Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Rust security-tool Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
-
matano
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
-
moonwalk
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. (by mufeedvh)
-
cherrybomb
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
-
DataSurgeon
Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Security Numbers and a lot More From Text
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
pdfrip
A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.
-
fim
FIM is an Open Source Host-based file integrity monitoring tool that performs file system analysis, file integrity checking, real time alerting and provides Audit daemon data.
-
lotus
:zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab: (by BugBlocker)
-
secutils
Secutils.dev is an open-source, versatile, yet simple security toolbox for engineers and researchers (by secutils-dev)
-
pmanager
Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted password reuse attacks.
-
pam-authramp
pam-authramp | The AuthRamp PAM module provides an account lockout mechanism based on the number of authentication failures.
-
recon
🕵️♀️ Find, locate, and query files for ops and security experts ⚡️⚡️⚡️ (by rusty-ferris-club)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Bonuses: If you purchase Cloudflare for Speed and Security before November 4, 2023, you'll get my bestseller, Black Hat Rust, for free! Yes, you read it right, two books for less than the price of one!
Project mention: Magika: AI powered fast and efficient file type identification | news.ycombinator.com | 2024-02-15Yes!
Sometimes a file has no extension. Other times the extension is a lie. Still other times, you may be dealing with an unnamed bytestring and wish to know what kind of content it is.
This last case happens quite a lot in Nosey Parker [1], a detector of secrets in textual data. There, it is possible to come across unnamed files in Git history, and it would be useful to the user to still indicate what type of file it seems to be.
I added file type detection based on libmagic to Nosey Parker a while back, but it's not compiled in by default because libmagic is slow and complicates the build process. Also, libmagic is implemented as a large C library whose primary job is parsing, which makes the security side of me jittery.
I will likely add enabled-by-default filetype detection to Nosey Parker using Magika's ONNX model.
[1] https://github.com/praetorian-inc/noseyparker
sorry thats https://matano.dev
Project mention: Cherrybomb: Audit, validate and test API specifications | news.ycombinator.com | 2023-11-22
Further we use cargo-auditable and cargo-audit as part of both our pipeline and regular scanning of all deployed services. This makes our InfoSec and Legal super happy since it means they can also monitor compliance with licenses and patch/update timings.
Project mention: Pyscan v0.1.4: Fastest way to find dependency vulnerabilities in python projects, written in Rust. | /r/rust | 2023-06-29
Co-funder @ Phylum here (https://phylum.io) We have been actively scanning dependencies across npm (and PyPI, RubyGems, Crates.io, etc.) for nearly three years now; quite successfully, I might add (https://blog.phylum.io/tag/research/). We _automatically_ hit on this package when it was published, and our research team has been all over it.
A collective of us are active in Discord (https://discord.gg/Fe6pr5eW6p), continuing to hunt attacks like these. If that's something that interests you, we'd love to have you!
In addition to this, we've released several open source tools to help protect against supply chain attacks:
1. https://github.com/phylum-dev/birdcage - Birdcage is a cross-platform embeddable sandbox that's been baked into our CLI (which wraps npm, pypi, etc.) to sandbox package installations
2. https://github.com/phylum-dev/cli - Our CLI provides an extension capability so you can lock down random executables you might use during your software development (define _what_ it's allowed to do, e.g. network access, and then lock it down with Birdcage)
We also have a variety of integrations, including Github, Gitlab, BitBucket, CircleCI, Tines, Sophos, etc.
https://docs.phylum.io/docs/integrations_overview
It's unfortunate that software dependency attacks continue to plague open source registries. It seems unlikely this will let up in the near future. We are continuing to work closely with the open source ecosystems to try and get these sorts of packages removed when they pop up.
Project mention: Supercharge your app with user extensions using Deno JavaScript runtime | dev.to | 2024-01-24As a solo-developer for Secutils.dev, I operate with very limited resources and cannot accommodate every user's feature request, even if I wish to. On the other hand, prioritizing and developing features based on assumptions and limited upfront user feedback has its own challenges and risks. That's why, right from the start, I've been considering adding some sort of "extension points" into Secutils.dev that would allow users to customize the certain behavior of the utilities according to their needs.
Project mention: Show HN: Pam-Authramp – Advanced Brute Force Protection for Linux Users | news.ycombinator.com | 2024-01-03
Rust security-tools related posts
- Explore web applications through their content security policy (CSP)
- Q4 2023 iteration: tracking arbitrary web content, user-specific webhook subdomains, inherited CSP, and more
- Announcing 1.0.0-alpha.3 release: more powerful resource tracking, notifications and content sharing
- Have I Been Squatted? – Check if your domain has been typosquatted
- Building a scheduler for a Rust application
- LastPass: ‘Horse Gone Barn Bolted’ Is Strong Password
- A plan for Q3 2023 iteration
-
A note from our sponsor - InfluxDB
www.influxdata.com | 27 Apr 2024
Index
What are some of the best open-source security-tool projects in Rust? This list will help you:
Project | Stars | |
---|---|---|
1 | RustScan | 12,178 |
2 | black-hat-rust | 3,047 |
3 | noseyparker | 1,511 |
4 | matano | 1,354 |
5 | moonwalk | 1,290 |
6 | cherrybomb | 1,042 |
7 | DataSurgeon | 699 |
8 | cargo-auditable | 547 |
9 | ppfuzz | 542 |
10 | pdfrip | 501 |
11 | rebuilderd | 343 |
12 | shellclear | 212 |
13 | pyscan | 175 |
14 | birdcage | 172 |
15 | kepler | 122 |
16 | fim | 112 |
17 | twistrs | 86 |
18 | lotus | 64 |
19 | kurl | 62 |
20 | secutils | 61 |
21 | pmanager | 35 |
22 | pam-authramp | 27 |
23 | recon | 23 |
Sponsored