Open Source Security

#docker-security#secret#secrets

truffleHogGo

A secrets scanning tool that discovers, classifies, validates, and analyzes leaked credentials across multiple sources.

Stars26.7k

Forks2.4k

#fleet-management#hacktoberfest#thrift-api

osqueryC++

A SQL-powered framework for instrumenting, monitoring, and analyzing operating systems across Linux, macOS, and Windows.

Stars23.3k

Forks2.6k

Last commit27 days ago

CryptomatorJava

A multi-platform desktop application that provides client-side encryption for cloud storage files, ensuring privacy and control.

#crypto#virtual-drive#transparent-encryption

Stars15.2k

Forks1.3k

#attack-framework#social-engineering#kali-linux

setoolkitPython

An open-source penetration testing framework for social engineering with custom attack vectors to create believable attacks quickly.

Stars14.9k

Forks3.4k

Last commit4 days ago

John The JumboC

An advanced offline password cracker supporting hundreds of hash and cipher types across multiple platforms.

#digital-forensics#jtr#john

Stars13.2k

Forks2.5k

Last commit2 days ago

NmapC

A free and open-source network discovery and security auditing tool for mapping networks and identifying services.

#vulnerability-assessment#osx#network-discovery

Stars13.0k

Forks2.8k

#container-security#vulnerability#sbom-analysis

GrypeGo

A vulnerability scanner for container images, filesystems, and SBOMs to detect known security issues.

Stars12.3k

Forks805

#container-security#vulnerabilities#oci

ClairGo

Open-source vulnerability static analysis tool for container images (OCI/Docker) via API-based indexing and matching.

Stars11.0k

Forks1.2k

#honeypot#awesome-list#malware-analysis

HoneypotsPython

A curated list of awesome honeypot resources, tools, and related components for cybersecurity research and defense.

Stars10.3k

Forks1.3k

Last commit7 days ago

awesome-honeypotsPython

A curated list of free and open-source honeypot resources, tools, and related components for cybersecurity research.

#honeypot#awesome-list#malware-analysis

Stars10.3k

Forks1.3k

Last commit7 days ago

syftGo

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

#sbom#container-security#cyclonedx

Stars9.1k

Forks869

Last commit1 day ago

Tsunami Security ScannerJava

A general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities.

#high-severity-detection#infrastructure-security#plugin-system

Stars8.6k

Forks922

#open-source#tor-onion-service#privacy

OnionSharePython

Securely and anonymously share files, host websites, and chat via the Tor network.

Stars7.0k

Forks702

#software-testing#fuzzer#fuzzer-afl

AFL++C

AFL++ is a community-enhanced, high-performance fork of the AFL fuzzer with advanced instrumentation, mutators, and speed improvements.

Automated security health metrics for open source projects, assessing security best practices and risks.

#supply-chain-security#security-scanning#openssf-scorecard

Stars5.5k

Forks659

Last commit7 days ago

rayhunterRust

A Rust tool for detecting IMSI catchers (cell-site simulators) on mobile hotspots like the Orbic RC400L.

#imsi-catcher-detection#mobile-hotspot#privacy-tools

Stars5.3k

Forks431

Last commit4 days ago

W3afPython

An open-source web application security scanner that identifies and exploits 200+ vulnerabilities for developers and penetration testers.

#sql-injection#web-security#cross-site-scripting

Stars4.9k

Forks1.2k

#fleet-management#certificate-validation#macos-security

SantaObjective-C++

A binary and file access authorization system for macOS that monitors and controls application execution.

Stars4.5k

Forks287

Last commit1 year ago

scansJavaScript

An open-source Cloud Security Posture Management (CSPM) tool that scans AWS, Azure, GCP, Oracle, and GitHub for security misconfigurations.

#aws-security#compliance-auditing#infrastructure-security

Stars3.7k

Forks744

Last commit3 months ago

Roave Security Advisories

A Composer package that blocks installation of PHP dependencies with known security vulnerabilities.

#supply-chain-security#composer#devops

Stars2.9k

Forks109

#privacy-compliance#code-security#data-flow-analysis

BearerGo

Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.

A phishing campaign toolkit for simulating real-world attacks to test and promote user security awareness.

#security-training#social-engineering#self-hosted-security

Stars2.5k

Forks581

Last commit1 month ago

malice.ioGo

An open-source malware analysis framework that functions as a self-hosted alternative to VirusTotal.

#virustotal#infosec#malice

Stars1.9k

Forks284

#scanning#scap-toolkit#command-line-tool

openscapXSLT

A command-line toolkit for validating, scanning, and managing SCAP (Security Content Automation Protocol) documents.

Stars1.7k

Forks438

Last commit6 days ago

GatekeeperC

An open-source, scalable DDoS protection system designed for network operators to withstand high-bandwidth attacks.

#ddos-protection#ddos-mitigation#traffic-management

Stars1.6k

Forks249

Last commit7 months ago

.NET Deobfuscator

A curated list of open-source .NET deobfuscators and unpackers for reversing protected assemblies.

#unpacker#dnlib#deobfuscator

Stars1.5k

Forks295

Last commit1 year ago

LunaSecTypeScript

Open-source supply chain security scanner that automatically detects vulnerabilities like Log4Shell in dependencies and notifies via GitHub pull requests.

#supply-chain-security#zero-trust#web-security

Stars1.5k

Forks167

Last commit2 years ago

pip-auditPython

Audits Python environments, requirements files, and dependency trees for known security vulnerabilities and can automatically fix them.

#sbom#vulnerability-management#security

Stars1.3k

Forks99

Last commit10 days ago

SafeDep/vetGo

A CLI tool for real-time malicious package detection and software supply chain security across multiple ecosystems.

#pypi#rubygems#supply-chain-security

Stars1.1k

Forks101

Terraform cost estimationjq

Anonymized, secure, and free cost estimation for Terraform infrastructure based on Terraform plan or state files.

#terraform-plans#infrastructure costs#devops-tools

Stars730

Forks63

Real Intelligence Threat Analysis (RITA)Go

An open-source framework for detecting command and control communication through network traffic analysis using Zeek logs.

#security-analytics#beacons#dns-tunneling

Stars573

Forks63

#hacktoberfest#graph#security-analysis

StarbaseTypeScript

Collects assets and relationships from cloud, SaaS, and security systems into a Neo4j graph for security analysis.

Stars359

Forks41

Last commit3 months ago

Apache Spot (incubating)Python

Open-source platform for network security analytics using flow and packet analysis to detect unknown threats at cloud scale.

#security-analytics#telemetry#spot

Stars356

Forks226