JavaScript security-tools

Open-source JavaScript projects categorized as security-tools

Top 23 JavaScript security-tool Projects

  • social-analyzer

    API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites

    Project mention: What are some tools that employers can use to find your online accounts? | | 2023-02-10
  • rengine

    reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

    Project mention: Are ASM tools worth it? | | 2022-11-09

    rEngine is one of the most famous ones I believe

  • Appwrite

    Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!

  • StegCloak

    Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

    Project mention: Docker options for stegangraphy? | | 2023-02-11

    Does anybody know of a steganography app that can be containerized in docker similar to stegcloak or PixelKnot? really would like a selfhosted option for these apps.

  • CaptfEncoder

    Captfencoder is a rapid cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, miscellaneous tools, and aggregating all kinds of online tools.

  • npq

    🎖safely* install packages with npm or yarn by auditing them as part of your install process

    Project mention: The rising trend of malicious packages in open source ecosystems | Snyk | | 2023-03-26

    You just described my project called npq: :-)

  • secureCodeBox

    secureCodeBox (SCB) - continuous secure delivery out of the box

  • ethereum-lists

    A repository for maintaining lists of things like malicious URLs, fake token addresses, and so forth. We love lists.

    Project mention: List of public / known Ethereum addresses? | | 2022-06-25

    Various github repos dedicated to labeling addresses like and forks, pull requests, and lists derived from them

  • InfluxDB

    Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.

  • njsscan

    njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

    Project mention: How to use GitLab SAST tool to detect simple DOM vulnerability? | | 2023-03-10

    That's the one! Rules are here:

  • sandworm-audit

    Security & License Compliance For Your App's Dependencies 🪱

    Project mention: Running Eleventy Serverless On AWS [email protected] | | 2023-03-03

    And as you add more dependencies, it’s time to also build security and compliance into your app early. Sandworm Audit is the open-source npm audit that doesn’t suck: it checks for multiple types of issues, like vulnerabilities or license compliance, it outputs SVG charts and CSVs, and you can also run it in your CI to enforce security rules. Check the docs and npx @sandworm/audit in your JavaScript app’s root to try it out 🪱.

  • kraken

    Kraken: A multi-platform distributed brute-force password cracking system (by arcaneiceman)

  • heappy

    A happy heap editor to support your exploitation process :slightly_smiling_face:

  • rawsec-cybersecurity-inventory

    An inventory of tools and resources about CyberSecurity that aims to help people to find everything related to CyberSecurity.

  • Gotanda

    Gotanda is browser Web Extension for OSINT.

  • js-x-ray

    JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

    Project mention: JS-X-Ray 6.0 | | 2023-01-16

    If you are new in town, JS-X-Ray is an open source JavaScript SAST (Static Application Security Testing). The tool analyzes your JavaScript sources for patterns that may affect the security and quality of your project 😎.

  • eslint-plugin-no-secrets

    An eslint plugin to find strings that might be secrets/credentials

    Project mention: Show HN: No Secrets Quickly find sensitive files in your GitHub repo | | 2022-05-28

    For people in the JS ecosystem theres this eslint rule:

  • modron

    Modron - Cloud security compliance

    Project mention: Show HN: Scale Up Your Cloud Security and Remediation with Modron | | 2023-01-15
  • sandworm-jest

    Security Snapshot Testing Inside Your Jest Test Suite 🪱

    Project mention: Security Snapshot Testing Inside Your Jest Test Suite | | 2022-10-20
  • password-generator

    A fast, simple and powerful open-source utility tool for generating strong, unique and random passwords. Password Generator is free to use as a secure password generator on any computer, phone, or tablet. (by sebastienrousseau)

    Project mention: password-generator: Herramienta rápida y potente de código abierto para generar contraseñas fuertes, únicas y aleatoria 🔐 | | 2022-04-21
  • jsafer

    A simple JS source code obfuscator/minifier that doesn't hurt consistency or speed.

  • applied-security

    A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity

    Project mention: applied-security: A collection of publicly available resources on how technology and tech-savvy organizations around the world practice Cybersecurity. | | 2022-11-07
  • sandworm-mocha

    Security Snapshot Testing Inside Your Mocha Test Suite 🪱

    Project mention: Easy auditing & sandboxing for your JavaScript dependencies. Fine grained permissions system for npm packages. | | 2022-10-12

    Yes, you can use it for security by locking down which dependencies can execute which methods in your app. But you can also use it for auditing and documenting your app's supply chain security profile, then snapshot testing against that using the Jest and Mocha plugins.

  • SSHAgentSecureProxy

    Secure SSH Agent proxy for linux/mac desktop environment.

  • civilex

    Protect yourself online.

  • Sonar

    Write Clean JavaScript Code. Always.. Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-03-26.

JavaScript security-tools related posts


What are some of the best open-source security-tool projects in JavaScript? This list will help you:

Project Stars
1 social-analyzer 9,887
2 rengine 5,234
3 StegCloak 2,884
4 CaptfEncoder 964
5 npq 749
6 secureCodeBox 581
7 ethereum-lists 543
8 njsscan 299
9 sandworm-audit 286
10 kraken 209
11 heappy 189
12 rawsec-cybersecurity-inventory 183
13 Gotanda 157
14 js-x-ray 141
15 eslint-plugin-no-secrets 104
16 modron 22
17 sandworm-jest 16
18 password-generator 13
19 jsafer 9
20 applied-security 6
21 sandworm-mocha 5
22 SSHAgentSecureProxy 0
23 civilex 0
Write Clean JavaScript Code. Always.
Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.