a visual Admin UI and enterprise guardrails.

accuracy admin-panel ai-safety ai-safety-design anti-hallucination firebird mcp mcp-server mcp-servers mysql nl2sql oracle postgres postgresql security sql-agent sql-server sqlite

Last synced: 30 May 2026

https://github.com/katosh/agent_sandbox

Sandbox AI agents on HPC systems with slurm.

ai-agents bubblewrap firejail hpc landlock sandbox security slurm

Last synced: 05 May 2026

https://github.com/teh9/laravel-tg-2fa

A simple implementation of a two-factor authentication via Telegram for Laravel

2fa auth authentication laravel login php security telegram two-factor

Last synced: 22 Aug 2025

https://github.com/suuhm/log4shell4shell

Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell

checker hacking linux log4j log4j2 log4shell macos patch penetration-testing pentesting proof-of-concept scanner security tomcat vulnerability-scanners windows

Last synced: 03 May 2026

https://github.com/rusty-ferris-club/redact-engine

Protect confidentiality with dynamic redaction by replacing sensitive data.

redact redaction security sensetive-data

Last synced: 19 Aug 2025

https://github.com/alexfrancow/gomitm

:construction: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers written in go.

go golang http https martian mitm proxy security tcp

Last synced: 14 Oct 2025

https://github.com/lombiq/orchard-login-as-anybody

Orchard module for site owners to be able to log in as any user.

orchard orchard-cms orchard-core orchard-module security

Last synced: 17 Aug 2025

https://github.com/hn275/file-encryptor

a small cli tool for file encryption, written in Rust.

aes-encryption commandline cryptography gcm key-derivation-function scrypt security

Last synced: 14 Oct 2025

https://github.com/onzack/kube-defcon

A tool to visualize network policy information from the Kubernetes Master API

docker kubernetes network-policy security visualization

Last synced: 26 Oct 2025

https://github.com/grapheneos-archive/device_google_crosshatch

Pixel 3 and Pixel 3 XL device sources.

android grapheneos security

Last synced: 04 Oct 2025

https://github.com/kumuluz/kumuluzee-security

KumuluzEE Security extension for easy integration with OAuth2/OpenID identity and access management providers.

cloud-native java javaee kumuluzee microservices oauth2 openid-connect security

Last synced: 17 Oct 2025

https://github.com/elnappo/bro-log-parser

Simple logfile parser for Bro IDS

bro bro-ids logfile-parser python3 security

Last synced: 09 Mar 2026

https://github.com/sap/sanitizer-checker

A tool to evaluate the security of JavaScript sanitizer functions.

cross-site-scripting injection javascript sanitizer security

Last synced: 09 Aug 2025

https://github.com/jcsec-security/cosmwasm-security-spotlight

Posts and labs to learn CosmWasm smart contract security vulnerabilities and audit

audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm ctf dapp defi hacking rust security smart smartcontract vulnerabilities

Last synced: 26 Oct 2025

https://github.com/xkcoding/magic-starter-secure-demo

magic-starter-secure 极简的权限控制框架的 demo

demo jwt magic-starter security spring-boot-2 spring-boot-starter xkcoding

Last synced: 09 Mar 2026

https://github.com/nolze/imagesteg

A simple image steganalysis (steganography analysis) tool in Python with web-based GUI

ctf security steganalysis steganography

Last synced: 13 Aug 2025

https://github.com/netlify/plugin-csp-nonce

Build plugin to use a nonce for the script-src directive of your site's Content Security Policy.

csp netlify security

Last synced: 26 Oct 2025

https://github.com/fijimunkii/usb-canary

Shell script to monitor usb devices while your computer is locked. Get notified when someone plugs in or removes a usb device

alert detection linux monitoring notify osx security shell sms usb

Last synced: 04 Oct 2025

https://github.com/panther-labs/pysigma-backend-panther

pySigma Panther Backend

python security

Last synced: 12 Aug 2025

https://github.com/panther-labs/stix2

Pure go implementation of stix2

golang security

Last synced: 12 Aug 2025

https://github.com/picobaz/pybruteforge

PyBruteForge: A powerful Python brute-force login tester for ethical security audits. Forge attacks with smart password patterns and CSV logging via a modular API-driven design. Strengthen your defenses—test ethically!

bruteforce cybersecurity ethical-hacking login-tester password-audit penetration-testing python security web-security

Last synced: 23 Oct 2025

https://github.com/robertdebock/ansible-role-cve_2024_3094

Check xz vulnerability (cve_2024_3094) on your system.

ansible cve20243094 linux molecule playbook security system tox

Last synced: 23 Oct 2025

https://github.com/tigera-solutions/cc-aks-zero-trust-workshop

In this AKS-focused security workshop, you will work with Calico and Microsoft Azure experts to learn how to implement zero-trust security for workloads to reduce the attack surface of applications running on AKS. This 90-minute hands-on lab comes with your own Calico Cloud environment and a sample app environment.

aks azure cc regismartins security workshop

Last synced: 10 Aug 2025

https://github.com/jmcph4/fuzzbang

Python 3 package providing basic fuzzing support

fuzz fuzz-testing fuzzer fuzzing python security vulnerability-detection

Last synced: 07 Apr 2025

https://github.com/picobaz/pyformblaster

PyFormBlaster: A sleek Python web form fuzzer for ethical security audits. Blast forms with random and malicious inputs to uncover XSS, SQL Injection, and more. Features auto-field detection, CSV logging, and modular config. Test responsibly!

cybersecurity ethical-hacking form-fuzzer fuzzing penetration-testing python security web-security

Last synced: 09 Oct 2025

https://github.com/rulilg/litic

JS library to perform technical SEO and best practices analysis to your projects.

accessibility best-practices security seo technical-seo web-development

Last synced: 13 Oct 2025

https://github.com/clouddrove/.github

Meta repository for all clouddrove repositories

azure clouddrove devops git github hacktoberfest security

Last synced: 22 Apr 2025

https://github.com/aw-junaid/fuzzing-for-security-testing

Learn fuzzing techniques for vulnerability discovery: AFL, libFuzzer, and custom fuzzers. Includes examples, tools, and tips for effective software testing.

fuzz-testing fuzzing security security-fuzzing

Last synced: 06 Jan 2026

https://github.com/sindecker/pentest-playbook

The Penetration Testing Playbook — Beginner to Intermediate Field Guide. 359 pages, 731 code examples, 37+ compliance frameworks. Read free on GitHub.

active-directory beginner bug-bounty burp-suite ctf cybersecurity ethical-hacking hacking infosec oscp oscp-prep owasp penetration-testing pentest red-team security security-tools web-security

Last synced: 18 Apr 2026

https://github.com/homebrew/homebrew-brew-vulns

🔓 A Homebrew subcommand that checks installed packages for vulnerabilities

brew homebrew security vulnerability-scanners

Last synced: 05 Feb 2026

https://github.com/heycupola/relic

Manage and share secrets. Encrypted on your device, never exposed to anyone else.

cli encrypted gdpr-compliant project-management secret-manager secrets security tui typescript zero-knowledge

Last synced: 01 Apr 2026

https://github.com/shaialon/express-csp-generator

Content Security Policy Generator, Powered by RapidSec

csp security

Last synced: 03 Sep 2025

https://github.com/omaidf/go-chrome-stealer

Steal Chrome Cookies Without Root

cookies security security-tools

Last synced: 14 Jan 2026

https://github.com/appsflyer/srealip

Go package for securely extracting HTTP client's real public IP

go golang http ip security

Last synced: 10 Oct 2025

https://github.com/federicoceratto/desktop-security-assistant

Help desktop users improve their security

debian gui python security ui

Last synced: 20 Sep 2025

https://github.com/umuttopalak/pass-cli

A secure command-line password manager with AES-256 encryption and sudo authentication

aes-256 cli command-line-tool cryptography keyring password-generator password-manager password-security python security

Last synced: 28 Jul 2025

https://github.com/melardev/c_win32_bindshell_sync

BindShell written in C using Win32API and blocking sockets

bind-shell c networking pipe poc process-pipes reverse-shell security shell socket win32 win32api

Last synced: 13 Apr 2025

https://github.com/goblgobl/authen

Add 2FA to an existing authentication flow

authentication go microservice security self-hosted

Last synced: 16 Jan 2026

https://github.com/TheAmazingPT/passman

A dmenu frontend for password-store (Pass: The Standard Unix Password Manager)

bash dmenu linux manager pass password password-store security unix

Last synced: 22 Apr 2025

https://github.com/cbrnrd/krypton

🔒 A CLI tool for easy cryptography

cli command-line-tool cryptography encryption ruby security

Last synced: 22 Apr 2025

https://github.com/grottopress/samba

Single Sign On authentication for Lucky framework

authentication crystal lucky-framework oauth2 security sso

Last synced: 22 Apr 2025

https://github.com/kevinrabun/judges

MCP server with specialized judges to evaluate AI-generated code for security, cost, scalability, cloud readiness, and best practices.

ai-agent ai-code-review ai-generated-code code-quality code-review judge mcp mcp-server security software-architecture static-analysis typescript

Last synced: 05 Apr 2026

https://github.com/potatoqualitee/disarepotools

🦅 DISA Patch Repository Tools - List, download files and install files from DISA patch repositories using your smartcard

disa security

Last synced: 27 Oct 2025

https://github.com/picobaz/nexusbrute

NexusBrute: A modular Node.js brute-force login tester for ethical security audits. Simulate password attacks with smart patterns, auto-CSRF handling, and CSV logging. Harden your systems—use with permission only!

bruteforce cybersecurity ethical-hacking login-tester nodejs password-audit penetration-testing security web-security

Last synced: 06 Jan 2026

https://github.com/richbl/motion-surveillance

Ruby-based video security surveillance system using Motion (a software motion detector)

email image iot motion motion-detection motion-detector motion-surveillance ruby security surveillance video video-surveillance

Last synced: 10 Oct 2025

https://github.com/situ-vault/situ-vault

Simple toolbox for working with encrypted secrets

fyne golang kustomize-plugin secret-distribution secret-management security vault

Last synced: 14 Jan 2026

https://github.com/qualixar/skillfortify

First formal security scanner for AI agent skills & plugins. Static analysis, supply chain verification, SBOM generation. 22 frameworks supported including MCP, LangChain, CrewAI.

agent-skills ai-agents cyclonedx formal-methods mcp sbom security static-analysis supply-chain-security

Last synced: 27 Mar 2026

https://github.com/lambda2/breezer

🔒 Lock your Gemfile dependencies to safe versions

ci gemfile ruby security

Last synced: 18 Jan 2026

https://github.com/edsoncelio/ctf-guide

Information guide about CTF: https://edsoncelio.github.io/ctf-guide/

computer-engineering criptography pentest security

Last synced: 06 Feb 2026

https://github.com/codeconut-ltd/wordpress-plugin-default-config

WordPress plugin with some hardcoded, opinionated defaults for enhanced security and frontend performance. Reduced feature set that might not work with all plugins. Only use if you know what you need.

composer configuration configuration-management default-project opinionated-defaults ph7 php phpcs phpcs-wordpress plugin security security-hardening wordpress wordpress-development wordpress-plugin wordpress-security wordpress-settings

Last synced: 08 Oct 2025

https://github.com/lambdapioneer/rollercoaster

MixNet Simulator with Rollercoaster Implementation 🎢

loopix mixnet security usenix-security-2021

Last synced: 11 Oct 2025

https://github.com/0xedward/fisherman

a fisherman catches phishes - a tool to look up reputation of email addresses

email infosec phishing python security security-tools threat-intelligence

Last synced: 04 Oct 2025

https://github.com/kaushikgopal/ff-container-traffic-control

Firefox addon (extension) that helps you define rules which will control which container a website opens in.

firefox firefox-addon firefox-extension privacy security

Last synced: 31 Jan 2026

https://github.com/albertito/kxd

[mirror] Key exchange daemon

encryption-key go-application key-management security

Last synced: 02 Aug 2025

https://github.com/bocaletto-luca/systemauditdashboard

SystemAuditDashboard is a centralized Linux system monitoring dashboard implemented in Python using Tkinter. It provides a real-time overview of key system information including: Kernel Version Operating System Details Logged-in User Number of Active Processes Number of Open Ports Load Average (1 min, 5 min, 15 min) Available Memory (in MB)...

admin-tool bocaletto-luca gui linux python security security-tool system-audit system-audit-dashboard system-tool tkinter

Last synced: 17 Sep 2025

https://github.com/divineomega/laravel-password-security-audit

🔏 Artisan command to audit the security of your users' passwords

laravel laravel-package password php security security-audit users

Last synced: 24 Aug 2025