An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/rappie/portfolio

Rappie's Portfolio

evm fuzzing portfolio security solidity

Last synced: 02 Mar 2025

https://github.com/ziming/laravel-zxcvbn

@dropbox Zxcvbn Password validation rule for Laravel 10 & 11

dropbox laravel security validation

Last synced: 04 May 2025

https://github.com/husseinfo/securitools

Useful security related tools

bash encryption security shell

Last synced: 04 Apr 2025

https://github.com/sg-milad/audit-reports

This is a repo containing the smart contract security reviews that I've completed.

auditing blockchain security smart-contract solidity

Last synced: 15 May 2026

https://github.com/XiaomingX/simple-springboot-app

这是一个基于SpringBoot的安全教育框架,提供了清晰的教程,帮助用户快速部署和运行平台。 项目目标:打造一个简便的一站式平台,用于全面评估和提升系统的安全能力。

benchmark security springboot vulnerability

Last synced: 03 May 2025

https://github.com/xunholy/k8s-workload-identity

Example setup of workload-identity into a Kubernetes cluster on GCP - https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

gcp google-cloud iac kubernetes kubernetes-cluster kubernetes-setup pod security security-automation workload-identity

Last synced: 05 May 2025

https://github.com/neverbehave/rc_hcaptcha

Adds Hcaptcha to the RoundCube login form

captcha hcaptcha login plugin roundcube security

Last synced: 11 Apr 2025

https://github.com/radyakaze/nuxt-dompurify

A Nuxt 3 module for sanitizing HTML content using DOMPurify to protect against XSS attacks.

dompurify html-sanitization html-sanitizer nuxt nuxt3 sanitizer security xss

Last synced: 18 Mar 2025

https://github.com/pregress/tflint-ruleset-azurerm-security

TFLint ruleset to enforce security best practices on the AzureRM provider

azure azure-resource-manager azurerm azurerm-terraform-provider security terraform tflint tflint-ruleset

Last synced: 11 Apr 2025

https://github.com/manuelberrueta/hashfinder

Go script that finds a matching hash or a diff of a target hash in a directory.

blueteam blueteam-tools dfir dfir-automation hashing security security-tools

Last synced: 06 Jul 2025

https://github.com/carhartl/talisman-secrets-scan-action

Scan incoming commits for secrets with Talisman

appsec devsecops security

Last synced: 21 Aug 2025

https://github.com/msaadshabir/pci-segment

Go CLI for PCI-DSS network segmentation. Validates YAML policies, enforces via eBPF (Linux) or pf (macOS), syncs to AWS/Azure, and generates compliance reports.

audit-logging aws azure cli compliance ebpf golang network-policy network-seg pci-dss pf security

Last synced: 05 Apr 2026

https://github.com/artemrys/detect-gh-actions-unused-secrets

Detects secrets that are defined in the repository and are not used in GitHub Actions

github github-actions secrets security

Last synced: 10 Jul 2025

https://github.com/tenset-security/audits

security audits by Tenset Security

audits blockchain security security-review solidity

Last synced: 03 Apr 2025

https://github.com/pavlakis/csp-middleware

Add Content-Security-Policy headers for PSR-7 requests. Uses the csp-builder library paragonie/csp-builder

content-security-policy csp middleware php php7 security

Last synced: 11 Jan 2026

https://github.com/hacrvlq/skeld

a tui tool for opening projects in a restricted sandbox to prevent supply chain attacks such as typosquatting

malicious-packages project-launcher sandbox sandboxing security security-tools software-supply-chain-security supply-chain-security tui typosquatting

Last synced: 08 Aug 2025

https://github.com/jwilk/vcsnoop

Linux virtual console snooping via TIOCLINUX

security

Last synced: 20 Mar 2025

https://github.com/joho1968/fail2wp

WordPress plugin providing security functionality, plays nicely with Fail2ban and Cloudflare. Verified with WordPress 5.5+/6.6.x and PHP 7.4/PHP 8.1.x

cloudflare fail2ban fail2ban-filter php php74 php81 security security-hardening webbplatsen wordpress wordpress-development wordpress-plugin wordpress-security wordpress-security-plugin wordpress5 wordpress55 wordpress6 wordpress66 wordpress67 xmlrpc

Last synced: 09 Apr 2025

https://github.com/dominicbreuker/iprecon

CLI tool that retrieves WHOIS data for IP addresses

bug-bounty ip recon security whois

Last synced: 28 Oct 2025

https://github.com/casbin/caswire

An open-source host-based anti-virus, firewall and IDS (Intrusion Detection System) platform: https://discord.gg/S5UjpzGZjN

antispam antivirus casbin casdoor caswire firewall host ids security

Last synced: 08 Jul 2025

https://github.com/skroutz/aws-securityhub-configuration

Configure AWS SecurityHub Subscriptions and Exceptions using GitOps

aws security securityhub terraform terragrunt

Last synced: 15 May 2026

https://github.com/tubenhirn/rasic

create issues for cve's found by trivy.

cve issues security

Last synced: 13 May 2026

https://github.com/sap/vs-code-extension-for-project-credential-digger

VS Code extension for project Credential Digger https://github.com/SAP/credential-digger

api-key code-scan credential-digger github-scan github-security password secret secret-scan security

Last synced: 22 Jun 2025

https://github.com/0xirison/PrintNightmare-Patcher

A patch for PrintNightmare vulnerability that occurs to print spooler service for Windows machines [CVE-2021-34527]

cve-2021-34527 printnightmare python3 security security-tools vulnerability windows

Last synced: 12 Jul 2025

https://github.com/zackeryrsmith/cval

A layer of protection for python's eval function

eval pypi-package python python3 security

Last synced: 19 Mar 2025

https://github.com/irfaardy/lockout-account

Laravel Lockout Account. Lock user account automaticaly if login fails with json.

block json kunci laravel laravel-5-package laravel-framework laravel-package lock-account lockouts penguncian security

Last synced: 15 Jun 2025

https://github.com/alichtman/veripypi

WIP: Verify the package installed from PyPi is the same as the code on Github

pip pypi python-security security

Last synced: 19 Mar 2025

https://github.com/clarkio/pdfjs-vuln-demo

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

application-security appsec astro astrojs pdf pdfjs pdfjs-dist react security svelte vue vuejs web

Last synced: 09 Sep 2025

https://github.com/lirantal/goof-container-breaking-in

A Snyk-based goof application to demonstrate breaking into containers

container docker security security-vulnerability snyk

Last synced: 16 Jul 2025

https://github.com/paratron/next-server-session

Functions to handle serverside session data and csrf tokens

csrf-tokens nextjs react security serverside-sessions session-lifetime

Last synced: 26 Feb 2026

https://github.com/menezess42/grandmaai

A security System Powered by AI.

ai computer-vision lstm machine-learning security yolov8

Last synced: 04 Feb 2026

https://github.com/isaacpeel/solesonic-mcp-server

An enterprise-grade MCP server with built-in federated identity support for SSO across providers and secure, scalable access management.

ai identity java mcp mcp-security mcp-server mcp-tools security spring-boot-ai

Last synced: 01 Mar 2026

https://github.com/roptat/hayha

Verifying CloudFormation deployments for intra-update sniping vulnerabilities

security

Last synced: 15 Mar 2026

https://github.com/equk/ffox_profile_tools

🦊 linux firefox profiles with security presets & userchrome styles

firefox firefox-profiles mozilla mozilla-firefox namespaces prefs preset privacy security security-hardening userchrome

Last synced: 10 Apr 2025

https://github.com/geeklearningio/gl-ionic-secure-file-storage

A service using two encryption plugins to encrypt data on iOS and Android

cordova cryptography ionic security storage

Last synced: 28 Apr 2025

https://github.com/16patsle/wordpress-csp-manager

WordPress plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors.

content-security-policy csp hacktoberfest security wordpress wordpress-plugin

Last synced: 11 Oct 2025

https://github.com/cossacklabs/dockerfiles

Repository with docker containers, useful for running Themis and Acra

docker security themis

Last synced: 16 Mar 2026

https://github.com/mercedes-benz/sechub-plugin-eclipse

eclipse plugin for sechub https://marketplace.eclipse.org/content/sechub

eclipse eclipse-plugin ide plugin sechub security security-automation security-testing

Last synced: 09 Apr 2025

https://github.com/micchickenburger/cryptotools

A versatile cryptographic tool for data hashing, encryption, decryption, digital signing, password security, and secure random number generation, entirely in the browser.

aes argon2 bcrypt crypto cryptography cryptography-tools cybersecurity digest encryption encryption-decryption hashing pake pki rsa security security-tools sha

Last synced: 13 Feb 2026

https://github.com/wultra/powerauth-cmd-tool

Command-line utility for PowerAuth Reference Client

authentication authorization mobile-security security testing-tools

Last synced: 21 Jan 2026

https://github.com/localden/mcp-auth-servers

🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.

authentication authorization mcp model-context-protocol security

Last synced: 10 Apr 2025

https://github.com/alexander-naumov/pam2control

Easily configurable authentication provider

linux login pam pam-authentication protection security

Last synced: 22 Jan 2026

https://github.com/guardrailsio/docker-phpcs-security-audit

Dockerized version of PHPCS-Security-Audit

devsecops php security security-tools

Last synced: 02 Apr 2025

https://github.com/praveensirvi1212/jenkins_sonarqube_basic_project

DevSecOps Project using git, GitHub, Jenkins and sonarqube

cicd codequality jenkins-pipeline security sonarqube

Last synced: 16 Oct 2025

https://github.com/turbot/flowpipe-mod-entra

Microsoft Entra ID pipeline library for the Flowpipe cloud scripting engine. Automation and workflows to connect Microsoft Entra ID to the people, systems and data that matters.

automation cloud devops entra flowpipe flowpipe-mod hacktoberfest integrations low-code microsoft-entra orchestration pipelines security workflow workflow-automation workflow-engine

Last synced: 01 Mar 2026

https://github.com/winterpuma/bmstu_security

bmstu, IU7-7, Защита Информации (2020)

7term bmstu data-protection information-security iu7 security

Last synced: 10 Oct 2025

https://github.com/cppalliance/crypt

A C++20 module of cryptographic utilities for CPU and GPU

cpp20 cuda security

Last synced: 23 Apr 2025

https://github.com/landlock-lsm/tuto-lighttpd

Landlock tutorial to patch lighttpd

landlock linux sandboxing security

Last synced: 09 Aug 2025

https://github.com/openwall/popa3d

Tiny POP3 daemon designed with security as the primary goal

daemon pop3 security server

Last synced: 16 Oct 2025

https://github.com/adamo08/encryption-decryption

This repository contains implementations of various encryption and decryption algorithms in Python. The goal is to provide simple and easy-to-understand code for educational and practical purposes.

affine-cipher algorithms caesar-cipher cryptography decryption des-cipher encryption hill-cipher python security vigenere-cipher

Last synced: 11 Feb 2026

https://github.com/icantmakethings/nicetotp

Full offline (except configuration) TOTP Hardware key, using the nRF52840.

2fa 2factor nrf52 nrf52840 offline security sha-1 totp

Last synced: 13 Oct 2025

https://github.com/samuelquinones/password-generator

Generate secure, hard to guess passwords with the click of a button!

cra create-react-app password progressive-web-app pwa react react-hook-form reactjs security tailwindcss typescript

Last synced: 15 Apr 2026

https://github.com/contrast-security-oss/integration-verify-github-action

GitHub Action to verify an application by determining whether the application violates a job outcome policy or threshold of open vulnerabilities

assess contrast github-actions security verify

Last synced: 08 Oct 2025

https://github.com/astrohelm/isolation

How often do you see libraries which mutates global variables. Or how often do you check libraries actions 🥸 ?This library prevents unexpected behavior and global pollution.

astrohelm container context dependency-injection isolation javascript loader nodejs pollution-control realm realms runner sandbox script script-loader security v8 vm wrapper zero-dependencies

Last synced: 09 Apr 2026

https://github.com/finleap-connect/vaultoperator

VaultOperator provides a CRD to interact securely and indirectly with secrets stored in Hashicorp Vault.

devops kubernetes secrets security vault

Last synced: 07 Oct 2025

https://github.com/suzuki-shunsuke/deny-self-approve

CLI to deny self-approved GitHub Pull Requests

cli oss security

Last synced: 24 Apr 2025

https://github.com/akotov-dev/sstp-connector

Simple SSTP (Secure Socket Tunneling Protocol) VPN connector

anonimity anticensorship gui mageia-linux security sstp vpn-client

Last synced: 23 Jan 2026

https://github.com/eptllc/brs

Modular toolkit for professional network analysis and security auditing.

bash brabus cybersecurity easyprotech linux network network-security penetration-testing pentest reconnaissance security toolkit

Last synced: 06 Jul 2025

https://github.com/wandapeter/hardened-ubuntu-server-dokku

🐋 hardened ubuntu server dokku | This repository contains scripts, configuration templates, and documentation used for the initial setup of a hardened Ubuntu 22.04 LTS server using the Dokku service to host websites in a secure production environment.

aide certbot cis-benchmark cis-level2 devops docker hardened hosting modsecurity modsecurity-nginx nginx security ubuntu-server vps

Last synced: 14 Apr 2026

https://github.com/csirtgadgets/csirtg-domainsml-py

Predict Phishing Domains with SKLearn and Python

csirtg machine-learning phishing python security security-tools

Last synced: 18 Jan 2026

https://github.com/turbot/flowpipe-mod-opsgenie

Opsgenie pipeline library for the Flowpipe cloud scripting engine. Automation and workflows to connect Opsgenie to the people, systems and data that matters.

automation cloud devops flowpipe flowpipe-mod hacktoberfest integrations low-code opsgenie opsgenie-api orchestration pipelines security workflow workflow-automation workflow-engine

Last synced: 30 Jan 2026

https://github.com/rakibulhossain/tlsstuff

Learning stuff for TLS.

certificate https security ssl tls

Last synced: 19 Mar 2026

https://github.com/atani/mysh

MySQL connection manager with SSH tunnel support. Auto-masks sensitive data for AI/non-TTY environments. Supports MySQL 4.x+.

ai-safety cli connection-manager data-masking database golang mysql mysql-client security ssh-tunnel

Last synced: 03 Jun 2026

https://github.com/craftzman7/pentest-mcp

Automated discovery and exploitation of security vulnerabilities using natural language and LLMs.

llm mcp pentesting security

Last synced: 14 Jul 2025

https://github.com/kucau0901/frigem

A Home Assistant custom component that enhances your Frigate NVR experience with Google's Gemini 2.0 AI model. This integration analyzes video clips from Frigate events and provides natural language descriptions of what's happening in the scene.

cctv-detection frigate frigate-nvr gemini gemini-api hacs-integration home-assistant python security vision-language

Last synced: 14 Oct 2025

https://github.com/localzet/lwt

Localzet LWT is a library for working with Localzet Web Tokens, which are based on JWT (JSON Web Tokens). It provides functionality for creating, verifying, and handling tokens using modern technologies and standards.

library security

Last synced: 09 Feb 2026

https://github.com/marthijn/sidio.web.security

Helper functions and middleware to secure ASP.NET Core applications

asp-net-core content-security-policy http security web-security

Last synced: 26 Oct 2025

https://github.com/benjaminxscott/awesome-threats

A curated list of security threats and how to mitigate them

infosec security security-professionals

Last synced: 08 Jan 2026

https://github.com/dina-heidar/saml2-authentication

A dotnet tool used to authenticate and logout using SAML2. It implements SAML Web SSO (HTTPGet, HTTPPost, Artifact), Logout (HTTPGet, HTTPost) profile message flows and bindings.

aspnetcore authentication dotnet identity netcore netstandard saml2 security slo sso

Last synced: 14 Jan 2026

https://github.com/mauricelambert/chromepasswordsstealer

This module steals chrome and chromium passwords on Windows.

browser chrome password passwords pypi-package python3 recovery security stealer windows

Last synced: 15 Mar 2026

https://github.com/jeckel/eloquent-signature

Add signature check on your Eloquent models

eloquent laravel security signature

Last synced: 21 Apr 2026

https://github.com/capelabs/threatmesh-feed

ThreatMesh is an integrated threat intelligence engine that connects malicious IPs, scripts, and open-source signals into a unified mesh for real-time detection and context-rich analysis.

dataset security security-tools threat threat-intelligence

Last synced: 04 Feb 2026

https://github.com/containerssh/images

The ContainerSSH container images

devsecops docker kubernetes security ssh

Last synced: 23 Apr 2025

https://github.com/jwplayer/github-vul

:octocat: Enable GitHub vulnerability alerts for all repositories

github security security-fix vulnerability-alerts vulnerability-management

Last synced: 24 Apr 2026

https://github.com/gdatasoftwareag/nextcloud-gdata-antivirus

This nextcloud app aims to provide an additional layer of security to your Nextcloud instance by enabling automatic and manual scanning of files for malicious content powered by G DATA Verdict-as-a-Service.

cloud it-security malware malware-detection nextcloud nextcloud-apps security

Last synced: 05 Mar 2026

https://github.com/open-turo/actions-security

GitHub Actions for security checks

action ci gha github security

Last synced: 16 Jan 2026

https://github.com/amusarra/liferay-portal-security-audit

This project implements some of the mechanisms of the Liferay Portal Security Framework and in particular of the Audit Framework section. Customized message processor audits have been implemented such as: CloudAMQP Audit Message Processor, Login Failure Message Processor and Syslog Audit Message Processor

audit audit-message audit-router audit-service liferay liferay7 message-processors osgi security

Last synced: 21 Jul 2025

https://github.com/gordonzhang2024/xss-shield

A Python library to prevent your website from being attacked

python python-3 python-package python3 security web xss xss-attacks xss-scanner

Last synced: 24 Apr 2025

https://github.com/furritos/flask-simple-crypt

Flask extension based on simple-crypt that allows simple, secure encryption and decryption for Python.

cryptography decryption encryption flask python security symmetric symmetric-cryptography

Last synced: 24 Oct 2025

https://github.com/tomoyamachi/falco-on-distroless-fargate

trace an application activity, in distroless:static image. this image also work on ECS Fargate.

container fargate go security

Last synced: 25 Mar 2025

https://github.com/turbot/steampipe-mod-docker-compliance

Run individual controls or full compliance benchmarks for Docker resources and more across all of your Docker containers using Powerpipe and Steampipe.

cis compliance docker docker-api exec hacktoberfest powerpipe powerpipe-mod security sql steampipe steampipe-mod

Last synced: 26 Jan 2026

https://github.com/wravoc/harden-ghostbsd

Implements a broad, cohesive group of hardening settings for GhostBSD. Any directive can be set, re-set, for administering, tuning, and jails. Zenbleed workaround, Downfall info.

bsd cybersecurity downfall ghostbsd hardening security security-automation security-tools vulnerability-assessment vulnerability-detection zenbleed

Last synced: 10 Feb 2026

https://github.com/kimbeobwoo/nestjs-security

A package that provides a variety of security features applicable at the application level. It is basically designed to be compatible with the nestjs framework and can be applied to traditional business logic without any impact.

csrf ip nestjs nestjs-security rate-limiting security

Last synced: 23 Apr 2025

https://github.com/sofianhw/dlyscl-web3-bootcamp

Web3 Developer Bootcamp by DailySocial.id - Day 2

bootcamp frontend security web3

Last synced: 05 Mar 2026

https://github.com/alexmacarthur/wp-sniff

A Python script that searches a site's source code for signs that it runs on WordPress.

python security wordpress

Last synced: 13 Feb 2026

https://github.com/edunatalec/encrypt-env

Generate encrypted files to secure sensitive configuration data. Encrypt YAML files and streamline the protection of sensitive information in Flutter applications.

encryption environment security

Last synced: 23 Feb 2026

https://github.com/thirdkeyai/symbiont-sdk-python

Python DSK for Symbiont DSL and agent framework.

agent agents ai python sdk security symbiont

Last synced: 22 Apr 2026

https://github.com/patflanigan/gohashid

Command line tool to Identify a hash type

cybersecurity go security

Last synced: 14 Jan 2026

https://github.com/dredozubov/hazmat

macOS containment for AI agents — user isolation, kernel sandbox, pf firewall, DNS blocklist, backup/rollback. TLA+ verified.

ai-agents claude-code cli containment developer-tools formal-verification go macos pf-firewall sandbox seatbelt security tla-plus

Last synced: 10 Apr 2026

https://github.com/4m3rr0r/cve-2011-2523-poc

Python exploit for CVE-2011-2523 (VSFTPD 2.3.4 Backdoor Command Execution)

cve cve-2011-2523 exploit python security vsftpd-exploit

Last synced: 11 Feb 2026