Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more β
Top 23 Rust Security Projects
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
kata-containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
-
-
Ockam
Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between distributed applications β at massive scale.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
-
OpenSK
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
-
sozu
SΕzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It is awesome!
-
aya
Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.
-
-
-
-
hayabusa
Hayabusa (ιΌ) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
-
noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
-
xiu
A simple,high performance and secure live media server in pure Rust (RTMP[cluster]/RTSP/WebRTC[whip/whep]/HTTP-FLV/HLS).π¦
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Sniffnet is an open source, Rust-based network monitoring tool Iβve been working on for almost two years now.
Maybe with https://shadowsocks.org/
Project mention: Mobile Ad Blocker Will No Longer Stop YouTube's Ads | news.ycombinator.com | 2024-04-16Don't use Youtube without going through a proxy like Invidious [1] or Newpipe
Don't use {site} Search without going through a proxy like SearxNG [2]
Don't use TwiXXer without going through a proxy like Nitter - this has gotten more difficult lately but it still works as long as you feed the daemon some registered accounts. Video does not work at the moment but that seems to be fixable.
Don't use Reddit without going through a proxy like libreddit [4]
Start noticing the pattern? Maybe it is time to start producing promotional posters:
The only thing to come between you and ADS could be a proxy / ADS. I'ts just not worth the risk
ADS / New rules for a sane net / Sane net protects you, your partner and your community
A proxy here and a filter there, ADS nowhere
The more you tighten your grip, ${site}, the more viewers will slip through your fingers
[1] https://github.com/iv-org/invidious
[2] https://github.com/searxng/searxng
[3] https://github.com/zedeus/nitter
[4] https://github.com/libreddit/libreddit
disclosure: I work at Ockam.
The Portals for Mac app is an example of the type of thing you could build using the open source stack of protocols. The README (linked by parent) links out to all of the relevant parts of the protocol documentation to explain how these work together. The NAT Traversal (https://github.com/build-trust/ockam/blob/develop/examples/a...) part of the README is probably the best explanation of why the free relay you get via Ockam Orchestrator is a useful part of this demo.
As for why would anyone trust this: The protocols are designed so you absolutely don't have to trust the relay. Trust is pushed out to the edges that you control and so you're not susceptible to a MITM attack if something like a relay is compromised. The protocol design for all of this is open and documented, and was independently audited by (IMO) some of the best in the business, Trail of Bits: https://docs.ockam.io/reference/protocols.
Good to hear, I think it'll make many users happy. For me, I've migrated back to Authelia. I moved to authentik because at the time Authelia had no user management. After all of authentik's sharp edges, I've found lldap[0], and was able to implement a pilot in a few hours. I haven't looked back, since everything was converted.
[0]: https://github.com/lldap/lldap
Link to GitHub -->
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
Project mention: OpenSK β open-source implementation for security keys written in Rust | news.ycombinator.com | 2023-08-25
Project mention: Agent event queue is flooded. Check the agent configuration | /r/Wazuh | 2023-06-30
Check this: https://github.com/kanidm/kanidm/ Maybe not production ready, but looks very promising
In other cases it may be more documented, such as Golangs baked-in telemetry.
There should be better ways to check these problems. The best I have found so far is Crev https://github.com/crev-dev/crev/. It's most used implementation is Cargo-crev https://github.com/crev-dev/cargo-crev, but hopefully it will become more required to use these types of tools. Certainty and metrics about how many eyes have been on a particular script, and what expertise they have would be a huge win for software.
Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24
cargo-audit is a simple Cargo tool for detecting vulnerable Rust crates. You can install it with cargo install cargo-audit, use cargo audit and youβre done! Any vulnerable crates will appear below, like so:
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Yes!
Sometimes a file has no extension. Other times the extension is a lie. Still other times, you may be dealing with an unnamed bytestring and wish to know what kind of content it is.
This last case happens quite a lot in Nosey Parker [1], a detector of secrets in textual data. There, it is possible to come across unnamed files in Git history, and it would be useful to the user to still indicate what type of file it seems to be.
I added file type detection based on libmagic to Nosey Parker a while back, but it's not compiled in by default because libmagic is slow and complicates the build process. Also, libmagic is implemented as a large C library whose primary job is parsing, which makes the security side of me jittery.
I will likely add enabled-by-default filetype detection to Nosey Parker using Magika's ONNX model.
[1] https://github.com/praetorian-inc/noseyparker
Project mention: Xiu β simple, high performance and secure live media server in pure Rust | news.ycombinator.com | 2024-01-28
sorry thats https://matano.dev
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Rust Security related posts
- Recent 'MFA Bombing' Attacks Targeting Apple Users
- Serde-YAML for Rust has been archived
- AWS Libcrypto for Rust
- Uprobes Siblings - Capturing HTTPS Traffic: A Rust and eBPF Odyssey
- Explore web applications through their content security policy (CSP)
- Harnessing eBPF and XDP for DDoS Mitigation - A Rust Adventure with rust-aya
- Rust Without Crates.io
-
A note from our sponsor - InfluxDB
www.influxdata.com | 27 Apr 2024
Index
What are some of the best open-source Security projects in Rust? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | sniffnet | 13,759 |
| 2 | RustScan | 12,178 |
| 3 | shadowsocks-rust | 7,782 |
| 4 | libreddit | 4,996 |
| 5 | kata-containers | 4,877 |
| 6 | innernet | 4,832 |
| 7 | Ockam | 4,347 |
| 8 | lldap | 3,473 |
| 9 | oso | 3,403 |
| 10 | black-hat-rust | 3,047 |
| 11 | OpenSK | 2,897 |
| 12 | sozu | 2,825 |
| 13 | aya | 2,678 |
| 14 | chainsaw | 2,547 |
| 15 | kanidm | 2,133 |
| 16 | cargo-crev | 2,030 |
| 17 | hayabusa | 1,922 |
| 18 | sn0int | 1,847 |
| 19 | rustsec | 1,521 |
| 20 | noseyparker | 1,511 |
| 21 | xiu | 1,486 |
| 22 | x8 | 1,479 |
| 23 | matano | 1,354 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com