Security

Open-source projects categorized as Security | Edit details

Top 23 Security Open-Source Projects

  • GitHub repo the-book-of-secret-knowledge

    A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

    Project mention: The Book Of Secret Knowledge | reddit.com/r/programming | 2021-07-16
  • GitHub repo Awesome-Hacking

    A collection of various awesome lists for hackers, pentesters and security researchers

    Project mention: RN to programmer | reddit.com/r/learnprogramming | 2021-07-01

    Bookmark this: https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md

  • Activeloop.ai

    Optimize your datasets for ML. Goodbye, boilerplate code - the fastest dataset optimization and management tool for computer vision.

  • GitHub repo x64dbg

    An open-source x64/x32 debugger for windows.

    Project mention: Scripting with .exes - Can it be done with any and how to figure out syntax? | reddit.com/r/commandline | 2021-10-08

    It looks like Matt is using x64dbg.

  • GitHub repo Caddy

    Fast, multi-platform web server with automatic HTTPS

    Project mention: Nim Version 1.6 Released | news.ycombinator.com | 2021-10-19

    How to run those benchmarks?

    At that Nim release page:

    https://nim-lang.org/blog/2021/10/19/version-160-released.ht...

    Is link to this benchmark:

    https://web-frameworks-benchmark.netlify.app/result

    Where nim is 2nd with 200k req/s, but it is using httpbeast:

    https://github.com/dom96/httpbeast

    That says it would be more useful to use jester:

    https://github.com/dom96/jester

    Jester has 150k req/s.

    But, when looking at these:

    https://www.techempower.com/benchmarks/

    dragon, actix etc has about 600k req/s .

    Also redbean has about 600k req/s, when I tested:

    https://redbean.dev/

    I tested like this:

    git clone https://github.com/wg/wrk.git

    cd wrk

    ./wrk -H 'Accept-Encoding: gzip' -t 12 -c 120 http://127.0.0.1:8080/

    When I tested https://caddyserver.com v2, it did show about 800k req/s.

    It would be very helpful to know how those benchmarks are actually done, so that I could compare what is actually fastest in real world, and not just use some for benchmark tested winning non-realistic code.

  • GitHub repo PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: Anyone try 327ing the Texas Hotline? | reddit.com/r/xkcd | 2021-09-03
  • GitHub repo Metasploit

    Metasploit Framework

    Project mention: Configure the Metasploit SSH client to support `aes256-cbc` | reddit.com/r/AskNetsec | 2021-10-13

    Looking at a similar question and following this [link](https://github.com/rapid7/metasploit-framework/blob/b3c7fff32a62739241a223515574674b4a6b483c/lib/net/ssh/transport/algorithms.rb) I can see that one of the protocols (`aes256-cbc`) offered by the server, should be supported by the Metasploit SSH client. However, it doesn't offer it. Is there any setting I can change in Metasploit to make it offer `aes256-cbc` to the vulnerable SSH server?

  • GitHub repo cs-video-courses

    List of Computer Science courses with video lectures.

    Project mention: Learning path for Data Structures and Algorithms? | reddit.com/r/AskComputerScience | 2021-08-21

    Here's a list of CS Video Courses you could look at. Here's the section on Data Structures/Algorithms

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: Pearson Education blocking Linux is just awful | reddit.com/r/linux | 2021-10-15

    Yeah you can spoof any part of a request, I recommend mitmproxy for full control.

  • GitHub repo algo

    Set up a personal VPN in the cloud

    Project mention: Will paid VPN solve my problem? | reddit.com/r/VPN | 2021-10-18

    Not a regular paid VPN, but a self-hosted VPN. Look at algo.

  • GitHub repo SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    SQLmap - Automatic SQL injection and database takeover tool.

  • GitHub repo hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: Study reveals Android phones constantly snoop on their users (CalyxOS not mentioned) | reddit.com/r/CalyxOS | 2021-10-13

    A popular app for VPN-based blocking is AdAway (F-Droid). Additional lists can be found on filterlists.com. A good one is StevenBlack's hostlist. Be mindful about overblocking, as too many lists can hinder your system from working correctly.

  • GitHub repo CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Sodiumoxide has been deprecated | reddit.com/r/rust | 2021-10-16

    The crates from the RustCrypto organization are great, but unlike sodium they don't try to prevent you from making mistakes. I'm not aware of an alternative for that purpose, but OWASP has cheatsheets for various security topics, which even include occasional references to specific crates/functions.

  • GitHub repo macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: Privacy tips for my first Apple device, MacBook Pro | reddit.com/r/thehatedone | 2021-07-06
  • GitHub repo OSQuery

    SQL powered operating system instrumentation, monitoring, and analytics.

    Project mention: osquery 5 released. Some great new features. | reddit.com/r/blueteamsec | 2021-09-14
  • GitHub repo setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: I know LTT only takes sponsor from ethical brands and I felt we should point this out to the team | reddit.com/r/LinusTechTips | 2021-10-09

    Well… provision a free VM from Oracle Cloud. It’s gonna be in of their data centers, for me it’s in Frankfurt. Then install a VPN server on it and start using it. In my case I used the scripts from this repo. You can also install OpenVPN but it needs paid license or something.

  • GitHub repo radare2

    UNIX-like reverse engineering framework and command-line toolset

    Project mention: rabin2 for scraping ELF to JSON | reddit.com/r/ELFLinking | 2021-10-16
  • GitHub repo openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: What are the benefits to using the ERC721Enumerable interface? | reddit.com/r/ethdev | 2021-10-20

    See the PR to remove it from OpenZeppelin Contracts ERC721 https://github.com/OpenZeppelin/openzeppelin-contracts/pull/2511

  • GitHub repo How-To-Secure-A-Linux-Server

    An evolving how-to guide for securing a Linux server.

    Project mention: How to not get hacked | reddit.com/r/django | 2021-10-09

    I saw a nice comment on moving /admin good choice but also set up a honeypot on /admin. Here is a good guide on GitHub for Linux server hardening

  • GitHub repo Tink

    Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

    Project mention: Selenite: A Post-Quantum Cryptography Library For Digital Certificates Written In Rust | reddit.com/r/crypto | 2021-10-09

    Google has also started to add post-quantum algorithms to their Tink library. https://github.com/google/tink

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: Simplest way to handle authentication WITHOUT a third party? Please any advice really helps | reddit.com/r/reactjs | 2021-07-27

    Check this OpenSource OAuth server: https://github.com/ory/hydra

  • GitHub repo Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Creating Production-Ready Containers - The Basics | dev.to | 2021-06-03

    There are many ways to slim a container, from basic security to fully automated open-source tools like DockerSlim. Full disclosure: I work for Slim.AI, a company founded on the DockerSlim open source project. Let's look at some of the common ways developers create production-ready container images today.

  • GitHub repo authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: Working Authentik and Nginx proxy authentication for domain | reddit.com/r/selfhosted | 2021-10-19

    Afraid I can't speak for Authentik as I've not used it, but as an alternative option have you tried Authelia? The configuration options are pretty robust, I've been using it for a while and very happy with the results.

  • GitHub repo bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

    Project mention: Awesome Penetration Testing | dev.to | 2021-10-06

    BetterCAP - Modular, portable and easily extensible MITM framework.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-10-20.

Index

What are some of the best open-source Security projects? This list will help you:

Project Stars
1 the-book-of-secret-knowledge 50,434
2 Awesome-Hacking 47,335
3 x64dbg 37,525
4 Caddy 34,888
5 PayloadsAllTheThings 30,833
6 Metasploit 25,317
7 cs-video-courses 25,094
8 mitmproxy 24,950
9 algo 23,539
10 SQLMap 21,386
11 hosts 18,932
12 CheatSheetSeries 18,565
13 macOS-Security-and-Privacy-Guide 18,479
14 OSQuery 18,345
15 setup-ipsec-vpn 16,562
16 radare2 15,078
17 openzeppelin-contracts 12,851
18 How-To-Secure-A-Linux-Server 11,758
19 Tink 11,654
20 hydra 11,626
21 Lean and Mean Docker containers 10,765
22 authelia 10,489
23 bettercap 10,465
Find remote jobs at our new job board 99remotejobs.com. There are 36 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.