Open-source projects categorized as Security | Edit details

Top 23 Security Open-Source Projects

  • GitHub repo the-book-of-secret-knowledge

    A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

    Project mention: How do you improve and become better? | | 2021-11-07
  • GitHub repo Awesome-Hacking

    A collection of various awesome lists for hackers, pentesters and security researchers

    Project mention: RN to programmer | | 2021-07-01

    Bookmark this:

  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo x64dbg

    An open-source x64/x32 debugger for windows.

    Project mention: How to increase the font size of x64dbg? | | 2021-11-07

    If not in Wiki then it is not baked in

  • GitHub repo Caddy

    Fast, multi-platform web server with automatic HTTPS

    Project mention: Using Nginx as an Object Storage Gateway | | 2021-12-02

    Have you tried Caddy server? No affiliation just a happy user. It’s open source.

    It may or may not be able to replace Nginx depending on your use case. For me Caddy has replaced everything I used Nginx for and more.

  • GitHub repo PayloadsAllTheThings

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    Project mention: YAML: It's Time to Move On | | 2021-11-14

    Not exactly an incompatibility, but my mind jumped to issues like this:

        [email protected]

  • GitHub repo Metasploit

    Metasploit Framework

    Project mention: Metasploit module OSX/local/persistence not working properly | | 2021-11-21

    Git hub link for easier reading

  • GitHub repo mitmproxy

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    Project mention: The evil temptation of centralized shortcuts | | 2021-12-03

  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo cs-video-courses

    List of Computer Science courses with video lectures.

    Project mention: Learning path for Data Structures and Algorithms? | | 2021-08-21

    Here's a list of CS Video Courses you could look at. Here's the section on Data Structures/Algorithms

  • GitHub repo algo

    Set up a personal VPN in the cloud

    Project mention: Looking for website to app type Mac app with adblock or a solution to not see ads in "webapps" | | 2021-11-30

    Algo VPN with ad-blocking enabled.

  • GitHub repo SQLMap

    Automatic SQL injection and database takeover tool

    Project mention: Security service that protects from SQLi had critical SQLi vulnerability | | 2021-11-26

    Yes, that's one way to extract data by (ab)using a blind sql injection vulnerability.

    If you look at sqlmap [1], they offer two techniques for blind sql injection: boolean-based and time-based. Boolean-based should be used when the app just returns an error page (or not) based on your sql injection. The time-based approach should be used when no error page appears but the SQL is still executed.

    But when I look at sqlmap docs for the time-based approach [2] I think I got the initial explanation wrong. It will do a 5 second delay if a certain condition is met, e.g. "Is the first character of the value an 'T'? If yes, wait 5 seconds; if not, return immediately". And then send hundreds of requests in parallel to iterate over all positions & possible characters.


  • GitHub repo hosts

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

  • GitHub repo CheatSheetSeries

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    Project mention: Is django login system safe enough? | | 2021-11-08

    There is a lot more related with application security, but that should be subject to a whole other topic. If you want to dive a little deeper, I suggest starting with the OWASP Cheat Sheet series:

  • GitHub repo macOS-Security-and-Privacy-Guide

    Guide to securing and improving privacy on macOS

    Project mention: Privacy settings tools for Mac? | | 2021-11-29
  • GitHub repo OSQuery

    SQL powered operating system instrumentation, monitoring, and analytics.

    Project mention: Open Source Tanium Alternative (Cannot Remember It's Name) | | 2021-11-22

    You might be thinking of osquery?

  • GitHub repo setup-ipsec-vpn

    Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2

    Project mention: Redirrect Ipsec L2PT + tun2socks , to Outline server | | 2021-12-03

    External [Install anIpsec Server for an L2PT ] + [tun2socks] to lift a tun interface and connect it to the external server (shadowsock client)

  • GitHub repo API-Security-Checklist

    Checklist of the most important security countermeasures when designing, testing, and releasing your API

    Project mention: I'm preparing for the interview and I've curated a list of resources that might be helpful for you also. | | 2021-11-29
  • GitHub repo radare2

    UNIX-like reverse engineering framework and command-line toolset

    Project mention: An lsblk like command for OpenBSD | | 2021-10-30

    Thanks this is helpful but I think this is just for programs integrated into the OpenBSD os. openbsd_lsblk is a standalone. I think their coding style is similar to the Linux Kernel coding style . but I contribute to project called radare2 (coding style) so I am used to programming their way (except for the space before () in functions that is quite annoying).

  • GitHub repo

    ⚙️ NGINX config generator on steroids 💉

    Project mention: [software] NGINX configuration generator | | 2021-11-10
  • GitHub repo openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Project mention: payee.sendValue(amount)? | | 2021-12-02
  • GitHub repo How-To-Secure-A-Linux-Server

    An evolving how-to guide for securing a Linux server.

    Project mention: Oracle always free questions | | 2021-12-01

    Aside from securing your Oracle Cloud account (2FA, complex & unique password) you also need to ensure your email account is similarly secure. Then, you need to understand how to secure a Linux install and your selected framework (google for 'hardening $yourFramework')

  • GitHub repo Tink

    Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

    Project mention: Selenite: A Post-Quantum Cryptography Library For Digital Certificates Written In Rust | | 2021-10-09

    Google has also started to add post-quantum algorithms to their Tink library.

  • GitHub repo hydra

    OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Compatible with MITREid.

    Project mention: Simple OpenID Connect (OIDC) Provider? | | 2021-10-23
  • GitHub repo Lean and Mean Docker containers

    DockerSlim (docker-slim): Don't change anything in your Docker container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

    Project mention: Ask HN: Who is hiring? (December 2021) | | 2021-12-01

    Slim.AI | Backend and Fullstack Engineers | REMOTE, international or Seattle/Bellevue/WA | Full-time |

    We are a well funded seed stage startup (9M+) in the developer tooling space on a mission to redefine how DevOps is done for containerized apps (it's too hard, too complicated and with too much manual work). We are about to transition to the next phase and we are expanding our engineering team.

    Our engineering team is the innovation engine for our product because we are building a solution to solve our own problems creating and running containerized cloud-native applications.

    We use Golang, Node.js Serverless/Lambda and containers. Take a look at the backend ( ) and fullstack ( ) roles and our engineering principles to see if the role and how we do engineering looks interesting to you ( ).

    Email me at [email protected] if you'd like to learn more.


    And take a look at DockerSlim ( ) if you are interested in working on the open source project that powers our SaaS.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-12-03.

Security related posts


What are some of the best open-source Security projects? This list will help you:

Project Stars
1 the-book-of-secret-knowledge 53,697
2 Awesome-Hacking 47,831
3 x64dbg 37,718
4 Caddy 35,577
5 PayloadsAllTheThings 32,425
6 Metasploit 25,727
7 mitmproxy 25,334
8 cs-video-courses 25,330
9 algo 24,191
10 SQLMap 21,778
11 hosts 19,239
12 CheatSheetSeries 19,139
13 macOS-Security-and-Privacy-Guide 18,596
14 OSQuery 18,424
15 setup-ipsec-vpn 16,858
16 API-Security-Checklist 16,256
17 radare2 15,306
18 14,810
19 openzeppelin-contracts 13,856
20 How-To-Secure-A-Linux-Server 11,886
21 Tink 11,823
22 hydra 11,802
23 Lean and Mean Docker containers 11,578
Find remote jobs at our new job board There are 33 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives