Security

#plugin-system#flask#education

CTFdPython

A customizable, easy-to-use Capture The Flag framework for running cybersecurity competitions.

Stars6.7k

Forks2.7k

Last commit20 days ago

cppcheckC++

A static analysis tool for detecting bugs and undefined behavior in C and C++ code.

#undefined-behavior#c-cpp#bug-detection

Stars6.6k

Forks1.6k

#penetration-test#owasp#kali-linux

WhatWebRuby

A next-generation web scanner that identifies websites and their technologies using over 1800 plugins with configurable aggression levels.

Stars6.6k

Forks992

Last commit2 months ago

Awesome bug bounty resources by EdOverflow

A community-curated collection of payloads, tools, and techniques for bug bounty hunters and security researchers.

#web-security#vulnerability-testing#infosec

Stars6.5k

Forks1.6k

Last commit2 years ago

Fleet device managementGo

Open-source platform for IT and security teams to manage and secure thousands of computers across diverse environments.

#osquery#vulnerability-management#it-security

Stars6.5k

Forks909

Last commit1 day ago

Awesome Security Hardening

A curated collection of security hardening guides, best practices, checklists, benchmarks, and tools for various systems and services.

#infrastructure-security#windows-hardening#infosec

Stars6.4k

Forks657

Last commit1 month ago

MISPPHP

An open-source platform for collecting, storing, sharing, and acting upon cybersecurity threat intelligence and indicators.

#threat-sharing#security#fraud-management

Stars6.3k

Forks1.6k

Last commit4 days ago

LLDAPRust

A lightweight LDAP authentication server with a web UI, designed for simple user management in self-hosted environments.

#ldap-server#devops#open-source

Stars6.3k

Forks337

Last commit13 days ago

slitherPython

A static analysis framework for Solidity and Vyper smart contracts that detects vulnerabilities, enhances code comprehension, and enables custom analyses.

#solidity#smart-contracts#vyper

Stars6.3k

Forks1.1k

#fuzzer#operating-systems#bug-discovery

syzkallerGo

An unsupervised coverage-guided kernel fuzzer for finding bugs in operating system kernels like Linux, Windows, and BSD variants.

Stars6.2k

Forks1.4k

#sensitive-data#osint#security-analysis

gitrobGo

A reconnaissance tool that finds potentially sensitive files in public GitHub repositories for security analysis.

Stars6.2k

Forks845

Last commit3 years ago

FastAPI UsersPython

A ready-to-use and customizable user management system for FastAPI applications.

#fastapi#fastapi-users#asyncio

Stars6.2k

Forks505

Last commit11 days ago

Executing remote ssh commandsShell

A GitHub Action for executing remote SSH commands securely in CI/CD workflows.

#deployment#devops#ssh-client

Stars6.1k

Forks673

Last commit1 month ago

MaddyGo

A composable, all-in-one mail server that implements SMTP, IMAP, DKIM, SPF, DMARC, and more in a single daemon.

#mail#dmarc#smtp

Stars6.0k

Forks316

Last commit13 days ago

AQUATONEGo

A tool for visual inspection of websites across many hosts, providing an overview of HTTP-based attack surfaces.

#web-security#osint#report-generation

Stars5.9k

Forks904

Last commit4 years ago

PermifyGo

An open-source authorization service inspired by Google Zanzibar for building fine-grained, scalable access control systems.

#distributed#rbac#acl

Stars5.9k

Forks318

#oauth2#authentication#golang-library

oauth2Go

A Go client implementation for the OAuth 2.0 authorization framework.

Stars5.9k

Forks1.0k

Last commit3 months ago

ssh2JavaScript

SSH2 client and server modules written in pure JavaScript for Node.js.

#client-server#remote-access#security

Stars5.8k

Forks721

Last commit12 days ago

Rack AttackRuby

Rack middleware for blocking and throttling abusive requests in Ruby web applications.

#rails#rack-middleware#rack

#devops#ssl-tls#certificate-management

Forks344

Last commit2 months ago

letsencrypt-win-simpleC#

A simple yet powerful ACMEv2 client for Windows to automate SSL/TLS certificate creation, installation, and renewal.

Forks855

cancancanRuby

An authorization library for Ruby and Ruby on Rails that centralizes permission logic and restricts resource access.

#rails#gem#authorization

Forks636

cancancanRuby

An authorization library for Ruby and Ruby on Rails that centralizes permission logic and restricts resource access.

#rails#rest-api#gem

Forks636

#security-training#pentest#web-security

Infosec

A curated list of awesome information security courses, training resources, and hands-on labs for cybersecurity professionals and students.

Forks747

#vulnerable-lab#security-training#container-security

Kubernetes GoatHTML

An intentionally vulnerable Kubernetes cluster environment for hands-on security training and practice.

#devops#web-server#automatic-https

Forks1.0k

Last commit1 month ago

CertMagicGo

Automatic TLS certificate issuance and renewal for Go programs, enabling fully-managed HTTPS with a single line of code.

Stars5.6k

Forks333

Last commit13 days ago

zizmorRust

A static analysis tool that finds security vulnerabilities and misconfigurations in GitHub Actions workflows.

#supply-chain-security#workflow-analysis#vulnerability-detection

Stars5.5k

Forks213

Last commit2 days ago

ketoGo

An open-source implementation of Google's Zanzibar authorization system, providing a scalable and customizable permission server.

#hacktoberfest#acl#api-first

Forks384

#oauth2-server#oauth#oauth2

authlibPython

A comprehensive Python library for building OAuth and OpenID Connect clients and servers, with built-in JOSE support.

#open-source#honeypots#security-automation

Forks540

Last commit19 days ago

Cybersecurity Blue Team

A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

Forks806

#c-library#key-derivation#authentication

Argon2C

Reference C implementation of Argon2, the memory-hard password hashing function that won the Password Hashing Competition.

Forks452

#fine-grained-authorization#entitlements#google-zanzibar

openfgaGo

A high-performance, flexible authorization/permission engine inspired by Google Zanzibar for fine-grained access control.

Forks411

#devops#terrascan#kubernetes

TerrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

Forks550

#devops#terrascan#policy-as-code

terrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

Forks550

#hacktoberfest#incus-runtime#container-runtime

LXCC

A mature low-level Linux container runtime focused on system containers with strong security features and kernel integration.

#entity-framework-core#oauth2#authentication

Forks1.2k

Last commit2 days ago

OpenIddictC#

A flexible and versatile OAuth 2.0/OpenID Connect stack for implementing client, server, and token validation in .NET applications.