Top 23 Security Open-Source Projects
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.Project mention: The Book Of Secret Knowledge | reddit.com/r/programming | 2021-07-16
A collection of various awesome lists for hackers, pentesters and security researchersProject mention: RN to programmer | reddit.com/r/learnprogramming | 2021-07-01
Bookmark this: https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md
Optimize your datasets for ML. Goodbye, boilerplate code - the fastest dataset optimization and management tool for computer vision.
An open-source x64/x32 debugger for windows.Project mention: Scripting with .exes - Can it be done with any and how to figure out syntax? | reddit.com/r/commandline | 2021-10-08
It looks like Matt is using x64dbg.
Fast, multi-platform web server with automatic HTTPSProject mention: Nim Version 1.6 Released | news.ycombinator.com | 2021-10-19
How to run those benchmarks?
At that Nim release page:
Is link to this benchmark:
Where nim is 2nd with 200k req/s, but it is using httpbeast:
That says it would be more useful to use jester:
Jester has 150k req/s.
But, when looking at these:
dragon, actix etc has about 600k req/s .
Also redbean has about 600k req/s, when I tested:
I tested like this:
git clone https://github.com/wg/wrk.git
./wrk -H 'Accept-Encoding: gzip' -t 12 -c 120 http://127.0.0.1:8080/
When I tested https://caddyserver.com v2, it did show about 800k req/s.
It would be very helpful to know how those benchmarks are actually done, so that I could compare what is actually fastest in real world, and not just use some for benchmark tested winning non-realistic code.
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: Anyone try 327ing the Texas Hotline? | reddit.com/r/xkcd | 2021-09-03
Metasploit FrameworkProject mention: Configure the Metasploit SSH client to support `aes256-cbc` | reddit.com/r/AskNetsec | 2021-10-13
Looking at a similar question and following this [link](https://github.com/rapid7/metasploit-framework/blob/b3c7fff32a62739241a223515574674b4a6b483c/lib/net/ssh/transport/algorithms.rb) I can see that one of the protocols (`aes256-cbc`) offered by the server, should be supported by the Metasploit SSH client. However, it doesn't offer it. Is there any setting I can change in Metasploit to make it offer `aes256-cbc` to the vulnerable SSH server?
List of Computer Science courses with video lectures.Project mention: Learning path for Data Structures and Algorithms? | reddit.com/r/AskComputerScience | 2021-08-21
Here's a list of CS Video Courses you could look at. Here's the section on Data Structures/Algorithms
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.Project mention: Pearson Education blocking Linux is just awful | reddit.com/r/linux | 2021-10-15
Yeah you can spoof any part of a request, I recommend mitmproxy for full control.
Set up a personal VPN in the cloudProject mention: Will paid VPN solve my problem? | reddit.com/r/VPN | 2021-10-18
Not a regular paid VPN, but a self-hosted VPN. Look at algo.
Automatic SQL injection and database takeover toolProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
SQLmap - Automatic SQL injection and database takeover tool.
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.Project mention: Study reveals Android phones constantly snoop on their users (CalyxOS not mentioned) | reddit.com/r/CalyxOS | 2021-10-13
A popular app for VPN-based blocking is AdAway (F-Droid). Additional lists can be found on filterlists.com. A good one is StevenBlack's hostlist. Be mindful about overblocking, as too many lists can hinder your system from working correctly.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: Sodiumoxide has been deprecated | reddit.com/r/rust | 2021-10-16
The crates from the RustCrypto organization are great, but unlike sodium they don't try to prevent you from making mistakes. I'm not aware of an alternative for that purpose, but OWASP has cheatsheets for various security topics, which even include occasional references to specific crates/functions.
Guide to securing and improving privacy on macOSProject mention: Privacy tips for my first Apple device, MacBook Pro | reddit.com/r/thehatedone | 2021-07-06
SQL powered operating system instrumentation, monitoring, and analytics.Project mention: osquery 5 released. Some great new features. | reddit.com/r/blueteamsec | 2021-09-14
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2Project mention: I know LTT only takes sponsor from ethical brands and I felt we should point this out to the team | reddit.com/r/LinusTechTips | 2021-10-09
Well… provision a free VM from Oracle Cloud. It’s gonna be in of their data centers, for me it’s in Frankfurt. Then install a VPN server on it and start using it. In my case I used the scripts from this repo. You can also install OpenVPN but it needs paid license or something.
UNIX-like reverse engineering framework and command-line toolsetProject mention: rabin2 for scraping ELF to JSON | reddit.com/r/ELFLinking | 2021-10-16
OpenZeppelin Contracts is a library for secure smart contract development.Project mention: What are the benefits to using the ERC721Enumerable interface? | reddit.com/r/ethdev | 2021-10-20
See the PR to remove it from OpenZeppelin Contracts ERC721 https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2511
An evolving how-to guide for securing a Linux server.Project mention: How to not get hacked | reddit.com/r/django | 2021-10-09
I saw a nice comment on moving /admin good choice but also set up a honeypot on /admin. Here is a good guide on GitHub for Linux server hardening
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.Project mention: Selenite: A Post-Quantum Cryptography Library For Digital Certificates Written In Rust | reddit.com/r/crypto | 2021-10-09
Google has also started to add post-quantum algorithms to their Tink library. https://github.com/google/tink
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.Project mention: Simplest way to handle authentication WITHOUT a third party? Please any advice really helps | reddit.com/r/reactjs | 2021-07-27
Check this OpenSource OAuth server: https://github.com/ory/hydra
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)Project mention: Creating Production-Ready Containers - The Basics | dev.to | 2021-06-03
There are many ways to slim a container, from basic security to fully automated open-source tools like DockerSlim. Full disclosure: I work for Slim.AI, a company founded on the DockerSlim open source project. Let's look at some of the common ways developers create production-ready container images today.
The Single Sign-On Multi-Factor portal for web appsProject mention: Working Authentik and Nginx proxy authentication for domain | reddit.com/r/selfhosted | 2021-10-19
Afraid I can't speak for Authentik as I've not used it, but as an alternative option have you tried Authelia? The configuration options are pretty robust, I've been using it for a while and very happy with the results.
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.Project mention: Awesome Penetration Testing | dev.to | 2021-10-06
BetterCAP - Modular, portable and easily extensible MITM framework.
What are some of the best open-source Security projects? This list will help you:
|21||Lean and Mean Docker containers||10,765|
Are you hiring? Post a new remote job listing for free.