Shell Security

Open-source Shell projects categorized as Security

Top 23 Shell Security Projects

  • setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: Alternatives to VPNs in China? Is roaming a good idea? | /r/chinalife | 2023-04-18
  • lynis

    Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

    Project mention: How do i find and remove the compilers installed in fedora? | /r/Fedora | 2023-07-10
  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at

  • YubiKey-Guide

    Guide to using YubiKey for GPG and SSH

    Project mention: Ask HN: Why does YubiCo need my private key? | | 2023-09-29

    I'd recommend using the Yubikey as a GPG smartcard[1]. The private key stays on the Yubikey. I also use it for ssh. But make sure you have a backup key or two, just in case the primary Yubikey gives out. FIDO2 and all other regular Yubikey functionality still works with it.


  • oss-fuzz

    OSS-Fuzz - continuous fuzzing for open source software.

    Project mention: Fuzz Testing Is the Best Thing to Happen to Our Application Tests | | 2023-08-17

    I love fuzzing as a technique and use it quite regularly, but running AFL++ on even a single program occupies all threads of a high end AMD server for weeks. I'm running it locally so only paying for the electricity. If it was a cloud instance it would cost a small fortune. I think this is a reason it is not used more widely.

    I will note that Google have a programme for doing fuzz testing on open source projects using computer from their cloud:

  • my-arsenal-of-aws-security-tools

    List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

    Project mention: Open source alternative cloud security tool that works like Wiz/Lacework/Aqua | /r/cybersecurity | 2023-03-06

    I'm a biased vendor, but for OSS I prefer Prowler... (has a commercial tier we technically compete with but the OSS is strong and I really like the people there). Tony, who runs Prowler, also maintains an amazing list of OSS tools in multiple categories. It's hard to keep up to date but I don't know of any other list that comes close.

  • android-security-awesome

    A collection of android security related resources

    Project mention: android RE | /r/Malware | 2023-02-16
  • awesome-hacker-search-engines

    A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

    Project mention: Awesome Hacker Search Engines | /r/tech | 2023-04-11
  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • docker-ipsec-vpn-server

    Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: Selfhosted VPN advice for Homelab Access | /r/homelab | 2023-07-10

    IPSEC-L2TP is built into everything. No clients required on Windows, Mac, Android, iOS, Linux, etc. Great Docker container for cutting through most of the difficulty here:

  • airgeddon

    This is a multi-use bash script for Linux systems to audit wireless networks.

    Project mention: How to hack wifi | /r/darknet | 2023-06-22 "I'll just leave this here ;)"

  • wireguard-docs

    📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.

  • ufw-docker

    To fix the Docker and UFW security flaw without disabling iptables

    Project mention: How to close Docker ports | /r/selfhosted | 2023-10-05

    I use this without problems for Long time,

  • Android-PIN-Bruteforce

    Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)

    Project mention: Help | /r/oneplus | 2023-05-09
  • blokada

    The official repo for Blokada apps.

    Project mention: Official Minecraft wiki editors so furious at Fandom's 'degraded' functionality and popups they're overwhelmingly voting to leave the site | /r/Games | 2023-07-11
  • securityonion

    Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.

    Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11

    I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?

  • block

    Let's make an annoyance free, better open internet, altogether!

    Project mention: Remove Energized blocklists | /r/ahadns | 2023-01-07
  • EMBA

    EMBA - The firmware security analyzer

    Project mention: New EMBA firmware analyzer release - EMBA v1.2.3 - R.I.P. Binwalk | /r/netsec | 2023-05-11
  • autoVPN

    Create On Demand Disposable OpenVPN Endpoints on AWS.

  • content

    Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)

    Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07
  • MemLabs

    Educational, CTF-styled labs for individuals interested in Memory Forensics

    Project mention: Platform for training digital forensics | /r/digitalforensics | 2023-04-21
  • wireguard-manager

    ✔️ WireGuard-Manager is an innovative tool designed to streamline the deployment and management of WireGuard VPNs. Emphasizing user-friendliness and security, it simplifies the complexities of VPN configuration, offering a robust yet accessible solution for both personal and professional use.

    Project mention: Only work with google | /r/WireGuard | 2023-04-04

    In the end i succeed using this script:

  • hblock

    Improve your security and privacy by blocking ads, tracking and malware domains.

    Project mention: This is a new kind of scammer | /r/india | 2023-06-03

    I'm talking something like hblock ( which is for host blocking malceous+ other websites. Imagine blocking every single address manually. To get a picture how impossible it be here is the sample hosts file ( just do line count and you will understand.

  • slsa

    Supply-chain Levels for Software Artifacts

    Project mention: Dogbolt Decompiler Explorer | | 2023-12-04

    Short answer: not where it counts.

    My work focuses on recognizing known functions in obfuscated binaries, but there are some papers you might want to check out related to deobfuscation, if not necessarily using ML for deobfuscation or decompilation.

    My take is that ML can soundly defeat the "easy" and more static obfuscation types (encodings, control flow flattening, splitting functions). It's low hanging fruit, and it's what I worked on most, but adoption is slow. On the other hand, "hard" obfuscations like virtualized functions or programs which embed JIT compilers to obfuscate at runtime... as far as I know, those are still unsolved problems.

    This is a good overview of the subject, but pretty old and doesn't cover "hard" obfuscations: uses deobfuscation for RTL logic (FGPA/ASIC domain) with SAT solvers. Might be useful for a point of view from a fairly different domain. uses "semantics-preserving transformations" to shed obfuscation. I think this approach is the way to go, especially when combined with dynamic/symbolic analysis to mitigate virt/jit types of transformations.

    I'll mention this one as a cautionary tale: has some good general info but glosses over the machine learning approach. It considers Hex-rays' FLIRT to be "machine learning", but FLIRT just hashes signatures, can be spoofed (i.e., and is useless against obfuscation.

    Eventually I think SBOM tools like Black Duck[1] and SLSA[2] will incorporate ML to improve the accuracy of even figuring out what dependencies a piece of software actually has.



  • graudit

    grep rough audit - source code auditing tool

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-12-04.

Shell Security related posts


What are some of the best open-source Security projects in Shell? This list will help you:

Project Stars
1 setup-ipsec-vpn 23,128
2 lynis 11,426
3 YubiKey-Guide 10,228
4 oss-fuzz 9,203
5 my-arsenal-of-aws-security-tools 8,479
6 android-security-awesome 7,338
7 awesome-hacker-search-engines 6,157
8 docker-ipsec-vpn-server 5,835
9 airgeddon 5,606
10 wireguard-docs 4,212
11 ufw-docker 3,419
12 Android-PIN-Bruteforce 3,387
13 blokada 2,967
14 securityonion 2,486
15 block 2,433
16 EMBA 2,144
17 autoVPN 2,011
18 content 1,958
19 MemLabs 1,481
20 wireguard-manager 1,410
21 hblock 1,377
22 slsa 1,325
23 graudit 1,302
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives