Top 23 Cybersecurity Open-Source Projects

  • ImHex

    🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

    Project mention: [Tutorial] How to manually change FOV (SoC, CS, & CoP) | /r/stalker | 2023-08-06

    Download a hex editor such as ImHex and open it. I'd recommend downloading the portable version of whatever hex editor you are using if it's offered. That way you don't have to install the program and can instantly delete it off your drive when you're done.

  • h4cker

    This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), artificial intelligence, vulnerability research, exploit development, reverse engineering, and more.

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • personal-security-checklist

    🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2023

    Project mention: run away from abusive muslim household | /r/exmuslim | 2023-05-26

    There's this handy site for personal security

  • spiderfoot

    SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

    Project mention: piece of software to find /crawl information about yourself? | /r/opsec | 2023-04-10

    I’d suggest Spiderfoot.

  • vuls

    Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

  • test-your-sysadmin-skills

    A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.

    Project mention: Linux állásal kapcsolatos érdeklődés. | /r/programmingHungary | 2023-06-10
  • Reverse-Engineering-Tutorial

    A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

    Project mention: New embedded and Rust hacking tutorials added - For anyone that missed my last post. Kevin Thomas is my mentor. We are both working together to bring free and low cost resources to those who are looking to learn and don't have money for expensive bootcamps/certs. Please enjoy his free tutorials! | /r/ReverseEngineering | 2023-10-27
  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    Project mention: Risks of hosting a website out of my house | /r/HomeNetworking | 2023-11-06

    Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.

  • Sn1per

    Attack Surface Management Platform

    Project mention: Surface management tools | /r/blueteamsec | 2023-02-21

    For now the best tool I have found is this one:

  • berty

    Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network

    Project mention: How to explore writing an app for ipfs with rust? | /r/ipfs | 2023-03-05

    Not written in Rust, but may be Berty can give you some ideas?

  • awesome-incident-response

    A curated list of tools for incident response

  • pyWhat

    🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙‍♀️

  • httpx

    httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)

    Project mention: 5 Awesome Go Projects To Know Before You Die | /r/golang | 2023-05-05


  • DevSecOps

    Ultimate DevSecOps library

    Project mention: Looking for Cloud Pentesting learning. | /r/AskNetsec | 2023-04-05
  • DefaultCreds-cheat-sheet

    One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

    Project mention: Database of default usernames and passwords? | /r/hacking | 2023-02-10
  • caldera

    Automated Adversary Emulation Platform

    Project mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03

    Also, for the attack emulation part you might be interested in CALDERA.

  • MISP

    MISP (core software) - Open Source Threat Intelligence and Sharing Platform

    Project mention: Free Tech Tools and Resources - Terraform for AWS, Cyberthreat Tool, Vim Training & More | /r/SysAdminBlogs | 2023-08-16

    MISP is an open-source solution to streamline the acquisition, retention, distribution, and collaborative exchange of critical cybersecurity indicators and threats. Timely-Lychee-5204 considers it "a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise."

  • awesome-security-hardening

    A collection of awesome security hardening guides, tools and other resources

    Project mention: rate my threat model i will be implementing and i need help and tips also | /r/privatelife | 2023-03-04

    If you want to go extreme, I remember from many years ago, there used to be a publicly released document by Australia's cyber security agency, made largely for Windows, which used to list attack vectors on a complex scale. I used to follow their listed possible vectors to formulate threat models as a kid for my Windows computer. Back in the day they used to provide PDF, now its webpages ( This also exists (, a bit more wide coverage of OSes and practices.

  • gnuradio

    GNU Radio – the Free and Open Software Radio Ecosystem

    Project mention: Upsampling in Gnuradio is necessary? | /r/sdr | 2023-08-11

    In gr-dtv transmitter examples for Gnuradio, I see some times people use a resampler block before the RF hardware sink. Say our sampling rate is ~9.14Msps which satisfies the Nyquist criterion because our samples are complex numbers.

  • RedTeam-Tools

    Tools and Techniques for Red Team / Penetration Testing

    Project mention: Red Team / Pen Testing Tools and Techniques: A Collection of Resources | | 2023-01-01
  • faraday

    Open Source Vulnerability Management Platform (by infobyte)

    Project mention: Penetration Testing Report | /r/Pentesting | 2022-12-20

    or you can also use our open source version:

  • opencti

    Open Cyber Threat Intelligence Platform

    Project mention: GitHub - OpenCTI-Platform/opencti: Open Cyber Threat Intelligence Platform | /r/SecOpsDaily | 2023-04-20
  • security-study-plan

    Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

    Project mention: Understanding Cloud Architectue | /r/cybersecurity | 2023-01-07

    I recently bumped into which gives imho decent pointers if you are looking for a security related learning plan.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-11-06.

Cybersecurity related posts


What are some of the best open-source Cybersecurity projects? This list will help you:

Project Stars
1 ImHex 30,855
2 h4cker 15,249
3 personal-security-checklist 12,928
4 spiderfoot 10,746
5 vuls 10,397
6 test-your-sysadmin-skills 10,026
7 Reverse-Engineering-Tutorial 9,362
8 Wazuh 7,747
9 Sn1per 7,107
10 berty 7,060
11 awesome-incident-response 6,695
12 pyWhat 6,182
13 httpx 6,156
14 DevSecOps 4,996
15 DefaultCreds-cheat-sheet 4,902
16 caldera 4,830
17 MISP 4,764
18 awesome-security-hardening 4,672
19 gnuradio 4,586
20 RedTeam-Tools 4,393
21 faraday 4,304
22 opencti 4,138
23 security-study-plan 3,922
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives