Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/alulsh/intro-to-security-for-developers

An introduction to security for developers.

infosec security slides

Last synced: 20 Nov 2025

https://github.com/JakeRoggenbuck/regolith

A server-side TypeScript and JavaScript library immune to Regular Expression Denial of Service (ReDoS) attacks by using Rust and linear RegEx under the hood. Regolith has a linear worst case time complexity, compared to the default RegExp found in TypeScript and JavaScript, which has an exponential worst case.

javascript regex security typescript

Last synced: 17 Aug 2025

https://github.com/sporkmonger/bulwark

Automated security decision making under uncertainty

bot-mitigation bulwark detection devsecops envoy security waap waf webassembly

Last synced: 19 Feb 2026

https://github.com/d2iq-archive/kubernetes-security-benchmark

A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources

cis cli cobra dcos golang ksphere kubernetes security

Last synced: 31 Mar 2025

https://github.com/wagov/wasocshared

WA Cyber Security Unit (DGOV Technical) site

mkdocs-site security

Last synced: 17 Aug 2025

https://github.com/va1da5/manual-source-code-review

Regex patterns for manual application source code review

bugs oswe oswe-prep regex-pattern review security web-300

Last synced: 03 Feb 2026

https://github.com/alaz/legitbot

🤔 Is this Web request from a real search engine🕷 or from an impersonating agent 🕵️‍♀️?

bot detect-crawlers fake googlebot impersonation protection ruby ruby-gem search-engine security

Last synced: 25 Apr 2026

https://github.com/simeononsecurity/windows-hardening-ctf

A windows hardening script that makes it difficult to compromise a Windows device. Only for use during Blue-Team Competitions.

automation ctf ctf-tools hardening security windows

Last synced: 15 Apr 2025

https://github.com/d4vinci/paste2web

A python3 script that uses cl1p website to send and receive secret messages

chat cl1p-website messages python3-script secret security

Last synced: 25 Jul 2025

https://github.com/1and1/compositejks

Load a custom Java Keystore into the SSL Context without replacing the system CA list.

cacert java-keystore security

Last synced: 05 Mar 2025

https://github.com/deepal/node-dukpt

Node JS Library for Derived Unique Key Per Transaction (DUKPT) Encryption 💳🔑🛡

aes decryption dukpt dukpt-encryption encryption javascript node-dukpt nodejs payments security

Last synced: 15 Oct 2025

https://github.com/endorama/2ami

Your easy 2FA companion that keep the secrets secret.

cli google-authenticator hacktoberfest keychain keyring secrets secure security totp two-factor

Last synced: 15 Mar 2026

https://github.com/opensc/pam_p11

Authentication with PKCS#11 modules

authentication certificate opensc pam pgp security smartcard

Last synced: 26 Feb 2026

https://github.com/koki-develop/ghasec

🫴 Catch security risks in your GitHub Actions workflows.

github-actions security

Last synced: 17 Apr 2026

https://github.com/unicornsasfuel/keybrute

A wordlist-based encryption key brute forcer targeting weak key choice/derivation

aes aes-encryption brute-force computer-security crack cryptanalysis crypto cryptography encryption information-security infosec security

Last synced: 26 Mar 2025

https://github.com/turbot/steampipe-mod-terraform-aws-compliance

Run compliance and security controls to detect Terraform AWS resources deviating from security best practices prior to deployment using Powerpipe and Steampipe.

aws compliance hacktoberfest powerpipe powerpipe-mod security sql steampipe steampipe-mod terraform

Last synced: 10 Mar 2026

https://github.com/jpcertcc/quasarrat-analysis

QuasarRAT analysis tools and research report

malware python3 security

Last synced: 05 Apr 2025

https://github.com/kawaiipantsu/ip-blacklist-collection

These are automated updated IP address blacklist/whitelist you can use to fetch and parse and put in your firewall, waf, null-routing, sinkhole or what ever you choose. The blacklists are not necessary threat actors, it's just lists i like to have ready and handy.

blacklist blocklist blueteam compliance firewall geoblocking ip iptables ipv4 ipv6 mullvad nordvpn privacy proxy proxy-list security ufw waf

Last synced: 17 Jan 2026

https://github.com/houzuoguo/cryptctl

A disk encryption utility that helps setting up LUKS-based disk encryption using randomly generated keys, and keeps all keys on a dedicated key server.

disk-encryption encryption go golang linux luks os security

Last synced: 13 Apr 2025

https://github.com/davidalami/VulnMapAI

VulnMapAI combines the power of nmap’s detailed network scanning and the advanced natural language processing capabilities of GPT-4 to generate comprehensive and intelligible vulnerability reports. It aims to facilitate the identification and understanding of security vulnerabilities.

hacking hackthebox hacktoberfest machine-learning penetration-testing port-scanning security tryhackme vulnerability-scanners

Last synced: 07 Sep 2025

https://github.com/nwtgck/piping-draw-web

🎨 End-to-End Encryption Share Drawing via Piping Server

canvas drawing end-to-end-encryption handwriting paint piping-server security

Last synced: 07 Mar 2026

https://github.com/advanced-security/codeql-bundle-action

Action to retrofit a CodeQL bundle with additional queries, libraries, and customizations

code-scanning codeql security

Last synced: 10 Mar 2026

https://github.com/andygeiss/cloud-native-utils

A collection of high-performance, modular utilities for enhancing testing, transactional consistency, efficiency, security and stability in cloud-native Go applications.

assert automated-testing batteries-included best-practices cloud-native cloud-native-patterns consistency efficiency extensibility go golang logging resource security service stability templating utils

Last synced: 17 Jan 2026

https://github.com/c0r0n3r/cryptolyzer

CryptoLyzer is a fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI. (read-only clone of the original GitLab project)

certificate-transparency content-security-policy dnssec http-header-check http-scan mixed-content openvpn python scan-tool scanning-tool security security-audit security-tools ssh-scanner ssl-scanner subresource-integrity tls-scan tls-scanning-library vulnerability-scanners

Last synced: 20 Nov 2025

https://github.com/kstr0k/migrate-apt-keys

Migrates from "apt-key" managed keys to "[signed-by=.../keyrings/...]"

apt apt-key debian gpg security shell-script ubuntu

Last synced: 22 Apr 2025

https://github.com/jlleitschuh/security-checklist-transformer

Sqreen Security Checklist Transformer & Uploader

security security-checklists security-plan security-tools

Last synced: 07 Apr 2025

https://github.com/vboureaud/ctfbourgpalette

A pokemon-like project game where you level up by hacking your neighbor.

phaserjs react security

Last synced: 25 Oct 2025

https://github.com/stirby/fastpass

A password manager that gets you logged in quickly

linux password-generator password-manager password-store passwords security

Last synced: 11 Mar 2026

https://github.com/miguelgrinberg/microblog-authy

Microblog application from the Flask Mega-Tutorial with added two-factor push authentication via Authy

authentication authy authy-api flask security twilio two-factor-authentication

Last synced: 06 Sep 2025

https://github.com/rroemhild/docker-mailpile

A minimal Mailpile Docker image based on Alpine Linux.

docker email encryption gnupg mailpile security

Last synced: 24 Oct 2025

https://github.com/animeshshaw/learning-node.js-security

A Collection of articles, videos, blogs, talks and other materials on Node.js Security

learning-nodejs nodejs nodejs-pentesting nodejs-secuirty-reading nodejs-security penetration-testing pentesting security web-security

Last synced: 16 Oct 2025

https://github.com/qfcy/no-subclasses

A library that removes the __subclasses__() list from all classes, allowing for nearly absolute security in exec and eval functions. 一个清除所有类的__subclasses__()列表的库,使得exec和eval函数变得几乎绝对安全。

eval exec python python-sandbox sandbox-tool security subclasses

Last synced: 07 Jul 2025

https://github.com/Cymmetria/honeycomb_plugins

The plugin repository for Honeycomb, the honeypot framework by Cymmetria

honeycomb python security security-tools

Last synced: 27 Mar 2025

https://github.com/chewbaka69/fail2ban_pterodactyl

A fail2ban filter for wings daemon, the service of pterodactyl panel, to secure the SFTP bruteforcing

fail2ban fail2ban-filter security

Last synced: 24 Feb 2025

https://github.com/fusionauth/fusionauth-example-modern-guide-to-oauth

The example application paired with the Modern Guide to OAuth

authentication oauth oauth2 security

Last synced: 05 Apr 2025

https://github.com/bjornstar/intercept-redirect

Skip tracking redirects that serve no purpose other than to waste your precious time.

anti-tracker browser-extension privacy redirect security webextension

Last synced: 15 Apr 2025

https://github.com/wix-incubator/isolated-runtime

Run untrusted Javascript code in a multi-tenant, isolated environment

isolated javascript nodejs security threads vm

Last synced: 14 Apr 2025

https://github.com/augustoproiete/i-am-root-nuget-package

📦🏴‍☠️ NuGet package that shows we can run arbitrary code from any NuGet package

code groot hacktoberfest i-am-root iamroot nuget powershell root security

Last synced: 14 Apr 2025

https://github.com/sfuhrm/openssl4j

High performance Java crypto binding to the native OpenSSL library

crypto cryptography fast java java-library jni md5 mmx openssl ripemd160 security sha1 sha256 sha3 sm3 sse whirlpool

Last synced: 05 Apr 2025

https://github.com/hxsecurity/dongtai-plugin-idea

Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions such as vulnerability detection and code audit during application development, enabling developers to find application vulnerabilities more intuitively, quickly and in real time during application development.

applicationsecuritymonitoring appsec-tutorials code-quality devsecops dongtai-iast iast idea-plugin intellij-platform security

Last synced: 04 Oct 2025

https://github.com/kajov/wazuh-kubernetes-helmchart

Wazuh - Wazuh Kubernetes Helm chart. This repo is not maintained by Wazuh team. This is community project.

automation community compliance containers devsecops docker helm helm-chart k8s kubernetes monitoring orchestration security security-tools vulnerability-detection wazuh

Last synced: 11 Jul 2025

https://github.com/dev-sec/chef-mysql-hardening

This chef cookbook provides security configuration for mysql.

chef chef-cookbook devops hardening mysql security

Last synced: 09 Jul 2025

https://github.com/vitormesquita/msession

A simple and sophisticated session and authentication solution written in Swift

apple authentication faceid faceid-authentication ios keychain secur security session swift swift-library

Last synced: 25 Jul 2025

https://github.com/mondoohq/packer-plugin-cnspec

Packer plugin cnspec by Mondoo - Build machine images free of security misconfigurations and vulnerabilities!

ami cnspec mondoo packer packer-plugin security vulnerability

Last synced: 27 May 2026

https://github.com/fractalfir/memory_pages

`memory_pages` is a small library provinig a cross-platform API to request pages from kernel with certain premisions

low-level memory-management rust security

Last synced: 16 May 2025

https://github.com/rbiedrawa/spring-webflux-keycloak-demo

This repository demonstrates how to use reactive Spring Security with OAuth2 and Keycloak. Keycloak server with all components can be started using docker-compose and utility script.

docker docker-compose jwt jwt-authentication keycloak oauth2 postman postman-collection reactor security spring-boot spring-security spring-security-5 spring-security-oauth2 spring-webflux testing webflux-security wiremock

Last synced: 19 Oct 2025

https://github.com/stijnmoreels/fsecurity

Security testing library written in F# to make writing security tests more fun.

exploitation fsec fsharp input-validation owasp security testing tests url-tampering vulnerability-detection xml-parsing

Last synced: 23 Mar 2025

https://github.com/karlamoe/unsafe-accessor

A bridge to access sun.misc.Unsafe & jdk.internal.misc.Unsafe

java jdk jvm reflect reflection security tool tools unsafe

Last synced: 15 Jan 2026

https://github.com/chen-keinan/mesh-kridik

mesh-kridik is an open-source security checker that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

istio kubernetes kubernetes-cluster opa open-policy-agent open-source policy scanner security service-mesh

Last synced: 13 Jun 2025

https://github.com/jenkinsci/ownership-plugin

Jenkins plugin. Provides explicit ownership of jobs and agents

adopt-this-plugin jenkins jenkins-plugin jenkins-security ownership plugin security ui

Last synced: 30 Sep 2025

https://github.com/rusty-ferris-club/recon

🕵️‍♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️

devops devops-tools rust security security-tools

Last synced: 30 Apr 2025

https://github.com/mxlint/mxlint-cli

A set of tools to enhance Mendix app development workflows. They are mainly designed for professionals but should be usable for everybody.

best-practices golang linting mendix mxlint opa policies rego security xunit

Last synced: 04 Oct 2025

https://github.com/volkansah/gpt-security-best-practices

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.

ajax ajax-request chatgpt chf code-security html js php security security-risks server-side serverside-rendering vulnerabilities vulnerabilities-fix

Last synced: 12 Apr 2025

https://github.com/ebarti/cortex-xdr-client

A python-based API client for Cortex XDR API.

api client cortex cortex-xdr paloaltonetworks python security xdr xql

Last synced: 12 Jan 2026

https://github.com/wrogistefan/desktop-2fa

A secure offline desktop application for generating and managing TOTP 2FA codes. Features encrypted vault storage, modern cryptography (Argon2 + AES‑GCM), modular architecture, and a local‑first approach with no cloud dependencies. Designed for reliability, extensibility, and future cross‑platform UI.

2fa aes-gcm argon2 authenticator cryptography desktop-app local-first offline open-source privacy security totp vault

Last synced: 13 Jan 2026

https://github.com/VolkanSah/GPT-Security-Best-Practices

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.

ajax ajax-request chatgpt chf code-security html js php security security-risks server-side serverside-rendering vulnerabilities vulnerabilities-fix

Last synced: 12 May 2025

https://github.com/jxnet/jxnet

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

capture-packets java jni libpcap network-security network-security-monitoring npcap packet-analyzer packet-capture packet-crafting packet-sniffer pcap-library security security-audit security-scanner sending-packets winpcap

Last synced: 09 Jul 2025

https://github.com/shgew/cs-firewall-bouncer-docker

A dockerized version of https://github.com/crowdsecurity/cs-firewall-bouncer

attacks-prevention bouncer crowdsec detection docker firewall homelab nftables protection security truenas

Last synced: 01 Apr 2026

https://github.com/holtwick/bx-mac

Sandbox any macOS app — only your project directory stays accessible

claude-code cli developer-tools macos privacy sandbox security terminal vscode xcode

Last synced: 19 Apr 2026

https://github.com/yvesago/imap-honey

IMAP or SMTP honeypot written in Golang

golang honeypot imap security security-tools smtp

Last synced: 04 Apr 2026

https://github.com/gitguardian/gitguardian-vscode

Stop leaks. Safeguard your secrets with GitGuardian. GitGuardian actively prevents accidental exposure of sensitive information in your code, allowing you to code confidently and maintain the integrity of your data.

appsec credentials devsecops scanning secrets secrets-detection secrets-engine secrets-management secrets-scan security vscode vscode-extension

Last synced: 03 Sep 2025

https://github.com/5gsec/nimbus

Intent driven security automation framework

5g 5g-core intents k8s o-ran operator-sdk security

Last synced: 14 Aug 2025

https://github.com/sergio11/eclipserecon

🌑 EclipseRecon is a personal project developed during my cybersecurity learning journey 🛡️. It helps practice web reconnaissance 🌐 by identifying subdomains 🧩, site structures 🧭, and vulnerabilities 🐞 in a controlled environment 🧪.

blue-team bug-bounty cybersecurity ethical-hacking information-gathering owasp penetration-testing reconnaissance red-team scan-tools security security-analysis security-reporting security-tools subdomain-scanner vulnerability vulnerability-scanner web-application-security web-crawler web-security

Last synced: 06 Sep 2025

https://github.com/pompelmi/pompelmi

File-upload malware scanning for Node.js. Express/Koa/Next.js adapters, ZIP deep-inspection, MIME/size checks, optional YARA.

antivirus api automation backend cli cybersecurity devops files filesystem javascript library module nodejs npm opensource scanner security server typescript web

Last synced: 03 Apr 2026

https://github.com/madhuakula/spotter

Spotter is a comprehensive Kubernetes security scanner that uses CEL-based rules to identify security vulnerabilities, misconfigurations, and compliance violations across your Kubernetes clusters, manifests, and CI/CD pipelines.

cloud cloud-security kubernetes policy security

Last synced: 04 Sep 2025

https://github.com/alephao/nft-sale-proxy

A proxy to hide NFT metadata during the sale and prevent people from sniping specific NFTs.

nft nft-sale proxy security

Last synced: 31 Jul 2025

https://github.com/kurobeats/sparkler

The tool creates a Microsoft Active Directory Domain with a structure and objects for learning.

active-directory educational security

Last synced: 23 May 2026

https://github.com/jonaskruckenberg/rollup-plugin-sri

Add subresource integrity tags to all your html files 🔒

integrity rollup-plugin rollup-plugin-rsi security subresource-integrity

Last synced: 30 Apr 2025

https://github.com/0xAkashsky/sub-scout

Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone)

bugbounty cybersecurity infosec infosectools security tools

Last synced: 10 Mar 2025

https://github.com/thebugcatcher/heimdall

Share secrets in a secure way with paswords, ttl, IP allowlisting and encryption

encryption passwords security share-secrets

Last synced: 18 Jan 2026

https://github.com/johackim/privacy-checklist

Checklist to protect your privacy.

checklist privacy security

Last synced: 07 Feb 2026

https://github.com/cymmetria/honeycomb_plugins

The plugin repository for Honeycomb, the honeypot framework by Cymmetria

honeycomb python security security-tools

Last synced: 04 Apr 2026

https://github.com/tsundokul/pyradamsa

Python bindings for calling radamsa mutators

fuzzing security

Last synced: 14 Jan 2026

https://github.com/jameswoolfenden/terraform-cloudflare-adblock

This module helps you set up Adblocking for your devices (PC/Mac Android/Apple) using Cloudflare - similar to a PiHole

adblock mobile pihole security

Last synced: 13 Oct 2025

https://github.com/leonjza/tc2

treafik fronted c2 examples

c2 cobaltstrike covenant redteam security traefik

Last synced: 01 Nov 2025

https://github.com/luizbizzio/pihole-https

🔒 Enable HTTPS for Pi-hole with automatic SSL certificate generation, Tailscale DNS detection, and cross-platform compatibility for Windows, Linux, macOS, and Android devices.

android automation certificates dns guide https letsencrypt lighttpd linux macos open-source openssl pi-hole pihole pihole-tools security self-hosted tailscale tutorial windows

Last synced: 11 Apr 2025

https://github.com/mdp/u2fdemo

U2F Demo and Debugger

security u2f yubikey

Last synced: 10 Apr 2025

https://github.com/checkedc/checkedc-fork

This was a fork of Checked C used from 2021-2024. The changes have been merged into the original Checked C repo.

c c-programming-language reliability security systems-programming

Last synced: 31 Oct 2025

https://github.com/cloudposse/terraform-aws-guardduty

Terraform module to provision AWS Guard Duty

compliance hcl2 security terraform terraform-modules

Last synced: 29 Apr 2025

https://github.com/esonhugh/springcloudheapdump

anonymous to cluster-admin via Heapdump.

heapdump kuberntes red-team security spring takeover

Last synced: 14 Jul 2025

Security Awesome Lists
the-book-of-secret-knowledge 74 Awesome-Hacking 83 awesome-security 330 awesome-web-security 424 awesome-ctf 220 awesome-hacker-search-engines 566 awesome-privacy 635 android-security-awesome 230 awesome-incident-response 221 Awesome-WAF 175 DevSecOps 187 awesome-security-hardening 207 awesome-infosec 215 awesome-cybersecurity-blueteam 252 WebHackersWeapons 431 backend-cheats 961 awesome-vehicle-security 227 awesome-sec-talks 265 awesome-game-security 92 awesome-nodejs-security 219 awesome-cloud-security 154 awesome-iot-hacks 70 awesome-embedded-and-iot-security 131 alternative-frontends 119 DevSecOps 48 Awesome-FL 4,069 Awesome-Cybersecurity-Datasets 54 awesome-golang-security 34 awesome-windows-domain-hardening 70 Crypto-OpSec-SelfGuard-RoadMap 473 awesome-azure-architecture 311 awesome-lists 737 osx-and-ios-security-awesome 58 awesome-llm-security 101 awesome-executable-packing 756 awesome-aws-security 173 awesome-ethereum-security 81 awesome-vulnerable-apps 100 Awesome-Jailbreak-on-LLMs 427 awesome-he 90 MobileHackersWeapons 73 npm-security-best-practices 33 awesome-security-GRC 81 awesome-anti-forensic 143 security-apis 115 awesome-python-security 35 awesome-opa 226 awesome-runners 38 graph-adversarial-learning-literature 314 npm-security-best-practices 36
Security Categories
Uncategorized 3,547 fl in top-tier journal 3,255 :books: Literature 2,576 fl in top ml conference and journal 1,564 Tools 1,403 Pentesting 1,159 Operating Systems 1,112 Attack 1,063 Other Lists 800 fl in top ai conference and journal 759 カテゴリ 721 fl in top cv conference and journal 673 Papers 602 Weapons 499 Resources 498 Official 497 Threat Hunting: 480 **Мероприятия** 457 Defense 442 fl on graph data and graph neural networks 430