Top 23 Security Open-Source Projects
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.Project mention: How do you improve and become better? | reddit.com/r/cscareerquestionsEU | 2021-11-07
A collection of various awesome lists for hackers, pentesters and security researchersProject mention: RN to programmer | reddit.com/r/learnprogramming | 2021-07-01
Bookmark this: https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
An open-source x64/x32 debugger for windows.Project mention: How to increase the font size of x64dbg? | reddit.com/r/HowToHack | 2021-11-07
If not in Wiki then it is not baked in
Fast, multi-platform web server with automatic HTTPSProject mention: Caddy – The Ultimate Server with Automatic HTTPS | news.ycombinator.com | 2021-11-29
It wasn't a security incident, actually. It's true that "a GitHub bug caused it". It wasn't malicious.
TLDR, a contributor made a tag on their own fork of Caddy, and for some reason our next release used their tag, because it turns out forks in GitHub aren't actual separate repos, but rather "still technically the same repo". It's really strange.
All that happened is that the v2.2.1 release wasn't properly signed with Matt's signing key. There was no problem with the code at all.
We've put in place checks during our CI actions to ensure that releases are always verified to be signed by Matt's key. See https://github.com/caddyserver/caddy/pull/3932
A list of useful payloads and bypass for Web Application Security and Pentest/CTFProject mention: YAML: It's Time to Move On | news.ycombinator.com | 2021-11-14
Not exactly an incompatibility, but my mind jumped to issues like this: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/mas...
Metasploit FrameworkProject mention: Metasploit module OSX/local/persistence not working properly | reddit.com/r/hacking | 2021-11-21
Git hub link for easier reading https://github.com/rapid7/metasploit-framework/issues/15896
To automate the creation of online accounts, we need to perform the same http requests that a user does when signing up programmatically. If it is a website, you can use the DevTools to inspect the network traffic and look it up. If it is an app, you can use an emulator and a tool like mitmproxy to monitor http requests. Then you can write a quite simple script which creates hundreds of user accounts in a matter of seconds.
Run Linux Software Faster and Safer than Linux with Unikernels.
List of Computer Science courses with video lectures.Project mention: Learning path for Data Structures and Algorithms? | reddit.com/r/AskComputerScience | 2021-08-21
Here's a list of CS Video Courses you could look at. Here's the section on Data Structures/Algorithms
Set up a personal VPN in the cloudProject mention: Looking for website to app type Mac app with adblock or a solution to not see ads in "webapps" | reddit.com/r/macapps | 2021-11-30
Algo VPN with ad-blocking enabled.
Automatic SQL injection and database takeover toolProject mention: Security service that protects from SQLi had critical SQLi vulnerability | news.ycombinator.com | 2021-11-26
Yes, that's one way to extract data by (ab)using a blind sql injection vulnerability.
If you look at sqlmap , they offer two techniques for blind sql injection: boolean-based and time-based. Boolean-based should be used when the app just returns an error page (or not) based on your sql injection. The time-based approach should be used when no error page appears but the SQL is still executed.
But when I look at sqlmap docs for the time-based approach  I think I got the initial explanation wrong. It will do a 5 second delay if a certain condition is met, e.g. "Is the first character of the value an 'T'? If yes, wait 5 seconds; if not, return immediately". And then send hundreds of requests in parallel to iterate over all positions & possible characters.
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.Project mention: Tried out CoreDNS - just 14 lines | reddit.com/r/homelab | 2021-11-28
Today i tried out CoreDNS for my homlab to replace my 2 node bind9 master-slave cluster, and i am excited so far: Took me 1 hr and 14 lines of config to get it running and serving all quieres in our house. Copied my zones files from bind and added a hostfile from https://github.com/StevenBlack/hosts, work done. Plugin structure and Speed is also nice.
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.Project mention: Is django login system safe enough? | reddit.com/r/django | 2021-11-08
There is a lot more related with application security, but that should be subject to a whole other topic. If you want to dive a little deeper, I suggest starting with the OWASP Cheat Sheet series: https://cheatsheetseries.owasp.org/
Guide to securing and improving privacy on macOSProject mention: Privacy settings tools for Mac? | reddit.com/r/macapps | 2021-11-29
SQL powered operating system instrumentation, monitoring, and analytics.Project mention: Open Source Tanium Alternative (Cannot Remember It's Name) | reddit.com/r/sysadmin | 2021-11-22
You might be thinking of osquery?
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2Project mention: How to connect to public WIFI and create a secure private LAN/WLAN? | reddit.com/r/mikrotik | 2021-11-29
Available tools: 1. MikroTik hAP ac2 2. MikroTik SXTsq 5 ac 3. VPS with VPN setup using https://github.com/hwdsl2/setup-ipsec-vpn
Checklist of the most important security countermeasures when designing, testing, and releasing your APIProject mention: I'm preparing for the interview and I've curated a list of resources that might be helpful for you also. | reddit.com/r/netsecstudents | 2021-11-29
UNIX-like reverse engineering framework and command-line toolsetProject mention: An lsblk like command for OpenBSD | reddit.com/r/openbsd | 2021-10-30
Thanks this is helpful but I think this is just for programs integrated into the OpenBSD os. openbsd_lsblk is a standalone. I think their coding style is similar to the Linux Kernel coding style . but I contribute to project called radare2 (coding style) so I am used to programming their way (except for the space before () in functions that is quite annoying).
⚙️ NGINX config generator on steroids 💉Project mention: [software] NGINX configuration generator | reddit.com/r/Compsci_nerd | 2021-11-10
OpenZeppelin Contracts is a library for secure smart contract development.Project mention: Is there any Singaporean here that tried studying or studied blockchain programming with solidity before? If yes is where y’all at? | reddit.com/r/sgcrypto | 2021-11-24
OpenZeppelin's contracts: https://github.com/OpenZeppelin/openzeppelin-contracts Templates for issuing tokens, controlling access to functions in contracts and a lot more.
An evolving how-to guide for securing a Linux server.Project mention: Setting up and securing private Web Server | reddit.com/r/servers | 2021-11-28
This is a useful guide if you're starting from scratch https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.Project mention: Selenite: A Post-Quantum Cryptography Library For Digital Certificates Written In Rust | reddit.com/r/crypto | 2021-10-09
Google has also started to add post-quantum algorithms to their Tink library. https://github.com/google/tink
OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.Project mention: Simple OpenID Connect (OIDC) Provider? | reddit.com/r/selfhosted | 2021-10-23
DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)Project mention: Is a 25MB hard size limit on K8s container image size reasonable? | reddit.com/r/kubernetes | 2021-11-25
That's incredibly small. I don't know how you'll be able to do this for your projects without heavily leveraging docker-slim: https://github.com/docker-slim/docker-slim
Security related posts
Mercredi Tech - 2021-12-01
1 project | reddit.com/r/france | 1 Dec 2021
GitHub – toniblyx/prowler: Prowler is a security tool to perform AWS security
1 project | news.ycombinator.com | 30 Nov 2021
Users revolt as Microsoft bolts a short-term financing app onto Edge. “This all feels extremely unnecessary for a browsing experience,” one user says.
3 projects | reddit.com/r/privacy | 30 Nov 2021
Show HN: I made a free, ad-free and open source tool for sharing private notes
2 projects | news.ycombinator.com | 30 Nov 2021
Question about my Firefox account and the about:config section
1 project | reddit.com/r/PrivacyGuides | 30 Nov 2021
Looking for Cross-Platform hard drive encryption software (Windows & Android)
2 projects | reddit.com/r/PrivacyGuides | 30 Nov 2021
Noob question: Is Brave better than Mozilla Firefox?
2 projects | reddit.com/r/PrivacyGuides | 30 Nov 2021
What are some of the best open-source Security projects? This list will help you:
|23||Lean and Mean Docker containers||11,578|
Are you hiring? Post a new remote job listing for free.