An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/marcelroozekrans/ai.sentinel

Security monitoring middleware for IChatClient (Microsoft.Extensions.AI). 55 detectors for prompt injection, hallucination, PII leakage, and operational anomalies. Intervention engine, embedded dashboard, audit forwarders to Azure Sentinel + OpenTelemetry. Drop-in middleware for any LLM client.

ai-security aot claude-code copilot csharp detection dotnet ichatclient llm-security mcp microsoft-extensions-ai middleware owasp-llm-top10 prompt-injection security

Last synced: 20 Jun 2026

https://github.com/tmatens/container-security-profiles

Evidence-backed minimum-security profiles for container images: the capabilities and read-only-filesystem config each image actually needs, with drop-test proof

container-security docker docker-compose hardening least-privilege linux-capabilities security self-hosted

Last synced: 17 Jul 2026

https://github.com/gonicolas12/my_os

Linux distribution with a built-in, local-first AI assistant. A global hotkey opens an assistant that manages files, installs packages, tweaks system settings and controls your PC in natural language — with confirmation for every risky action. Local model (Ollama) by default, optional cloud (Claude). Secure by design.

agentic-ai ai-assistant ai-os arch-linux computer-use desktop-assistant linux llm-agent local-first local-llm mcp ollama open-source operating-system privacy pyside6 python security systemd

Last synced: 21 Jun 2026

https://github.com/the-17/pr-reviewer

Autonomous Python PR reviewer agent serving as the live security-hardening showcase for AgentSecrets—evolving from unsecured baseline to credentials protection (AgentSecrets), cryptographic capabilities (SEC), and behavioral abuse containment (CAD).

ai-agent autonomous-agents pr-reviewer python security

Last synced: 21 Jun 2026

https://github.com/koeonyack/des

🔑Implement DES using C language.

c des security

Last synced: 22 Jun 2026

https://github.com/gbasran/fsoc-portfolio

Sanitized case study of Operation fsoc: a defense-first, multi-phase security engineering project. Threat model, hardening methodology, script design principles, and integration lessons, all redacted to protect live infrastructure.

case-study cybersecurity defensive-security homelab infrastructure security security-engineering threat-modeling

Last synced: 22 Jun 2026

https://github.com/timoniersystems/lookout

Vulnerability scanner and SBOM analyzer for software supply chain security. Processes CVE lists, Trivy scans, and CycloneDX/SPDX SBOMs with NVD enrichment, dependency graph analysis, and a web UI for interactive exploration.

cve cyclonedx dgraph docker golang helm kubernetes nvd sbom security software-supply-chain spdx trivy vulnerability-scanner

Last synced: 01 Apr 2026

https://github.com/smultar/prometheus

An ambitious ai/game development project that involves complex interconnected networks.

ai bots cross-platform discord dots game-development pc security

Last synced: 22 Jun 2026

https://github.com/vizzdoom/massgitleaks

Massgitleaks automates bulk secret scanning across multiple git repositories as a gitleaks wrapper with advanced reporting and pentester-friendly features.

automation ci-cd cli cybersecurity devops devsecops git gitleaks hacking pentesting python scanner secops secret secrets secrets-detection security security-tools tools

Last synced: 23 Jun 2026

https://github.com/tthew/cc-devbox

A streamlined, secure containerized development environment optimized for Claude Code with DNS-based domain filtering and comprehensive development tools.

agentic-ai-development claude containerization docker gemini llms security vibe-coding

Last synced: 23 Jun 2026

https://github.com/xyzzylabs/dent8

A memory firewall for coding agents — provenance-, authority-, and freshness-governed memory with a tamper-evident, replayable event log.

agent-memory ai-agents event-sourcing llm mcp memory rust security

Last synced: 29 Jun 2026

https://github.com/cdot65/device-certificate-report

A Python-based CLI tool to generate device certificate reports from PAN-OS devices.

certificates network paloaltonetworks panos reporting security

Last synced: 14 Jan 2026

https://github.com/Perufitlife/firebase-security-skill

Open-source Firebase Firestore Rules auditor: detects 'match /{document=**} if true', expired test-mode rules, auth-without-ownership. Active probe sends anonymous GET to confirm leaks.

audit auditor cli devsecops firebase firestore google leak mit-license nodejs open-source penetration-testing scanner security security-audit typescript vulnerability

Last synced: 25 Jun 2026

https://github.com/im-anishraj/nactograph

Local-first flight recorder for AI coding agents: terminal replay, git diffs, redaction, risk findings, and shareable reports.

agentic-ai ai ai-agents cli code-review codex coding-agents developer-tools devtools git llm local-first nodejs observability redaction risk-analysis security session-replay terminal typescript

Last synced: 25 Jun 2026

https://github.com/fastuptime/csrf-shield

🚀 csrf-shield is a middleware for protecting web applications from Cross-Site Request Forgery (CSRF) attacks. It integrates easily with Express.js and ensures that your forms and requests are secure.

csrf express expressjs security

Last synced: 09 Apr 2025

https://github.com/askalf/warden

A deterministic, offline firewall for AI-agent tool calls — green/yellow/red/black risk tiers, secret-exfil & prompt-injection blocking, tamper-evident audit. Runs as a Claude Code hook or MCP proxy.

agent-security ai-agents claude-code firewall llm-security mcp own-your-stack prompt-injection security ssrf

Last synced: 26 Jun 2026

https://github.com/greenpau/caddy-security-secrets-aws-secrets-manager

Caddy Security Secrets Plugin for AWS Secrets Manager Integration

aws aws-secrets-manager caddy-plugin caddy2 security

Last synced: 17 Apr 2026

https://github.com/mbay7/claude-code-security

A 6-layer security framework for Claude Code workspaces: prompt injection detection, memory poisoning prevention, secrets scanning, behavioral audit logging, and pre-commit guardrails. Install in 5 minutes.

ai-security claude-code devtools mcp owasp prompt-injection security

Last synced: 02 Apr 2026

https://github.com/davidcrowe/openclaw-gatewaystack-governance

GatewayStack governance layer for OpenClaw — identity, scope, rate limiting, injection detection, and audit logging for every tool call

agentic agenticcontrolplane ai audit-logging authorization compliance gatewaystack governance identity injection-detection llm observability openclaw policy rate-limiting scope security

Last synced: 14 Apr 2026

https://github.com/forwardemail/mcp-server

Model Context Protocol (MCP) server for Forward Email. Connect AI assistants to your inbox.

ai api assistants context email email-api forward imap inbox mcp model pop3 protocol security server smtp

Last synced: 31 May 2026

https://github.com/sorah/hocho-jwt

Pass JWT to servers on hocho apply

hocho itamae jwt provisioning security

Last synced: 09 Oct 2025

https://github.com/hashgraph-online/codex-plugin-scanner

Security and best-practices scanner for Codex CLI plugins. Scores plugins 0-100.

cli codex codex-plugins mcp plugin-scanner python scanner security

Last synced: 06 Apr 2026

https://github.com/aeliant/qfileencryptionbundle

Bundle to ease files encryption in Symfony

decryption encryption files gpg php security symfony

Last synced: 17 Apr 2026

https://github.com/goklab/guardvibe

Security MCP for vibe coding. 429 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, and CVE/supply-chain IOC detection for Next.js, Supabase, Clerk, Stripe, Prisma, Drizzle, Hono, GraphQL, AI SDK, MCP, and the AI-native stack.

ai-security claude clerk cursor cve drizzle hono mcp mcp-server nextjs owasp prisma prompt-injection sast security stripe supabase typescript vercel vibe-coding

Last synced: 07 Jun 2026

https://github.com/cybardev/checkpass

Tool to check strength of passwords and passphrases

login password security

Last synced: 24 Jan 2026

https://github.com/thomas-vilte/mls-go

MLS Protocol (RFC 9420) implementation in Go. Secure group key exchange with forward secrecy and post-compromise security for E2EE messaging.

cryptography encryption end-to-end-encryption go golang messaging-layer-security mls rfc-9420 security

Last synced: 04 Apr 2026

https://github.com/adrelanos/remote-support

Remote Support with NAT Traversal. Using OpenVPN for connection security. Xpra as VNC alternative. Using nat-traverse for NAT Hole Punching. UDP required. Over clearnet.

nat-hole-punching nat-traversal openvpn security vnc vnc-client vnc-server vnc-viewer xpra

Last synced: 17 Apr 2026

https://github.com/steunix/passweaver-gui

A web frontend for PassWeaver-API, a collaborative password manager API

collaborative password-manager security team

Last synced: 03 Feb 2026

https://github.com/ostorlab/agent_whatweb

Agent responsible for fingerprinting websites.

ostorlab scanner security

Last synced: 25 Feb 2026

https://github.com/crane-valley/kylix

A post-quantum cryptography library implementing NIST FIPS standards in pure Rust.

cryptography dilithium fips-203 fips-204 fips-205 kyber lattice-cryptography ml-dsa ml-kem no-std post-quantum pqc rust security slh-dsa

Last synced: 28 Jan 2026

https://github.com/csaba79-coder/amigoscodejsonwebtokenjwt

JSON Web Token, Security, Authentication, Authorization

authentication authorization jsonwebtoken security

Last synced: 26 Mar 2025

https://github.com/lycshub/malfuse

malFuse is a local HTTP proxy firewall that prevents software supply chain poisoning by intercepting package install requests and blocking malicious packages before they reach your disk. Built in Go with zero runtime dependencies.

dependency-security malicious-package-blocker ossf package-manager poisoning poisoning-attack security supply-chain-attack-detection

Last synced: 29 May 2026

https://github.com/vineethkrishnan/vaultctl

Zero-knowledge password vault. Self-hosted, end-to-end encrypted, open source.

docker e2e-encryption golang open-source password-manager password-vault security self-hosted vault zero-knowledge

Last synced: 04 Jun 2026

https://github.com/nikogura/vault-authenticator

Managed Secrets Client Libraries

security

Last synced: 27 Jan 2026

https://github.com/shadowblack77/nestjs-auth-project

Repository with full auth project for base to build projects with authorization & authentcation

authentication authorization hbs mailer nestjs nodejs oatuh2 passportjs security typeorm typescript

Last synced: 18 Apr 2026

https://github.com/bklockly/shadowmeld

🕶️ 隐蔽Shellcode嵌入与反检测加载器生成框架 / Stealthy Payload Delivery Framework with Anti-EDR Capabilities

bypass-antivirus bypass-av cipher cryptography hacking hide-files image-steganography lsb-steganography security shellcode shellcode-loader

Last synced: 16 Mar 2025

https://github.com/pbloem/cleartxt

A simple website (cleartxt.info) designed to quickly inform website owners about the problem of cleartext passwords.

best-practices security website

Last synced: 12 Apr 2026

https://github.com/sjimenez44/azureroleassignmentauditor

Visualizes role assignments in an interactive network graph, helping security teams analyze access control structures.

azure dockerfile entraid security

Last synced: 18 Apr 2026

https://github.com/pkparthk/secure-cloud

A secure cloud access backend system built with Python, featuring JWT authentication, MongoDB integration, AWS IAM role management, SSH gateway configuration, and multi-factor authentication (MFA) support.

aws cloud-access configuration fastapi iam jwt mfa mongodb python security ssh

Last synced: 18 Apr 2026

https://github.com/ctkqiang/keyloggerzghk

这个仓库包含一个基础键盘记录器的 Python 脚本。键盘记录器是一种监控和记录用户在计算机上按键的监视软件。该脚本专门捕获键盘输入并通过 webhook URL 将记录的数据发送到远程服务器。

china ctkqiang cybersecurity hacking keylogger security

Last synced: 26 Jan 2026

https://github.com/peterfritz/spg

A cryptographically secure password generator.

csprng nextjs password pwa security

Last synced: 28 Apr 2026

https://github.com/jawaracloud/bash-collections

This repository contains a collection of Bash scripts for various purposes. Feel free to explore and use these scripts as needed.

bash bash-script linux security shell terminal

Last synced: 20 Apr 2026

https://github.com/branover/hexgraph

Self-hosted, agentic vulnerability research for binaries & firmware: an AI agent decompiles, fuzzes, and verifies exploits inside a sandbox, recording every finding to a typed graph. BYOK, fully local.

agentic-ai ai-agents binary-analysis claude claude-code cybersecurity exploit-development firmware-security fuzzing ghidra iot-security llm mcp pentesting reverse-engineering security security-tools vulnerability-research

Last synced: 04 Jun 2026

https://github.com/roguh/ansible-fwknop

Ansible role that secures ports on your server from unauthorized access using fwknop, an improved port knocking utility.

ansible devops fwknop knocking networking port security yaml

Last synced: 20 Apr 2026

https://github.com/martinpankraz/security-insights-2-action

Content supporting the Microsoft hands-on at DSAG Technology Days March 2023

audit azure logic-apps microsoft-sentinel sap security sentinel

Last synced: 28 Jun 2026

https://github.com/raghavagps/guidewd

GuideWD: Guide for web development

security sitemap sitemap-generator webserver

Last synced: 28 Jun 2026

https://github.com/kingkyylian/linwarden

Rootless Linux host inventory and hardening audit CLI

cli devops hardening linux python sarif security sysadmin

Last synced: 15 May 2026

https://github.com/matedev01/Joel_atecc608a

USB OTP Security System: A project combining the ESP32-S3 microcontroller, ATECC608A CryptoAuthentication device, Windows driver, and LibUSB for secure communication, OTP generation, and time synchronization. 🚀

driver esp32 esp32s3 firmware flash-encrypt hmac libusb otp secure-boot security usb visualgdb

Last synced: 29 Oct 2025

https://github.com/kaliforniagator/secshell-go

An implementation of SecShell now written in go with security features like command whitelisting and blacklisting built-in. It also uses sanitizing to ensure commands are clean from most injection attacks.

cyber cybersecurity go golang security shell

Last synced: 12 May 2026

https://github.com/teyckmans/gradle-tink

Gradle plugin that provides encryption support for secrets using https://github.com/google/tink.

crypto cryptography gradle java kotlin security tink

Last synced: 10 May 2026

https://github.com/gbburleigh/mitreeval

A library for fetching, parsing, and analyzing MITRE evaluation results for EDR platforms.

attack edr mitre python security

Last synced: 03 Apr 2025

https://github.com/krontab/cisco-hashgen

Generate and verify Cisco-compatible password hashes for Cisco ASA & IOS/IOS-XE.

asa cisco cli firewall networking one-way-hash-functions pbkdf2 router security switch type-5 type-8 type-9

Last synced: 30 Dec 2025

https://github.com/aggstam/safeshop

Simple e-shop with a lot of security features, using Spring MVC.

html-css-javascript java security shop

Last synced: 11 Jul 2025

https://github.com/holley-studio/thesmos-governance

AI governance CLI, GitHub Action, VS Code extension & MCP server — 1,075 rules for Claude, Cursor, Copilot, Gemini, Codex.

ai-governance claude cli code-review cursor llm mcp nextjs security typescript

Last synced: 01 Jul 2026

https://github.com/clats97/clatsguard

Secure your documents with this Python AES-256-GCM file encryptor featuring PBKDF2-HMAC key derivation, passphrase-based or hex key usage, and a Tkinter GUI for user-friendly encryption. Open-sourced. This project was peer reviewed by a CompTIA Security+ person.

aes256 aes256-gcm cryptography encryption encryption-decryption file-encryption python security trending

Last synced: 03 Apr 2025

https://github.com/gianlucatruda/nis-encrypted-messaging

A demonstration of security principles for peer-to-peer communications of sensitive content.

aes-encryption cryptography messaging python3 rsa-cryptography security

Last synced: 03 Apr 2025

https://github.com/gioragutt/scan-unverified-actions

This action scans actions used in your workflow files and outputs those that are unverified by github.

github-action javascript-action security

Last synced: 16 May 2026

https://github.com/zhanxu33/security

Security

security

Last synced: 16 Feb 2026

https://github.com/fijimunkii/aws-security-audit

Scripts for security audit of AWS account

audit aws security

Last synced: 15 May 2026

https://github.com/simplify-framework/security

This project aims to provide some basic security scan features for security assessments for Simplify Framework base projects.

aws-lambda secops security security-auditing-tool security-scanner

Last synced: 09 Jul 2025

https://github.com/mitre/heimdall-baseline

(WIP) InSpec Profile for the Heimdall Application

heimdall inspec mitre-corporation security security-tools

Last synced: 16 May 2026

https://github.com/kizzycode/ma_proper

This crate provides the cleaning memory allocator `MAProper`

memory-allocation memory-allocator memory-management security

Last synced: 16 Jun 2025

https://github.com/varmabudharaju/agent-pd

A police department for your Claude Code agents — a logging-only hook + CLI that audits the main agent and every subagent and reports rule offenses (permission bypass, out-of-scope & credential access, self-permissioning, disallowed tools, redundant, off-task) with quoted evidence. Catch-and-report, never blocks.

agent-monitoring ai-agents ai-safety audit-log claude-code cli developer-tools llm observability python security tamper-evident

Last synced: 02 Jul 2026

https://github.com/mefaay/face_recognition_system

A user-friendly face recognition system for adding individuals with photos, querying names, and identifying faces via uploaded images or live camera. Ideal for use in security, attendance, and monitoring systems. Includes detailed information display for recognized faces.

face-recognition opencv python security

Last synced: 20 Jan 2026

https://github.com/kdawgwilk/blind_index

Securely search encrypted database fields

ecto ecto-extension elixir elixir-lang privacy security

Last synced: 03 Apr 2025

https://github.com/cockroachlabs-field/cockroach-encrypted-stores

this is a draft of the blog Chris and Artem published on heterogeneous storage for the purposes of encrypting certain stores based on storage attributes. The article was published as https://www.cockroachlabs.com/blog/selective-encryption-tutorial-cockroachdb/

encryption security

Last synced: 20 Mar 2025

https://github.com/parzibyte/cifrar-descifrar-php

Cifrar y descifrar datos con PHP usando la librería php-encryption; cifrar con clave general o con claves generadas por contraseñas de usuarios

crypto data decrypt encryption password php security

Last synced: 20 May 2026

https://github.com/kpn-puppet/puppet-kpn-advanced_audit_policy

Puppet module to manage Advanced Audit Policies on Windows Server 2008R2 and upwards

puppet security windows

Last synced: 20 Mar 2025

https://github.com/felipecosta09/aws-modernization-with-cloud-one-fss

In this workshop, you will learn how to scan your files in S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment. Using Trend Micro - Cloud One, AWS S3, AWS Lambda, AWS SQS, AWS SNS and AWS Cloud Formation, you’ll get hands-on experience implementing an automated Cloud Formation security stack to provide Data Security capabilities to your S3 buckets.

aws cloudone filestorage s3 security trendmicro

Last synced: 02 Apr 2025

https://github.com/mmali3287/smartdoorbell

IoT-enabled smart video doorbell using AI face recognition, low-latency real-time streaming, MQTT communication and instant mobile notifications for secure access control.

cplusplus esp32 facerecognition firebase iot kotlin materialdesign ml motiondetection mqtt opencv pushnotifications python raspberrypi realtimevideostreaming security

Last synced: 07 Apr 2026

https://github.com/bvolpato/promptcloak

Local OpenAI-compatible proxy and Python library that redacts secrets before prompts leave your machine.

llm openai privacy proxy redaction security

Last synced: 30 Jun 2026

https://github.com/rdner/uncrypticated

cryptography in Go made easy as it should be

cryptography security

Last synced: 15 Dec 2025

https://github.com/dev-cetera/df_bijective_uuid_mapper

A package providing bijective UUID mapping for secure and efficienct lookups.

cloud-functions cryptography dart library package security uuid

Last synced: 16 May 2026

https://github.com/nhh/tarbit

Tarbit is a tcp tarpit written in ruby.

bots networking ruby security

Last synced: 29 Oct 2025

https://github.com/followingthefasciaplane/discord-gatekeeper-audit-bot

beta discord bot to automatically manage old school role based verification bots. proactive tracking, pinging, dming, reminders for those in purgatory and eventually regular auditing of those who should be and are not.

administration discord discord-bot discord-bots discord-py management moderation safety security utility

Last synced: 03 Apr 2025

https://github.com/gared/ether-scan

A security scanner for etherpad instances

etherpad etherpad-lite scanner security

Last synced: 11 Apr 2025

https://github.com/blue-davinci/socialaid

[Demo API] SocialAid Tracker is a Management Information System (MIS) designed to track beneficiaries of social protection programs. It enables efficient storage and retrieval of program details, household geolocation data, and household member information.

api backend golang rest-api security

Last synced: 15 May 2026

https://github.com/omar7tech/ecommerce-laravel-restful-api

Ecommerce Laravel API is a backend solution tailored for ecommerce applications, providing essential functionalities for managing products, categories, orders, and user locations. Its standout feature is a robust JWT authentication system, ensuring secure user access and authorization, thereby enhancing the overall security of the platform.

api authentication authorization backend e-commerce functionality jwt laravel management scalability security

Last synced: 16 May 2026

https://github.com/tiwarishubham635/easylocker

Generates Easy to remember Strong Passwords

password security

Last synced: 19 Jul 2025

https://github.com/emmaccen/webauth

Web Authentication API Demo

security webapi webauthn

Last synced: 29 Oct 2025

https://github.com/matricali/secure-your-php

A little script that helps you harden your PHP environment

hardening php php-installation security

Last synced: 27 Mar 2025

https://github.com/schubergphilis/seccubus-docker

A docker container for Seccubus

docker seccubus security

Last synced: 26 Mar 2025