Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev. Learn more →
Top 23 Cybersecurity Open-Source Projects
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.Project mention: [Tutorial] How to manually change FOV (SoC, CS, & CoP) | /r/stalker | 2023-08-06
Download a hex editor such as ImHex and open it. I'd recommend downloading the portable version of whatever hex editor you are using if it's offered. That way you don't have to install the program and can instantly delete it off your drive when you're done.
This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), artificial intelligence, vulnerability research, exploit development, reverse engineering, and more.
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2023Project mention: run away from abusive muslim household | /r/exmuslim | 2023-05-26
There's this handy site for personal security
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.Project mention: piece of software to find /crawl information about yourself? | /r/opsec | 2023-04-10
I’d suggest Spiderfoot.
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.Project mention: Linux állásal kapcsolatos érdeklődés. | /r/programmingHungary | 2023-06-10
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.Project mention: New embedded and Rust hacking tutorials added - For anyone that missed my last post. Kevin Thomas is my mentor. We are both working together to bring free and low cost resources to those who are looking to learn and don't have money for expensive bootcamps/certs. Please enjoy his free tutorials! | /r/ReverseEngineering | 2023-10-27
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.Project mention: Risks of hosting a website out of my house | /r/HomeNetworking | 2023-11-06
Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.
Attack Surface Management PlatformProject mention: Surface management tools | /r/blueteamsec | 2023-02-21
For now the best tool I have found is this one: https://github.com/1N3/Sn1per
Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the networkProject mention: How to explore writing an app for ipfs with rust? | /r/ipfs | 2023-03-05
Not written in Rust, but may be Berty can give you some ideas?
A curated list of tools for incident response
🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. (by projectdiscovery)Project mention: 5 Awesome Go Projects To Know Before You Die | /r/golang | 2023-05-05
Ultimate DevSecOps libraryProject mention: Looking for Cloud Pentesting learning. | /r/AskNetsec | 2023-04-05
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️Project mention: Database of default usernames and passwords? | /r/hacking | 2023-02-10
Automated Adversary Emulation PlatformProject mention: SOC Malware/Detection lab | /r/cybersecurity | 2023-07-03
Also, for the attack emulation part you might be interested in CALDERA.
MISP (core software) - Open Source Threat Intelligence and Sharing PlatformProject mention: Free Tech Tools and Resources - Terraform for AWS, Cyberthreat Tool, Vim Training & More | /r/SysAdminBlogs | 2023-08-16
MISP is an open-source solution to streamline the acquisition, retention, distribution, and collaborative exchange of critical cybersecurity indicators and threats. Timely-Lychee-5204 considers it "a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise."
A collection of awesome security hardening guides, tools and other resourcesProject mention: rate my threat model i will be implementing and i need help and tips also | /r/privatelife | 2023-03-04
If you want to go extreme, I remember from many years ago, there used to be a publicly released document by Australia's cyber security agency, made largely for Windows, which used to list attack vectors on a complex scale. I used to follow their listed possible vectors to formulate threat models as a kid for my Windows computer. Back in the day they used to provide PDF, now its webpages (https://www.cyber.gov.au/acsc/view-all-content/advice/guidelines-system-hardening). This also exists (https://github.com/decalage2/awesome-security-hardening), a bit more wide coverage of OSes and practices.
GNU Radio – the Free and Open Software Radio EcosystemProject mention: Upsampling in Gnuradio is necessary? | /r/sdr | 2023-08-11
In gr-dtv transmitter examples for Gnuradio, I see some times people use a resampler block before the RF hardware sink. Say our sampling rate is ~9.14Msps which satisfies the Nyquist criterion because our samples are complex numbers.
Tools and Techniques for Red Team / Penetration TestingProject mention: Red Team / Pen Testing Tools and Techniques: A Collection of Resources | news.ycombinator.com | 2023-01-01
Open Source Vulnerability Management Platform (by infobyte)Project mention: Penetration Testing Report | /r/Pentesting | 2022-12-20
or you can also use our open source version: https://github.com/infobyte/faraday
Open Cyber Threat Intelligence PlatformProject mention: GitHub - OpenCTI-Platform/opencti: Open Cyber Threat Intelligence Platform | /r/SecOpsDaily | 2023-04-20
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...Project mention: Understanding Cloud Architectue | /r/cybersecurity | 2023-01-07
I recently bumped into https://github.com/jassics/security-study-plan which gives imho decent pointers if you are looking for a security related learning plan.
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Cybersecurity related posts
Alfred, an Advanced Osint Tool
1 project | news.ycombinator.com | 28 Nov 2023
Alfred, an Advanced Osint Tool
1 project | news.ycombinator.com | 26 Nov 2023
Cherrybomb: Audit, validate and test API specifications
1 project | news.ycombinator.com | 22 Nov 2023
Fr0gger/Awesome-GPT-Agents: A curated list of GPT agents for cybersecurity
1 project | news.ycombinator.com | 18 Nov 2023
What adversary emulation options are there nowadays to test SIEMs and IDSs?
1 project | /r/AskNetsec | 7 Nov 2023
Neoss: User-friendly and detailed socket statistics with a Terminal UI
1 project | /r/opensource | 24 Oct 2023
RecoverPy 2.1.3: A Linux tool to recover deleted or overwritten files
1 project | /r/opensource | 23 Oct 2023
A note from our sponsor - Onboard AI
getonboard.dev | 6 Dec 2023
What are some of the best open-source Cybersecurity projects? This list will help you: