security
Share your Immich photos and albums in a safe way without exposing your Immich instance to the public.
Related contents:
An Open Source SOAR solution. A general purpose security automation platform. Our focus is on collaboration and resource sharing.
Shuffle is an open source automation platform, built for and by the security professionals. Security operations is complex, but it doesn't have to be. Built to work well with MSSP's and other service providers in mind.
Source: Savez-vous ce qui est un OpenVOC ? @ Florian Dudaev's LinkedIn :fr:.
Open-Source Collaborative Incident Response Platform. Created by incident responders for incident responders.
Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations.
Threat Detection & Incident Response Done Right. SIEM, Log Management & API Protection.
Graylog is a free and open log management platform.
Related contents:
Check if an IP address or domain is malicious.
isMalicious is a cybersecurity API that helps protect your web applications from malicious or suspicious actors.
An inventory of tools and resources about CyberSecurity.
An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
Ligolo-ng is a simple, lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface (without the need of SOCKS).
Penelope Shell Handler.
Penelope is a shell handler designed to be easy to use and intended to replace netcat when exploiting RCE vulnerabilities. It is compatible with Linux and macOS and requires Python 3.6 or higher. It is a standalone script that does not require any installation or external dependencies, and it is intended to remain this way.
Monitor changes in Active Directory with replication metadata.
Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.
An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails configured in it.
Zero shot vulnerability discovery using LLMs. A tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis.
Vulnhuntr leverages the power of LLMs to automatically create and analyze entire code call chains starting from remote user input and ending at server output for detection of complex, multi-step, security-bypassing vulnerabilities that go far beyond what traditional static code analysis tools are capable of performing.
Related contents:
the Best WAF for Webmaster. Secure Everything on Your Web Applications.A simple, lightweight, self-hosted WAF that protects your website from cyber attacks.
serve as a reverse proxy to protect your web services from attacks and exploits.
Related contents:
The firmware security analyzer.
EMBA is designed as the central firmware analysis and SBOM tool for penetration testers, product security teams, developers and responsible product managers. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation, building the SBOM and finally generating a web report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords. EMBA is a command line tool with the possibility to generate an easy-to-use web report for further analysis.
The goal of this proposal is to advance a superset of C++ with a rigorously safe subset. Begin a new project, or take an existing one, and start writing safe code in C++. Code in the safe context exhibits the same strong safety guarantees as code written in Rust.
Living Off The Land Security Tools is a curated list of Security Tools used by adversaries to bypass security controls and carry out attacks.
The multi-platform memory acquisition tool.
WinPmem has been the default open source memory acquisition driver for windows for a long time. It used to live in the Rekall project, but has recently been separated into its own repository.
Volatility Memory Forensics - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community.
Memory analysis has become one of the most important topics to the future of digital investigations, and The Volatility Framework has become the world’s most widely used memory forensics tool - relied upon by law enforcement, military, academia, and commercial investigators around the world. The Volatility Foundation helps keep Volatility going so that it may be used in perpetuity, free and open to all.
Linpmem is a linux memory acquisition tool. Linpmem is a Linux x64-only tool for reading physical memory.
Like its Windows counterpart, Winpmem, this is not a traditional memory dumper. Linpmem offers an API for reading from any physical address, including reserved memory and memory holes, but it can also be used for normal memory dumping. Furthermore, the driver offers a variety of access modes to read physical memory, such as byte, word, dword, qword, and buffer access mode, where buffer access mode is appropriate in most standard cases. If reading requires an aligned byte/word/dword/qword read, Linpmem will do precisely that.
An Open-source LTE Downlink/Uplink Eavesdropper.
LTESniffer is a tool that can capture the LTE wireless messages that are sent between a cell tower and smartphones connected to it. LTESniffer supports capturing the messages in both directions, from the tower to the smartphones, and from the smartphones back to the cell tower.
It first decodes the Physical Downlink Control Channel (PDCCH) to obtain the Downlink Control Informations (DCIs) and Radio Network Temporary Identifiers (RNTIs) of all active users. Using decoded DCIs and RNTIs, LTESniffer further decodes the Physical Downlink Shared Channel (PDSCH) and Physical Uplink Shared Channel (PUSCH) to retrieve uplink and downlink data traffic.
Node Version Audit is a convenience tool to easily check a given Node.js version against a regularly updated list of CVE exploits, new releases, and end of life dates.
Node Version Audit is not: exploit detection/mitigation, vendor-specific version tracking, a replacement for staying informed on Node.js releases and security exploits.
Sample Go app repo with test and release pipelines optimized for software supply chain security (S3C).
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir.
The Ultimate Information Gathering Toolkit. A Python-based toolkit for Information Gathering and Reconnaissance.
Argus is an all-in-one, Python-powered toolkit designed to streamline the process of information gathering and reconnaissance. With a user-friendly interface and a suite of powerful modules, Argus empowers you to explore networks, web applications, and security configurations efficiently and effectively.
Pro Bono Bug Hunting & Volunteer Hackers. Helping those who help.
Volunteer hackers to help nonprofits and NGOs strengthen their digital security.
CLI tool to automate docker image updates. Selective, notifications, autoprune, no pre-pulling.
Code signing and transparency for containers and binaries. Signing OCI containers (and other artifacts) using Sigstore! Cosign aims to make signatures invisible infrastructure.
Related contents:
CapibaraZero aim to be a cheap alternative to FlipperZero™. It's based on ESP32 boards especially on ESP32-S3 but we want to port firmware to all ESP family boards.
Intelligent Prompt Gateway.
Arch is an intelligent prompt gateway. Engineered with (fast) LLMs for the secure handling, robust observability, and seamless integration of prompts with APIs - all outside business logic. Built by the core contributors of Envoy proxy, on Envoy.
Arch is an intelligent Layer 7 gateway designed to protect, observe, and personalize LLM applications (agents, assistants, co-pilots) with your APIs.
The Open-Source Tool Democratizing Multi-Cloud Security Testing by Arpan Sarkar.
Multi-Cloud Security Testing Tool to execute a comprehensive array of attack techniques across multiple surfaces via a simple web interface.
Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.
Gato, or GitHub Attack Toolkit, is an enumeration and attack tool that allows both blue teamers and offensive security practitioners to identify and exploit pipeline vulnerabilities within a GitHub organization's public and private repositories.
API Security Vulnerability Scanner designed to help you secure your APIs.
Your First Line of Defense in API Security. Scan your APIs for vulnerabilities with VulnAPI.
Help developers and security professionals quickly and efficiently scan their APIs for security vulnerabilities and weaknesses.
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests.
AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
OpenClarity is an open source platform to enhance security and observability of cloud native applications and infrastructure.
OpenClarity is an open source tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations and leaked secrets.
Related contents:
eBPF implementation that runs on top of Windows.
eBPF is a well-known technology for providing programmability and agility, especially for extending an OS kernel, for use cases such as DoS protection and observability. This project is a work-in-progress that allows existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows. That is, this project takes existing eBPF projects as submodules and adds the layer in between to make them run on top of Windows.
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security.
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.
Slack enumeration and exposed secrets detection tool. Monitoring and enumerating Slack for exposed secrets
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Docker is one of the most popular services to run containerized applications and it utilizes containerd and runc at a low level. This became popular because of its ease of use and intuitive experience. There are some misconfigurations that are left in the setup that can easily be exploited and few of them even let you break out of the containerized environment.
In this series, I will be explaining to you the basic concepts of the docker internals and how you can exploit certain misconfigurations to gain root user access or breakout of the containerization via both remote and local exploits. Also later in this course, you will learn how to secure your existing docker environment by following best practices from the experts.
A high-performance port spoofing tool built in Rust. Confuse port scanners with dynamic service emulation across all ports. Features customizable signatures, efficient async handling, and easy traffic redirection.
Ghostport is a sophisticated port spoofing tool designed to confuse and mislead port scanners. It's a Rust implementation inspired by the concept of portspoof, offering enhanced performance and flexibility.
Octoscan is a static vulnerability scanner for GitHub action workflows.
Twistr is a Domain name permutation and enumeration library powered by Rust. It aims to directly port the well-known dnstwist tool allowing for fast and flexible interfacing capabilities with the core libraries based on client's requirements.
A flexible detection platform that simplifies rule management and deployment with K8s CronJob and Helm. Venator is flexible enough to run standalone or with other job schedulers like Nomad.
Venator is optimized for Kubernetes deployment but is flexible enough to run standalone or with other job schedulers like Nomad. It provides a highly adaptable detection engine that prioritizes simplicity, extensibility, and ease of maintenance. Supporting multiple query engines and publishers, Venator allows you to easily switch between different data lakes or services with minimal changes, avoiding vendor lock-in and dependence on specific SIEM solutions for signal generation.
Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbitrary binaries and scripts using any of our seven supported cloud providers.
The Ax Framework is a free and open-source tool utilized by Bug Hunters and Penetration Testers to efficiently operate in multiple cloud environments. It helps build and deploy repeatable infrastructure tailored for offensive security purposes.
LOLESXi features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations. The information on this site is compiled from open-source threat research.
Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extracting the malware's final stage configuration. Segugio was created to address the need for speeding up the extraction of IoCs from malicious artifacts within the analysis environment. Malware analysis often involves time-consuming activities like static and dynamic analysis, which require extensive knowledge in reverse engineering and code analysis.
Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
Monitors network activity made by a process through the use of Windows Event Tracing (ETW) and Full Packet Capture (FPC). Filters a generated .pcap file with BPF based on the detected network activity made by the process. This application makes process network monitoring hella' easy.
Comprehensive Open Source Security and SBOM Management. Secure Your Products From Repo to Release.
Stop vulnerabilities, automate compliance, and mitigate third-party risk in your applications.
Giving Kubernetes Superpowers to everyone.
k8sgpt is a tool for scanning your Kubernetes clusters, diagnosing, and triaging issues in simple English. It has SRE experience codified into its analyzers and helps to pull out the most relevant information to enrich it with AI.
A Runtime Application Self Protection agent for Python applications and serverless functions. Relies on AI, syntax analysis, and underlying OS capabilities to seamlessly provides accurate protection from within, without updates.
PyRASP is a Runtime Application Self Protection package for Python-based Web Servers (Flask, FastAPI and Django) and Serverless Functions (AWS Lambda, Azure and Google Cloud Functions).
Malware analysis tool. Cuckoo3 is a Python 3 open source automated malware analysis system.
Cuckoo3 is an open-source tool to test suspicious files or links in a controlled environment. It will test them in a sandboxed platform emulator(s) and generate a report, showing what the files or websites did during the test.
CloudShovel is a tool designed to search for sensitive information within public or private Amazon Machine Images (AMIs). It automates the process of launching instances from target AMIs, mounting their volumes, and scanning for potential secrets or sensitive data.
OPEN SOURCE ORCHESTRATION AND CORRELATION TOOL. ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
ArcherySec allow to interact with continuous integration/continuous delivery (CI/CD) toolchains to specify testing, and control the release of a given build based on results. Its include prioritization functions, enabling you to focus on the most critical vulnerabilities. ArcherySec uses popular open source tools to perform comprehensive scanning for web application and network. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
Free and open-source vulnerability scanner.
Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs.
a simple protocol for decentralizing social media that has a chance of working. a truly censorship-resistant alternative to Twitter that has a chance of working.
A better internet is possible: decentralize Twitter, eBay, IoT and other stuff.
Smart-client/dumb-server architecture that can create the free and open internet we were promised.