An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/dumbjs/foronce

The OTP Library

crypto node otp security totp

Last synced: 06 Mar 2026

https://github.com/fortio/safecast

Go, safe from accidental overflow, number type conversions

conversions golang golang-library security

Last synced: 17 Jun 2025

https://github.com/dynonguyen/hospital-management-system

Safety and security of information systems project.

oracle reactjs security

Last synced: 12 Apr 2025

https://github.com/bitforger/thegreatersuspender

Fork of popular extension The Great Suspender made more privacy respecting.

chrome chrome-extension javascript privacy security suspender thegreatsuspender

Last synced: 07 May 2025

https://github.com/accuknox/secret-scan-action

AccuKnox Secret Scan GitHub Action

secret security sensitive-data

Last synced: 06 Mar 2026

https://github.com/maybethisisru/eleventy-plugin-safe-external-links

Stop XSS attacks by preventing access to origin window for links that open in a new tab/window.

11ty eleventy external-links links security

Last synced: 12 Apr 2025

https://github.com/zuazo/chef-encrypted-attributes

Chef plugin to add Node encrypted attributes support using client keys.

chef credentials devops encrypted-attributes encryption gcm keys passwords pki plugin secrets security

Last synced: 13 Apr 2025

https://github.com/bocaletto-luca/super-info

Super Info is a comprehensive, text-based utility for system administrators on Ubuntu and other Debian-based distributions. It provides essential security, monitoring and system checks via a custom ASCII interface with colors (when supported). By Bocaletto Luca

bash cli debian linux security shell-script sysadmin system-info system-monitoring ubuntu

Last synced: 18 Jun 2025

https://github.com/demimarie/sliprock

A secure local interprocess communication library.

interprocess-communication secure-by-default security sockets unix windows

Last synced: 18 Jun 2025

https://github.com/nathanjepson/wdac-framework

Easily create, deploy, and edit Windows Defender Application Control (WDAC) policies. Allows for careful review of app information before trusting WDAC rules. Manage your policies with WinRM (remote PowerShell) and SQLite.

application-control applicationcontrol defender enterprise-security operation-system-security powershell powershell-script security sqlite sqlite-database wdac windows windows-defender windows-defender-application-control windowsdefender winrm zero-trust

Last synced: 21 Jun 2025

https://github.com/alphasoc/graylog-alphasoc

A content pack to render AlphaSOC alerts within Graylog

graylog-content-pack intrusion-detection malware-analysis monitoring security

Last synced: 01 Mar 2026

https://github.com/carlocorradini/graphql-auth-directive

GraphQL @auth directive that protects resources from unauthenticated and unauthorized access

auth authentication authorization graphql nodejs security typescript

Last synced: 16 Feb 2026

https://github.com/neuralegion/sectester-js

SecTester is a new tool that integrates our enterprise-grade scan engine directly into your unit tests.

appsec brightsec e2e pentesting qa security test testing typescript

Last synced: 17 Mar 2026

https://github.com/99999g/ak47

AK47 是一款跨平台的漏洞利用与安全评估工具 | AK47 is a cross-platform vulnerability exploitation and security assessment tool

expr mcp pentest redteam security skills wails

Last synced: 10 Apr 2026

https://github.com/seznam/jailoc

🔒 Jail your AI agents — sandboxed Docker environments with network isolation for Opencode agents

ai-agents cli devtools docker docker-compose golang network-isolation opencode sandbox security

Last synced: 04 Apr 2026

https://github.com/m3ssap0/data-grabber

This is a simple PHP script that can be used as a cookie grabber / session stealer. It uses MySQL to store data in a structured way.

cookie-grabber cookie-stealer security security-tools session-grabber session-stealer

Last synced: 28 Jun 2025

https://github.com/MaybeThisIsRu/eleventy-plugin-safe-external-links

Stop XSS attacks by preventing access to origin window for links that open in a new tab/window.

11ty eleventy external-links links security

Last synced: 07 Nov 2025

https://github.com/trvswgnr/crab-snitch

Get an alert on macOS if an application accesses your microphone or webcam.

macos personal security

Last synced: 08 Sep 2025

https://github.com/casbin/mux-authz

gorilla/mux's RBAC & ABAC Authorization middleware based on Casbin

abac acl authz casbin gorilla-mux middleware mux plugin rbac security

Last synced: 22 Apr 2025

https://github.com/aligent/magento2-bypass-2fa

Magento module allowing two-factor authentication (2FA) to be bypassed for development purposes.

development magento2 security

Last synced: 11 Apr 2025

https://github.com/oliverbebber/comptia-sy0-601-study-notes

CompTIA SY0-601 Study Notes

comptia-security security

Last synced: 09 Mar 2026

https://github.com/wp-cli/role-command

Adds, removes, lists, and resets roles and capabilities.

access cli hacktoberfest role security wordpress wp-cli wp-cli-package

Last synced: 12 Jun 2025

https://github.com/line/webauthndemo-kotlin

WebAuthnDemo Kotlin is a sample application demonstrating the integration of the webauthn-kotlin SDK for secure, password-less authentication in Android apps. It showcases the use of biometric and device credential authenticators, along with examples for registering and authenticating credentials.

authenticator demo fido2 kotlin passwordless security webauthn

Last synced: 02 Sep 2025

https://github.com/riotkit-org/gpbkdf2

PBKDF2 key encoder for use in shell. Single, tiny binary. Written in Go.

aes aes-256 aes-256-cbc cbc cbc-mode crypto go openssl pbkdf2 pbkdf2-cli security

Last synced: 02 Aug 2025

https://github.com/therootcompany/base62-token.js

Generate & Verify GitHub-style & npm-style Base62 Tokens

base62 base62-encoding github-tokens-generator npm-tokens-generator security

Last synced: 17 Jul 2025

https://github.com/safinsingh/midnight

🔧 An extensible Linux security auditing tool

cybersecurity docker go golang linux security

Last synced: 09 Mar 2026

https://github.com/zekker6/devsandbox

Sandbox for running untrusted dev tools. Filesystem isolation via bubblewrap, optional MITM proxy for traffic inspection. Perfect for AI coding assistants.

ai-coding-assistant bubblewrap claude-code development-tools linux mitm namespaces proxy sandbox security

Last synced: 29 Apr 2026

https://github.com/bandarlabs/cveingest

Convert CVEs into LLMs friendly input with multi level crawling

audio cve llm security

Last synced: 03 Jul 2025

https://github.com/karmadeb/lockloginreborn

LockLoginReborn, is a rework of the LockLogin plugin. This plugin allows server owners to keep their server and players safe, LockLogin is an inteligent plugin which also parches some of the very known exploits to bypass login systems.

bungeecord java login plugin security spigot

Last synced: 01 Oct 2025

https://github.com/dhanushnehru/pdf-xss-checker

pdf-xss-checker is a Node.js tool designed to scan PDF files for potential Cross-Site Scripting (XSS) vulnerabilities. It analyzes embedded scripts, forms and suspicious content to help identify security risks in PDFs before they're distributed or displayed in browsers.

pdf pdf-document scanner security security-audit securitytools vulnerability xss xss-attacks xss-detection xss-filter xss-scanner xss-vulnerability

Last synced: 19 Jun 2025

https://github.com/lreimer/secure-devex22

Demo repository for my talk at the Heise Developer Experience 2022 conference.

checkov clean-code code-quality devsecops docker kubernetes lint security security-tools snyk sonarqube static-analysis terraform tilt trivy zap-api

Last synced: 02 Aug 2025

https://github.com/aaearon/mcp-privilege-cloud

A production-ready Model Context Protocol (MCP) server for CyberArk Privilege Cloud integration. Enables AI assistants and MCP clients to securely interact with privileged account management, safe operations, and platform configurations through 8 comprehensive tools.

ai-integration claude-desktop cyberark cyberark-api cybersecurity fastmcp identity-management mcp mcp-server model-context-protocol oauth-authentication oauth2 pam password-vault platform-management privilege-cloud privileged-access-management privileged-accounts python security

Last synced: 18 Feb 2026

https://github.com/topscoder/subgomain

A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.

bugbounty bugbounty-tool domain-takeover infosec infosectools security security-tools subdomain-takeover

Last synced: 04 Jul 2025

https://github.com/divineomega/php-password-cracker

PHP package to crack passwords

password password-cracker php security

Last synced: 25 Jul 2025

https://github.com/marcelo-davanco/quality-scanner

Quality Scanner — SonarQube + NestJS/TypeScript analysis toolkit with Docker, 8-step scanner, quality gate, and Next.js dashboard

code-analysis code-quality docker eslint nestjs security sonarqube spectral trivy typescript

Last synced: 20 Feb 2026

https://github.com/flutterguard/flutterguard-cli

Know and see everything an attacker can extract and get from your published Flutter app

android apk cli dart exploit flutter opensource reverse-engineering security static-analysis

Last synced: 13 Jan 2026

https://github.com/mindpatch/latestpocs

Latest PoC exploit & Writeups

cves pentesting poc proof-of-concept security

Last synced: 20 Sep 2025

https://github.com/barandev/firebase-authentication-template

A template repository for implementing Firebase Authentication with Flask and JavaScript. This template provides a basic setup for integrating Firebase Authentication into web applications using Flask as the backend framework. It includes functionalities for user signup, signin, signout, and session management.

firebase firebase-auth firebase-webapp flask html-css-javascript javascript modal-design password-hashing python responsive-design security session-management signin-signup template user-management userauthentication web-template webdevelopment

Last synced: 19 Feb 2026

https://github.com/ezshine/carefullyopenurl

A Chrome extension that helps users browse the web more safely by adding confirmation steps before opening any links.

chrome-extension security

Last synced: 01 Sep 2025

https://github.com/rix4uni/linkinspector

linkinspector is a fast command-line tool for inspecting URLs and retrieving HTTP status codes, content lengths, and content types. It supports filtering and matching responses, and can process URLs from stdin or files.

bug-bounty bugbounty bugbountytips hacking infosec osint osint-resources osint-tool penetration-testing pentest-tool pentesting recon reconnaissance security security-tools threat-intelligence

Last synced: 17 Feb 2026

https://github.com/extwiii/cybersecurity-university.of.maryland

Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera

cyber-security cybersecurity maryland security

Last synced: 03 Feb 2026

https://github.com/cyb3rmx/jellyb0n

Iptables based simple firewall with tkinter GUI

firewall iptables linux netcat python3 security simple tkinter-gui

Last synced: 31 Aug 2025

https://github.com/csm-actions/approve-pr-action

GitHub Action to approve pull requests securely

github-actions oss security

Last synced: 13 May 2025

https://github.com/ghostofgoes/ui-prccdc

Scripts, Guides, Tools, and what-not for the University of Idaho PRCCDC team.

ccdc hardening prccdc python scripts security uidaho vyos

Last synced: 22 Apr 2025

https://github.com/murphysecurity/murphysec-jenkins-tools

将墨菲安全的代码检测能力集成到 Jenkins 中,提高线上代码安全质量

jenkinsfile scanner security

Last synced: 25 Apr 2025

https://github.com/pelock/jobfuscator-python

JObfuscator is a source code obfuscator for the Java language. Protect Java source code & algorithms from hacking, cracking, reverse engineering, decompilation & technology theft.

decompiler decompiler-java java mangle mangler obfuscate obfuscate-code obfuscate-strings obfuscated obfuscated-code obfuscation obfuscator security source-code

Last synced: 13 Jul 2025

https://github.com/ayushn21/bridgetown-content-security-policy

A Bridgetown plugin to add a Content Security Policy in a meta tag

bridgetown bridgetown-plugin content-security-policy security

Last synced: 14 Apr 2025

https://github.com/infineon/ek-based-onboarding-optiga-tpm

Guide for Setting Up and Operating Device Onboarding with OPTIGA™ TPM Endorsement Key (EK)

raspberry-pi security tpm2

Last synced: 11 Jul 2025

https://github.com/samouraiworld/sec-guidebook

The Ultimate Security Guide Book for new-cryptorich friends

exploits good-practices privacy protection security wallet

Last synced: 27 Jan 2026

https://github.com/restorm-labs/nuxt-restream

Restream is a module that allows you to create a stream of an audio/video file from the Firebase storage, protected from direct download through the client-side.

firebase firebase-storage nuxt nuxt-module nuxt3 security vue3

Last synced: 09 Oct 2025

https://github.com/boogy/iam-policy-validator

⚡ Stop IAM misconfigurations before they become breaches — Catch overprivileged permissions, dangerous wildcards, and policy errors before deployment.

aws iam security

Last synced: 12 Feb 2026

https://github.com/zelon88/emotet_analysis-1

A quick & dirty look at an Emotet infection.

analysis botnet campaign emotet heodo malware-analysis opsec security trojan

Last synced: 09 Feb 2026

https://github.com/smed79/easylist-hosts

Unified EasyList hosts blacklist for use with DNS and domain blocking tools as pi-hole for the purpose of blocking bad domains used for serving ads, tracking, mining, malware and other nasty content.

adblock adblock-plus adguard blacklist blocklist dns dnsforge domains easylist easyprivacy hosts hosts-file malware nextdns personaldnsfilter phishing pi-hole privacy security ublock

Last synced: 24 Oct 2025

https://github.com/demon1a/bounties-uwu

Chrome extension uses the HackerOne API to reveal hidden rewarded bounties on HackerOne

bugbounty hackerone javascript security tools

Last synced: 14 Oct 2025

https://github.com/bisonai/flutter-machine-learning-security

Protect your Machine Learning model in your Flutter application.

edge-machine-learning encoder-decoder mobile-ai security xor-cipher

Last synced: 18 Oct 2025

https://github.com/amadeusitgroup/starter-kit-for-internal-hacking-event

A kit to organize internal hacking events, improving product security and spreading security knowledge.

event fun security

Last synced: 13 Feb 2026

https://github.com/IBM/simrun

Attack Simulation Platform (ASP) for detection testing

attack-simulation cloud-security detection-engineering security security-automation threat-detection

Last synced: 26 Jun 2026

https://github.com/rocklambros/any2md

Convert PDF, DOCX, HTML, and TXT files — or web pages by URL — to clean, LLM-optimized Markdown with YAML frontmatter.

cli converter docx html llm markdown pdf python security txt

Last synced: 26 Apr 2026

https://github.com/ynori7/hulksmash

A very easy-to-use library for building a custom brute-force requester for QA purposes

bruteforce qa qatools security security-tools

Last synced: 23 Jan 2026

https://github.com/rohaquinlop/immunipy

A Python SCA tool that acts as a watchdog, keeping an eye out for security vulnerabilities and reporting them promptly, written in Rust.

cli python python-library sca security vulnerability-detection vulnerability-scanners

Last synced: 17 Oct 2025

https://github.com/prompt-armor/prompt-armor

Open-source prompt injection detector — 5 layers, 91.7% F1, ~27ms, offline, Apache 2.0

ai-safety anomaly-detection cli faiss jailbreak llm llm-security mcp nlp offline onnx prompt-injection prompt-security python security

Last synced: 03 Jun 2026

https://github.com/mahmudnibir/hiddenmessage

⚕️ HiddenMessage is a Python script that uses LSB steganography to hide and extract secret text in images. It encrypts the message with AES before embedding, ensuring both privacy and invisibility.

data-hiding digital-forensics encoding encryption encryption-decryption image-processing lsb message-hiding password pil python security steganography

Last synced: 21 Jul 2025

https://github.com/haccer/xmail

Go tool that detects which email addresses have domains which are able to be registered

account-takeover bug-bounty bugbounty cyber email go golang infosec osint pentesting redteam redteam-tools security

Last synced: 14 Mar 2026

https://github.com/elementsinteractive/sheriff

Sheriff is a tool to scan repositories and generate security reports.

dependency-scanning security security-audit security-tools vulnerability-scanner

Last synced: 12 Jan 2026

https://github.com/leklund/bauditor

run bundler-audit on a multiple repositories at once

bundler-audit ruby rubygems security

Last synced: 07 Jul 2025

https://github.com/crashdump/covert

Covert is a deniable encryption software.

cli deniable-encryption encryption sdk security

Last synced: 16 Feb 2026

https://github.com/iwpnd/fiber-key-auth

fiber api key authentication middleware

api gofiber golang security

Last synced: 20 Mar 2025

https://github.com/visualbean/hibp.net

A simple .NET wrapper for the HIBP (Have I been pwned?) Api

csharp haveibeenpwned hibp netcore nuget security

Last synced: 10 Oct 2025

https://github.com/DemiMarie/SlipRock

A secure local interprocess communication library.

interprocess-communication secure-by-default security sockets unix windows

Last synced: 11 Mar 2025

https://github.com/anchore/s3c-workshops

Deploy Anchore Enterprise in an environment of your choice. Then follow through a series of labs that showcase how you can improve security across your software supply chain.

containers devsecops fedramp k8s sbom security supply-chain-security vulnerability-scanners

Last synced: 09 Oct 2025

https://github.com/padsalatushal/malicious-debian-package-maker

Inject your own bash script inside any Debian package.

debian linux package python security

Last synced: 18 Jul 2025

https://github.com/fractaslabs/silverstripe-security-layouts

SilverStripe module for fancier security layouts (login, logout, lost password etc.)

security silverstripe silverstripe-4 silverstripe-module silverstripe-theme

Last synced: 15 Jan 2026

https://github.com/patricktulskie/dfang

Defang IOCs, written in rust

defang ioc refang security security-tools

Last synced: 28 Apr 2025

https://github.com/aw-junaid/golang-web-security

Secure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.

golang penetration-testing security websecurity

Last synced: 14 Apr 2025

https://github.com/hcl-tech-software/appscan-sast-action

Integrate static security testing with HCL AppScan on Cloud using GitHub Actions

action appscan github github-actions sast scanning security security-automation security-scanner security-testing security-tools

Last synced: 31 Aug 2025

https://github.com/rustlanges/rlarndg

RustLangES Actually Random Generator

cryptography generator random security

Last synced: 31 Jul 2025