Open-source projects categorized as Security

Top 23 Security Open-Source Projects

  • GitHub repo the-book-of-secret-knowledge

    A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

    Project mention: Collection of manuals, cheatsheets,blogs,one-liners,CLI/web tools | news.ycombinator.com | 2021-02-19
  • GitHub repo Caddy

    Fast, multi-platform web server with automatic HTTPS

    Project mention: How can we automate NGINX Certificates everytime it expires? | reddit.com/r/selfhosted | 2021-02-27

    I recommend using Caddy, which has automated certificate management built-in. https://caddyserver.com/

  • Scout

    Get performance insights in less than 4 minutes. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo Metasploit

    Metasploit Framework

    Project mention: wp_admin_shell_upload | reddit.com/r/HowToHack | 2021-02-14
  • GitHub repo PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: Resources to get you started in Cybersecurity (for free). | dev.to | 2021-02-22
  • GitHub repo mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: What's the best book or other resource on webAPI pentesting? | reddit.com/r/Pentesting | 2021-02-23

    API testing has some interesting overlap with mobile pentesting too. You can proxy your phone with a tool like MITMProxy and look at the HTTP Method Requests going to the server from your device. If you're handy with Python MITMproxy has some extensibility capabilities and you could even get it to behave like a janky Burpsuite clone. If i'm not mistaken, projects like McBroken which find broken McDonalds Ice Cream Machines were only possible because Mobile application actions were sniffed and mapped to create the appropriate responses and aggregate the data necessary.

  • GitHub repo cs-video-courses

    List of Computer Science courses with video lectures.

    Project mention: I built a collaborative list of resources for developers | reddit.com/r/learnprogramming | 2021-02-04

    Cs Video Courses: Developer-Y/cs-video-courses: List of Computer Science courses with video lectures. (github.com)

  • GitHub repo algo

    Set up a personal VPN in the cloud

    Project mention: VPN setup? | reddit.com/r/Ubiquiti | 2021-02-17

    If you haven’t already looked into what to use on the other side to terminate the VPN in AWS (or wherever) I highly recommend AlgoVPN for both the ease of provisioning and deployment and the “pretty darn hard to deploy it insecurely” factor. It supports only IKEv2 and WireGuard very deliberately

  • GitHub repo SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Iam building a form with a database and try to validate and make it secure. But how can I test it/hack my own form? | reddit.com/r/PHPhelp | 2021-02-10

    sqlmap can be used to test for SQL injections.

  • GitHub repo macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: Spy pixels in emails 'have become endemic' | news.ycombinator.com | 2021-02-16

    macOS Mail.app -> Preferences -> Viewing -> Uncheck "Load remote content in messages"

    Privacy defaults come down to usability vs. privacy; Apple making this so easy to toggle is fine by me as I care about privacy and tracking.

    Now, it would be great if every macOS application walked you through privacy settings right after installation in the same way that I am offered a tour of the new features. Since there is no such "privacy tour", the community has discussed ways in which macOS can be hardened [1], [2].

    1. https://github.com/drduh/macOS-Security-and-Privacy-Guide

    2. https://news.ycombinator.com/item?id=18099835

  • GitHub repo OSQuery

    SQL powered operating system instrumentation, monitoring, and analytics.

    Project mention: Antivirus solutions? | reddit.com/r/gsuite | 2021-02-03
  • GitHub repo hosts

    Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

    Project mention: Question for Christian Women about How You'd React to a Confession | reddit.com/r/christiandatingadvice | 2021-03-02

    You can install a filter on your router or phone to help block such content from reaching you (e.g. Steven Black's Hostfile), but ultimately it is a heart issue. I'm sure you've heard of the verses about looking with lust is the same as committing adultery (Matthew 5:28). It would be lame to have to tell your future spouse that you love her, but not enough to stop getting thrills from hired sex slaves over cams. That is a real turn off.

  • GitHub repo CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: OWASP Cheat Sheet Series | reddit.com/r/patient_hackernews | 2021-02-15
  • GitHub repo setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: Sinceramente,¿que tan cierto es esto? Y ¿de plano hay que eliminar whatsapp? | reddit.com/r/mexico | 2021-01-16

    Si no crees que esto es seguro, entonces montante un servidor VPN IPSec con https://github.com/hwdsl2/setup-ipsec-vpn, conectado en tu teléfono y en el servidor usando la terminal instala un monitor de trafico para que veas como viaja tu contenido que entra y sale, si envías un mensaje por WhatsApp veras que los bloques están cifrados con símbolos y texto aleatorio.

  • GitHub repo How-To-Secure-A-Linux-Server

    An evolving how-to guide for securing a Linux server.

    Project mention: How to actually start selfhosting? | reddit.com/r/selfhosted | 2021-02-12

    - Secure your server

  • GitHub repo Tink

    Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

    Project mention: Building a Secure Signed JWT | reddit.com/r/programming | 2021-01-15

    appears to be focused on cryptography and not token signing. Maybe more of a complement? I did see a section about digital signing: https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#digital-signatures and don't see any reason you couldn't integrate tink to sign JWTs.

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: Ory Hydra 1.9: Open-source Golang OAuth2 provider | reddit.com/r/patient_hackernews | 2021-01-13
  • GitHub repo KeeWeb

    Free cross-platform password manager compatible with KeePass

    Project mention: KeeWeb? | reddit.com/r/KeePass | 2021-03-02

    In terms of safety, I would pose such questions to the developer: GitHub or About the dev website. There's also this: Hackmanit penetration test.

  • GitHub repo Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Minimal base images roundup | reddit.com/r/kubernetes | 2021-02-21

    Yeah in the end distroless is likely always going to be the smallest image, as it really cuts out everything that's not necessary to run your app. You might experiment with taking a debian-slim or minideb image and running it through docker-slim to see if it gets closer to the distroless output: https://github.com/docker-slim/docker-slim

  • GitHub repo labs

    This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

    Project mention: Hardening Docker and Kubernetes with seccomp | dev.to | 2021-01-15

    These JSON profiles can use quite a few options and can become very complex, so the one above is really trimmed it down to bare minimum. To see how real profile would look like you can check out Dockers profile here.

  • GitHub repo wifiphisher

    The Rogue Access Point Framework

    Project mention: Create a Wi-Fi hotspot for data interception | reddit.com/r/Hacking_Tutorials | 2021-02-10

    You could do almost the same thing with this https://github.com/wifiphisher/wifiphisher, it's a great tool to clone a wifi asking you the password while disauth the original hostpot.

  • GitHub repo openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: Help auditing a simple ERC20 "Project Hydro" scam coin | reddit.com/r/ethdev | 2021-02-28

    On the one hand, it is common for an ERC20 to implement a burn operation. The burn is typical in certain DeFi tokens that essentially commit a stock buy back. The problem with this implementation, is onlyOwner and contracts that pass the whitelisting modifier can burn from anyone's address. This is pretty bad. Standard practice seems to be burning only from the caller address. A good example is OpenZeppelin's Burnable implementation here: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/ERC20Burnable.sol#L34-L39.

  • GitHub repo Gravitational Teleport

    Unified access for SSH servers, Kubernetes, web applications, and databases written in Go

    Project mention: Ask HN: Who is hiring? (March 2021) | news.ycombinator.com | 2021-03-01
  • GitHub repo routersploit

    Exploitation Framework for Embedded Devices

    Project mention: [Discussion] Anyone managed to get RouterSploit working on iOS? Or know something that works? | reddit.com/r/jailbreak | 2021-01-04
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-03-02.


What are some of the best open-source Security projects? This list will help you:

Project Stars
1 the-book-of-secret-knowledge 37,205
2 Caddy 32,054
3 Metasploit 23,208
4 PayloadsAllTheThings 22,348
5 mitmproxy 21,638
6 cs-video-courses 20,272
7 algo 20,189
8 SQLMap 19,427
9 macOS-Security-and-Privacy-Guide 17,764
10 OSQuery 17,661
11 hosts 17,320
12 CheatSheetSeries 15,441
13 setup-ipsec-vpn 15,224
14 How-To-Secure-A-Linux-Server 11,094
15 Tink 11,076
16 hydra 10,327
17 KeeWeb 9,756
18 Lean and Mean Docker containers 9,725
19 labs 9,672
20 wifiphisher 9,602
21 openzeppelin-contracts 9,299
22 Gravitational Teleport 9,081
23 routersploit 9,053