An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/luisschwab/smaug

smaug 🐉 guards your coins and sends you an email if they move

bitcoin network security

Last synced: 24 Jan 2026

https://github.com/piiiico/proof-of-commitment

Supply chain risk scorer for npm and PyPI — single-maintainer CRITICAL flags before attacks happen

audit cargo cli dependencies github-action go golang mcp mcp-server npm openssf pypi rust scorecard security software-supply-chain supply-chain supply-chain-security

Last synced: 13 Jun 2026

https://github.com/aginies/virt-scenario

Prepare a Virtual Machine libvirt XML config and the host to match a specific scenario usage

alp confidential-computing host libvirt opensuse qemu scenarios secure-computation security sev sev-es suse virtual-machine virtualization xml xml-schema

Last synced: 09 Oct 2025

https://github.com/itcmsgr/nftban

NFTBan is an open-source Linux Intrusion Prevention System (IPS) and firewall manager built on nftables, designed to integrate cleanly with modern Linux security stacks.

ai-security almalinux centos debian fail2ban firewall firewall-management intrusion-prevention ips linux nftables red-hat rocky rocky-linux rockylinux security suricata ubuntu zabbix

Last synced: 04 Jul 2026

https://github.com/soulteary/stargate

A minimal ForwardAuth gateway for Traefik and Nginx that handles login sessions and request access control. / 面向 Traefik 和 Nginx 的极简 ForwardAuth 鉴权网关,负责会话与访问控制。

auth authentication authorization enjoy-with-stargate forwardauth gateway nginx reverse-proxy security sso traefik

Last synced: 11 Feb 2026

https://github.com/heycupola/relic

Manage and share secrets. Encrypted on your device, never exposed to anyone else.

cli encrypted gdpr-compliant project-management secret-manager secrets security tui typescript zero-knowledge

Last synced: 01 Apr 2026

https://github.com/dragonbe/poc-webapp-vault

A proof-of-concept to connect a PHP web application to a MySQL database using credentials provided by Hashicorp Vault

database mysql php proof-of-concept security vault webapp

Last synced: 16 Mar 2026

https://github.com/zabojeb/phpgp

phPGP - tool to store your PGP keys on the physical storage (USB, flash drive etc.)

cryptography cybersecurity encoding gnupg gpg pgp pypi python security usb

Last synced: 29 Jan 2026

https://github.com/alexfrancow/gomitm

:construction: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers written in go.

go golang http https martian mitm proxy security tcp

Last synced: 14 Oct 2025

https://github.com/kaushikgopal/ff-container-traffic-control

Firefox addon (extension) that helps you define rules which will control which container a website opens in.

firefox firefox-addon firefox-extension privacy security

Last synced: 31 Jan 2026

https://github.com/protokol/guardian

Transaction Based Permission Management (Users and Group) OnChain

ark blockchain configurable permissions security user-management

Last synced: 19 Oct 2025

https://github.com/lambdapioneer/rollercoaster

MixNet Simulator with Rollercoaster Implementation 🎢

loopix mixnet security usenix-security-2021

Last synced: 11 Oct 2025

https://github.com/mondoohq/terraform-provider-mondoo

Terraform Mondoo provider

security terraform

Last synced: 02 Apr 2026

https://github.com/getarcis/arcis

Inside-the-app security middleware for Node.js, Python, and Go. 20+ attack vectors. One install, three languages, MIT.

bot-detection cli django express fastapi middleware nodejs npm owasp prompt-injection pypi python rate-limiting sast security sql-injection ssrf supply-chain-security web-security xss

Last synced: 06 Jun 2026

https://github.com/tse-wei-chen/hs-sql-agent

A high-performance C# SQL Agent MCP that eliminates LLM hallucinations and security risks. Instead of letting the AI write raw SQL, it extracts parameters to generate deterministic, injection-free queries across 6 major databases—complete with a visual Admin UI and enterprise guardrails.

accuracy admin-panel ai-safety ai-safety-design anti-hallucination firebird mcp mcp-server mcp-servers mysql nl2sql oracle postgres postgresql security sql-agent sql-server sqlite

Last synced: 30 May 2026

https://github.com/netlify/plugin-csp-nonce

Build plugin to use a nonce for the script-src directive of your site's Content Security Policy.

csp netlify security

Last synced: 26 Oct 2025

https://github.com/edsoncelio/ctf-guide

Information guide about CTF: https://edsoncelio.github.io/ctf-guide/

computer-engineering criptography pentest security

Last synced: 06 Feb 2026

https://github.com/codeconut-ltd/wordpress-plugin-default-config

WordPress plugin with some hardcoded, opinionated defaults for enhanced security and frontend performance. Reduced feature set that might not work with all plugins. Only use if you know what you need.

composer configuration configuration-management default-project opinionated-defaults ph7 php phpcs phpcs-wordpress plugin security security-hardening wordpress wordpress-development wordpress-plugin wordpress-security wordpress-settings

Last synced: 08 Oct 2025

https://github.com/theruziev/security_interface

Simple API for authentication and authorization.

python-3-6 python-asyncio security

Last synced: 17 Mar 2026

https://github.com/mablanco/docker-rapidscan

Docker image for Rapidscan, a multi-tool web vulnerability scanner

docker pentesting security

Last synced: 02 Jun 2026

https://github.com/kevinrabun/judges

MCP server with specialized judges to evaluate AI-generated code for security, cost, scalability, cloud readiness, and best practices.

ai-agent ai-code-review ai-generated-code code-quality code-review judge mcp mcp-server security software-architecture static-analysis typescript

Last synced: 05 Apr 2026

https://github.com/skx/mod_blacklist

A simple Apache module to blacklist remote hosts.

apache2 blacklist c firewall security

Last synced: 16 Mar 2026

https://github.com/jef/gh-audit-org-keys

🔑 Provides list of public SSH keys of an organization

github-api john-the-ripper openssl security ssh

Last synced: 03 Apr 2026

https://github.com/kumuluz/kumuluzee-security

KumuluzEE Security extension for easy integration with OAuth2/OpenID identity and access management providers.

cloud-native java javaee kumuluzee microservices oauth2 openid-connect security

Last synced: 17 Oct 2025

https://github.com/cs-joy/blockchain_exploration

All about of Blockchain Technology - Especially about Data Privacy and Security

blockchain-technology cia data-privacy security

Last synced: 06 Feb 2026

https://github.com/ddrimus/http-threat-blocklist

A daily-updated blocklist of IP addresses involved in malicious HTTP attacks that bypassed multiple security layers. Ideal for protecting web servers against probing, exploits, and bot traffic.

blocklist cybersecurity firewall malware security threat-intelligence

Last synced: 31 Jan 2026

https://github.com/jreisinger/waf-tester

Test Web Application Firewalls (WAFs)

cli ftw security testing tool waf

Last synced: 31 Jan 2026

https://github.com/appsflyer/srealip

Go package for securely extracting HTTP client's real public IP

go golang http ip security

Last synced: 10 Oct 2025

https://github.com/venura9/manage-nsg

GitHub Action to Manage NSG Rules allowing public running deployment to resources secured by Azure NSGs

nsg security

Last synced: 06 Feb 2026

https://github.com/yaleman/ocsf-rs

OCSF schema for Rust

ocsf rust security

Last synced: 04 Mar 2026

https://github.com/picobaz/pyformblaster

PyFormBlaster: A sleek Python web form fuzzer for ethical security audits. Blast forms with random and malicious inputs to uncover XSS, SQL Injection, and more. Features auto-field detection, CSV logging, and modular config. Test responsibly!

cybersecurity ethical-hacking form-fuzzer fuzzing penetration-testing python security web-security

Last synced: 09 Oct 2025

https://github.com/tech-at-du/acs-3230-web-security

🔐 This course covers key concepts in internet data security and best practices for keeping information safe. Students will examine historical hacks, learn how to analyze websites and web architectures for classical security vulnerabilities, and learn how to defend against security attacks.

security

Last synced: 08 Jul 2026

https://github.com/teh9/laravel-tg-2fa

A simple implementation of a two-factor authentication via Telegram for Laravel

2fa auth authentication laravel login php security telegram two-factor

Last synced: 22 Aug 2025

https://github.com/mellow-hype/keysniffer-poc

Simple PoC Linux keysniffer showing impact of a lack of GUI-isolation in X display server.

infosec keysniffer linux proof-of-concept security

Last synced: 09 Jul 2025

https://github.com/fijimunkii/usb-canary

Shell script to monitor usb devices while your computer is locked. Get notified when someone plugs in or removes a usb device

alert detection linux monitoring notify osx security shell sms usb

Last synced: 04 Oct 2025

https://github.com/kos0ng/cves

Repository regarding my security research

cve exploit security

Last synced: 28 Jul 2025

https://github.com/panther-labs/pysigma-backend-panther

pySigma Panther Backend

python security

Last synced: 12 Aug 2025

https://github.com/hleliofficiel/exaaiagent

ExaAiAgent — Advanced AI-powered penetration testing framework with Docker sandbox, multi-agent workflows, and 50+ integrated cybersecurity tools.

ai-agent bug-bounty cybersecurity hacking llm pentesting prompt-injection python security vulnerability-scanner

Last synced: 01 Apr 2026

https://github.com/boxyhq/jackson-cerbos

This is an example application that demonstrates how to use Cerbos with SAML Jackson

access-control authorization cerbos policy saml-authentication security

Last synced: 01 Aug 2025

https://github.com/x13a/pschk

Check for suspicious processes on macOS

macos osx security swift

Last synced: 02 Jul 2025

https://github.com/skyzyx/engineering-for-site-reliability

Overall map of topics to cover for my “Engineering for Site Reliability” blog series.

ci-cd cicd devops docker security site-reliability site-reliability-engineering sre terraform

Last synced: 25 Mar 2025

https://github.com/soufantech/arx

Arx is an access control library for Node.js apps, strongly focused on efficiency, type safety and overall composability.

access-control authorisation permissions policy security

Last synced: 12 Apr 2025

https://github.com/software-engineering-and-security/confuzzion

Confuzzion is a Java Virtual Machine (JVM) fuzzer generating Java programs to find bugs and vulnerabilities in the Java VM.

bug code-generation crashes fuzzer java java-virtual-machine java-virtual-machine-fuzzer jvm jvm-fuzzer jvm-fuzzing security soot testing type-confusion vulnerabilities vulnerability

Last synced: 27 Jul 2025

https://github.com/sattyamjjain/agent-audit-kit

Static scanner for MCP-connected AI agent pipelines — 194 rules across 11 categories, 12 compliance frameworks, OWASP Agentic 10/10 + MCP 10/10, GitHub Action, SARIF, 48h CVE-to-rule SLA.

ai-agent ai-agent-security ai-safety ai-security claude-code github-action mcp mcp-security owasp sarif scanner security security-scanner static-analysis supply-chain-security tool-poisoning

Last synced: 23 May 2026

https://github.com/albertito/kxd

[mirror] Key exchange daemon

encryption-key go-application key-management security

Last synced: 02 Aug 2025

https://github.com/yhs0602/logbluetoothapi

Logs android bluetooth api calls of apps using xposed framework, to learn how to avoid java.lang.IOException: connect() failed; socket might closed or timeout; read ret: -1

benchmarking reverse-engineering security security-tools xposed-framework

Last synced: 24 Jul 2025

https://github.com/ztalbot2000/zerofile

Simple command line tool that fill a file with binary zeroes, then removes it.

clean clear data disk erase fill reset security wipe zero

Last synced: 26 Aug 2025

https://github.com/sjinks/yubico-otp

PHP 7/8-friendly alternative to the official php-yubico client

2fa authentication otp php security yubico yubico-otp

Last synced: 10 Apr 2025

https://github.com/smoren/url-security-manager-php

Class for building, parsing, signing, signature checking, encrypting and decrypting URLs

encryption security url-builder url-parser

Last synced: 15 Apr 2025

https://github.com/lombiq/orchard-login-as-anybody

Orchard module for site owners to be able to log in as any user.

orchard orchard-cms orchard-core orchard-module security

Last synced: 17 Aug 2025

https://github.com/jmaczan/ktotu

Identify devices in your network and monitor it against intruders

linux monitoring netsec netsecurity network network-monitoring network-security python security

Last synced: 02 Aug 2025

https://github.com/aw-junaid/fuzzing-for-security-testing

Learn fuzzing techniques for vulnerability discovery: AFL, libFuzzer, and custom fuzzers. Includes examples, tools, and tips for effective software testing.

fuzz-testing fuzzing security security-fuzzing

Last synced: 06 Jan 2026

https://github.com/tigera-solutions/cc-aks-zero-trust-workshop

In this AKS-focused security workshop, you will work with Calico and Microsoft Azure experts to learn how to implement zero-trust security for workloads to reduce the attack surface of applications running on AKS. This 90-minute hands-on lab comes with your own Calico Cloud environment and a sample app environment.

aks azure cc regismartins security workshop

Last synced: 10 Aug 2025

https://github.com/sap/sanitizer-checker

A tool to evaluate the security of JavaScript sanitizer functions.

cross-site-scripting injection javascript sanitizer security

Last synced: 09 Aug 2025

https://github.com/robertdebock/ansible-role-investigate

Install and configure investigation tools on your system.

ansible investigate molecule playbook security tox

Last synced: 24 Apr 2025

https://github.com/patrickfav/bkdf

BCrypt based key derivation function to improve BCrypt as a cryptographic primitive for password hashing and key derivation

bcrypt cryptography hkdf java kdf password security

Last synced: 09 Apr 2025

https://github.com/jarelllama/emerging-threats

Block malware on your network with your DNS sinkhole using threat intelligence extracted from Emerging Threats rulesets.

adblock-list adguard adguard-blocklist adguard-home blacklist blocklist dns filterlist malware phishing phishing-sites pihole pihole-blocklists security

Last synced: 29 Sep 2025

https://github.com/muqsit/2fa

[In-dev] Two-factor authentication for your PocketMine-MP (PMMP) server. Currently there are no documentations or doc comments.

2fa mfa pmmp pocketmine-mp security

Last synced: 05 Aug 2025

https://github.com/goblgobl/authen

Add 2FA to an existing authentication flow

authentication go microservice security self-hosted

Last synced: 16 Jan 2026

https://github.com/melardev/c_win32_bindshell_sync

BindShell written in C using Win32API and blocking sockets

bind-shell c networking pipe poc process-pipes reverse-shell security shell socket win32 win32api

Last synced: 13 Apr 2025

https://github.com/darxisr/cryline-v3.0

Cryline project - It's a simple test ransomware for Windows OS without stable encryption. Pls use this source code for study purposes only. The author is't responsible for your actions.

aes-encryption assembly cplusplus dotnet encryption malware programming ransomware security source-code windows

Last synced: 16 Aug 2025

https://github.com/derhansen/tobserver

tObserver TYPO3 extension required for the free TYPO3 monitoring service

monitoring security typo3 typo3-extension

Last synced: 19 Apr 2025

https://github.com/kolteq/validating-admission-policies-pss

Kubernetes Pod Security Standards implemented using Kubernetes Validating Admission Policies. Support of Enforce Baseline and Restricted profiles natively with configurable policy exclusions.

compliance kubeapt kubernetes pod-security pod-security-admission security validating-admission-policy

Last synced: 04 Feb 2026

https://github.com/autodidaddict/grpctls_sample

Sample illustrating mutual TLS and streaming gRPC using Elixir

elixir elixir-lang grpc grpc-stream mutual-tls otp security tls

Last synced: 21 Apr 2025

https://github.com/openwall/owl

Openwall GNU/*/Linux (Owl) is a small security-enhanced Linux distribution for servers. Owl has effectively reached its end-of-life, but its legacy lives on in a few other distributions (most notably, ALT Linux) and upstream projects. This is a tentative export of the Owl CVS repository into Git, which will possibly be redone later.

hardening linux security userland

Last synced: 09 Apr 2025

https://github.com/grapheneos-archive/device_google_crosshatch

Pixel 3 and Pixel 3 XL device sources.

android grapheneos security

Last synced: 04 Oct 2025

https://github.com/jcsec-security/cosmwasm-security-spotlight

Posts and labs to learn CosmWasm smart contract security vulnerabilities and audit

audit blockchain bug bugbounty contract cosmos cosmossdk cosmwasm ctf dapp defi hacking rust security smart smartcontract vulnerabilities

Last synced: 26 Oct 2025

https://github.com/divineomega/laravel-password-security-audit

🔏 Artisan command to audit the security of your users' passwords

laravel laravel-package password php security security-audit users

Last synced: 24 Aug 2025

https://github.com/rknf404/chromium-hardening-guide

Harden chromium (somewhat)

chromium chromium-browser security

Last synced: 15 Apr 2025

https://github.com/ricco386/cyber502x-computer-forensics

RITx: CYBER502x Computer Forensics - Personal study notes

mooc security study-notes

Last synced: 17 Mar 2026

https://github.com/rusty-ferris-club/redact-engine

Protect confidentiality with dynamic redaction by replacing sensitive data.

redact redaction security sensetive-data

Last synced: 19 Aug 2025

https://github.com/njokuscript/blowfishjs

A Typescript/Javascript library for interacting with the Blowfish APIs

javascript security solana web3

Last synced: 19 Apr 2025

https://github.com/hackardox/openv

openv a tool to automatically load secrets from .env files using 1password CLI under the hood

1password secrets security

Last synced: 29 Aug 2025

https://github.com/sarathsp06/py2factor

Python two factor authenticator app for linux,experimental

2factor cli multifactor-authentication python security

Last synced: 28 Jul 2025

https://github.com/fivexl/terraform-aws-ssl-checker

Simple SSL check and expiring certificates reminder with additional DNS check and host availability check.

heartbleed lambda security ssl terraform terraform-module tls tls-certificate-checker tls-scan tls13

Last synced: 09 Apr 2025

https://github.com/retirenet/packages

JSON files containing vulnerable packages

dotnet-core dotnetcore security

Last synced: 21 Sep 2025