Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge. Learn more →
Top 23 Shell Security Projects
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2Project mention: Alternatives to VPNs in China? Is roaming a good idea? | /r/chinalife | 2023-04-18
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.Project mention: How do i find and remove the compilers installed in fedora? | /r/Fedora | 2023-07-10
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
Guide to using YubiKey for GPG and SSHProject mention: Ask HN: Why does YubiCo need my private key? | news.ycombinator.com | 2023-09-29
I'd recommend using the Yubikey as a GPG smartcard. The private key stays on the Yubikey. I also use it for ssh. But make sure you have a backup key or two, just in case the primary Yubikey gives out. FIDO2 and all other regular Yubikey functionality still works with it.
OSS-Fuzz - continuous fuzzing for open source software.Project mention: Fuzz Testing Is the Best Thing to Happen to Our Application Tests | news.ycombinator.com | 2023-08-17
I love fuzzing as a technique and use it quite regularly, but running AFL++ on even a single program occupies all threads of a high end AMD server for weeks. I'm running it locally so only paying for the electricity. If it was a cloud instance it would cost a small fortune. I think this is a reason it is not used more widely.
I will note that Google have a programme for doing fuzz testing on open source projects using computer from their cloud: https://google.github.io/oss-fuzz/
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.Project mention: Open source alternative cloud security tool that works like Wiz/Lacework/Aqua | /r/cybersecurity | 2023-03-06
I'm a biased vendor, but for OSS I prefer Prowler... (has a commercial tier we technically compete with but the OSS is strong and I really like the people there). Tony, who runs Prowler, also maintains an amazing list of OSS tools in multiple categories. https://github.com/toniblyx/my-arsenal-of-aws-security-tools It's hard to keep up to date but I don't know of any other list that comes close.
A collection of android security related resourcesProject mention: android RE | /r/Malware | 2023-02-16
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and moreProject mention: Awesome Hacker Search Engines | /r/tech | 2023-04-11
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2Project mention: Selfhosted VPN advice for Homelab Access | /r/homelab | 2023-07-10
IPSEC-L2TP is built into everything. No clients required on Windows, Mac, Android, iOS, Linux, etc. Great Docker container for cutting through most of the difficulty here: https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
This is a multi-use bash script for Linux systems to audit wireless networks.Project mention: How to hack wifi | /r/darknet | 2023-06-22
https://github.com/v1s1t0r1sh3r3/airgeddon "I'll just leave this here ;)"
📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
To fix the Docker and UFW security flaw without disabling iptablesProject mention: How to close Docker ports | /r/selfhosted | 2023-10-05
I use this without problems for Long time, https://github.com/chaifeng/ufw-docker
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)Project mention: Help | /r/oneplus | 2023-05-09
The official repo for Blokada apps.Project mention: Official Minecraft wiki editors so furious at Fandom's 'degraded' functionality and popups they're overwhelmingly voting to leave the site | /r/Games | 2023-07-11
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11
I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?
Let's make an annoyance free, better open internet, altogether!Project mention: Remove Energized blocklists | /r/ahadns | 2023-01-07
EMBA - The firmware security analyzerProject mention: New EMBA firmware analyzer release - EMBA v1.2.3 - R.I.P. Binwalk | /r/netsec | 2023-05-11
Create On Demand Disposable OpenVPN Endpoints on AWS.
Security automation content in SCAP, Bash, Ansible, and other formats (by ComplianceAsCode)Project mention: Oracle linux CIS benchmark | /r/ansible | 2023-06-07
Educational, CTF-styled labs for individuals interested in Memory ForensicsProject mention: Platform for training digital forensics | /r/digitalforensics | 2023-04-21
✔️ WireGuard-Manager is an innovative tool designed to streamline the deployment and management of WireGuard VPNs. Emphasizing user-friendliness and security, it simplifies the complexities of VPN configuration, offering a robust yet accessible solution for both personal and professional use.Project mention: Only work with google | /r/WireGuard | 2023-04-04
In the end i succeed using this script: https://github.com/complexorganizations/wireguard-manager
Improve your security and privacy by blocking ads, tracking and malware domains.Project mention: This is a new kind of scammer | /r/india | 2023-06-03
I'm talking something like hblock (https://hblock.molinero.dev/) which is for host blocking malceous+ other websites. Imagine blocking every single address manually. To get a picture how impossible it be here is the sample hosts file (https://hblock.molinero.dev/hosts) just do line count and you will understand.
Supply-chain Levels for Software ArtifactsProject mention: Dogbolt Decompiler Explorer | news.ycombinator.com | 2023-12-04
Short answer: not where it counts.
My work focuses on recognizing known functions in obfuscated binaries, but there are some papers you might want to check out related to deobfuscation, if not necessarily using ML for deobfuscation or decompilation.
My take is that ML can soundly defeat the "easy" and more static obfuscation types (encodings, control flow flattening, splitting functions). It's low hanging fruit, and it's what I worked on most, but adoption is slow. On the other hand, "hard" obfuscations like virtualized functions or programs which embed JIT compilers to obfuscate at runtime... as far as I know, those are still unsolved problems.
This is a good overview of the subject, but pretty old and doesn't cover "hard" obfuscations: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1566145.
https://www.jinyier.me/papers/DATE19_Obf.pdf uses deobfuscation for RTL logic (FGPA/ASIC domain) with SAT solvers. Might be useful for a point of view from a fairly different domain.
https://advising.cs.arizona.edu/~debray/Publications/generic... uses "semantics-preserving transformations" to shed obfuscation. I think this approach is the way to go, especially when combined with dynamic/symbolic analysis to mitigate virt/jit types of transformations.
I'll mention this one as a cautionary tale: https://dl.acm.org/doi/pdf/10.1145/2886012 has some good general info but glosses over the machine learning approach. It considers Hex-rays' FLIRT to be "machine learning", but FLIRT just hashes signatures, can be spoofed (i.e. https://siliconpr0n.org/uv/issues_with_flirt_aware_malware.p...), and is useless against obfuscation.
Eventually I think SBOM tools like Black Duck and SLSA will incorporate ML to improve the accuracy of even figuring out what dependencies a piece of software actually has.
grep rough audit - source code auditing tool
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Shell Security related posts
2 projects | /r/degoogle | 3 Dec 2023
Vanadium version 119.0.6045.163.2 released
1 project | /r/GrapheneOS | 25 Nov 2023
Vanadium version 119.0.6045.134.0 released
1 project | /r/GrapheneOS | 12 Nov 2023
Vanadium version 119.0.6045.53.0 released
1 project | /r/GrapheneOS | 30 Oct 2023
Vanadium version 119.0.6045.53.1 released
1 project | /r/GrapheneOS | 29 Oct 2023
Vanadium version 118.0.5993.65.0 released
1 project | /r/CopperheadOS | 12 Oct 2023
Vanadium version 118.0.5993.65.0 released
1 project | /r/GrapheneOS | 12 Oct 2023
A note from our sponsor - InfluxDB
www.influxdata.com | 6 Dec 2023
What are some of the best open-source Security projects in Shell? This list will help you: