Shell Security

Open-source Shell projects categorized as Security

Top 23 Shell Security Projects

  • GitHub repo setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: Does IPsec Xauth PSK vpn server supports IPv6? | | 2021-04-08

    I was thinking of installing on my server but it does not support IPv6 I guess, I thought of using cisco since Android and Windows natively supports it. Is there any new version or a way to add IPv6 support?

  • GitHub repo lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    Project mention: What is system hardening? | | 2021-04-15

    Use a security tool like Lynis to perform a regular audit of your system. Any findings are showed on the screen and also stored in a data file for further analysis. With an extensive log file, it allows to use all available data and plan next actions for further system hardening.

  • GitHub repo oss-fuzz

    OSS-Fuzz - continuous fuzzing for open source software.

    Project mention: FastDoubleParser: Java port of Daniel Lemires fast_double_parser | | 2021-03-22

    The successes of fuzzing projects like oss-fuzz have demonstrated significant shortcomings to hand-curating test cases in the manner you describe. Testing every 64bit float value is unrealistic, but testing a huge number of randomly selected values by cross-comparison with other libraries is a very good idea for code like this.

  • GitHub repo my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

    Project mention: We launched a free cloud security and compliance tool | | 2021-01-14

    Tons of great stuff here too:

  • GitHub repo android-security-awesome

    A collection of android security related resources

  • GitHub repo docker-ipsec-vpn-server

    Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: VPN on Unifi 6.0.45 | | 2021-02-04

    I gave up recently on this and just setup a docker image using this

  • GitHub repo airgeddon

    This is a multi-use bash script for Linux systems to audit wireless networks.

    Project mention: v1s1t0r1sh3r3/airgeddon - This is a multi-use bash script for Linux systems to audit wireless networks. | | 2021-01-12
  • GitHub repo wireguard-docs

    📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.

    Project mention: Help troubleshooting connection issues with WireGuard + Unbound + nftables configurations | | 2021-03-10

    Thanks for the reply. I'm not sure which missing lines you're referring to though? According to this documentation, PostUp is used to run a command after the interface is initialised (same for PostDown, which apparently runs a command after the interface is deleted), but I'm not sure what commands exactly I'd need to run PostUp or PostDown for?

  • GitHub repo wstg

    The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

    Project mention: Application security vs Network security? | | 2021-03-03

    Pretty much what demigeek said. Web application pentesting is the way to go. One thing he didn’t mention is the OWASP Top 10, memorize these and dig really deep into them. The OWASP WSTG is also a great resource.

  • GitHub repo bunkerized-nginx

    nginx Docker image secure by default.

    Project mention: bunkerized-nginx - make your web apps and APIs secured by default | | 2021-03-18

    Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.

  • GitHub repo autoVPN

    Create On Demand Disposable OpenVPN Endpoints on AWS.

  • GitHub repo block

    Let's make an annoyance free, better open internet, altogether!

    Project mention: Getting a pihole isn't as hard as it sounds, heres a 5 min guide for those who dont know where to start | | 2021-04-12

    Energised Unified/Ultimate - Performance over reliability, Some websites may be falsely blocked at times, so you’d have to whitelist (which is as simple as going to “queries” and pressing “whitelist” on the newest blocked domain). However you can be certain to expect no ads, trackers, etc.

  • GitHub repo xiringuito

    SSH-based "VPN for poors"

    Project mention: Ask HN: Rewrite Project or Abandon It? | | 2021-01-05

    Hi people,

    I need your advice and opinion.

    I have a project on GitHub that I wasn't updating for a while:

    And it still works kinda OK for me, but technically it's a hard to maintain gibberish and I'm thinking about rewriting it in a statically compiled language, add unit testing and be able to incorporate different advanced features without making myself and others cry.

    HOWEVER: I doubt this makes sense and fear to just lose time on it.

    Could you please help me with a decision:

    If you think it's worth rewriting, add a GitHub star on

    If you think it's a pile of shite and it should die, no problem, just ignore it :)

    It already has 954 stars for now and if number of stars goes 1k+ this month, I'll rewrite it. If not, it would be a sign it's a [c/t]rap and I need to run away and forget ;)


  • GitHub repo ufw-docker

    To fix the Docker and UFW security flaw without disabling iptables

    Project mention: Docker Security, Socket Proxy and Reverse Proxy | | 2021-03-31

    I used this write up and changed " /etc/ufw/after.rules " and now UFW can manage docker networks.

  • GitHub repo Android-PIN-Bruteforce

    Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

    Project mention: Can't enable HID interface on Galaxy S8 | | 2021-03-04

    S8 it's not supporting HID officially by Nethunter; only if you found someone who patched they're own kernel. Now regarding your friend you can clone this repository on a kali machine or a Linux machine with a usb cable and modify this to suite your needs. Nethunter is a portable version of Kali Linux after all.

  • GitHub repo hblock

    Improve your security and privacy by blocking ads, tracking and malware domains.

    Project mention: It really be like that. | | 2021-02-16
  • GitHub repo hardening

    Hardening Ubuntu. Systemd edition.

    Project mention: Advice on locking down / securing servers? | | 2021-03-23
  • GitHub repo easy-wg-quick

    Creates Wireguard configuration for hub and peers with ease

    Project mention: Using IPv6 from a VPS provider in my home network via wg. | | 2021-03-02

    I found a great script to quickly setup wireguard "hub" (aka gateway) server and some clients in However, public unicast IPv6 (NDP proxy) doesn't seem to be working for me. While my clients do have a static IPv6 assigned by wireguard due to the config, external traffic from the internet is not reaching the peers (firewalls are disabled).

  • GitHub repo wireguard-manager

    ✔️ Self-hosted Wireguard Manager

    Project mention: Multiple wireguard client connections possible on router? | | 2021-03-29

    Why not just set up a your own wireguard server? Here's an easy button script

  • GitHub repo swap_digger

    swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

    Project mention: sevagas/swap_digger - swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc. | | 2021-01-20
  • GitHub repo ansible-role-firewall

    Ansible Role - iptables Firewall configuration.

    Project mention: [Jeff Geerling ] The Raspberry Pi Pico Review - $4 ARM Microcontroller | | 2021-01-21

    I often use ansible-role-firewall and ansible-role-security. Ooh and ansible-role-nginx is really handy too.

  • GitHub repo Vanadium

    Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS repositories and doesn't include patches not relevant to the build targets used on GrapheneOS.

    Project mention: Srsly: What is the best browser | | 2021-03-05

    - Source

  • GitHub repo archtorify

    Transparent proxy through Tor for Arch Linux OS

    Project mention: Alternative for raspberry pi? | | 2021-04-08

    One alternative would be to install a regular linux distro that supports rpi and have all network settings go through the Tor network, e.g. Arch using Archtorify. But that means data is stored on the machine and you lose the whole live OS aspect that you get with Tails. One way round this is to have the OS saved on the SD Card and you can just unplug it when not in use, so it's always in your pocket. Not exactly a live distro but at least it's always in your possession. You could probably encrypt it, too.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-04-15.


What are some of the best open-source Security projects in Shell? This list will help you:

Project Stars
1 setup-ipsec-vpn 15,477
2 lynis 8,339
3 oss-fuzz 6,197
4 my-arsenal-of-aws-security-tools 5,819
5 android-security-awesome 5,227
6 docker-ipsec-vpn-server 3,954
7 airgeddon 3,305
8 wireguard-docs 2,898
9 wstg 2,367
10 bunkerized-nginx 2,017
11 autoVPN 1,939
12 block 1,509
13 xiringuito 975
14 ufw-docker 923
15 Android-PIN-Bruteforce 887
16 hblock 737
17 hardening 732
18 easy-wg-quick 512
19 wireguard-manager 455
20 swap_digger 359
21 ansible-role-firewall 348
22 Vanadium 132
23 archtorify 105