Top 82 security-hardening open source projects

Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆

Ansible role for Red Hat 7 STIG Baseline

Wazuh - Kibana plugin

Wazuh - Docker containers

Ansible role to apply a security baseline. Systemd edition.

user.js -- Firefox configuration hardening

Wazuh - The Open Source Security Platform

Function order shuffling to defend against ROP and other types of code reuse

Harden the world is a community driven project to develop hardening guidelines and checklists for common software and devices.

Migrate C code to Rust

Nix-based app VMs

An evolving how-to guide for securing a Linux server.

Embeddable and Secure PHP Authentication System with Login, Signup, User Profiles, Profile Editing, Account Verification via Email, Password Reset System, Remember-Me Feature and more.

License: Mozilla Public License 2.0

Simplifying Seccomp enforcement in containerized or non-containerized apps

Windows 10 hardening guide without gimmicks

Ansible role for Red Hat 6 DISA STIG

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them

A simple demo app that demonstrates Certificate pinning and scheme/domain whitelisting in Android WebViews

🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

Generates sandboxes for C/C++ libraries automatically

Wazuh - Project documentation

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

My Windows 10 x64 security hardening guide

The Antikernel operating system project

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Ansible CentOS 7 - CIS Benchmark Hardening Script

Browser hacks to disable WebAssembly (WASM)

Scripts to gather system configuration information for offline/remote auditing

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

C-friendly API to make path resolution safer on Linux.

CIS Baseline Ansible Role for RHEL 8

Canary: Input Detection and Response

Simple Golang HTTPS/TLS Examples

Wazuh - Chef cookbooks

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

Easily configure macOS security settings from the terminal.

Hardening Ubuntu. Systemd edition.

USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)

A collection of awesome security hardening guides, tools and other resources

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Security Knowledge Framework (SKF) Python Flask / Angular project

Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!

Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

Scripts built from our Guide to User Data Security

Ansible playbook roles for security

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

Quickly secure UNIX/Linux systems

Secure-by-default HTTP servers in Go.

Ansible role for Red Hat 7 CIS Baseline

The Hitchhiker’s Guide to Online Anonymity

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Wazuh - Ruleset

Look-Ahead Java Deserialization Library

Kubernetes RBAC static Analysis & visualisation tool

Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability. All results will be sent to Security Hub for further aggregation and analysis.

CIS Baseline Ansible Role for Ubuntu 18

Wazuh - Puppet module

A "SIP Torture" (RFC 4475) testing suite.