security
A lightweight security threat scanner intended to make malware detection more accessible and efficient.
Lenspect is a lightweight security threat scanner powered by VirusTotal.
Related contents:
AI Red Teaming Range.
Red AI Range (RAR) is a comprehensive security platform designed specifically for AI red teaming and vulnerability assessment. It creates realistic environments where security professionals can systematically discover, analyze, and mitigate AI vulnerabilities through controlled testing scenarios.
Open-Source Compliance Scanner. Multi-Cloud Compliance Scanner & Evidence Collection.
Scan AWS, Azure, and M365 for SOC2, PCI-DSS, HIPAA, CMMC, and NIST 800-53 compliance. Get audit-ready reports in minutes.
HoneyBee. Create honeypots for cloud environments.
HoneyBee is a tool for creating misconfigured environments to test vulnerabilities in technologies like Jenkins, Jupyter Notebook, and more.
Docker Proxy Filter (DPF) is a smol, forward proxy for filtering the content and responses of Docker API responses to only those you want to expose.
Unlike the OG docker-socket-proxy and its variants, DPF provides filtering of the response content from the Docker API, rather than disabling/enabling of API endpoints. It does not connect directly to the Docker socket: it designed to be used with another Docker "Socket Proxy" container. Combined with a socket-proxy container that provides granular endpoint access it's possible to expose only information about specific containers in a read-only context.
Related contents:
A 2FA TUI for your shell.
andcli lets you work with 2FA tokens directly in your shell, using encrypted backups exported out of your favourite 2FA apps. All the data is held in memory only and will never leave your machine.
safely install npm packages by auditing them pre-install stage. npq allows you to audit npm packages before you install them.
Related contents:
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
Related contents:
The easiest way to deploy dev/test infrastructure. An open-source, API driven infrastructure management system.
Ludus is a system to build easy to use cyber environments, or "ranges" for testing and development.
Built on Proxmox, Ludus enables advanced automation while still allowing easy manual modifications or setup of virtual machines and networks.
Related contents:
Global Bug Bounty & Vulnerability Management Platform.
Related contents:
CycloneDX Bill of Materials Standard.
CycloneDX is a modern standard for the software supply chain.
The International Standard for Bill of Materials (ECMA-424) The OWASP Foundation and Ecma International Technical Committee for Software & System Transparency (TC54) drive the continued advancement of the specification.
Related contents:
This project automates the creation of a complete security lab environment for detection engineering and attack simulation. With a single command, it deploys three virtual machines: a fully configured Splunk server, a Windows Server Active Directory Domain Controller with advanced logging, and a Splunk SOAR server for automated response capabilities.
MITM Proxy for Thick Client & non-HTTP Protocol.
A TLS MITM proxy for TCP/TLS/UDP traffic, with support for TLS upgrades like STARTTLS, PostgreSQL, and more.
Non-HTTP proxy that supports TCP to TLS upgrade protocols like STARTTLS and custom protocols. Perfect for thick client intercept and database protocol analysis.
NOVA: The Prompt Pattern Matching. NOVA is a Python-based tool for detecting adversarial prompts - prompt injections, exfiltration, evasion and TTPs.
NOVA is an open-source prompt pattern matching system combining keyword detection, semantic similarity, and LLM-based evaluation to analyze and detect prompt content.
Related contents:
Patch the past. Build the future. Eliminate your CVEs
Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.:
1,700+ trusted container images to eliminate your vulnerabilities and mitigate malware.
Related contents:
Wraps your package manager, preventing installation of malicious packages.
Related contents:
IDA Pro Binary Diffing Engine.
DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.
Relate contents:
High speed TLS signature filtering.
Instead of taking the full JA4 hash to fingerprint traffic which is slow to calculate and is hard to implement in a BPF filter, I take a Jenkins hash of the sorted supported ciphers in any given TLS request. To similar effect as JA4, keeping fingerprinting usefulness. Switching to a non-cryptographic hashing algorithm is okay here because any given attacker with enough skill could replicate the ciphers of another client, so any hash reversing would be useless or at best force the attacker to implement a different amount of hashes.
Related contents:
A modern open-source Kubernetes auditing and investigation tool.
Replik8s is a modern open-source Kubernetes auditing and investigation tool. It is designed to address the common limitations of traditional security tools, which rely on narrow data collection and predefined logic. RepliK8s allows cloning Kubernetes clusters and serving back exact replicas of the original data, as well as conducting analysis through a tool-agnostic query language.
Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There are currently over 296,000 CVE Records accessible via Download or Keyword Search above.
Related contents:
L'outil pour piloter en équipe la sécurité de tous vos services numériques et les homologuer rapidement.
Related contents:
Comprehensive detection tool for NPM supply chain attacks, specifically designed to identify and prevent the Shai-Hulud worm that compromised 500+ packages including CrowdStrike npm packages in 2025.
Related contents:
Use your phone as a dashcam and save the last 30 minutes when you need them.
Alibi keeps recording audio/video in the background and saves the last 30 minutes at your request. Everything is completely configurable. No internet connection required.
Related contents:
A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
Linting tool for CloudFormation templates. The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
Related contents:
Open Source Cloud Security Tool.
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more.
Related contents:
Revolutionary AI-Powered Offensive Security Framework.
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS.
bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page.
Related contents:
Scans Software Bill of Materials (SBOMs) for security vulnerabilities.
bomber is an application that scans SBOMs for security vulnerabilities.
Top 10 Trending CVEs, Latest Insights & Analysis.
cvemon is a free vulnerability intelligence platform developed by Intruder to help businesses stay ahead of the latest threats.
By aggregating data from trusted sources, it provides the latest intelligence on CVEs and tracks what’s trending over the last 24 hours, complete with a hype score to contextualize the buzz.
How to stay safe from NPM supply chain attacks.
The NPM ecosystem is no stranger to compromises, supply-chain attacks, malware, spam, phishing, incidents, or even trolls. In this repository, I have consolidated a list of information you might find useful in securing yourself against these incidents.
PandoraBox is a USB scanning station designed to detect and remove malware from USB disks. It is based on Pandora by CIRCL and is distributed under the GPLv3 license.
Related contents:
Want to piss off your IT department? Are your links not malicious looking enough?
This is a tool that takes any link and makes it look malicious. It works on the idea of a redirect. Much like https://tinyurl.com/ for example. Where tinyurl makes an url shorter, this site makes it look malicious.
Related contents:
Paralegal is a static analyzer for Rust code that enforces privacy and security policies on programs.
Related contents:
Turn ideas into detections your SIEM understands. Generate Sigma, KQL, and SPL rules with tests and playbooks in seconds.
DetectPack Forge turns plain-English behaviors or sample logs into production-ready detection packs — Sigma, KQL (Sentinel), SPL (Splunk) — plus tests and a response playbook, mapped to MITRE ATT&CK, fully powered by Gen AI.
Open-Source Security Reports, Made Simple.
Secrover is a free and open-source tool that generates clear, professional security audit reports — without paywalls or proprietary SaaS. Just useful insights you can trust and share.
Link-based access control for Immich, NextCloud and Paperless. After verifying a URL "knock" on a share link, Sneak Link issues a cookie that grants access to a protected service. No IP whitelisting required.
Sortez couvert·es est un site qui donne des conseils juridiques et des rappels légaux sur l’usage du numérique, dans l’optique de protéger ses utilisateurices dans des situations d’urgence, de stress, comme nous pouvons les vivre au moment de grèves ou de manifestations.
Related contents:
Lock a device and wipe its data on emergency.
You can use PanicKit, tile, shortcut or send a message with a secret code. On trigger, using Device Administration API, it locks a device and optionally runs wipe (factory reset). Or it can send a broadcast message instead of the wipe.
Related contents:
Duress password trigger.
Tiny app to listen for a duress password on the lockscreen. When found, it can send a broadcast message or wipe the device.
Related contents:
The powerful open-source ESP32 firmware designed for offensive security and Red Team operations.
Bruce is meant to be a versatile ESP32 firmware that supports a ton of offensive features focusing on facilitating Red Team operations. It also supports m5stack products and works great with Cardputer, Sticks, M5Cores, T-Decks and T-Embeds.
A cheap alternative to FlipperZero™ based on Espressif and SBC boards.
CapibaraZero aim to be a cheap alternative to FlipperZero™. It's based on ESP32 boards especially on ESP32-S3 but we want to port firmware to all ESP family boards.
The pattern matching swiss knife for malware researchers.
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Repository of Yara rules dedicated to Phishing Kits Zip files.
This repository, dedicated to Phishing Kits zip files YARA rules, is based on zip raw format analysis to find directories and files names, you don't need yara-extend there.
Related contents:
Timely. Accurate. Relevant Phishing Intelligence.
Related contents:
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.
Securing containers, one scan at a time.
Harbor Guard is a comprehensive container security scanning platform that provides an intuitive web interface for managing and visualizing security assessments of Docker images.
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.
A simple plugin for Composer that allows you to apply patches to your dependencies.
Related contents:
The Web-Email Spear Phishing Toolkit. An open-source phishing toolkit to simulate real-world phishing attacks that comprise phishing email and website.
SniperPhish (SP in short) is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercise and would be reminded to take prior permission from the targeted organization to avoid legal implications.
Library and command line tool to detect SHA-1 collision in a file.
Related contents:
A Model Context Protocol server that provides read-only access to PostgreSQL databases. This server enables LLMs to inspect database schemas and execute read-only queries.
Related contents:
A tool to identify and investigate inauthentic GitHub user accounts and repositories.
ghbuster is a tool to detect suspicious GitHub repositories and users using heuristics. It is designed to help identify potentially malicious or inauthentic accounts and repositories on GitHub.
Related contents:
AI-assisted SAST, SCA and Secrets Detection. Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.
Related contents:
Chrome extension that highlights CVE identifiers and displays critical information directly on any webpage. No need to navigate elsewhere.
Related contents:
Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password).
Have you ever seen a movie where a hacker plugs a seemingly ordinary USB drive into a computer and instantly steals data? Today, you'll be building a device that does exactly that.
Related contents:
Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks.
Related contents:
A Deep Learning Approach for Password Guessing.
Related contents:
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.
Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
A world-class dynamic instrumentation toolkit. Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Related contents: