security
A world-class dynamic instrumentation toolkit. Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Related contents:
Check if your email address has been exposed in a data breach.
Related contents:
Multi-services Honeypot Solution with AI support and dynamic HTTP template.
Trapster Community is a low-interaction honeypot designed to be deployed on internal networks or to capture credentials. It is built to monitor and detect suspicious activities, providing a deceptive layer to network security.
Trapster Community Edition is a powerful open-source honeypot solution designed to enhance your network security. By acting as a decoy system within your infrastructure, Trapster helps detect and track potential threats, providing valuable insights into attacker behavior and network security posture.
Buttercup is a Cyber Reasoning System (CRS) developed by Trail of Bits for the DARPA AIxCC (AI Cyber Challenge). Buttercup finds and patches software vulnerabilities in open-source code repositories like example-libpng. It starts by running an AI/ML-assisted fuzzing campaign (built on oss-fuzz) for the program. When vulnerabilities are found, Buttercup analyzes them and uses a multi-agent AI-driven patcher to repair the vulnerability.
Related contents:
Run AI Generated Code Locally. A secure local sandbox to run LLM-generated code using Apple containers.
CodeRunner is an MCP (Model Context Protocol) server that executes AI-generated code in a sandboxed environment on your Mac using Apple's native containers.
Related contents:
Phishing & Scam Domain Blacklist.
An up-to-date blacklist of phishing and scam domains, automatically updated by the PhishDestroy system. A reliable threat intelligence source for integration into security systems.
Unlock the Future of Identity. Modern IAM written in Rust.
A blazing-fast IAM, powered by Rust. Open, secure, ready for your cloud journey.
FerrisKey is an open-source IAM solution designed for modern cloud-native environments. With its high-performance API written in Rust and its intuitive web interface developed in Typescript/React, FerrisKey offers a robust and flexible alternative to traditional IAM solutions.
A penetration testing tool for odoo applications.
OdooMap is a reconnaissance, enumeration, and security testing tool for Odoo applications.
Related contents:
The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.
While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.
Related contents:
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
Related contents:
detect API auth weaknesses.
Autoswagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures.
Related contents:
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
Thorium is a highly scalable, distributed malware analysis and data generation framework. Thorium is designed to make cyber incident response, triage, and file analysis easier through the safe ingestion and storage of data, automation of analyses and easy access to stored analyses and metadata. Because of the sensitivity and potential maliciousness of data handled within Thorium, uploaded files are placed into an encrypted/neutered format called CaRT. After initial file upload, all analysis is conducted in sandboxed environments where protective measures and sanitization steps can be easily applied.
Related contents:
Cloud native networking and network security.
Calico is a single platform for networking, network security, and observability for any Kubernetes distribution in the cloud, on-premises, or at the edge. Whether you're just starting with Kubernetes or operating at scale, Calico's open source, enterprise, and cloud editions provide the networking, security, and observability you need.
Related contents:
eBPF-based Security Observability and Runtime Enforcement.
Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies.
Related contents:
An open-source security log auditing & RDP, VNC, SSH and databases management bastion platform.
Your Security Partner. Cybersecurity, Redefined. XENA is an inovative C2 made fully in Go.
XENA is designed for offensive cybersecurity, particularly for red team operations, penetration testing, and adversary simulations. Making it suitable for professionals conducting security assessments.
XENA is Cross-Platform Software for Cyber-Security Automation, Adversary Simulations, and Red Team Operations. XENA strives to be fully integrated security penetration testing framework. It is equipped with a post-exploitation agent, C2 server, and a dark-themed elegant user interface running on Desktop, Web, and Mobile.
🔎 Static code analysis engine to find security issues in code. Opengrep, a fork of Semgrep, under the LGPL 2.1 license.
Opengrep is an ultra-fast static analysis tool for searching code patterns with the power of semantic grep. Analyze large code bases at the speed of thought with intuitive pattern matching and customizable rules. Find and fix security vulnerabilities, fast – ship more secure code.
Opengrep supports 30+ languages, including:
Apex · Bash · C · C++ · C# · Clojure · Dart · Dockerfile · Elixir · HTML · Go · Java · JavaScript · JSX · JSON · Julia · Jsonnet · Kotlin · Lisp · Lua · OCaml · PHP · Python · R · Ruby · Rust · Scala · Scheme · Solidity · Swift · Terraform · TypeScript · TSX · YAML · XML · Generic (ERB, Jinja, etc.)
Kanvas for Incident Response.
A DF/IR case management tool that provides a unified workspace for investigators enabling key workflows to be completed without switching between multiple applications.
Simple IOC and YARA Scanner. Scanner for Simple Indicators of Compromise.
A lightweight proxy manager built on Tailscale's tsnet library that enables multiple HTTPS services on a Tailnet
Cameradar hacks its way into RTSP videosurveillance cameras.
Related contents:
FOKS provides a secure, end-to-end encrypted Git hosting service. Your data is encrypted on your machine before it is sent to the server, and the server never sees data or filenames in unencrypted form. This means that even if the server is compromised, your data is safe. FOKS is federated, so the git server can be one that you host, or one that is hosted for you.
Related contents:
SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP
ProxyAuth secures backend APIs through a fast authentication gateway. It encrypts tokens using ChaCha20 + HMAC-SHA256, with config-defined secrets. It features built-in rate limiting (on proxy and auth routes) and uses Argon2 with auto-generated salts for secure password hashing. The service is extremely fast, handling 100,000+ requests per second under load.
Related contents:
Scan for secrets in dangling commits on GitHub using GH Archive data.
This tool scans for secrets in dangling (dereferenced) commits on GitHub created by force push events. A force push occurs when developers overwrite commit history, which often contains mistakes, like hard-coded credentials. This project relies on archived force push event data in the GHArchive to identify the relevant commits.
Related contents:
SSL Certificate Management System (API + UI).
CertMate is a powerful SSL certificate management system designed for modern infrastructure. Built with multi-DNS provider support, Docker containerization, and comprehensive REST API, it's the perfect solution for managing certificates across multiple datacenters and cloud environments.
Fearless Kubernetes App Updates. Check your Kubernetes manifests before it hits the cluster.
kubechecks allows users of Github and Gitlab to see exactly what their changes will affect on their current ArgoCD deployments, as well as automatically run various conformance test suites prior to merge.
A safer way to run remote scripts.
Stop blindly piping to bash. vet lets you inspect remote scripts for changes, run them through a linter, and require your explicit approval before they can execute.
vet is a command-line tool that acts as a safety net for the risky curl | bash pattern. It lets you inspect, diff against previous versions, and lint remote scripts before asking for your explicit approval to execute. Promoting a safer, more transparent way to handle remote code execution.
Kingfisher is a blazingly fast secret‑scanning and validation tool built in Rust. It combines Intel’s hardware‑accelerated Hyperscan regex engine with language‑aware parsing via Tree‑Sitter, and ships with hundreds of built‑in rules to detect, validate, and triage secrets before they ever reach production.
Related contents:
Don't hit the south wall, don't turn back. An industry-leading free, high-performance, AI and semantic technology web application and API security protection product.
UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched by UUSEC Technology, which first realizes the three-layer defense function of traffic layer, system layer, and runtime layer.
Login screen for your apps. The simplest way to protect your apps with a login screen.
Tinyauth is a simple authentication middleware that adds a simple login screen or OAuth with Google, Github and any provider to all of your docker apps. It supports all the popular proxies like Traefik, Nginx and Caddy.
Related contents:
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management.
OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports(in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc. Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode or as Maltego transforms.
Interactive security awareness game simulating a retro Windows 95 environment to teach users about online scams and phishing attacks. 🏆 Hackaburg 2025 Winner.
Doors95 is an interactive browser game built to teach users about dangers they can encounter while doing (daily) tasks on a computer. You are placed onto a simulated computer desktop inspired by Windows 95 and are guided through the different missions by our AI assistant Skippy. The main objective is to complete the task at hand without getting infected with viruses.
SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown).
Related contents:
zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups.
Related contents:
Malware sample exchange.
MalwareBazaar is a platform from abuse.ch and Spamhaus, dedicated to sharing malware samples with the infosec community, antivirus vendors, and threat intelligence providers. Upload malware samples and explore the database for valuable intelligence. Set alerts to track newly observed malware, use APIs to seamlessly push or pull signals, and automate bulk queries.
Related contents:
Agentless Vulnerability Scanner for Linux/FreeBSD.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices.
Safer python package installs with audit and consent 𝘣𝘦𝘧𝘰𝘳𝘦 install.
Pipask is a drop-in replacement for pip that performs security checks before installing a package. Unlike pip, which needs to download and execute code from source distribution first to get dependency metadata, pipask relies on metadata from PyPI whenever possible. If 3rd party code execution is necessary, pipask asks for consent first. The actual installation is handed over to pip if installation is approved.
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security level
Own Your IAM with a Perpetual License. Open source alternative to Auth0 / Firebase Auth.
Authgear is an open-source extensible turnkey solution for all of your consumer authentication needs. Authgear gets you started in 5 minutes with developer-friendly SDKs and a comprehensive portal.
Generate a MITRE ATT&CK Navigator based on a list of CVEs. Database with CVE, CWE, CAPEC, and MITRE ATT&CK Techniques data is updated daily.
The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years.
Related contents:
As per the NIS2 Directive, ENISA is mandated to develop and maintain the European vulnerability database.
Access to reliable and timely information about vulnerabilities affecting Information and Communication Technology (ICT) products and services contributes to an enhanced cybersecurity risk management. Sources of publicly available information about vulnerabilities are an important tool for users of these services, competent authorities, and the broader cybersecurity community. ENISA has established a European Vulnerability Database (EUVD) where entities, regardless of whether they fall within the scope of the NIS2 Directive, and their suppliers of network and information systems, as well as competent authorities, most notably CSIRTs, can voluntarily disclose and register publicly known vulnerabilities to allow users to take appropriate mitigating measures.
Cloud native secrets management for developers - never leave your command line for secrets.
Never leave your terminal to use secrets while developing, testing, and building your apps.
Instead of custom scripts, tokens in your .zshrc files, visible EXPORTs in your bash history, misplaced .env.production files and more around your workstation -- just use teller and connect it to any vault, key store, or cloud service you like (Teller support Hashicorp Vault, AWS Secrets Manager, Google Secret Manager, and many more).
Security scanner for MCP servers
MCP-Shield scans your installed MCP (Model Context Protocol) servers and detects vulnerabilities like tool poisoning attacks, exfiltration channels and cross-origin escalations.
Honeypot servers with an integrated threat feed.
Deceptifeed is a honeypot and threat feed server. It runs multiple deceptive network services (honeypots), while the threat feed lists IP addresses that have interacted with the honeypots. Additionally, Deceptifeed provides real-time visibility into honeypot activity, allowing you to monitor logs and interactions as they occur.
DNS Measurement, Troubleshooting and Security Auditing Toolset.
Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.
Related contents:
Fix Inventory is an open-source cloud asset inventory tool for infrastructure and security engineers.
Fix Inventory helps you identify and remove the most critical risks in AWS, GCP, Azure and Kubernetes.
Fix Inventory enables a broad set of exploration and automation scenarios. Its foundation is a graph-based data model, which exposes resource metadata and dependency relationships between your service's assets.
A powerful CLI allows you to search, explore, and manage your cloud resources.
Related contents:
PhishTool gives human analysts the power to reverse engineer phishing emails, to better defend against them. PhishTool is to phishing emails as a disassembler is to malware or a forensic toolkit is to file systems.
Related contents:
The last bastion
Secure access to your internal SSH, HTTPS, MySQL and Postgres servers with SSO and RBAC.
- [Warpgate @ GitHub]{https://github.com/warp-tech/warpgate).
A framework for securing software update systems.
The Update Framework (TUF) maintains the security of software update systems, providing protection even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
Related contents:
OpenSSF Scorecard assesses open source projects for security risks through a series of automated checksIt was created by OSS developers to help improve the health of critical projects that the community depends on.
You can use it to proactively assess and make informed decisions about accepting security risks within your codebase. You can also use the tool to evaluate other projects and dependencies, and work with maintainers to improve codebases you might want to integrate.
Scorecard is an automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. You can also assess the risks that dependencies introduce, and make informed decisions about accepting these risks, evaluating alternative solutions, or working with the maintainers to make improvements.
Related contents:
The Package Analysis project analyses the capabilities of packages available on open source repositories. The project looks for behaviors that indicate malicious software:
-
What files do they access?
-
What addresses do they connect to?
-
What commands do they run?
Related contents:
A framework to secure the integrity of software supply chains.
in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
Related contents:
A tool for preventing the installation of malicious PyPI and npm packages 🔥.
Supply-Chain Firewall is a command-line tool for preventing the installation of malicious PyPI and npm packages. It is intended primarily for use by engineers to protect their development workstations from compromise in a supply-chain attack.
Related contents:
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
This repository is an open-source dataset of 5938 malicious software packages (and counting) identified by Datadog, as part of our security research efforts in software supply-chain security. Most of the malicious packages have been identified by GuardDog.
Related contents:
🐍 🔍 GuardDog is a CLI tool to Identify malicious PyPI and npm packages.
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages or Go modules. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata. GuardDog can be used to scan local or remote PyPI and npm packages or Go modules using any of the available heuristics.
Related contents: