Top 23 Shell Security Projects
-
I was thinking of installing https://github.com/hwdsl2/setup-ipsec-vpn on my server but it does not support IPv6 I guess, I thought of using cisco since Android and Windows natively supports it. Is there any new version or a way to add IPv6 support?
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Use a security tool like Lynis to perform a regular audit of your system. Any findings are showed on the screen and also stored in a data file for further analysis. With an extensive log file, it allows to use all available data and plan next actions for further system hardening.
-
Scout APM
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
Project mention: FastDoubleParser: Java port of Daniel Lemires fast_double_parser | news.ycombinator.com | 2021-03-22
The successes of fuzzing projects like oss-fuzz have demonstrated significant shortcomings to hand-curating test cases in the manner you describe. Testing every 64bit float value is unrealistic, but testing a huge number of randomly selected values by cross-comparison with other libraries is a very good idea for code like this.
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Project mention: We launched a free cloud security and compliance tool | reddit.com/r/devops | 2021-01-14Tons of great stuff here too: https://github.com/toniblyx/my-arsenal-of-aws-security-tools
-
-
docker-ipsec-vpn-server
Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
I gave up recently on this and just setup a docker image using this https://github.com/hwdsl2/docker-ipsec-vpn-server.
-
Project mention: v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks. | reddit.com/r/GithubSecurityTools | 2021-01-12
-
wireguard-docs
📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
Project mention: Help troubleshooting connection issues with WireGuard + Unbound + nftables configurations | reddit.com/r/WireGuard | 2021-03-10Thanks for the reply. I'm not sure which missing lines you're referring to though? According to this documentation, PostUp is used to run a command after the interface is initialised (same for PostDown, which apparently runs a command after the interface is deleted), but I'm not sure what commands exactly I'd need to run PostUp or PostDown for?
-
wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Project mention: Application security vs Network security? | reddit.com/r/Cybersecurity101 | 2021-03-03Pretty much what demigeek said. Web application pentesting is the way to go. One thing he didn’t mention is the OWASP Top 10, memorize these and dig really deep into them. The OWASP WSTG is also a great resource.
-
Project mention: bunkerized-nginx - make your web apps and APIs secured by default | dev.to | 2021-03-18
Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
-
-
Project mention: Getting a pihole isn't as hard as it sounds, heres a 5 min guide for those who dont know where to start | reddit.com/r/privacy | 2021-04-12
Energised Unified/Ultimate - Performance over reliability, Some websites may be falsely blocked at times, so you’d have to whitelist (which is as simple as going to “queries” and pressing “whitelist” on the newest blocked domain). However you can be certain to expect no ads, trackers, etc.
-
Hi people,
I need your advice and opinion.
I have a project on GitHub that I wasn't updating for a while:
https://github.com/ivanilves/xiringuito
And it still works kinda OK for me, but technically it's a hard to maintain gibberish and I'm thinking about rewriting it in a statically compiled language, add unit testing and be able to incorporate different advanced features without making myself and others cry.
HOWEVER: I doubt this makes sense and fear to just lose time on it.
Could you please help me with a decision:
If you think it's worth rewriting, add a GitHub star on https://github.com/ivanilves/xiringuito
If you think it's a pile of shite and it should die, no problem, just ignore it :)
It already has 954 stars for now and if number of stars goes 1k+ this month, I'll rewrite it. If not, it would be a sign it's a [c/t]rap and I need to run away and forget ;)
THANK YOU!
-
Project mention: Docker Security, Socket Proxy and Reverse Proxy | reddit.com/r/selfhosted | 2021-03-31
I used this write up and changed " /etc/ufw/after.rules " and now UFW can manage docker networks.
-
Android-PIN-Bruteforce
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
S8 it's not supporting HID officially by Nethunter; only if you found someone who patched they're own kernel. Now regarding your friend you can clone this repository on a kali machine or a Linux machine with a usb cable and modify this https://github.com/urbanadventurer/Android-PIN-Bruteforce to suite your needs. Nethunter is a portable version of Kali Linux after all.
-
-
-
Project mention: Using IPv6 from a VPS provider in my home network via wg. | reddit.com/r/WireGuard | 2021-03-02
I found a great script to quickly setup wireguard "hub" (aka gateway) server and some clients in https://github.com/burghardt/easy-wg-quick. However, public unicast IPv6 (NDP proxy) doesn't seem to be working for me. While my clients do have a static IPv6 assigned by wireguard due to the config, external traffic from the internet is not reaching the peers (firewalls are disabled).
-
Project mention: Multiple wireguard client connections possible on router? | reddit.com/r/OPNsenseFirewall | 2021-03-29
Why not just set up a your own wireguard server? Here's an easy button script https://github.com/complexorganizations/wireguard-manager
-
swap_digger
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Project mention: sevagas/swap_digger - swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc. | reddit.com/r/GithubSecurityTools | 2021-01-20 -
Project mention: [Jeff Geerling ] The Raspberry Pi Pico Review - $4 ARM Microcontroller | reddit.com/r/raspberry_pi | 2021-01-21
I often use ansible-role-firewall and ansible-role-security. Ooh and ansible-role-nginx is really handy too.
-
Vanadium
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build targets used on GrapheneOS.
- Source
-
One alternative would be to install a regular linux distro that supports rpi and have all network settings go through the Tor network, e.g. Arch using Archtorify. But that means data is stored on the machine and you lose the whole live OS aspect that you get with Tails. One way round this is to have the OS saved on the SD Card and you can just unplug it when not in use, so it's always in your pocket. Not exactly a live distro but at least it's always in your possession. You could probably encrypt it, too.
Index
What are some of the best open-source Security projects in Shell? This list will help you:
Project | Stars | |
---|---|---|
1 | setup-ipsec-vpn | 15,477 |
2 | lynis | 8,339 |
3 | oss-fuzz | 6,197 |
4 | my-arsenal-of-aws-security-tools | 5,819 |
5 | android-security-awesome | 5,227 |
6 | docker-ipsec-vpn-server | 3,954 |
7 | airgeddon | 3,305 |
8 | wireguard-docs | 2,898 |
9 | wstg | 2,367 |
10 | bunkerized-nginx | 2,017 |
11 | autoVPN | 1,939 |
12 | block | 1,509 |
13 | xiringuito | 975 |
14 | ufw-docker | 923 |
15 | Android-PIN-Bruteforce | 887 |
16 | hblock | 737 |
17 | hardening | 732 |
18 | easy-wg-quick | 512 |
19 | wireguard-manager | 455 |
20 | swap_digger | 359 |
21 | ansible-role-firewall | 348 |
22 | Vanadium | 132 |
23 | archtorify | 105 |