Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge. Learn more →
Top 23 Shell Security Projects
-
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Project mention: How do i find and remove the compilers installed in fedora? | /r/Fedora | 2023-07-10 -
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
I'd recommend using the Yubikey as a GPG smartcard[1]. The private key stays on the Yubikey. I also use it for ssh. But make sure you have a backup key or two, just in case the primary Yubikey gives out. FIDO2 and all other regular Yubikey functionality still works with it.
-
Project mention: Fuzz Testing Is the Best Thing to Happen to Our Application Tests | news.ycombinator.com | 2023-08-17
I love fuzzing as a technique and use it quite regularly, but running AFL++ on even a single program occupies all threads of a high end AMD server for weeks. I'm running it locally so only paying for the electricity. If it was a cloud instance it would cost a small fortune. I think this is a reason it is not used more widely.
I will note that Google have a programme for doing fuzz testing on open source projects using computer from their cloud: https://google.github.io/oss-fuzz/
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Project mention: Open source alternative cloud security tool that works like Wiz/Lacework/Aqua | /r/cybersecurity | 2023-03-06I'm a biased vendor, but for OSS I prefer Prowler... (has a commercial tier we technically compete with but the OSS is strong and I really like the people there). Tony, who runs Prowler, also maintains an amazing list of OSS tools in multiple categories. https://github.com/toniblyx/my-arsenal-of-aws-security-tools It's hard to keep up to date but I don't know of any other list that comes close.
-
-
awesome-hacker-search-engines
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
docker-ipsec-vpn-server
Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
IPSEC-L2TP is built into everything. No clients required on Windows, Mac, Android, iOS, Linux, etc. Great Docker container for cutting through most of the difficulty here: https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
-
https://github.com/v1s1t0r1sh3r3/airgeddon "I'll just leave this here ;)"
-
wireguard-docs
📖 Unofficial WireGuard Documentation: Setup, Usage, Configuration, and full example setups for VPNs supporting both servers & roaming clients.
-
I use this without problems for Long time, https://github.com/chaifeng/ufw-docker
-
Android-PIN-Bruteforce
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
-
Project mention: Official Minecraft wiki editors so furious at Fandom's 'degraded' functionality and popups they're overwhelmingly voting to leave the site | /r/Games | 2023-07-11
-
securityonion
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
Project mention: Security Onion on Proxmox with Linux Bridges and LACP Bond | /r/homelab | 2023-06-11I'm trying to get Security Onion running in my lab on my Proxmox server. I'm having trouble getting my WAN traffic to my SO VM. My WAN comes in on VLAN 100 to my switch and goes to my router (Virtual VyOS on the same physical host). I have a ton of VMs and really don't want to move to OVS if I don't absolutely have to. I found this discussion which included some commands for getting SO working on a Linux bridge, but this didn't work for me. Probably because my environment is different. Does anybody have SO setup this way? If so, how did you do it?
-
-
Project mention: New EMBA firmware analyzer release - EMBA v1.2.3 - R.I.P. Binwalk | /r/netsec | 2023-05-11
-
-
-
-
wireguard-manager
✔️ WireGuard-Manager is an innovative tool designed to streamline the deployment and management of WireGuard VPNs. Emphasizing user-friendliness and security, it simplifies the complexities of VPN configuration, offering a robust yet accessible solution for both personal and professional use.
In the end i succeed using this script: https://github.com/complexorganizations/wireguard-manager
-
I'm talking something like hblock (https://hblock.molinero.dev/) which is for host blocking malceous+ other websites. Imagine blocking every single address manually. To get a picture how impossible it be here is the sample hosts file (https://hblock.molinero.dev/hosts) just do line count and you will understand.
-
Short answer: not where it counts.
My work focuses on recognizing known functions in obfuscated binaries, but there are some papers you might want to check out related to deobfuscation, if not necessarily using ML for deobfuscation or decompilation.
My take is that ML can soundly defeat the "easy" and more static obfuscation types (encodings, control flow flattening, splitting functions). It's low hanging fruit, and it's what I worked on most, but adoption is slow. On the other hand, "hard" obfuscations like virtualized functions or programs which embed JIT compilers to obfuscate at runtime... as far as I know, those are still unsolved problems.
This is a good overview of the subject, but pretty old and doesn't cover "hard" obfuscations: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1566145.
https://www.jinyier.me/papers/DATE19_Obf.pdf uses deobfuscation for RTL logic (FGPA/ASIC domain) with SAT solvers. Might be useful for a point of view from a fairly different domain.
https://advising.cs.arizona.edu/~debray/Publications/generic... uses "semantics-preserving transformations" to shed obfuscation. I think this approach is the way to go, especially when combined with dynamic/symbolic analysis to mitigate virt/jit types of transformations.
I'll mention this one as a cautionary tale: https://dl.acm.org/doi/pdf/10.1145/2886012 has some good general info but glosses over the machine learning approach. It considers Hex-rays' FLIRT to be "machine learning", but FLIRT just hashes signatures, can be spoofed (i.e. https://siliconpr0n.org/uv/issues_with_flirt_aware_malware.p...), and is useless against obfuscation.
Eventually I think SBOM tools like Black Duck[1] and SLSA[2] will incorporate ML to improve the accuracy of even figuring out what dependencies a piece of software actually has.
[1]: https://www.synopsys.com/software-integrity/software-composi...
[2]: https://slsa.dev/
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Shell Security related posts
- UnGoogled Chromium
- Vanadium version 119.0.6045.163.2 released
- Vanadium version 119.0.6045.134.0 released
- Vanadium version 119.0.6045.53.0 released
- Vanadium version 119.0.6045.53.1 released
- Vanadium version 118.0.5993.65.0 released
- Vanadium version 118.0.5993.65.0 released
-
A note from our sponsor - InfluxDB
www.influxdata.com | 6 Dec 2023
Index
What are some of the best open-source Security projects in Shell? This list will help you:
Project | Stars | |
---|---|---|
1 | setup-ipsec-vpn | 23,128 |
2 | lynis | 11,426 |
3 | YubiKey-Guide | 10,228 |
4 | oss-fuzz | 9,203 |
5 | my-arsenal-of-aws-security-tools | 8,479 |
6 | android-security-awesome | 7,338 |
7 | awesome-hacker-search-engines | 6,157 |
8 | docker-ipsec-vpn-server | 5,835 |
9 | airgeddon | 5,606 |
10 | wireguard-docs | 4,212 |
11 | ufw-docker | 3,419 |
12 | Android-PIN-Bruteforce | 3,387 |
13 | blokada | 2,967 |
14 | securityonion | 2,486 |
15 | block | 2,433 |
16 | EMBA | 2,144 |
17 | autoVPN | 2,011 |
18 | content | 1,958 |
19 | MemLabs | 1,481 |
20 | wireguard-manager | 1,410 |
21 | hblock | 1,377 |
22 | slsa | 1,325 |
23 | graudit | 1,302 |