An open API service indexing awesome lists of open source software.

Security

Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.

https://github.com/piiiico/proof-of-commitment

Supply chain risk scorer for npm and PyPI — single-maintainer CRITICAL flags before attacks happen

audit cargo cli dependencies github-action go golang mcp mcp-server npm openssf pypi rust scorecard security software-supply-chain supply-chain supply-chain-security

Last synced: 13 Jun 2026

https://github.com/soulteary/stargate

A minimal ForwardAuth gateway for Traefik and Nginx that handles login sessions and request access control. / 面向 Traefik 和 Nginx 的极简 ForwardAuth 鉴权网关,负责会话与访问控制。

auth authentication authorization enjoy-with-stargate forwardauth gateway nginx reverse-proxy security sso traefik

Last synced: 11 Feb 2026

https://github.com/getarcis/arcis

Inside-the-app security middleware for Node.js, Python, and Go. 20+ attack vectors. One install, three languages, MIT.

bot-detection cli django express fastapi middleware nodejs npm owasp prompt-injection pypi python rate-limiting sast security sql-injection ssrf supply-chain-security web-security xss

Last synced: 06 Jun 2026

https://github.com/gowww/secure

🔑 Security utilities, CSP, HPKP, HSTS and other security wins

csp go golang good-practices hpkp hsts http https policy secure security ssl

Last synced: 01 Mar 2026

https://github.com/mondoohq/terraform-provider-mondoo

Terraform Mondoo provider

security terraform

Last synced: 02 Apr 2026

https://github.com/picobaz/pybruteforge

PyBruteForge: A powerful Python brute-force login tester for ethical security audits. Forge attacks with smart password patterns and CSV logging via a modular API-driven design. Strengthen your defenses—test ethically!

bruteforce cybersecurity ethical-hacking login-tester password-audit penetration-testing python security web-security

Last synced: 23 Oct 2025

https://github.com/rsclarke/terraform-cloudflare-fastmail-email

MX, SPF, DKIM and DMARC records with MTA-STS policy for email hosted by Fastmail

cloudflare dkim dmarc email mta-sts mx security spam-protection spf terraform

Last synced: 04 Apr 2026

https://github.com/skx/mod_blacklist

A simple Apache module to blacklist remote hosts.

apache2 blacklist c firewall security

Last synced: 16 Mar 2026

https://github.com/richonn/shieldci

GitHub Action that auto-generates hardened CI/CD DevSecOps pipelines — lint, tests, Trivy, Gitleaks, SAST and more — and opens a PR with the generated workflows.

automation ci-cd devops devsecops github-actions gitleaks golang pipeline sast security trivy

Last synced: 30 May 2026

https://github.com/lauslim12/attendance

🔐 Secure full-stack + REST API implementation of 2FA in the form of an attendance system

api authentication authorization express full-stack multi-factor-authentication nextjs owasp production security totp typescript

Last synced: 10 May 2026

https://github.com/onzack/kube-defcon

A tool to visualize network policy information from the Kubernetes Master API

docker kubernetes network-policy security visualization

Last synced: 26 Oct 2025

https://github.com/sowoi/check-nextcloud-security

Check the security level of your Nextcloud instance with the Nextcloud Security API

icinga icinga2 icinga2-plugin nagios-checks nagios-plugin nextcloud nextcloud-server python3 scan security

Last synced: 11 Jun 2026

https://github.com/yaleman/ocsf-rs

OCSF schema for Rust

ocsf rust security

Last synced: 04 Mar 2026

https://github.com/edsoncelio/ctf-guide

Information guide about CTF: https://edsoncelio.github.io/ctf-guide/

computer-engineering criptography pentest security

Last synced: 06 Feb 2026

https://github.com/mauricelambert/entropyanalysis

This package analyzes file entropy (shannon entropy) for forensic and malware analysis.

cybersecurity disk-analysis entropy entropy-analysis file-analysis forensic malware-analysis security

Last synced: 04 Jun 2026

https://github.com/byxor/passflip

Lightweight password manager that doesn't store anything

password-manager python3 security

Last synced: 24 Oct 2025

https://github.com/appsechq/skill-scanner-test

Skill Scanner - An automated security scanning pipeline for AI agent SKILL.md and Agent plugins in popular public skills directories.

appsec security security-tools skills

Last synced: 04 Jun 2026

https://github.com/ralish/certuiexts

A library which extends Windows cryptography support for displaying additional OIDs and associated certificate extensions

certificates security windows x509

Last synced: 07 May 2026

https://github.com/kataras/ultrasecurity

10 seconds post-login OS security

go golang open-source security windows windows11

Last synced: 14 Feb 2026

https://github.com/marc-shade/fraud-detection-mcp

Advanced fraud detection MCP server with behavioral biometrics, real-time anomaly detection, and explainable AI for comprehensive fraud prevention

anthropic behavioral-biometrics claude fraud-detection fraud-prevention fraudulent-transactions mcp model-context-protocol security

Last synced: 05 Apr 2026

https://github.com/sap-samples/risk-explorer-execution-pocs

A collection of proof-of-concepts in multiple languages and for different package managers, showcasing how third-party dependencies trigger code execution on downstream projects, leading to potential open-source software supply chain attacks.

proof-of-concepts sample security

Last synced: 14 Mar 2026

https://github.com/sultaniman/allowed_hosts

Elixir plug to protect your APIs from Host header attacks

allowedhosts elixir header-attack plug security

Last synced: 04 Jun 2026

https://github.com/thresher-sh/thresher

OSS Projects are cool, vulnerabilities and threats arent. AI scan environment for scanning OSS projects for threats, malware, security issues.

ai ai-agents entropy malware malware-analysis scanning security supply-chain-security vulnerability

Last synced: 04 Apr 2026

https://github.com/tink-crypto/tink-java-gcpkms

Extension to Tink Java that provides Google Cloud KMS integration

crypto cryptography gcp-kms google-cloud-kms java security

Last synced: 27 Jan 2026

https://github.com/kumarvna/terraform-azurerm-security-center

Terraform module to create Azure Security Center resources for Azure Landing Zones

azure azure-security azure-security-center security terraform terraform-module

Last synced: 24 Oct 2025

https://github.com/mablanco/docker-fgds

Docker image for Fast Google Dorks Scan (FGDS), a script to enumerate web-sites using Google dorks

docker osint pentesting security

Last synced: 02 Jun 2026

https://github.com/mrcrunchybeans/youth-secure-checkin

A secure, flexible check-in/check-out system for youth organizations including Trail Life, scouting groups, churches, schools, and community programs. Features family management, event tracking, QR code checkout, label printing, and comprehensive security controls.

check-in-out ministry security

Last synced: 12 Feb 2026

https://github.com/shaneutt/podtunnel

Secure Tunnels For Kubernetes Pods

kubernetes networking security

Last synced: 16 Mar 2026

https://github.com/discourse/ruby-landlock

Landlock bindings for Ruby

landlock linux sandbox security

Last synced: 25 Jun 2026

https://github.com/bsm/httpx

Useful and opinionated helpers for building secure HTTP services

chi golang http internal security

Last synced: 28 Feb 2026

https://github.com/conijnio/aws-security-posture

Keep a historic overview of your compliance scores per workload

compliance security

Last synced: 05 Mar 2026

https://github.com/craftycram/richtigpferd

password generator using German words to create secure passwords

generator password security

Last synced: 05 Feb 2026

https://github.com/danvixent/cryptany

A simple tool for encrypting/decrypting any sequence of bytes using a key

encryption golang security

Last synced: 08 Feb 2026

https://github.com/nckslvrmn/whisper

Simple service for one time secret (and file) sharing

aes-gcm-256 container cryptography docker encryption golang scrypt secret-management security

Last synced: 16 Mar 2026

https://github.com/bootique/bootique-shiro

Provides Apache Shiro integration with Bootique.

bootique java security shiro

Last synced: 19 Oct 2025

https://github.com/rgrannell1/polonium

stateless password manager.

command-line password security stateless

Last synced: 07 May 2025

https://github.com/deutsia/deutsia-radio

A privacy-focused, censorship-resistant multinet Android radio player built with Claude Code. Supports I2P, clearnet and Tor streaming.

android i2p material-design-3 privacy radio radio-streaming radio-streaming-application security tor

Last synced: 29 Apr 2026

https://github.com/codenoid/elixir-two-factor-auth

Library for generating QR-Code, Random Secret and Verify Time Based Password

2fa-security password security two-factor-authentication

Last synced: 15 Sep 2025

https://github.com/joshuadeguzman/xtrength

A password strength meter for Android

android jitpack kotlin passwords security

Last synced: 13 Apr 2025

https://github.com/jkawamoto/ambassadors

Yet another Ambassador pattern over SSH

ambassador connection docker secure security

Last synced: 15 Apr 2025

https://github.com/llllllxy/tiny-security

一个基于token验证的Java Web权限控制框架,支持redis、jdbc和单机session多种存储方式,前后端分离项目、不分离项目均可使用,功能完善、使用简单、文档清晰,易于扩展。

authorization java security session-management springboot token

Last synced: 21 Jul 2025

https://github.com/trishankatdatadog/tuf-on-a-plane

Allegedly, a minimal, Pythonic TUF client can be written on a long flight. This was written after that flight, but hey, it's a shot.

security tuf updates

Last synced: 14 Apr 2025

https://github.com/paulveillard/cybersecurity-data-privacy

A collection of awesome software, libraries, documents, books, resources and cool stuff about Data Privacy in cybersecurity

big-data data dataprivacy fedramp gdpr pci security security-audit security-tools

Last synced: 06 Jan 2026

https://github.com/jcsec-security/smart-contract-audits

List of some of the published smart contract audits in which I have participated in the past.

audit security smart-contracts

Last synced: 07 Apr 2025

https://github.com/LeKlex/Attack-simulation-infrastructure

A small and simple network infrastructure with automated attacks on a VM server documented by tshark

bruteforce forensic hacking network nmap nmap-scripts port-scanner reverse-shell security shell-script sql-injection telnet tshark ubuntu vagrant virtualbox

Last synced: 12 Jul 2025

https://github.com/hiwepy/security-cas-spring-boot-starter

Spring Security 整合 Cas 登录

cas security spring-boot

Last synced: 16 Aug 2025

https://github.com/dreadl0ck/osx-root-installer

OSX ElCapitan Privilege Escalation Proof Of Concept

exploit osx osx-security security

Last synced: 08 Apr 2025

https://github.com/jakejarvis/careful-downloader

🕵️‍♀️ Downloads a file and its checksums, validates the hash, and optionally extracts it if safe.

checksum download extract file hash javascript npm security

Last synced: 03 Jul 2025

https://github.com/youhaveme9/ctfinfo

Mobile app for CTF information, resources and updates, build in flutter

ctf dart flutter security

Last synced: 14 Sep 2025

https://github.com/damienbod/wpfazureadsharepointonlinegraphapi

WPF Azure AD signin with Sharepoint Online API call using Graph API

azure azuread graph graph-api identity msal security sharepoint sharepoint-online wpf

Last synced: 03 Aug 2025

https://github.com/doucol/clyde

Project Calico Observability Tools

calico k8s kubernetes networking observability projectcalico security tigera

Last synced: 02 Feb 2026

https://github.com/hhimanshu/google-oauth2-jwt-secure-api

Demonstrates how to write secure Web Applications using Google Oauth2 on client side and securing protected resources with JWT based token

full-stack google jwt oauth2 security spring-boot webapp

Last synced: 02 May 2025

https://github.com/checkpointsw/sourceguard-action

SourceGuard is designed to leverage Check Point's varied prevention technologies and services, providing source-code security and visibility. With a simple, cross-platform CLI tool users can customize exclusions and control an ignore list with easy integration into any pipeline.

code-quality compliance oss security source-code

Last synced: 08 Mar 2026

https://github.com/JerryLinLinLin/Huorong-HIPS-Rule-Schema

The project includes two json schemas of Huorong Host-based Intrusion Prevention System (HIPS) custom rule files (json). They can be used to validate Huorong HIPS rules and speed up editing.

anti-malware antivirus antivirus-software hips huorong security security-tools

Last synced: 11 Jul 2025

https://github.com/felixdes/java-dop-example

Simple example of fine access implemented with new Java DOP paradigm

dop gradle java security spring-boot

Last synced: 06 Jul 2025

https://github.com/grantseltzer/prism

Container based binary analysis tool

binary-analysis containers prism security snapshot

Last synced: 15 Feb 2026

https://github.com/illdefined/sensitive

Simple Rust memory allocator for sensitive information

memory-allocator security

Last synced: 13 Apr 2025

https://github.com/opcod3r/godan

Shodan tool subdomains with rotation keys.. 🎩

bugbounty bugbounty-tool golang pentest recon security shodan subdomains

Last synced: 18 Jun 2025

https://github.com/cpulvermacher/secret-scanner

Browser extension to scan web pages for API keys or passwords

browser-extension chrome-extension firefox-extension secret security security-tools web-development

Last synced: 17 May 2026

https://github.com/volkansah/sqlp-edu

Example Python script that demonstrates a simple example of a Cross-Site Scripting (XSS) exploit for educational purposes only. This script is intended to be used responsibly, for learning and understanding the security implications of XSS attacks, and should not be used for any illegal or unethical activities.

bypass cross-site-scripting ehtical-hacking-tools exploit exploitation explotation hacking hacking-tool hacking-tools penetration-testing pentesting phishing python security sql-xss vulnerability xss xss-attacks xss-exploitation xss-injection

Last synced: 11 Jul 2025

https://github.com/endorama/devenv

Manage different shell environments securely with ease

development devenv environment gpg hacktoberfest profile security security-posture ssh-agent ssh-key

Last synced: 23 Mar 2025

https://github.com/netflix-skunkworks/swag-functions

Lambda functions for SWAG management

security

Last synced: 28 Jul 2025

https://github.com/devexpress-examples/connect-winforms-grid-to-backend-using-middletier-server

Connects the DevExpress WinForms Data Grid to a backend using a Middle Tier Server (EF Core without OData).

aspnetcore authorization devexpress dotnet ef efcore grid rbac security webapi winforms xaf

Last synced: 30 Aug 2025

https://github.com/imagemlt/php_extension_backdoor

php拓展后门

php security

Last synced: 16 Jun 2025

https://github.com/federicoceratto/nim-libu2f

FIDO U2F server-side and client-side library for Nim

authentication fido nim nim-lang security u2f

Last synced: 03 Oct 2025

https://github.com/circl/odfcleaner

Python module to cleanup ODF files.

cleanup-odf-files odf odfcleaner security

Last synced: 07 Mar 2026

https://github.com/jenkinsci/42crunch-security-audit-plugin

Jenkins plugin 42Crunch API Contract Security Audit

analysis security test

Last synced: 22 Apr 2025

https://github.com/monke443/CVE-2023-40028

Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink.

cve cve-2023-40028 exploit ghost-cms github pentesting security vulnerability

Last synced: 30 Aug 2025

https://github.com/tegridydev/multi-agent-secops-llm

This project is a multi-agent security framework that utilizes multiple LLM models to analyze and generate comprehensive security briefs.

ai llm local localllm ollama secops security

Last synced: 11 Jul 2025

https://github.com/guardicode/centra-py-client

A Python client for Guardicore Centra API access.

firewall python security segmentation

Last synced: 16 Jan 2026

https://github.com/sjinks/node-modsecurity

ModSecurity Connector for Node.js

modsec modsecurity security waf

Last synced: 10 Apr 2025

https://github.com/atao/shodan2db

🔌 Shodan export to SQLite database and generate an HTML report.

analysis converter cve export osint python-class python3 report reporting security shodan shodan-python sqlite vulnerability

Last synced: 10 Jun 2025

https://github.com/YosaiProject/yosai_libauthz

Rust extension library for Yosai

extension python rust security yosai

Last synced: 29 Mar 2025

https://github.com/akmalovaa/mikroseclist

Mikrotik CrowdSec firewall address lists sync

address address-list block crowdsec firewall mikrotik router-os routeros security

Last synced: 19 Apr 2025

https://github.com/celenityy/better-vanadium

My recommendations for the ultimate configuration of the Vanadium web browser to maximize privacy, security, and usability. :)

ads android android-application anti-fingerprinting anti-tracking aosp aosp-android chromium chromium-browser divested grapheneos hardened hardening mulch privacy privacy-protection security security-hardening tracking vanadium

Last synced: 04 Aug 2025

https://github.com/kyra-1/otw-banditgames

You can try the games provided here at the given link

basics cyber-security cybersecurity linux security securitybasics shell-scripting

Last synced: 16 Apr 2025

https://github.com/jojiiofficial/scanbanserver

The server for the triplink-system to collect hackers and webscanner across the internet

blocking database filter ipsec security security-automation triplink

Last synced: 04 Mar 2025

https://github.com/e3prom/kryptoxin

A security-oriented payload encryption tool written in Python.

aes cryptography encryption encryptor penetration-testing pentesting programming red-team security

Last synced: 13 May 2025

https://github.com/jasondrawdy/krypta

An advanced cryptography suite packaged with a file manager, password manager, and a swiss army knife of crypto tools.

application cryptography data encryption filemanager generators hashing notepad password-manager security software windows

Last synced: 08 Jan 2026