Links
AddOpen-Source Design Editor.
Opens Figma files. Built-in AI. Fully programmable. Also a toolkit for building custom editors.
Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations.
Static and dynamic analysis tool for detecting malicious code, suspicious binaries, and privacy violations. Analyzes source code, compiled executables (.exe, .dll, .elf), macOS bundles (.app, .dmg, .pkg), mobile apps (.apk, .ipa), and application packages with YARA rules, Docker behavioral sandboxing, MobSF mobile analysis, payload deobfuscation, and multi-format reporting (JSON, HTML, SARIF).
Related contents:
Goauld is a post-exploitation and remote access tool designed for use in restricted environments.
During penetration tests, operators may be required to work from a client-provided laptop behind VPNs, authenticated egress proxies, or restrictive network controls. In other cases, gaining remote code execution on a system still requires establishing a stable and fully interactive access channel.
Goauld solves these problems by providing a tunneling and access framework that allows operators to interact with remote agents through multiple transport protocols while maintaining a secure SSH-based architecture.
Related contents:
Scan your dev machine for AI agents, MCP servers, IDE extensions, and suspicious packages - in seconds.
Developer machines are the new attack surface. They hold high-value assets — GitHub tokens, cloud credentials, SSH keys — and routinely execute untrusted code through dependencies and AI-powered tools. Recent supply chain attacks have shown that malicious VS Code extensions can steal credentials, rogue MCP servers can access your codebase, and compromised npm packages can exfiltrate secrets.
Related contents:
Automated monitoring of the top PyPI and npm packages for supply chain compromise. Polls both registries for new releases, diffs each release against its predecessor, and uses an LLM (via Cursor Agent CLI) to classify diffs as benign or malicious. Malicious findings trigger a Slack alert.
Related contents:
API Discovery and Specification Generation Tool.
API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs
Vespasian discovers API endpoints by observing real HTTP traffic and generates API specification files from those observations. It captures traffic through headless browser crawling or imports it from existing sources (Burp Suite XML exports, HAR files, and mitmproxy dumps), then classifies requests, probes discovered endpoints, and outputs specifications in the native format for each API type: OpenAPI 3.0 for REST, GraphQL SDL for GraphQL, and WSDL for SOAP services.
Related contents:
Check your AWS CLI commands for security risks before you run them.
Security linter for AWS CLI commands. Catches misconfigurations before they hit your cloud.
703 security checks across 91 AWS services. Findings include severity ratings and a remediated command.
Related contents:
The MITRE Fight Fraud Framework™ (F3) is a curated knowledge base of tactics and techniques used by financial fraud actors, derived from real-world observations of cyber fraud incidents. The framework includes behaviors that characterize known fraud TTPs and references existing MITRE ATT&CK® cyber techniques as applicable to financial fraud. F3 provides a common structure and taxonomy to consistently describe and enumerate the material events of a cyber fraud incident, enabling stronger collaboration on fraud prevention, detection, and response across organizational teams. The knowledge base is globally accessible, open, and available at no charge to any person or organization.
Related contents:
How to disable JavaScript in your browser.
Nowadays almost all web pages contain JavaScript, a scripting programming language that runs arbitrary code, through the web browser, on the visitor's computer. It is supposed to make web pages functional for specific purposes but it has proven its potential to cause significant harm to users time and time again:
Sécurix is a NixOS-based secure operating system tailored for small to medium-sized teams. It provides a minimal, hardened environment with strong isolation, reproducibility, and policy-driven configurations to ensure operational security and compliance.
Related contents:
The Python web framework for building apps.
A familiar foundation, reimagined for humans and agents. Plain is a fork of Django, driven by ongoing development at PullApprove — with the freedom to reimagine it for the agentic era.
check for a database transaction that silently leaked operations outside its boundary in go.
Related contents:
The Origami Store is a Devops Learning App created by School of Devops.
a Polyglot, Micro-Services based application, built with the Modern Tech stack, specially designed to be used as a learning app to buid Devops Projects with.
Related contents:
Headless browser automation server for AI agents to visit sites that are usually blocked. Anti-detection browser server for AI agents, powered by Camoufox.
Standing on the mighty shoulders of Camoufox - a Firefox fork with fingerprint spoofing at the C++ level.
A beautiful, minimal desktop shell for Wayland. A sleek and minimal desktop shell thoughtfully crafted for Wayland.
Built on Quickshell with a warm lavender aesthetic that you can easily customize to match your vibe.
Self-hosted client for your data. 📁 File Management Platform / Universal Data Access Layer (without FUSE) .
It started as a storage agnostic Dropbox-like file manager that works with every storage protocol: FTP, SFTP, S3, SMB, WebDAV, IPFS, and about 20 more.
Related contents:
Lightweight fuzzy-search library, with zero dependencies.
Fuse.js is a lightweight, zero-dependency fuzzy-search library written in TypeScript. It works in the browser and on the server, and is designed for searching small-to-medium datasets on the client side where you can't rely on a dedicated search backend.
LLM-native spec language. Velocity through clarity.
Give your AI agents something more useful than a prompt.
Related contents:
🇫🇷 Skills pour agents IA spécialisés dans la bureaucratie française : Comptable, Notaire, ...
Paperasse est une collection de skills pour agents IA (Claude Code, Claude Cowork, Codex, Mistral Vibe, Cursor, Windsurf, Cline, Aider) spécialisés dans la comptabilité, la fiscalité, le notariat et l'audit des entreprises françaises.
Chaque skill transforme votre agent en copilote expert d'un métier de la paperasse : comptabilité (PCG, TVA, IS, clôture annuelle, FEC, liasse fiscale), contrôle fiscal, audit CAC, droit notarial (immobilier, succession, donation), et gestion de copropriété (AG, charges, travaux, impayés). Il connaît les textes (CGI, BOFiP, NEP, loi 1965), les formulaires, les échéances, et ne se trompe pas de case dans la liasse fiscale.
Related contents:
Kubernetes Orphaned Resources Finder.
A Golang Tool to discover unused Kubernetes Resources.
like virtualenv, for every language. Per project developer environments.
The goal of this project is to simplify per-project developer environments.
Imagine, a new employee joins the company, or somebody transfers teams, or somebody wants to contribute to one of your Open Source projects. It should take them 10 minutes to clone the repo and get all of the development dependencies.
A fast, async-native Django cache backend for Valkey (and Redis). Opinionated and secure by default.
Related contents:
Scripts and utilities for secure OpenBAO/Vault management, featuring role-based access control, MFA, token lifecycle management, and API integration examples. Implements security best practices for secrets management.
OpenBAO (Open Build, Authenticate, and Operate) is an open-source fork of HashiCorp Vault that remains fully open-source under the MPL 2.0 license. This setup is designed for managing secrets across multiple namespaces, ideal for multi-tenant applications and integrations with various systems like n8n.
OpenAPI Breaking Change Detection & PR Review. Know exactly what changed in your API — and who approved it. Command-line and Go package to compare and detect breaking changes in OpenAPI specs.
oasdiff posts a breaking change report on every pull request, with one-click approve/reject for each change. The CI gate updates automatically.
Related contents:
Datadog Static AI Security Testing (SAIST) tool.
Code Security scans your first-party code and open source libraries used in your applications in both your repositories and running services, providing end-to-end visibility from development to production.
Related contents:
Garry's Opinionated OpenClaw/Hermes Agent Brain.
Your AI agent is smart but it doesn't know anything about your life. GBrain fixes that. Meetings, emails, tweets, calendar events, voice calls, original ideas... all of it flows into a searchable knowledge base that your agent reads before every response and writes to after every conversation. The agent gets smarter every day.
The open source, no-code MCP Server for AI-Native API Access
Build a uniform API value chain for AI agents with secure, no-code endpoint translation across your existing API services.
reShapr is the open source, no-code MCP Server for AI-Native API Access. It bridges the gap between traditional REST/GraphQL/gRPC services and LLMs by transforming complex services into discoverable, optimized MCP tools.
Related contents:
Schedule automated simulations of actions you would perform on your PC.
Related contents:
Aidge is an innovative, open-source framework designed to streamline and accelerate the deployment of Deep Neural Networks onto diverse hardware targets. In today’s rapidly evolving AI landscape, moving from a trained model to a high-performance, production-ready application can be a complex and time-consuming process.
Related contents:
A random collection of accessibility-focused tools that you might find at least partially useful
Related contents:
Offline Hike, Bike, Trails and Navigation.
Organic Maps is a privacy-focused offline maps & GPS app for hiking, cycling, biking, and driving. Absolutely free. No ads. No tracking. Developed with love by the open-source community and the same people, who created MapsWithMe/Maps.Me app. Powered by OpenStreetMap data.
Related contents:
Simple Secure Keeper for Secrets.
Keeper is a cryptographic secret store for Go. It encrypts arbitrary byte payloads at rest using Argon2id key derivation and XChaCha20-Poly1305 (default) authenticated encryption, and stores them in an embedded bbolt database.
Collection of npm package manager Security Best Practices.
Shai-Hulud, Nx and other incidents are a growing concern of supply chain security attacks and compromised npm packages. Follow these developer security best practices around npm, package maintenance and secure local development to mitigate security risks.
PentAGI: Advanced AI-Powered Penetration Testing
Fully autonomous AI Agent that performs complicated penetration testing tasks using terminal, browser, editor, and external search system.
Like BrowserUse, but for the terminal.
tui-use lets agents interact with programs that expect a human at the keyboard — REPLs, debuggers, TUI apps, and anything else bash can't reach.
A Watchdog for Your Infrastructure State. Continuous infrastructure drift detection with historical tracking and notifications.
Monitor infrastructure drift for Terraform, OpenTofu, and Terragrunt. Real-time drift detection with automated alerting.
Homogeneous Kubernetes clusters at scale on any infrastructure using hosted control planes. A Managed Kubernetes Service Done Right. Deliver fully-managed clusters at scale everywhere with your own Gardener installation.
Gardener implements the automated management and operation of Kubernetes clusters as a service and provides a fully validated extensibility framework that can be adjusted to any programmatic cloud or infrastructure provider.
A sliding, tiling window manager for MacOS.
Paneru is a MacOS window manager that arranges windows on an infinite strip, extending to the right. A core principle is that opening a new window will never cause existing windows to resize, maintaining your layout stability.
Each monitor operates with its own independent window strip, ensuring that windows remain confined to their respective displays and do not "overflow" onto adjacent monitors.
declarative. reproducible. human-friendly.
Lix is a modern, delicious implementation of the Nix package manager, focused on correctness, usability, and growth – and committed to doing right by its community.
Claude Code orchestrator in one window.
Orchestrate multiple Claude Code sessions across projects. Review diffs, annotate code, send instructions — all from one window.
Related contents:
Fast, encrypted, deduplicated backups in Rust — with friendly YAML config, a desktop GUI, and support for S3, custom REST and SFTP storage.
Inspired by BorgBackup, Borgmatic, Restic, and Rustic. Vykar uses its own on-disk format and is not compatible with Borg or Restic repositories.
Vykar is a fast, encrypted, deduplicated backup tool written in Rust. It’s centered around a simple YAML config format and includes a desktop GUI and webDAV server to browse snapshots. More about design goals.
Open-Source Workflow Automation & Solution Engineering Platform.
Flow-Like: Strongly Typed Enterprise Scale Workflows. Built for scalability, speed, seamless AI integration and rich customization. A Rust-powered workflow engine that runs on your device — laptop, server, or phone. Fully typed. Fully traceable. Fully yours.
Flow-Like is a visual workflow automation platform that runs entirely on your hardware. Build workflows with drag-and-drop blocks, run them on your laptop, phone, or server, and get a clear record of where data came from, what changed, and what came out — no cloud dependency, no black boxes, no guesswork.
🔗 A federated network to bookmark, organize, share and discover good web pages. 🪢Federated website aggregator.
It's getting harder and harder to find good web pages. When you do find good ones, it's worth hanging onto them. ties is your own small corner of the web, where you can keep your favorite pages, and share them with your friends to help them find good web pages too.
Manage CrowdSec, Traefik integration, decisions, scenarios, logs, backups, and updates from a single web interface.
A web-based management interface for CrowdSec security stack with Pangolin integration. This project replaces the bash script with a modern, user-friendly ShadcnUI built with Go and React.
Package your AI coding workflows as YAML. Run them anywhere — CLI, Web, Slack, Telegram, GitHub, Discord.
The first open-source harness builder for AI coding. Make AI coding deterministic and repeatable.
Open-Source API Security Testing Framework.
API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templates.
Hadrian is an open-source API security testing framework that detects OWASP API Top 10 vulnerabilities in REST, GraphQL, and gRPC APIs. It uses role-based authorization testing and YAML-driven templates to automatically find broken object-level authorization (BOLA), broken function-level authorization (BFLA), broken authentication, and other critical API security flaws — without writing custom test code.
Understand Any Codebase in Minutes, Not Hours
AI-powered repository analysis that turns complex codebases into interactive documentation, dependency graphs, and intelligent conversations.
Related contents:
Virtual desktop pet cats for macOS — pixel art cats that live on your dock and chat with you via Ollama LLM.
Related contents:
Self-hosted image processing
Resize, compress, convert, remove backgrounds, and more. All on your own server, no data leaves your machine. Get started
Stirling-PDF but for images. 30+ tools and local AI in a single Docker container - resize, compress, remove backgrounds, upscale, OCR, and more. No cloud, no telemetry. Your images never leave your machine.
Related contents:
A visual explorer for Unicode. Browse the character set, discover related glyphs, and learn more about the scripts, symbols, and shapes that make up the standard.
Related contents:
AI-Native Task Management.
Multica is an open-source platform that turns coding agents into real teammates. Assign tasks, track progress, compound skills — manage your human + agent workforce in one place.
Related contents:
Sync and store locally all of your X / Twitter bookmarks.
An open source, free CLI tool for collecting and categorizing your personal X/Twitter bookmarks. Makes your bookmarks locally available to Claude Code, Codex, or any other agent with shell access.
Related contents:
A new developer platform is coming. Every commit tells a story. Now you can read it.
Entire CLI hooks into your git workflow to capture AI agent sessions on every push. Sessions are indexed alongside commits, a searchable record of how code was written.
Related contents:
A Man-in-the-Middle proxy written in Rust. Intercept, inspect, and modify HTTP/HTTPS traffic with Lua scripting, a TUI, and a web interface.
A programmable MITM proxy that intercepts HTTP/HTTPS traffic so you don't have to guess what your app is doing. Forward & reverse modes, TLS interception, TUI, terminal, and web GUI.
Related contents:
Filesystem-based module system for Nix
Haumea is not related to or a replacement for NixOS modules. It is closer to the module systems of traditional programming languages, with support for file hierarchy and visibility.
In short, haumea maps a directory of Nix files into an attribute set.
Community driven Dendritic Nix configurations.
Editor-distributions like those for nvim/emacs provide community-driven, opinionated configurations that can be easily reused and enabled by newcomers.
The dendrix project aims to provide the same experience: having community-managed, author-maintained and no-barrier-of-entry setups for everything that can be configured using flake-parts modules.
Related contents:
Keymap manager for wlroots-based compositors. Inspired by which-key.nvim.
Related contents:
Recursively import Nix modules from a directory tree.
import-tree recursively discovers and imports Nix files from a directory tree. It works with NixOS, nix-darwin, home-manager, flake-parts, NixVim, and any Nix module system.
Related contents: