Security

Awesome Buggy ERC20 TokensPython

A curated collection of vulnerabilities and non-standard implementations in ERC20 token smart contracts.

openidconnectRust

A Rust library providing extensible, strongly-typed interfaces for OpenID Connect authentication with major identity providers.

ssh-auditorGo

A Go-based tool to automatically scan networks for SSH servers with weak passwords and track credential vulnerabilities.

LTHPasscodeViewControllerObjective-C

A simple iOS 7 style passcode lock view controller for iOS apps, supporting Touch ID and Face ID.

IdentityModel.OidcClientC#

A certified C#/.NET Standard OpenID Connect client library for native mobile and desktop applications implementing RFC 8252.

CaptchaImageViewJava

A custom Android ImageView that generates and displays CAPTCHA images with built-in validation.

Membrane Service ProxyJava

A lightweight, extensible API gateway written in Java with native OpenAPI support, SOAP/XML compatibility, and container optimization.

Awesome Bluetooth Security

A curated list of Bluetooth security resources covering vulnerabilities, tools, research, and conference talks for BR/EDR, LE, and Mesh.

meteor-slingshotJavaScript

A Meteor package for secure, direct client-side file uploads to cloud storage services like AWS S3 and Google Cloud.

lockbudRust

A static analysis tool for Rust that detects concurrency bugs, memory bugs, and panic locations.

KEVMKCL

A formal semantics of the Ethereum Virtual Machine (EVM) written in the K framework, enabling verification and symbolic execution of smart contracts.

SecurityDriven.InfernoC#

A professionally audited .NET cryptography library implementing secure-by-default patterns and algorithms.

graphql-armorTypeScript

A customizable security middleware for Apollo GraphQL, Yoga, and Envelop GraphQL servers.

go-password-validatorGo

A lightweight Go library for password strength validation using entropy calculations, without arbitrary character rules.

AyzaJava

A high-level SSL/TLS configuration library for Java, Kotlin, and Scala HTTP clients and servers with hot reloading and rich utilities.

bXSSJavaScript

A utility for bug hunters and organizations to identify Blind Cross-Site Scripting vulnerabilities via customizable payloads and notifications.

SecurimagePHP

A PHP class for generating and validating CAPTCHA images and audio with extensive customization options.

iqlusioninc/stdtxRust

A collection of open-source Rust crates for cryptography, security, and utility functions from iqlusion.

Sup3rS3cretMes5ageGo

A secure, self-destructing message service using HashiCorp Vault for temporary secret storage.

node-re2C++

Node.js bindings for Google's RE2 regex engine, providing a fast and safe alternative to backtracking regex engines.

AspNet.Security.OpenIdConnect.ServerC#

Advanced OAuth2/OpenID Connect server framework for ASP.NET Core and OWIN/Katana with a low-level, protocol-first approach.

Insider CLIGo

A static application security testing (SAST) CLI tool that scans source code for OWASP Top 10 vulnerabilities across multiple programming languages.

naclGo

Pure Go implementation of the NaCL cryptography API with full feature parity and cross-language compatibility.

swift-sodiumC

A Swift interface to libsodium for safe and easy cryptographic operations on Apple platforms and Linux.

rust-native-tlsRust

A Rust crate providing platform-native TLS bindings for secure client and server communication.

upashJavaScript

A unified Node.js API for password hashing algorithms like Argon2, PBKDF2, and bcrypt, simplifying secure password management.

Awesome RTC Hacking

A curated list of security resources for penetration testing and vulnerability assessment of VoIP, WebRTC, and VoLTE systems.

corsicaElixir

An Elixir library and Plug for handling CORS requests with compliance to the W3C specification.

Honeyλ (HoneyLambda)Python

A serverless application to create and monitor fake HTTP endpoints (URL honeytokens) on AWS Lambda and API Gateway.

GKE Policy AutomationGo

Tool and policy library for validating Google Kubernetes Engine clusters against configuration best practices and scalability limits.

CIS Docker BenchmarkRuby

An InSpec compliance profile that automates security testing for Docker daemon and containers against CIS benchmarks.

CakeDC/Users pluginPHP

A comprehensive CakePHP plugin for user management, authentication, authorization, and social login.

nix-mineralNix

A NixOS module for convenient system hardening by securely configuring existing software and reducing attack surface.

kytanRust

A high-performance peer-to-peer VPN written in Rust, designed for minimal configuration and multi-platform support.

friTapPython

A tool for real-time SSL/TLS key extraction and traffic decryption to simplify encrypted network analysis for security researchers.

go-joseGo

A Go implementation of JOSE standards (JWE, JWS, JWT) for secure JSON object signing and encryption.