Security

Top 23 Security Open-Source Projects

  1. the-book-of-secret-knowledge

    A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

    Project mention: The-Book-of-Secret-Knowledge | news.ycombinator.com | 2024-08-01
  2. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  3. Awesome-Hacking

    A collection of various awesome lists for hackers, pentesters and security researchers

  4. cs-video-courses

    List of Computer Science courses with video lectures.

  5. PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: PayloadsAllTheThings: Essential Payloads and Bypass for Web Security and CTFs | news.ycombinator.com | 2024-08-11
  6. Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    Project mention: Cloudflare is almost perfect | dev.to | 2025-01-16

    Sidecar containers: Google Cloud Run has a cool feature where you can run multiple containers next to each other. So for example, if you want to run Caddy or Traefik as a reverse proxy for your ingress container and then have both your web frontend container & backend api container co-located in the same service, you can do that & have everything be super low latency.

  7. x64dbg

    An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

    Project mention: Debugging bugs in x64dbg debugger. Step out to GUI | dev.to | 2024-11-19

    Several months have passed since the last part was posted. Maintainers of x64dbg have continued to improve its functionality. They also opened a task to update the development tools. So in this post, we will continue the analysis based on commit f518e50 code and, where possible, we'll compare it with the commit 9785d1a, which is accurate at the time of writing.

  8. mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: MitmProxy2Swagger: Automagically reverse-engineer REST APIs | news.ycombinator.com | 2025-01-02

    Isn't that the point of mitmproxy? https://github.com/mitmproxy/mitmproxy

  9. quivr

    Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.

    Project mention: Ask HN: Local RAG with private knowledge base | news.ycombinator.com | 2024-10-29
  10. Metasploit

    Metasploit Framework

    Project mention: Penetration Testing | Kali Linux | Metasploitable2 | Hands-on Cybersecurity Lab | dev.to | 2024-10-25

    The Metasploit exploit module that we will use to exploit this vulnerability is exploit/multi/samba/usermap_script. You can find the source code and comments for this module at: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/samba/usermap_script.rb

  11. SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Top Github repositories for 10+ programming languages | dev.to | 2024-07-16

    SQL MAP, learning SQL

  12. algo

    Set up a personal VPN in the cloud

    Project mention: Serverless VPN Self-hosted Be your own private on-demand VPN provider | news.ycombinator.com | 2024-12-06
  13. CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Preventing CSRF and XSS Attacks with JWT and Fingerprint Cookies in Express | dev.to | 2024-10-01

    JSON Web Token for Java Cheat Sheet

  14. nginxconfig.io

    ⚙️ NGINX config generator on steroids 💉

  15. hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: Show HN: A blocklist to remove spam and bad websites from search results | news.ycombinator.com | 2025-01-14

    You could get a step closer to that and integrate it into your DNS: https://github.com/StevenBlack/hosts

    The upside is that it would go beyond your browser to anything on your machine that makes a DNS request.

    > Another great function (not for this plugin) should be the option to "bundle" all search results from the same domain. Stuff them under one collapsible entry.

    That would be really cool. Just zip it up if you don't want to see that domain for that specific search.

  16. setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

  17. openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: OpenZeppelin Contracts: Secure Smart Contract Development Made Easy | news.ycombinator.com | 2024-09-29
  18. Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: Getting Started with Keycloak: Understanding the Basics | dev.to | 2025-01-09

    Keycloak GitHub Repository

  19. trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: Terraform Cookbook: Development Environment Recipe | dev.to | 2025-01-02

    Trivy: security scanner for IaC and dependencies

  20. web-check

    🕵️‍♂️ All-in-one OSINT tool for analysing any website

    Project mention: All-in-one OSINT tool for analysing any website | news.ycombinator.com | 2024-10-19
  21. API-Security-Checklist

    Checklist of the most important security countermeasures when designing, testing, and releasing your API

  22. authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: Authelia: The Single Sign-On Multi-Factor portal for web apps | news.ycombinator.com | 2024-07-11
  23. OSQuery

    SQL powered operating system instrumentation, monitoring, and analytics.

    Project mention: SQL powered operating system instrumentation, monitoring, and analytics | news.ycombinator.com | 2024-09-10
  24. keepassxc

    KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

    Project mention: Passkey marketing is lying to you (it's simple) | news.ycombinator.com | 2025-01-04

    Oof, I found a whole ton of anti-open-source-software quotes on the related Github issue https://github.com/keepassxreboot/keepassxc/issues/10406 :

    > When required, the authenticator must perform user verification (PIN, biometric, or some other unlock mechanism). If this is not possible, the authenticator should not handle the request.

    > [A passkey provider certification process] is currently being defined and is almost complete.

    > This implementation is not spec compliant and has the potential to be blocked by relying parties.

    > Then you should require its use when passkeys are enabled ... [You may be blocked because] you have a passkey provider that is known to not be spec compliant.

    > I suspect we'll see [biometrics] required by regulation in some geo-regions.

    > I see a lot of misinformation and incorrect guesses about the intentions of various parties in the recent threads. If it would be helpful, I'm willing to have a [private, non-public] call with interested parties to try and answer some of the questions that have been raised to ensure we have a common technical understanding of FIDO/WebAuthn.

    I felt reasonably positive about Passkeys while writing this blog post, but continuing to read the spec authors' insistence that only Big Tech may handle these problems is extremely worrying. I really want to like this feature, but the authors are acting like complete jerks and driving me away.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Security discussion

Log in or Post with

Security related posts

  • Who Needs Roles Anymore? Introducing OpenFGA, the Future of SaaS

    1 project | dev.to | 14 Jan 2025
  • Ask HN: How to keep Chinese crawlers from taking down my site?

    1 project | news.ycombinator.com | 11 Jan 2025
  • Double-Keyed Caching: How Browser Cache Partitioning Changed the Web

    1 project | news.ycombinator.com | 10 Jan 2025
  • Getting Started with Keycloak: Understanding the Basics

    1 project | dev.to | 9 Jan 2025
  • Show HN: Kate's App

    1 project | news.ycombinator.com | 9 Jan 2025
  • 10 Docker Security Best Practices

    6 projects | dev.to | 8 Jan 2025
  • Zizmor – static analysis for GitHub Actions

    1 project | news.ycombinator.com | 8 Jan 2025
  • A note from our sponsor - SaaSHub
    www.saashub.com | 17 Jan 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Security projects? This list will help you:

# Project Stars
1 the-book-of-secret-knowledge 154,829
2 Awesome-Hacking 87,733
3 cs-video-courses 67,749
4 PayloadsAllTheThings 62,444
5 Caddy 60,497
6 x64dbg 45,191
7 mitmproxy 37,570
8 quivr 37,103
9 Metasploit 34,561
10 SQLMap 33,085
11 algo 29,131
12 CheatSheetSeries 28,591
13 nginxconfig.io 27,914
14 hosts 27,295
15 setup-ipsec-vpn 25,629
16 openzeppelin-contracts 25,195
17 Keycloak 24,701
18 trivy 24,333
19 web-check 23,075
20 API-Security-Checklist 22,568
21 authelia 22,287
22 OSQuery 22,145
23 keepassxc 21,843

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com

Did you know that Python is
the 2nd most popular programming language
based on number of references?