security
threat modelling configuration language with hcl.
There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able to clearly document the threats, and to be able to drive valuable change.
A security auditor for Tailscale configurations. Scans your tailnet for misconfigurations, overly permissive access controls, and security best practice violations.
Protect your SSH keys with your Mac's Secure Enclave.
Secretive is an app for protecting and managing SSH keys with the Secure Enclave.
Related contents:
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478).
A command-line tool for detecting CVE-2025-55182 and CVE-2025-66478 in Next.js applications using React Server Components.
AI Penetration Testing.
PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.
An IP based remember-me to allow auth interactions on dumb clients. Targeted at self-hosters who don't want to directly expose things like HomeAssistant or Jellyfin login pages to the open internet but have clients that can't support web auth
Find, analyze, and check for exposed IP cameras with open ports, known vulnerabilities, and weak login credentials.
CamXploit is a reconnaissance tool designed to help researchers and security enthusiasts check if an IP address is hosting an exposed CCTV camera. It scans common camera ports, checks for login pages, tests default credentials, and provides useful search links for further investigation.
paranoid-grade rust-based encryption utility + cross-platform GUI.
Related contents:
A local AI-powered DLP solution.
PrivacyFirewall is a local-first PII and secrets firewall for AI tools like ChatGPT, Claude, and Gemini.It blocks risky paste events, warns as you type, and (optionally) uses a lightweight on-device Transformer model for deeper PII detection.
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | SLSA Level 3 Compliant for Secure Development and Build Process | Apps Available on MS Store✨
Related contents:
Build better security habits, one test at a time. Quickly assess open source projects for risky practices.
Related contents:
Hands-on MCP security lab: 10 real incidents reproduced with vulnerable/secure MCP servers, pytest regressions, and Claude/Cursor battle-tested exploit walkthroughs
Grype + Rummage = Grummage.
Grummage is an interactive terminal frontend to Grype.
Related contents:
pinact is a CLI to edit GitHub Workflow and Composite action files and pin versions of Actions and Reusable Workflows. pinact can also update their versions and verify version annotations.
age-encrypted secrets for NixOS and Home manager.
agenix is a small and convenient Nix library for securely managing and deploying secrets using common public-private SSH key pairs: You can encrypt a secret (password, access-token, etc.) on a source machine using a number of public SSH keys, and deploy that encrypted secret to any another target machine that has the corresponding private SSH key of one of those public keys.
Related contents:
Analyze Chrome Extensions for Security.
CRXplorer is a free Chrome extensions analysis tool that combines traditional security scanning with AI-powered insights.
Related contents:
Basic rate-limiting middleware for the Express web server.
Use to limit repeated requests to public APIs and/or endpoints such as password reset. Plays nice with express-slow-down and ratelimit-header-parser.
GreyNoise watches the internet's background radiation—the constant storm of scanners, bots, and probes hitting every IP address on Earth. We've cataloged billions of these interactions to answer one critical question: is this IP a real threat, or just internet noise? Security teams trust our data to cut through the chaos and focus on what actually matters.
Related contents:
Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning and web cache deception.
The scanner supports many different web cache poisoning and web cache deception techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficient testing. It is highly customizable and can be easily integrated into existing CI/CD pipelines.
Kubernetes Compliance & Security Checks Extension. Browser extension for Kubernetes YAML guardrails – security & compliance linting directly in GitHub/GitLab.
Guardon is a lightweight browser extension that helps developers and reviewers detect common Kubernetes misconfigurations and security issues directly on code hosting sites (GitHub, GitLab, Bitbucket) or from pasted YAML. It parses multi-document YAML, applies configurable rules, and can suggest safe fixes.
Related contents:
Open Source Cloud Security Scanner.
An open source, cloud-native security to protect everything from build to runtime.
cnspec assesses your entire infrastructure's security and compliance. It finds vulnerabilities and misconfigurations across public and private cloud environments, Kubernetes clusters, containers, container registries, servers, endpoints, SaaS products, infrastructure as code, APIs, and more.
A powerful policy as code engine, cnspec is built upon Mondoo's security data fabric. It comes configured with default security policies that run right out of the box. It's both fast and simple to use!
An executable file that runs a harmless program most of the time, but will run a different, hidden code if deployed on a specific target host.
Related contents:
A web-based management interface for CrowdSec security stack with Pangolin integration. This project replaces the bash script with a modern, user-friendly ShadcnUI built with Go and React.
Sirius is an open-source comprehensive vulnerability scanner that leverages community-driven security intelligence and automated penetration testing capabilities.
A RISC-V instruction set extension for privacy-oriented programming. Mojo-V allows programmers to write software that computes on data that no software or person can see, except the data owner. Mojo-V implements this novel form of secret computation using simple extensions to a RISC-V CPU.
The Volatility Collaborative GUI.
A modern, distributed web interface for collaborative memory forensics built on Volatility 3, Django, and Dask.
Free Malware Scanner for Linux Servers.
Find out what’s hiding on your server, absolutely free. Your first step to a secure server starts here.
Related contents:
Scan MCP servers for potential threats & security findings.
A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings. The MCP Scanner combines Cisco AI Defense inspect API, YARA rules and LLM-as-a-judge to detect malicious MCP tools.
Related contents:
The AI Penetration Testing Agent. Penetration testing done in hours, not weeks. Strix finds and fixes vulnerabilities before they reach production.
Your Complete Security Operations Platform
Open-source SIEM, CSPM, WAF, and threat intelligence. From git clone to running security scans in just 5 minutes. No vendor lock-in. No complex setup.
Security Orchestrator for Advanced Response to Cyber Attacks.
The Open Source CACAO-based Security Orchestrator! Automate threat and incident response workflows with CACAO security playbooks.
Related contents:
ENISA, is the Union's agency dedicated to achieving a high common level of cybersecurity across Europe.
Related contents:
Vulnerabilities in modern computers leak passwords and sensitive data.
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
An advanced AI-driven vulnerability scanner and penetration testing tool that integrates multiple AI providers (OpenAI, Grok, OLLAMA, Claude) with comprehensive security testing modules for automated bug hunting, intelligent payload generation, and professional reporting.
Related contents:
A simulation tool for AWS IAM written in Go.
yams is a Go library, server, and CLI providing foundational capabilities to simulate access for AWS IAM policies.
A Kubernetes controller and tool for one-way encrypted Secrets.
Problem: "I can manage all my K8s config in git, except Secrets." Solution: Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository. The SealedSecret can be decrypted only by the controller running in the target cluster and nobody else (not even the original author) is able to obtain the original Secret from the SealedSecret.
A lightweight security threat scanner intended to make malware detection more accessible and efficient.
Lenspect is a lightweight security threat scanner powered by VirusTotal.
Related contents:
AI Red Teaming Range.
Red AI Range (RAR) is a comprehensive security platform designed specifically for AI red teaming and vulnerability assessment. It creates realistic environments where security professionals can systematically discover, analyze, and mitigate AI vulnerabilities through controlled testing scenarios.
Open-Source Compliance Scanner. Multi-Cloud Compliance Scanner & Evidence Collection.
Scan AWS, Azure, and M365 for SOC2, PCI-DSS, HIPAA, CMMC, and NIST 800-53 compliance. Get audit-ready reports in minutes.
HoneyBee. Create honeypots for cloud environments.
HoneyBee is a tool for creating misconfigured environments to test vulnerabilities in technologies like Jenkins, Jupyter Notebook, and more.
Docker Proxy Filter (DPF) is a smol, forward proxy for filtering the content and responses of Docker API responses to only those you want to expose.
Unlike the OG docker-socket-proxy and its variants, DPF provides filtering of the response content from the Docker API, rather than disabling/enabling of API endpoints. It does not connect directly to the Docker socket: it designed to be used with another Docker "Socket Proxy" container. Combined with a socket-proxy container that provides granular endpoint access it's possible to expose only information about specific containers in a read-only context.
Related contents:
A 2FA TUI for your shell.
andcli lets you work with 2FA tokens directly in your shell, using encrypted backups exported out of your favourite 2FA apps. All the data is held in memory only and will never leave your machine.
safely install npm packages by auditing them pre-install stage. npq allows you to audit npm packages before you install them.
Related contents:
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Related contents:
The easiest way to deploy dev/test infrastructure. An open-source, API driven infrastructure management system.
Ludus is a system to build easy to use cyber environments, or "ranges" for testing and development.
Built on Proxmox, Ludus enables advanced automation while still allowing easy manual modifications or setup of virtual machines and networks.
Related contents:
Global Bug Bounty & Vulnerability Management Platform.
Related contents:
CycloneDX Bill of Materials Standard.
CycloneDX is a modern standard for the software supply chain.
The International Standard for Bill of Materials (ECMA-424) The OWASP Foundation and Ecma International Technical Committee for Software & System Transparency (TC54) drive the continued advancement of the specification.
Related contents:
This project automates the creation of a complete security lab environment for detection engineering and attack simulation. With a single command, it deploys three virtual machines: a fully configured Splunk server, a Windows Server Active Directory Domain Controller with advanced logging, and a Splunk SOAR server for automated response capabilities.
MITM Proxy for Thick Client & non-HTTP Protocol.
A TLS MITM proxy for TCP/TLS/UDP traffic, with support for TLS upgrades like STARTTLS, PostgreSQL, and more.
Non-HTTP proxy that supports TCP to TLS upgrade protocols like STARTTLS and custom protocols. Perfect for thick client intercept and database protocol analysis.
NOVA: The Prompt Pattern Matching. NOVA is a Python-based tool for detecting adversarial prompts - prompt injections, exfiltration, evasion and TTPs.
NOVA is an open-source prompt pattern matching system combining keyword detection, semantic similarity, and LLM-based evaluation to analyze and detect prompt content.
Related contents:
Patch the past. Build the future. Eliminate your CVEs
Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.:
1,700+ trusted container images to eliminate your vulnerabilities and mitigate malware.
Related contents:
Wraps your package manager, preventing installation of malicious packages.
Related contents:
IDA Pro Binary Diffing Engine.
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.
Relate contents:
High speed TLS signature filtering.
Instead of taking the full JA4 hash to fingerprint traffic which is slow to calculate and is hard to implement in a BPF filter, I take a Jenkins hash of the sorted supported ciphers in any given TLS request. To similar effect as JA4, keeping fingerprinting usefulness. Switching to a non-cryptographic hashing algorithm is okay here because any given attacker with enough skill could replicate the ciphers of another client, so any hash reversing would be useless or at best force the attacker to implement a different amount of hashes.
Related contents:
A modern open-source Kubernetes auditing and investigation tool.
Replik8s is a modern open-source Kubernetes auditing and investigation tool. It is designed to address the common limitations of traditional security tools, which rely on narrow data collection and predefined logic. RepliK8s allows cloning Kubernetes clusters and serving back exact replicas of the original data, as well as conducting analysis through a tool-agnostic query language.
Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There are currently over 296,000 CVE Records accessible via Download or Keyword Search above.
Related contents:
L'outil pour piloter en équipe la sécurité de tous vos services numériques et les homologuer rapidement.
Related contents:
Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm that compromised 500+ packages including CrowdStrike npm packages in 2025.
Related contents:
Use your phone as a dashcam and save the last 30 minutes when you need them.
Alibi keeps recording audio/video in the background and saves the last 30 minutes at your request. Everything is completely configurable. No internet connection required.
Related contents:
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.