Top 23 Security Open-Source Projects

1. the-book-of-secret-knowledge

   1 51 220,519 2.8

   A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

   

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. Awesome-Hacking

   2 13 110,323 3.8

   A collection of various awesome lists for hackers, pentesters and security researchers

   

4. cs-video-courses

   3 58 81,704 8.3

   List of Computer Science courses with video lectures.

   

5. PayloadsAllTheThings

   4 37 78,176 8.6 Python

   A list of useful payloads and bypass for Web Application Security and Pentest/CTF

   

   Project mention: Irish-Name-Repo 2 - picoCTF '19 (web) | dev.to | 2025-09-06

   if you've never worked on SQL injection that's fine there is a PWNSOME REPOSITORY(get it? pwn + awesome) called[ Payload All The Things (https://github.com/swisskyrepo/PayloadsAllTheThings) it has different payloads for different web vulnerabilities.

6. Caddy

   5 461 73,224 9.5 Go

   Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

   

   Project mention: I got tired of setting up SSL for every side project, so I made a 60-second Docker deploy kit | dev.to | 2026-05-19

   The secret is Caddy. Unlike Nginx, Caddy handles SSL automatically — it requests certificates from Let's Encrypt and renews them without any configuration. The entire reverse proxy config is 3 lines:

7. x64dbg

   6 34 48,564 9.6 C++

   An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

   

8. mitmproxy

   7 172 43,808 9.5 Python

   An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

   

   Project mention: How to audit what your IDE extension actually sends to the cloud | dev.to | 2026-05-22

   mitmproxy is the gold standard here. It's free, open source, and Python-scriptable.

9. quivr

   8 24 39,171 9.1 Python

   Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.

   

10. Metasploit

    9 126 38,332 10.0 Ruby

    Metasploit Framework

    

    Project mention: GSoC 2026 Predictions: 30 NEW AI/ML/Security Organizations You Should Start Contributing to NOW! | dev.to | 2026-02-06

    Framework: https://github.com/rapid7/metasploit-framework ⭐ 34k+

11. sniffnet

    10 91 37,930 9.7 Rust

    Comfortably monitor your Internet traffic 🕵️‍♂️

    

    Project mention: Announcing Sniffnet v1.4: introduced PCAP files import — it’s 2X faster than Wireshark! | dev.to | 2025-06-28

    For those of you that still don't know it, Sniffnet is an open-source, cross-platform, Rust-based application enabling you to comfortably monitor Internet traffic (official website | GitHub repository).

12. SQLMap

    11 46 37,563 9.5 Python

    Automatic SQL injection and database takeover tool

    

    Project mention: 🛡️ Examining the Database in SQL Injection Attacks | dev.to | 2025-06-14

    SQLMap Project

13. trivy

    12 120 35,597 9.7 Go

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    

    Project mention: trivy VS onequery - a user suggested alternative | libhunt.com/r/trivy | 2026-06-01

14. Keycloak

    13 281 34,763 10.0 Java

    Open Source Identity and Access Management For Modern Applications and Services

    

    Project mention: Secure Your Frontend Application (SPA) Login with OAuth 2.1 PKCE | dev.to | 2026-03-28

    If your frontend application (SPA) is using Keycloak, Laravel Passport, or any OAuth-based solution—and you have not yet implemented the PKCE flow for login—you should do it as soon as possible. This is essential to make your application more secure against attackers.

15. web-check

    14 17 33,307 4.5 TypeScript

    🕵️‍♂️ All-in-one OSINT tool for analysing any website

    

16. CheatSheetSeries

    15 56 32,169 9.3 Python

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    

    Project mention: CSRF Protection Without Tokens or Hidden Form Fields | news.ycombinator.com | 2025-12-22

    Again, the maintainer eventually came around.

    Our confusion might be due to the fact that an erroneous PR (by seemingly an AI-wielding student...) was somehow recently accepted that completely reverted the changes we collectively worked on, which effectively made Fetch Metadata a full solution. So, it is back to showing as defense in depth. I've raised an issue about it, which wouldn't have happened if I didn't see your article!

    Here's the previous language:

    > If your software targets only modern browsers, you may rely on [Fetch Metadata headers](#fetch-metadata-headers) together with the fallback options described below to block cross-site state-changing requests

    We then detailed some fallbacks (eg Origin header). Full text can be viewed in the original PR

    https://github.com/OWASP/CheatSheetSeries/pull/1875

    or

    https://github.com/OWASP/CheatSheetSeries/blob/7fc3e6b8fde65...

17. Nginx

    16 139 30,595 9.1 C

    The official NGINX Open Source repository.

    

    Project mention: Codex Discovered a Hidden HTTP/2 Bomb | news.ycombinator.com | 2026-06-02

    Not ideal.

    This appears to be fixed as of April (at least for Apache). [0].

    [0] - https://github.com/nginx/nginx/commit/365694160a85229a7cb006...

18. hosts

    17 323 30,496 9.5 Python

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    

    Project mention: I made my phone slow on purpose | news.ycombinator.com | 2026-06-01

    For those who don't use it already, the following is a great compilation of curated block lists you can put into your etc/hosts file to block traffic :)

    https://github.com/StevenBlack/hosts

19. algo

    18 159 30,256 9.3 Python

    Set up a personal VPN in the cloud

    

    Project mention: AlgoVPN 2.0 Release | news.ycombinator.com | 2025-08-23

20. nuclei

    19 21 29,060 9.7 Go

    Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

    

    Project mention: Go vet can't go: How PVS-Studio analyzes Go projects | dev.to | 2026-02-11

    Let's look at an example of such an error in the Nuclei project, a vulnerability scanner that allows creating user-defined templates.

21. ProxmoxVE

    20 1 28,411 10.0 Shell

    Proxmox VE Helper-Scripts (Community Edition)

    

22. nginxconfig.io

    21 5 28,346 5.7 JavaScript

    ⚙️ NGINX config generator on steroids 💉

    

23. authelia

    22 175 27,974 9.9 Go

    The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

    

24. setup-ipsec-vpn

    23 34 27,968 7.5 Shell

    Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP, Cisco IPsec and IKEv2. Supports Ubuntu, Debian, CentOS/RHEL, Amazon Linux, Alpine and Raspberry Pi. Includes client config and management scripts.

    

Security related posts

• Anthropic's open-source framework for AI-powered vulnerability discovery

  7 projects | news.ycombinator.com | 4 Jun 2026

• Cargo-Auditable Support on Ubuntu

  1 project | news.ycombinator.com | 4 Jun 2026

• Preparing for KDE Plasma's Last X11-Supported Release

  10 projects | news.ycombinator.com | 2 Jun 2026

• Capstone – lightweight multi-platform, multi-architecture disassembly framework

  2 projects | news.ycombinator.com | 2 Jun 2026

• Gmail Thinks I'm Stupid, So I Left

  2 projects | news.ycombinator.com | 2 Jun 2026

• Ask HN: How do people secure their Linux computer?

  1 project | news.ycombinator.com | 2 Jun 2026

• my one-line PowerShell installer downloaded the script twice, and the second one was the weak spot

  1 project | dev.to | 2 Jun 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 7 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com