Top 3063 security open source projects

This tool scans for a number of common, vulnerable components (openssl, libpng, libxml2, expat and a few others) to let you know if your system includes common libraries with known vulnerabilities.

BruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack

The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.

Nitrokey's Application (Win, Linux, Mac)

🔖 +4.3K awesome resources for geeks and software crafters 🍺

Modern alternative to dirbuster/dirb

Privacy and Security focused Segment-alternative, in Golang and React

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Simulate a federated setting and run differentially private federated learning.

A Java standalone implementation of the bcrypt password hash function. Based on the Blowfish cipher it is the default password hash algorithm for OpenBSD and other systems including some Linux distributions. Includes a CLI Tool.

A flexible configuration manager for Wireguard networks

A fuzzer for full VM kernel/driver targets

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

Beego's RBAC & ABAC Authorization middleware based on Casbin

The modular distributed fingerprinting engine

Repository to store what we have studied. 📖 We want everyone to get a job through TechnicalNote.

PandwaRF: RF analysis tool with a sub-1 GHz wireless transceiver controlled by a smartphone or

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

大型内网渗透扫描器&Cobalt Strike，Ladon8.9内置120个模块，包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2，密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem，Poc/Exploit,支持Cobalt Strike 3.X-4.0

Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.

Expand env variables from AWS Parameter Store

基于 Docker 的真实应用测试环境

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

Identify hardcoded secrets and dangerous behaviours

MIT licensed Open Source Identity and Access Management implementing OAuth 2.0 and SCIMv2.

Use Moqui Framework to build enterprise applications based on Java. It includes tools for databases (relational, graph, document), local and web services, web and other UI with screens and forms, security, file/resource access, scripts, templates, l10n, caching, logging, search, rules, workflow, multi-instance, and integration.

InSpec: Auditing and Testing Framework

Generates malicious LNK file payloads for data exfiltration

Security Knowledge Structure(安全知识汇总)

HTTP(S) Rotating Residential proxies - Code examples & General information

Security plugin for egg, force performance too.

A curated list of awesome resources for adversarial examples in deep learning

Light NodeJS rate limiting and response delaying using Redis - including Express middleware.

Web Cryptography API Polyfill

🔑 Second factor TOTP (RFC 6238) provider for Nextcloud

🚂 The little forwarder that could

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

Patch-level verification for Bundler

Collection of the cheat sheets useful for pentesting

An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

Smart Contract Weakness Classification and Test Cases

Docker playground

Anti-keylogger/anti-rat application for Windows

A language and library for specifying syscall filtering policies.

🎯 RFI/LFI Payload List

qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.

LibreAuth is a collection of tools for user authentication.

A fully manual Let's Encrypt/ACME client

Advanced vm/sandbox for Node.js

컴공생을 위한 대학 생활 가이드라인

Metasploit custom modules, plugins, resource script and.. awesome metasploit collection

网络资产发现、漏洞扫描

安全编排与自动化响应平台

macOS FileVault cracking tool

🔐Sensitive log tool for java, based on java annotation. (基于注解的 java 日志脱敏框架，更加优雅的日志打印)

Symbolic execution tool

U2F USB token optimized for physical security, affordability, and style

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

List of the most common French passwords

🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.