Top 23 Shell Security Projects
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2Project mention: Does IPsec Xauth PSK vpn server supports IPv6? | reddit.com/r/ipv6 | 2021-04-08
I was thinking of installing https://github.com/hwdsl2/setup-ipsec-vpn on my server but it does not support IPv6 I guess, I thought of using cisco since Android and Windows natively supports it. Is there any new version or a way to add IPv6 support?
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.Project mention: What is system hardening? | reddit.com/r/Linuxadministrators | 2021-04-15
Use a security tool like Lynis to perform a regular audit of your system. Any findings are showed on the screen and also stored in a data file for further analysis. With an extensive log file, it allows to use all available data and plan next actions for further system hardening.
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
OSS-Fuzz - continuous fuzzing for open source software.Project mention: FastDoubleParser: Java port of Daniel Lemires fast_double_parser | news.ycombinator.com | 2021-03-22
The successes of fuzzing projects like oss-fuzz have demonstrated significant shortcomings to hand-curating test cases in the manner you describe. Testing every 64bit float value is unrealistic, but testing a huge number of randomly selected values by cross-comparison with other libraries is a very good idea for code like this.
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.Project mention: We launched a free cloud security and compliance tool | reddit.com/r/devops | 2021-01-14
Tons of great stuff here too: https://github.com/toniblyx/my-arsenal-of-aws-security-tools
A collection of android security related resources
Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2Project mention: VPN on Unifi 6.0.45 | reddit.com/r/UNIFI | 2021-02-04
I gave up recently on this and just setup a docker image using this https://github.com/hwdsl2/docker-ipsec-vpn-server.
This is a multi-use bash script for Linux systems to audit wireless networks.Project mention: v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks. | reddit.com/r/GithubSecurityTools | 2021-01-12
📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.Project mention: Help troubleshooting connection issues with WireGuard + Unbound + nftables configurations | reddit.com/r/WireGuard | 2021-03-10
Thanks for the reply. I'm not sure which missing lines you're referring to though? According to this documentation, PostUp is used to run a command after the interface is initialised (same for PostDown, which apparently runs a command after the interface is deleted), but I'm not sure what commands exactly I'd need to run PostUp or PostDown for?
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.Project mention: Application security vs Network security? | reddit.com/r/Cybersecurity101 | 2021-03-03
Pretty much what demigeek said. Web application pentesting is the way to go. One thing he didn’t mention is the OWASP Top 10, memorize these and dig really deep into them. The OWASP WSTG is also a great resource.
nginx Docker image secure by default.Project mention: bunkerized-nginx - make your web apps and APIs secured by default | dev.to | 2021-03-18
Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
Create On Demand Disposable OpenVPN Endpoints on AWS.
Let's make an annoyance free, better open internet, altogether!Project mention: Getting a pihole isn't as hard as it sounds, heres a 5 min guide for those who dont know where to start | reddit.com/r/privacy | 2021-04-12
Energised Unified/Ultimate - Performance over reliability, Some websites may be falsely blocked at times, so you’d have to whitelist (which is as simple as going to “queries” and pressing “whitelist” on the newest blocked domain). However you can be certain to expect no ads, trackers, etc.
SSH-based "VPN for poors"Project mention: Ask HN: Rewrite Project or Abandon It? | news.ycombinator.com | 2021-01-05
I need your advice and opinion.
I have a project on GitHub that I wasn't updating for a while:
And it still works kinda OK for me, but technically it's a hard to maintain gibberish and I'm thinking about rewriting it in a statically compiled language, add unit testing and be able to incorporate different advanced features without making myself and others cry.
HOWEVER: I doubt this makes sense and fear to just lose time on it.
Could you please help me with a decision:
If you think it's worth rewriting, add a GitHub star on https://github.com/ivanilves/xiringuito
If you think it's a pile of shite and it should die, no problem, just ignore it :)
It already has 954 stars for now and if number of stars goes 1k+ this month, I'll rewrite it. If not, it would be a sign it's a [c/t]rap and I need to run away and forget ;)
To fix the Docker and UFW security flaw without disabling iptablesProject mention: Docker Security, Socket Proxy and Reverse Proxy | reddit.com/r/selfhosted | 2021-03-31
I used this write up and changed " /etc/ufw/after.rules " and now UFW can manage docker networks.
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)Project mention: Can't enable HID interface on Galaxy S8 | reddit.com/r/NetHunter | 2021-03-04
S8 it's not supporting HID officially by Nethunter; only if you found someone who patched they're own kernel. Now regarding your friend you can clone this repository on a kali machine or a Linux machine with a usb cable and modify this https://github.com/urbanadventurer/Android-PIN-Bruteforce to suite your needs. Nethunter is a portable version of Kali Linux after all.
Improve your security and privacy by blocking ads, tracking and malware domains.Project mention: It really be like that. | reddit.com/r/windows | 2021-02-16
Hardening Ubuntu. Systemd edition.Project mention: Advice on locking down / securing servers? | reddit.com/r/HomeServer | 2021-03-23
Creates Wireguard configuration for hub and peers with easeProject mention: Using IPv6 from a VPS provider in my home network via wg. | reddit.com/r/WireGuard | 2021-03-02
I found a great script to quickly setup wireguard "hub" (aka gateway) server and some clients in https://github.com/burghardt/easy-wg-quick. However, public unicast IPv6 (NDP proxy) doesn't seem to be working for me. While my clients do have a static IPv6 assigned by wireguard due to the config, external traffic from the internet is not reaching the peers (firewalls are disabled).
✔️ Self-hosted Wireguard ManagerProject mention: Multiple wireguard client connections possible on router? | reddit.com/r/OPNsenseFirewall | 2021-03-29
Why not just set up a your own wireguard server? Here's an easy button script https://github.com/complexorganizations/wireguard-manager
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.Project mention: sevagas/swap_digger - swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc. | reddit.com/r/GithubSecurityTools | 2021-01-20
Ansible Role - iptables Firewall configuration.Project mention: [Jeff Geerling ] The Raspberry Pi Pico Review - $4 ARM Microcontroller | reddit.com/r/raspberry_pi | 2021-01-21
I often use ansible-role-firewall and ansible-role-security. Ooh and ansible-role-nginx is really handy too.
Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build targets used on GrapheneOS.Project mention: Srsly: What is the best browser | reddit.com/r/privacytoolsIO | 2021-03-05
Transparent proxy through Tor for Arch Linux OSProject mention: Alternative for raspberry pi? | reddit.com/r/tails | 2021-04-08
One alternative would be to install a regular linux distro that supports rpi and have all network settings go through the Tor network, e.g. Arch using Archtorify. But that means data is stored on the machine and you lose the whole live OS aspect that you get with Tails. One way round this is to have the OS saved on the SD Card and you can just unplug it when not in use, so it's always in your pocket. Not exactly a live distro but at least it's always in your possession. You could probably encrypt it, too.
What are some of the best open-source Security projects in Shell? This list will help you: