An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/jakiboy/ratr

Router Config Extractor (Huawei, ZTE)

ppp router security tr069 zte

Last synced: 21 Jun 2025

https://github.com/nihlus/zalloc

zalloc is a safety- and security-oriented wrapper around malloc.

allocator c calloc hacktoberfest malloc safety security

Last synced: 13 May 2025

https://github.com/dsha256/token-go

JWT & PASETO Implementation of the Token Based Authentication

go golang jwt-tokens paseto-tokens security token-based-authentication

Last synced: 26 Jun 2025

https://github.com/jin5354/backstab

Bury latent information to your web page for confidentiality and track.

confidentiality screenshot security security-audit

Last synced: 13 Apr 2025

https://github.com/robertdebock/ansible-role-ca

Install and configure a certificate authority on your system.

ansible authority ca certificate molecule openssl playbook security tox

Last synced: 09 Mar 2026

https://github.com/samerfarida/secure-bash-macos-ebook

A hands-on Bash scripting guide for macOS administrators and security engineers. Learn to automate, secure, and master macOS with real-world examples.

bash macos security

Last synced: 13 Jan 2026

https://github.com/hakky54/gatekeeper

🔐 A lightweight java library which guards your publicly accessible internal implementations.

java security

Last synced: 13 May 2025

https://github.com/drawing-captcha/drawing-captcha-app

Drawing Captcha is an innovative software that enhances security and promotes brand awareness by requiring users to complete interactive drawing tasks to pass the verification process. (Website comes soon)

captcha drawing js nodejs open-source security solving

Last synced: 25 Jul 2025

https://github.com/maandree/correctpony

Passphrase generator based on http://xkcd.com/936/

correcthorsebatterystaple password-generator security

Last synced: 24 Feb 2025

https://github.com/evansims/openfga-php

Stop writing authorization logic. Start asking questions. OpenFGA high performance relationship-based access control for PHP.

abac authorization entitlements fga fine-grained-access-control fine-grained-authorization openfga pbac permissions php rbac rebac sdk security zanzibar

Last synced: 20 Sep 2025

https://github.com/ivision-research/inzure

Azure security configuration automation tool and library

automation azure security vulnerability-detection

Last synced: 23 Jul 2025

https://github.com/pozil/apex-security-update-summer21

Helper script for Salesforce Summer '21 Apex security update

apex salesforce security summer21 update

Last synced: 14 May 2025

https://github.com/henriquetourinho/brhttp

Um servidor estático em Go, superpoderoso. Oferece Live Reload, mas também automação de build com webhooks, proxy reverso e uma API de controle completa.

automation binario debian dev-server frontend go golang linux live-reload minimalist no-dependencies open-source performance reverse-proxy security spa static-server zero-config

Last synced: 04 May 2026

https://github.com/slvdev/weasel

Solidity static analyzer you can talk to. MCP integration for Claude Code, Cursor, and Windsurf.

auditing ethereum mcp rust security smart-contracts solidity static-analysis

Last synced: 19 Jan 2026

https://github.com/panagiotisdrakatos/universal-encryption-channel

Cross-platform socket API for Windows Universall Apps and Java

cross-platform encryption key-exchanges security

Last synced: 16 Aug 2025

https://github.com/ubernostrum/django-flashpolicies

Flash cross-domain policies for Django.

django flash python security

Last synced: 26 Oct 2025

https://github.com/vpereira/brucutu

Brute force tool for SSH, IMAP, HTTP, FTP, POP3 and others

brute-force go golang security security-audit

Last synced: 14 Feb 2026

https://github.com/fearlesssolutions/engineering-practice-domains

A mono-repo for the Engineering Practice Domains of Development, Data, Infrastructure, Testing, and Platforms

data data-engineering data-science database-design devops drupal end-to-end-testing engineering infrastructure machine-learning salesforce security testing web-development

Last synced: 26 Oct 2025

https://github.com/homecloudhub/ivre

基于 [IVRE](https://github.com/ivre/ivre) 实现自动化的扫描任务,定期对目标网络资产进行扫描。IVRE 是一个开源的网络资产识别软件,是一个集成化的扫描工具,同时提供WEB UI供使用者检索定位资产。

ivre network-analysis network-discovery network-monitoring nmap-scripts osint osint-reconnaissance scan-ports scans security

Last synced: 06 Oct 2025

https://github.com/egorsmkv/npm-audit-to-report

A simple Go program that converts `security-audit.json` to `security-audit.md` so you can use it in CI pipeline.

ci cve go npm security yarn

Last synced: 25 Oct 2025

https://github.com/execveat/flawed

Static analysis engine for Python web-applications

security security-tools static-analysis taint-analysis

Last synced: 22 Jun 2026

https://github.com/labex-labs/comptia-linux-plus-training-labs

Learn Linux system administration through hands-on labs, covering command-line, file management, user administration, security, networking, and maintenance. Perfect for CompTIA Linux+ certification prep.

bash certification command-line comptia course hands-on hands-on-labs labex labs linux linux-administration linux-commands lpic networking practice-labs programming security shell-scripting sysadmin system-maintenance

Last synced: 17 Jun 2026

https://github.com/mrcloudsec/mitre-aws-checks

Script for analyzing the compliance of your AWS account based on the adversary techniques on the MITRE ATT&CK Iaas Matrix.

aws mitre security security-scanner security-tools

Last synced: 24 Oct 2025

https://github.com/mondoohq/ansible-mondoo

Ansible Role for Mondoo cnquery and cnspec

ansible policy policy-as-code security security-as-code

Last synced: 29 Jan 2026

https://github.com/djx-y-z/libsignal_dart

Wrapper for libsignal, implementing the Signal Protocol for end-to-end encryption. Features Double Ratchet, X3DH, Sealed Sender, Group Messaging (SenderKey), and Kyber post-quantum key exchange. Optimized for Flutter and cross-platform applications (Android, iOS, Linux, macOS, Windows). AGPL-3.0 Licensed.

cross-platform cryptography dart double-ratchet encryption end-to-end-encryption flutter flutter-rust-bridge frb libsignal messaging privacy rust sealed-sender security signal-protocol x3dh

Last synced: 01 May 2026

https://github.com/boschresearch/pq-wolfssl

Integration of selected post-quantum schemes into the embedded TLS library wolfSSL as part of our paper "Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3"

cryptography pqc security tls

Last synced: 07 Oct 2025

https://github.com/z-m-huang/vcp

Vibe Coding Protocal - Security-first protocol for AI-generated code, multiple standards with real-time enforcement and multi-AI pipeline orchestration

ai-coding claude-code claude-skills security security-audit vibe-coding

Last synced: 18 Apr 2026

https://github.com/lambdapioneer/sloth

Key stretching and deniable encryption using Secure Elements on Android and iOS

android cryptography ios password-hashing security sloth

Last synced: 11 Oct 2025

https://github.com/hartwork/mozilla-password-decrypt

:unlock: Decrypt passwords stored by Firefox, Thunderbird, Iceweasel, Icedove using libnss3.so

cli cli-app firefox icedove iceweasel mozilla mozilla-firefox mozilla-thunderbird password password-retrieval security thunderbird

Last synced: 03 Apr 2026

https://github.com/mostafahussein/kubernetes-sec-alert

Track Kubernetes CVEs by native GitHub notifications!

cve devops github-actions golang k8s kubernetes security

Last synced: 28 Oct 2025

https://github.com/rohaquinlop/immunipy

A Python SCA tool that acts as a watchdog, keeping an eye out for security vulnerabilities and reporting them promptly, written in Rust.

cli python python-library sca security vulnerability-detection vulnerability-scanners

Last synced: 17 Oct 2025

https://github.com/catalyst/patch-friend

Which of my hosts are affected by a security advisory?

debian python security security-advisories ubuntu

Last synced: 27 Apr 2025

https://github.com/carlocorradini/graphql-auth-directive

GraphQL @auth directive that protects resources from unauthenticated and unauthorized access

auth authentication authorization graphql nodejs security typescript

Last synced: 16 Feb 2026

https://github.com/samouraiworld/sec-guidebook

The Ultimate Security Guide Book for new-cryptorich friends

exploits good-practices privacy protection security wallet

Last synced: 27 Jan 2026

https://github.com/crashdump/covert

Covert is a deniable encryption software.

cli deniable-encryption encryption sdk security

Last synced: 16 Feb 2026

https://github.com/dk26/strict-path-rs

Handle paths from external or unknown sources securely. Defends against 19+ real-world CVEs including symlinks, Windows 8.3 short names, and encoding tricks and exploits.

directory-traversal file-security filesystem-security path-traversal-prevention path-validation rust rust-crate security type-safety web-security

Last synced: 22 Apr 2026

https://github.com/visualbean/hibp.net

A simple .NET wrapper for the HIBP (Have I been pwned?) Api

csharp haveibeenpwned hibp netcore nuget security

Last synced: 10 Oct 2025

https://github.com/ynori7/hulksmash

A very easy-to-use library for building a custom brute-force requester for QA purposes

bruteforce qa qatools security security-tools

Last synced: 23 Jan 2026

https://github.com/smed79/easylist-hosts

Unified EasyList hosts blacklist for use with DNS and domain blocking tools as pi-hole for the purpose of blocking bad domains used for serving ads, tracking, mining, malware and other nasty content.

adblock adblock-plus adguard blacklist blocklist dns dnsforge domains easylist easyprivacy hosts hosts-file malware nextdns personaldnsfilter phishing pi-hole privacy security ublock

Last synced: 24 Oct 2025

https://github.com/seznam/jailoc

🔒 Jail your AI agents — sandboxed Docker environments with network isolation for Opencode agents

ai-agents cli devtools docker docker-compose golang network-isolation opencode sandbox security

Last synced: 04 Apr 2026

https://github.com/zopefoundation/zope.security

Zope Security Framework

maintained proxy python security zope

Last synced: 10 Oct 2025

https://github.com/prompt-armor/prompt-armor

Open-source prompt injection detector — 5 layers, 91.7% F1, ~27ms, offline, Apache 2.0

ai-safety anomaly-detection cli faiss jailbreak llm llm-security mcp nlp offline onnx prompt-injection prompt-security python security

Last synced: 03 Jun 2026

https://github.com/saadbazaz/crackhead

A simple, smart & distributed password-cracking algorithm

algorithm password-cracker security

Last synced: 13 Jun 2025

https://github.com/logchange/eir

🐛🗡️👩‍⚕️ eir is a tool to report system vulnerabilities 👩‍⚕️🗡️🐛

docker gitlab graalvm java micronaut report security security-tools vulnerabilities

Last synced: 05 Jul 2025

https://github.com/anchore/s3c-workshops

Deploy Anchore Enterprise in an environment of your choice. Then follow through a series of labs that showcase how you can improve security across your software supply chain.

containers devsecops fedramp k8s sbom security supply-chain-security vulnerability-scanners

Last synced: 09 Oct 2025

https://github.com/bisonai/flutter-machine-learning-security

Protect your Machine Learning model in your Flutter application.

edge-machine-learning encoder-decoder mobile-ai security xor-cipher

Last synced: 18 Oct 2025

https://github.com/boogy/iam-policy-validator

⚡ Stop IAM misconfigurations before they become breaches — Catch overprivileged permissions, dangerous wildcards, and policy errors before deployment.

aws iam security

Last synced: 12 Feb 2026

https://github.com/soos-io/soos-dast

SOOS DAST Scanning - Register for a Free Trial at https://app.soos.io/register

dast penetration-testing security soos web-security

Last synced: 24 Feb 2026

https://github.com/xolox/python-crypto-drive-manager

Unlock all your encrypted drives with one pass phrase

disk-encryption encryption linux luks mount python security

Last synced: 23 Apr 2025

https://github.com/sierrasoftworks/honeypot

A service designed to track malicious SSH login attempts

honeypot security ssh-server

Last synced: 09 Apr 2025

https://github.com/jaybrown/application-launch-monitor-alm-

Extend macOS Gatekeeper functionality by verifying applications at every launch

anti-malware anti-virus antimalware antivirus codesign gatekeeper macos malware privacy security

Last synced: 03 Mar 2026

https://github.com/wravoc/goaccess-openbsd

OpenBSD theme for GoAccess Web Log analyzer with prompted ASN database download matching a pre-configured conf which excludes Web Monitoring services and also generates HTML reports.

analytics asn asn-lookup geoip http-requests log logs openbsd security security-tools

Last synced: 24 Oct 2025

https://github.com/flutterguard/flutterguard-cli

Know and see everything an attacker can extract and get from your published Flutter app

android apk cli dart exploit flutter opensource reverse-engineering security static-analysis

Last synced: 13 Jan 2026

https://github.com/bitsofinfo/vault-token-issuer

Simple REST API proxy and SPA for Hashicorp's Vault token auth method API(s), specifically create-orphan

ci-cd hashicorp-vault proxy security token-based-authentication vault

Last synced: 01 Nov 2025

https://github.com/gpestana/sectools

Security tools with emphasis in OSINT, recon and enumeration. Written in Golang

enumeration go golang osint security security-tools

Last synced: 23 Apr 2025

https://github.com/zuazo/chef-encrypted-attributes

Chef plugin to add Node encrypted attributes support using client keys.

chef credentials devops encrypted-attributes encryption gcm keys passwords pki plugin secrets security

Last synced: 13 Apr 2025

https://github.com/melroyb/psbettercap

Control multiple Bettercap nodes through REST API

bettercap cluster hack linux powershell powershell-script security security-audit wifi windows

Last synced: 18 Apr 2026

https://github.com/javiorfo/go-microservice

API Rest, Tracing, Auditory, Swagger and Keycloak

api fiber go golang gorm-orm keycloak microservice security tracing web

Last synced: 02 Jan 2026

https://github.com/rezen/openvas-up

Levels up scripting OpenVAS

openvas python security vulnerability-scanners

Last synced: 10 Jun 2025

https://github.com/imagemlt/nodelcx

nodejs编写的tcp内网穿透脚本

forward-proxy lcx security security-tools

Last synced: 13 Apr 2025

https://github.com/padok-team/security-vault-credential-broker

Code to deploy a PoC of an implementation of Vault as a credential broker for Boundary, with a PostgreSQL database as target.

boundary security vault

Last synced: 26 Dec 2025

https://github.com/arturmiller/adversarial_ml_ctf

This repository is a CTF challenge, showing a security flaw in most (all?) common artificial neural networks. They are vulnerable for adversarial images.

adversarial challenge ctf docker flask machine-learning optimization python security website

Last synced: 18 Apr 2025

https://github.com/offsh/offsh

Xonsh-powered pentesting framework.

pentesting security wazuh xonsh xxh

Last synced: 12 Mar 2025

https://github.com/ivanilves/docker-blackvpn

Runs BlackVPN client inside Docker (with OpenVPN)

anonymity network security testing vpn

Last synced: 11 Apr 2025

https://github.com/murphysecurity/murphysec-jenkins-tools

将墨菲安全的代码检测能力集成到 Jenkins 中,提高线上代码安全质量

jenkinsfile scanner security

Last synced: 25 Apr 2025

https://github.com/ninoseki/simplewhatweb

Simplified ver. of WhatWeb

pentesting security

Last synced: 19 Jul 2025

https://github.com/aaearon/mcp-privilege-cloud

A production-ready Model Context Protocol (MCP) server for CyberArk Privilege Cloud integration. Enables AI assistants and MCP clients to securely interact with privileged account management, safe operations, and platform configurations through 8 comprehensive tools.

ai-integration claude-desktop cyberark cyberark-api cybersecurity fastmcp identity-management mcp mcp-server model-context-protocol oauth-authentication oauth2 pam password-vault platform-management privilege-cloud privileged-access-management privileged-accounts python security

Last synced: 18 Feb 2026

https://github.com/rix4uni/portmap

portmap is a fast portscan tool, uses shodan public data for port scan used internetdb.shodan.io and api.shodan.io/shodan/host

bug-bounty bugbounty bugbountytips hacking infosec internetdb osint osint-resources penetration-testing pentest-tool pentesting port-enumeration portscanner recon reconnaissance scan-ports security security-tools shodan threat-intelligence

Last synced: 28 Aug 2025

https://github.com/zelon88/accessibility-tools-utilmon-defender

A Windows 7-10 startup script for detecting and preventing "Ease Of Access" attacks.

accessibility admin-tools anti-hacking defender security

Last synced: 31 Oct 2025

https://github.com/csm-actions/approve-pr-action

GitHub Action to approve pull requests securely

github-actions oss security

Last synced: 13 May 2025

https://github.com/mychewcents/e2e-encryption

An npm module to allow for easier E2E encryption and decryption. Works on 'tweetnacl' npm package.

e2e-encryption encryption encryption-decryption encryption-tool end-to-end-encryption npm npm-package privacy privacy-protection security

Last synced: 17 Jan 2026

https://github.com/eqstlab/cve-2024-53677

File upload logic flaw in Apache Struts2 exploit

cve-2024-53677 java jsp proof-of-concept security struts2 vulnerability

Last synced: 16 Sep 2025

https://github.com/lreimer/secure-devex22

Demo repository for my talk at the Heise Developer Experience 2022 conference.

checkov clean-code code-quality devsecops docker kubernetes lint security security-tools snyk sonarqube static-analysis terraform tilt trivy zap-api

Last synced: 02 Aug 2025

https://github.com/wode490390/sanctioner

Sanctioner plugin for Nukkit

ban crash minecraft nukkit plugin sanction security

Last synced: 14 Apr 2025

https://github.com/trvswgnr/crab-snitch

Get an alert on macOS if an application accesses your microphone or webcam.

macos personal security

Last synced: 08 Sep 2025

https://github.com/riotkit-org/gpbkdf2

PBKDF2 key encoder for use in shell. Single, tiny binary. Written in Go.

aes aes-256 aes-256-cbc cbc cbc-mode crypto go openssl pbkdf2 pbkdf2-cli security

Last synced: 02 Aug 2025

https://github.com/benjitrapp/project-makalu

Penetration testing challenge => Test the broken "Session Handling" in the new shop of the "anna group"

burpsuite ctf-challenges docker flask hacking-simulator python3 security

Last synced: 14 Apr 2025

https://github.com/mahmudnibir/hiddenmessage

⚕️ HiddenMessage is a Python script that uses LSB steganography to hide and extract secret text in images. It encrypts the message with AES before embedding, ensuring both privacy and invisibility.

data-hiding digital-forensics encoding encryption encryption-decryption image-processing lsb message-hiding password pil python security steganography

Last synced: 21 Jul 2025

https://github.com/mitre/apache-tomcat-8-cis-baseline

(WIP) (Alpha) InSpec profile for CIS Apache Tomcat v8 Benchmark

apache inspec inspec-profile mitre-corporation mitre-inspec mitre-saf security tomcat

Last synced: 21 Apr 2025

https://github.com/chen-keinan/openshift-ordeal

Open Source runtime scanner for OpenShift cluster and perform security audit checks based on CIS RedHat OpenShift Benchmark specification

audit-checks cis-benchmark cis-security kube kubernetes linux openshift openshift-ordeal openshift-scrutiny redhat scan security

Last synced: 11 Apr 2025

https://github.com/kovart/forta-spam-detector

Advanced spam detector powered by Forta Network

blockchain detector erc1155 erc20 erc721 ethereum forta phishing scam security spam token

Last synced: 15 Apr 2025

https://github.com/veil-services/veil-go

The sensitive data firewall for AI. Detect and mask PII (Emails, Credit Cards, CPFs) locally with zero-latency before sending prompts to LLMs. Thread-safe & Production ready.

cybersecurity dlp golang llm openai pii-masking privacy security

Last synced: 13 Jan 2026

https://github.com/m3ssap0/data-grabber

This is a simple PHP script that can be used as a cookie grabber / session stealer. It uses MySQL to store data in a structured way.

cookie-grabber cookie-stealer security security-tools session-grabber session-stealer

Last synced: 28 Jun 2025

https://github.com/cristalhq/ipfilterware

Go HTTP middleware to filter clients by IP address

filtering firewall go golang http ip ipv4 ipv6 middleware security

Last synced: 08 Apr 2025