security
a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS.
bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page.
Related contents:
Scans Software Bill of Materials (SBOMs) for security vulnerabilities.
bomber is an application that scans SBOMs for security vulnerabilities.
Top 10 Trending CVEs, Latest Insights & Analysis.
cvemon is a free vulnerability intelligence platform developed by Intruder to help businesses stay ahead of the latest threats.
By aggregating data from trusted sources, it provides the latest intelligence on CVEs and tracks what’s trending over the last 24 hours, complete with a hype score to contextualize the buzz.
How to stay safe from NPM supply chain attacks.
The NPM ecosystem is no stranger to compromises, supply-chain attacks, malware, spam, phishing, incidents, or even trolls. In this repository, I have consolidated a list of information you might find useful in securing yourself against these incidents.
PandoraBox is a USB scanning station designed to detect and remove malware from USB disks. It is based on Pandora by CIRCL and is distributed under the GPLv3 license.
Related contents:
Want to piss off your IT department? Are your links not malicious looking enough?
This is a tool that takes any link and makes it look malicious. It works on the idea of a redirect. Much like https://tinyurl.com/ for example. Where tinyurl makes an url shorter, this site makes it look malicious.
Related contents:
Paralegal is a static analyzer for Rust code that enforces privacy and security policies on programs.
Related contents:
Turn ideas into detections your SIEM understands. Generate Sigma, KQL, and SPL rules with tests and playbooks in seconds.
DetectPack Forge turns plain-English behaviors or sample logs into production-ready detection packs — Sigma, KQL (Sentinel), SPL (Splunk) — plus tests and a response playbook, mapped to MITRE ATT&CK, fully powered by Gen AI.
Open-Source Security Reports, Made Simple.
Secrover is a free and open-source tool that generates clear, professional security audit reports — without paywalls or proprietary SaaS. Just useful insights you can trust and share.
Link-based access control for Immich, NextCloud and Paperless. After verifying a URL "knock" on a share link, Sneak Link issues a cookie that grants access to a protected service. No IP whitelisting required.
Sortez couvert·es est un site qui donne des conseils juridiques et des rappels légaux sur l’usage du numérique, dans l’optique de protéger ses utilisateurices dans des situations d’urgence, de stress, comme nous pouvons les vivre au moment de grèves ou de manifestations.
Related contents:
Lock a device and wipe its data on emergency.
You can use PanicKit, tile, shortcut or send a message with a secret code. On trigger, using Device Administration API, it locks a device and optionally runs wipe (factory reset). Or it can send a broadcast message instead of the wipe.
Related contents:
Duress password trigger.
Tiny app to listen for a duress password on the lockscreen. When found, it can send a broadcast message or wipe the device.
Related contents:
The powerful open-source ESP32 firmware designed for offensive security and Red Team operations.
Bruce is meant to be a versatile ESP32 firmware that supports a ton of offensive features focusing on facilitating Red Team operations. It also supports m5stack products and works great with Cardputer, Sticks, M5Cores, T-Decks and T-Embeds.
A cheap alternative to FlipperZero™ based on Espressif and SBC boards.
CapibaraZero aim to be a cheap alternative to FlipperZero™. It's based on ESP32 boards especially on ESP32-S3 but we want to port firmware to all ESP family boards.
The pattern matching swiss knife for malware researchers.
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Repository of Yara rules dedicated to Phishing Kits Zip files.
This repository, dedicated to Phishing Kits zip files YARA rules, is based on zip raw format analysis to find directories and files names, you don't need yara-extend there.
Related contents:
Timely. Accurate. Relevant Phishing Intelligence.
Related contents:
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.
Securing containers, one scan at a time.
Harbor Guard is a comprehensive container security scanning platform that provides an intuitive web interface for managing and visualizing security assessments of Docker images.
Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
sandmap is a tool supporting network and system reconnaissance using the massive Nmap engine. It provides a user-friendly interface, automates and speeds up scanning and allows you to easily use many advanced scanning techniques.
A simple plugin for Composer that allows you to apply patches to your dependencies.
Related contents:
The Web-Email Spear Phishing Toolkit. An open-source phishing toolkit to simulate real-world phishing attacks that comprise phishing email and website.
SniperPhish (SP in short) is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish helps to combine both phishing emails and phishing websites you created to centrally track user actions. The tool is designed in a view of performing professional phishing exercise and would be reminded to take prior permission from the targeted organization to avoid legal implications.
Library and command line tool to detect SHA-1 collision in a file.
Related contents:
A Model Context Protocol server that provides read-only access to PostgreSQL databases. This server enables LLMs to inspect database schemas and execute read-only queries.
Related contents:
A tool to identify and investigate inauthentic GitHub user accounts and repositories.
ghbuster is a tool to detect suspicious GitHub repositories and users using heuristics. It is designed to help identify potentially malicious or inauthentic accounts and repositories on GitHub.
Related contents:
AI-assisted SAST, SCA and Secrets Detection. Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.
Related contents:
Chrome extension that highlights CVE identifiers and displays critical information directly on any webpage. No need to navigate elsewhere.
Related contents:
Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password).
Have you ever seen a movie where a hacker plugs a seemingly ordinary USB drive into a computer and instantly steals data? Today, you'll be building a device that does exactly that.
Related contents:
Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks.
Related contents:
A Deep Learning Approach for Password Guessing.
Related contents:
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.
Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
A world-class dynamic instrumentation toolkit. Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Related contents:
Check if your email address has been exposed in a data breach.
Related contents:
Multi-services Honeypot Solution with AI support and dynamic HTTP template.
Trapster Community is a low-interaction honeypot designed to be deployed on internal networks or to capture credentials. It is built to monitor and detect suspicious activities, providing a deceptive layer to network security.
Trapster Community Edition is a powerful open-source honeypot solution designed to enhance your network security. By acting as a decoy system within your infrastructure, Trapster helps detect and track potential threats, providing valuable insights into attacker behavior and network security posture.
Buttercup is a Cyber Reasoning System (CRS) developed by Trail of Bits for the DARPA AIxCC (AI Cyber Challenge). Buttercup finds and patches software vulnerabilities in open-source code repositories like example-libpng. It starts by running an AI/ML-assisted fuzzing campaign (built on oss-fuzz) for the program. When vulnerabilities are found, Buttercup analyzes them and uses a multi-agent AI-driven patcher to repair the vulnerability.
Related contents:
Run AI Generated Code Locally. A secure local sandbox to run LLM-generated code using Apple containers.
CodeRunner is an MCP (Model Context Protocol) server that executes AI-generated code in a sandboxed environment on your Mac using Apple's native containers.
Related contents:
Phishing & Scam Domain Blacklist.
An up-to-date blacklist of phishing and scam domains, automatically updated by the PhishDestroy system. A reliable threat intelligence source for integration into security systems.
Unlock the Future of Identity. Modern IAM written in Rust.
A blazing-fast IAM, powered by Rust. Open, secure, ready for your cloud journey.
FerrisKey is an open-source IAM solution designed for modern cloud-native environments. With its high-performance API written in Rust and its intuitive web interface developed in Typescript/React, FerrisKey offers a robust and flexible alternative to traditional IAM solutions.
A penetration testing tool for odoo applications.
OdooMap is a reconnaissance, enumeration, and security testing tool for Odoo applications.
Related contents:
The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.
While remaining compatible with the traditional CVE system, GCVE introduces GCVE Numbering Authorities (GNAs). GNAs are independent entities that can allocate identifiers without relying on a centralised block distribution system or rigid policy enforcement.
Related contents:
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
Related contents:
detect API auth weaknesses.
Autoswagger is a command-line tool designed to discover, parse, and test for unauthenticated endpoints using Swagger/OpenAPI documentation. It helps identify potential security issues in unprotected endpoints of APIs, such as PII leaks and common secret exposures.
Related contents:
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
Thorium is a highly scalable, distributed malware analysis and data generation framework. Thorium is designed to make cyber incident response, triage, and file analysis easier through the safe ingestion and storage of data, automation of analyses and easy access to stored analyses and metadata. Because of the sensitivity and potential maliciousness of data handled within Thorium, uploaded files are placed into an encrypted/neutered format called CaRT. After initial file upload, all analysis is conducted in sandboxed environments where protective measures and sanitization steps can be easily applied.
Related contents:
Cloud native networking and network security.
Calico is a single platform for networking, network security, and observability for any Kubernetes distribution in the cloud, on-premises, or at the edge. Whether you're just starting with Kubernetes or operating at scale, Calico's open source, enterprise, and cloud editions provide the networking, security, and observability you need.
Related contents:
eBPF-based Security Observability and Runtime Enforcement.
Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies.
Related contents:
An open-source security log auditing & RDP, VNC, SSH and databases management bastion platform.
Your Security Partner. Cybersecurity, Redefined. XENA is an inovative C2 made fully in Go.
XENA is designed for offensive cybersecurity, particularly for red team operations, penetration testing, and adversary simulations. Making it suitable for professionals conducting security assessments.
XENA is Cross-Platform Software for Cyber-Security Automation, Adversary Simulations, and Red Team Operations. XENA strives to be fully integrated security penetration testing framework. It is equipped with a post-exploitation agent, C2 server, and a dark-themed elegant user interface running on Desktop, Web, and Mobile.
🔎 Static code analysis engine to find security issues in code. Opengrep, a fork of Semgrep, under the LGPL 2.1 license.
Opengrep is an ultra-fast static analysis tool for searching code patterns with the power of semantic grep. Analyze large code bases at the speed of thought with intuitive pattern matching and customizable rules. Find and fix security vulnerabilities, fast – ship more secure code.
Opengrep supports 30+ languages, including:
Apex · Bash · C · C++ · C# · Clojure · Dart · Dockerfile · Elixir · HTML · Go · Java · JavaScript · JSX · JSON · Julia · Jsonnet · Kotlin · Lisp · Lua · OCaml · PHP · Python · R · Ruby · Rust · Scala · Scheme · Solidity · Swift · Terraform · TypeScript · TSX · YAML · XML · Generic (ERB, Jinja, etc.)
Kanvas for Incident Response.
A DF/IR case management tool that provides a unified workspace for investigators enabling key workflows to be completed without switching between multiple applications.
Simple IOC and YARA Scanner. Scanner for Simple Indicators of Compromise.
A lightweight proxy manager built on Tailscale's tsnet library that enables multiple HTTPS services on a Tailnet
Cameradar hacks its way into RTSP videosurveillance cameras.
Related contents:
FOKS provides a secure, end-to-end encrypted Git hosting service. Your data is encrypted on your machine before it is sent to the server, and the server never sees data or filenames in unencrypted form. This means that even if the server is compromised, your data is safe. FOKS is federated, so the git server can be one that you host, or one that is hosted for you.
Related contents:
SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP
Related contents:
ProxyAuth secures backend APIs through a fast authentication gateway. It encrypts tokens using ChaCha20 + HMAC-SHA256, with config-defined secrets. It features built-in rate limiting (on proxy and auth routes) and uses Argon2 with auto-generated salts for secure password hashing. The service is extremely fast, handling 100,000+ requests per second under load.
Related contents:
Scan for secrets in dangling commits on GitHub using GH Archive data.
This tool scans for secrets in dangling (dereferenced) commits on GitHub created by force push events. A force push occurs when developers overwrite commit history, which often contains mistakes, like hard-coded credentials. This project relies on archived force push event data in the GHArchive to identify the relevant commits.
Related contents:
SSL Certificate Management System (API + UI).
CertMate is a powerful SSL certificate management system designed for modern infrastructure. Built with multi-DNS provider support, Docker containerization, and comprehensive REST API, it's the perfect solution for managing certificates across multiple datacenters and cloud environments.