Top 23 Security Open-Source Projects

  • the-book-of-secret-knowledge

    A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

    Project mention: Cloned my Drive to a larger Driver But can't use the Space | | 2022-09-06
  • Awesome-Hacking

    A collection of various awesome lists for hackers, pentesters and security researchers

    Project mention: i'm literally so far behind compared to everyone else! | | 2022-11-27
  • Zigi

    Delete the most useless function ever: context switching.. Zigi monitors Jira and GitHub updates, pings you when PRs need approval and lets you take fast actions - all directly from Slack! Plus it reduces cycle time by up to 75%.

  • cs-video-courses

    List of Computer Science courses with video lectures.

    Project mention: Looking for a YouTube playlist for learning compsci | | 2022-11-10

    There's no one playlist that will have all content but here's a good resource

  • Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    Project mention: How to add free SSL to django Website hosted on AWS with Ubuntu Apache! | | 2022-11-30

    Hey OP, I don’t know if you have solved the issue, i usually use which takes care of ssl generation automatically. Check if that helps for you :)

  • PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: I am doing the eCPPT | | 2022-11-29
  • x64dbg

    An open-source x64/x32 debugger for windows.

    Project mention: Is there a tool that can show you an EIP trace of a game? | | 2022-11-30

    If you want to also do dynamic analysis (debugging) you can use

  • mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: Help with random values in query string | | 2022-12-01

    MITM proxy or ZAP are good at those kinds of tricks

  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Data Platform where developers build real-time applications for analytics, IoT and cloud-native services in less time with less code.

  • Metasploit

    Metasploit Framework

    Project mention: Using metasploit to stage your own payloads | | 2022-12-01

    Take a look at the source for stager_sock_reverse - the stager for linux/x64/shell/reverse_tcp.

  • algo

    Set up a personal VPN in the cloud

    Project mention: What’s the best selfhosted VPN? | | 2022-11-29
  • SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: sqlmap | | 2022-09-26

    Namestitev: git clone --depth 1 sqlmap-dev Uporaba: python -h python -hh


    ⚙️ NGINX config generator on steroids 💉

    Project mention: On Hacktoberfest | | 2022-10-31

    It'd be weird to exclude any repositories, even the sponsors' ones. Like, sure, it's an ad for them (so is wearing a t-shirt with their logo), but at the same time, they maintain some cool projects, like digitalocean/ It'd be a shame if people who genuinely want to improve this tool wouldn't get rewarded for that, only because it's DigitalOcean's.

  • CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Permissions (access control) in web apps | | 2022-11-30

    OWasp cheat sheet on how to do ACL in Web App.

  • hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    Project mention: Interesting Confirmation on Apple Wanting to Collect 30% on Decentralized Transactions... Not Possible. | | 2022-12-01

    Not bad.. I am too stingy to operate a Raspberry 24/7 (would cost me somewhere around 5€ per month on electricity alone) so I'm just using a modified hosts list on my operating systems: and UBlockMatrix

  • openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: Idea: A smart contract that will lock your crypto until x day, so it can only be spent when kids grow older | | 2022-11-21

    Example :

  • setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: IIIT JABALPUR HOSTEL'S ETHERNET | | 2022-11-16
  • macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: “Confirm that you’re not a robot” malware | | 2022-11-28
  • OSQuery

    SQL powered operating system instrumentation, monitoring, and analytics.

    Project mention: Osquery | | 2022-11-26
  • API-Security-Checklist

    Checklist of the most important security countermeasures when designing, testing, and releasing your API

    Project mention: API Security Checklist | | 2022-11-27
  • radare2

    UNIX-like reverse engineering framework and command-line toolset

    Project mention: Introducing YaRadare - YARA scanning for cloud-native apps (containers) | | 2022-07-07
  • Matomo

    Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!

    Project mention: Do all sites with analytics need cookie warnings? | | 2022-11-17

    Matomo analytics can be set to be GDPR compliant without the need of user consent (so CCPA compliant too, I guess).

  • Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Standard container sizes | | 2022-11-11

    Anyone tried using To minify an image?..

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    Project mention: Is OPA Gatekeeper the best solution for writing policies for k8s clusters? | | 2022-11-10
  • authelia

    The Single Sign-On Multi-Factor portal for web apps

    Project mention: A way for the users to connect to all services seamlesly ? | | 2022-11-29
  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-12-01.

Security related posts


What are some of the best open-source Security projects? This list will help you:

Project Stars
1 the-book-of-secret-knowledge 83,312
2 Awesome-Hacking 58,688
3 cs-video-courses 47,379
4 Caddy 44,554
5 PayloadsAllTheThings 43,172
6 x64dbg 39,470
7 mitmproxy 29,423
8 Metasploit 28,832
9 algo 26,485
10 SQLMap 25,404
11 24,279
12 CheatSheetSeries 22,261
13 hosts 21,938
14 openzeppelin-contracts 20,702
15 setup-ipsec-vpn 20,416
16 macOS-Security-and-Privacy-Guide 19,709
17 OSQuery 19,629
18 API-Security-Checklist 19,269
19 radare2 17,196
20 Matomo 17,079
21 Lean and Mean Docker containers 15,525
22 trivy 15,012
23 authelia 14,760
Truly a developer’s best friend
Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀.