security.md

1. abstract-syntax-tree
2. acl
3. active-directory
4. aead
5. aircrack
6. analysis
7. analytics
8. android
9. angular
10. angularjs
11. anonymity
12. ansible
13. anti-bot
14. anti-spam
15. api
16. apparmor
17. application-security
18. arm
19. arm64
20. aspnet-core
21. assembler
22. assessment
23. asynchronous
24. audit
25. auth
26. authentication
27. authorization
28. automation
29. awesome
30. awesome-list
31. aws
32. bash
33. benchmarking
34. best-practices
35. bettercap
36. binary-analysis
37. blockchain
38. book
39. bro
40. browser
41. brute-force
42. bruteforce
43. bug-bounty
44. bugbounty
45. build-tool
46. c
47. c-plus-plus
48. c-sharp
49. cache
50. captcha
51. cas
52. cctv
53. cdn
54. cheatsheet
55. checklist
56. chrome
57. cli
58. cloud
59. cloud-native
60. communication
61. compliance
62. configuration
63. container
64. containers
65. cracking
66. cross-site-scripting
67. crypto
68. cryptography
69. csrf
70. ctf
71. curve25519
72. cyber-security
73. cybersecurity
74. debugger
75. devops
76. dfir
77. dictionary-attack
78. disassembler
79. distributed
80. django
81. dns
82. docker
83. docker-image
84. dotnet
85. dynamic-analysis
86. education
87. elasticsearch
88. electron
89. elk
90. elk-stack
91. email
92. embedded
93. emulation
94. emulator
95. encrypted
96. encryption
97. enumeration
98. ethereum
99. exfiltration
100. exploit
101. exploitation
102. exploits
103. federation
104. file-integrity-management
105. file-sharing
106. firefox
107. firewall
108. flask
109. forensics
110. framework
111. fuzzer
112. fuzzing
113. github
114. go
115. golang
116. graylog
117. guide
118. hack
119. hacking
120. hacking-tool
121. hacking-tools
122. halite
123. hardening
124. hkdf
125. hmac
126. honeypot
127. html
128. http
129. http2
130. https
131. identity
132. identityserver4
133. ids
134. ikev2
135. incident-response
136. information-security
137. infosec
138. intelligence
139. intrusion-detection
140. ios
141. iot
142. ips
143. ipsec
144. java
145. javascript
146. jwt
147. jwt-authentication
148. kafka
149. kali-linux
150. kernel
151. keychain
152. kubernetes
153. kvm
154. l2tp
155. lab
156. lambda
157. laravel
158. ldap
159. letsencrypt
160. library
161. libsodium
162. libsodium-php
163. lint
164. linux
165. list
166. log-analysis
167. loganalyzer
168. logging
169. login
170. logs
171. lua
172. mac
173. machine-learning
174. macos
175. macros
176. malware
177. malware-analysis
178. malware-detection
179. man-in-the-middle
180. messenger
181. microservices
182. middleware
183. mips
184. mitm
185. mobile
186. mobile-app
187. mobile-security
188. monitor
189. monitoring
190. nacl
191. netty
192. network
193. network-analysis
194. network-discovery
195. network-monitoring
196. network-security
197. network-visualization
198. networking
199. nginx
200. nmap
201. nmap-scripts
202. nodejs
203. nsm
204. oauth
205. oauth2
206. obfuscator
207. oci
208. opencontainers
209. openid
210. openid-connect
211. openpgp
212. openssl
213. osint
214. ossec
215. osx
216. owasp
217. packet-crafting
218. parser
219. password
220. password-manager
221. passwords
222. paste
223. pcap
224. pci-dss
225. penetration
226. penetration-testing
227. pentest
228. pentest-tool
229. pentest-tools
230. pentesting
231. performance
232. permissions
233. phishing
234. php
235. php-extension
236. play-framework
237. poc
238. policy
239. policy-monitoring
240. powerpc
241. powershell
242. privacy
243. program-analysis
244. protection
245. proxy
246. pyparsing
247. python
248. python2
249. python3
250. rails
251. rbac
252. reconnaissance
253. red-team
254. redis
255. reverse-engineering
256. roles
257. ruby
258. ruby-cli
259. ruby-on-rails
260. rust
261. saml
262. scan
263. scanner
264. scanning
265. scans
266. scapy
267. seccomp
268. secure
269. secure-by-default
270. self-hosted
271. serverless
272. service-discovery
273. siem
274. signature
275. smart-contracts
276. sniffing
277. software-composition-analysis
278. solidity
279. sparc
280. spoofing
281. spring
282. spring-boot
283. sql
284. sql-injection
285. ssh
286. ssh-tunnel
287. ssl
288. ssllabs
289. sslstrip
290. static-analysis
291. static-code-analysis
292. subdomain
293. swift
294. symfony
295. taint-analysis
296. terraform
297. testing
298. threat-analysis
299. threat-hunting
300. threat-sharing
301. threatintel
302. tls
303. tls13
304. tor
305. tor-network
306. totp
307. touch-id
308. tox
309. tracking
310. tunnel
311. tvos
312. two-factor
313. twofactorauth
314. typescript
315. update
316. vba
317. video
318. virtual-machine
319. virtualization
320. vpn
321. vpn-client
322. vpn-server
323. vulnerabilities
324. vulnerability
325. vulnerability-assessment
326. vulnerability-databases
327. vulnerability-detection
328. vulnerability-management
329. vulnerability-scanners
330. vulnerability-scanning
331. watchos
332. web
333. webapp
334. website
335. whitelist
336. wifi
337. wifi-security
338. windows
339. wireless
340. wordpress
341. x86
342. x86-64
343. xss
344. yubikey

abstract-syntax-tree

1. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
2. Solium. Linter to identify and fix style & security issues in Solidity

acl

1. bouncer. Eloquent roles and abilities.
2. lock. A flexible, driver based Acl package for PHP 5.4+
3. accesscontrol. Role and Attribute based Access Control for Node.js

active-directory

1. DeathStar. Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)
2. GoFetch. GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.

aead

1. miscreant. Misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support
2. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

aircrack

1. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
2. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.

analysis

1. streamalert. StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
2. timesketch. Collaborative forensic timeline analysis
3. AIL-framework. AIL framework - Analysis Information Leak framework
4. Seccubus. Easy automated vulnerability scanning, reporting and analysis
5. rita. Real Intelligence Threat Analytics

analytics

1. django-DefectDojo. DefectDojo is an open-source defect tracking application
2. rita. Real Intelligence Threat Analytics

android

1. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
2. android-security-awesome. A collection of android security related resources
3. hawk. ✔️ Secure, simple key-value storage for Android
4. drozer. The Leading Security Assessment Framework for Android.
5. MifareClassicTool. An Android NFC-App for reading, writing, analysing, etc. MIFARE Classic RFID-Tags.
6. objection. 📱 objection - runtime mobile exploration
7. Android-Security-Reference. A W.I.P Android Security Ref
8. uTox. µTox the lightest and fluffiest Tox client

angular

1. AspNetCoreSpa. Asp.Net Core 2 & Angular (5+) SPA with Angular CLI full featured application. Live demo:
2. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4

angularjs

1. zmNinja. High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder or other NVRs
2. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software

anonymity

1. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
2. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet
3. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software

ansible

1. algo. Set up a personal IPSEC VPN in the cloud
2. teleport. Modern SSH server for clusters and teams.

anti-bot

1. fail2ban. Daemon to ban hosts that cause multiple authentication errors
2. Captcha. PHP Captcha library

anti-spam

1. Captcha. PHP Captcha library
2. invisible_captcha. 🍯 Unobtrusive and flexible spam protection for Rails apps

api

1. API-Security-Checklist. Checklist of the most important security countermeasures when designing, testing, and releasing your API
2. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

apparmor

1. docker-slim. DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)
2. bane. Custom & better AppArmor profile generator for Docker containers.
3. contained.af. A stupid game for learning about containers, capabilities, and syscalls.
4. amicontained. Container introspection tool. Find out what container runtime is being used as well as features available.

application-security

1. awesome-appsec. A curated list of resources for learning about application security
2. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
3. airship. Secure Content Management for the Modern Web - "The sky is only the beginning"

arm

1. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
2. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
3. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
4. bap. Binary Analysis Platform
5. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

arm64

1. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
2. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
3. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
4. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

aspnet-core

1. IdentityServer4. OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
2. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4

assembler

1. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
2. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

assessment

1. prowler. AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf). It performs extra checks as well.
2. objection. 📱 objection - runtime mobile exploration

asynchronous

1. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
2. slurp. Enumerate S3 buckets via certstream, domain, or keywords

audit

1. inspec. InSpec: Auditing and Testing Framework
2. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.

auth

1. bouncer. Eloquent roles and abilities.
2. sentinel. A framework agnostic authentication & authorization system.
3. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

authentication

1. twofactorauth. List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
2. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
3. sentinel. A framework agnostic authentication & authorization system.
4. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
5. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
6. Flask-HTTPAuth. Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes
7. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4
8. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

authorization

1. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
2. bouncer. Eloquent roles and abilities.
3. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
4. sentinel. A framework agnostic authentication & authorization system.
5. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
6. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
7. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4
8. accesscontrol. Role and Attribute based Access Control for Node.js
9. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

automation

1. AutoSploit. Automated Mass Exploiter
2. guide. Kubernetes clusters for the hobbyist.
3. owtf. Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp http://owtf.org
4. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
5. django-DefectDojo. DefectDojo is an open-source defect tracking application

awesome

1. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
2. android-security-awesome. A collection of android security related resources
3. awesome-ctf. A curated list of CTF frameworks, libraries, resources and softwares
4. awesome-incident-response. A curated list of tools for incident response
5. awesome-threat-intelligence. A curated list of Awesome Threat Intelligence resources
6. awesome-infosec. A curated list of awesome infosec courses and training resources.
7. awesome-web-security. 🐶 A curated list of Web Security materials and resources.
8. awesome-pentest-cheat-sheets. Collection of the cheat sheets useful for pentesting
9. awesome-iot-hacks. A Collection of Hacks in IoT Space so that we can address them (hopefully).
10. awesome-threat-detection. A curated list of awesome threat detection and hunting resources

awesome-list

1. android-security-awesome. A collection of android security related resources
2. awesome-security. A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
3. awesome-incident-response. A curated list of tools for incident response
4. awesome-web-security. 🐶 A curated list of Web Security materials and resources.
5. awesome-threat-detection. A curated list of awesome threat detection and hunting resources

aws

1. sops. Secrets management stinks, use some sops!
2. confidant. Confidant: your secret keeper.
3. streamalert. StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
4. Scout2. Security auditing tool for AWS environments
5. xiringuito. SSH-based "VPN for poors"
6. binaryalert. BinaryAlert: Serverless, Real-time & Retroactive Malware Detection
7. prowler. AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf). It performs extra checks as well.
8. scans. AWS security scanning checks
9. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

bash

1. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
2. security-cheatsheets. 🔒 A collection of cheatsheets for various infosec tools and topics.

benchmarking

1. cleverhans. An adversarial example library for constructing attacks, building defenses, and benchmarking both
2. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.

best-practices

1. kubernetes-security-best-practice. Kubernetes Security - Best Practice Guide
2. sonarwhal. A linting tool for the web
3. AspNetCoreSpa. Asp.Net Core 2 & Angular (5+) SPA with Angular CLI full featured application. Live demo:
4. best-practices-badge. Core Infrastructure Initiative Best Practices Badge

bettercap

1. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
2. bettercap. The state of the art network attack and monitoring framework.
3. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.

binary-analysis

1. manticore. Symbolic execution tool
2. bap. Binary Analysis Platform

blockchain

1. smart-contract-best-practices. A guide to smart contract security best practices
2. manticore. Symbolic execution tool
3. Solium. Linter to identify and fix style & security issues in Solidity

book

1. heap-exploitation. This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
2. CTF-All-In-One. 一本 CTF 书

bro

1. bro. Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
2. ivre. Network recon framework.

browser

1. decentraleyes. Decentraleyes - Local emulation of Content Delivery Networks.
2. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
3. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
4. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
5. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera

brute-force

1. KeychainCracker. macOS keychain cracking tool
2. c-jwt-cracker. JWT brute force cracker written in C

bruteforce

1. routersploit. The Router Exploitation Framework
2. dirsearch. Web path scanner

bug-bounty

1. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
2. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

bugbounty

1. StaCoAn. StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
2. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

build-tool

1. retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities
2. DependencyCheck. OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

c

1. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
2. honggfuzz. Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)
3. toxic. An ncurses-based Tox client
4. uTox. µTox the lightest and fluffiest Tox client
5. sigmavpn. Light-weight, secure and modular VPN solution

c-plus-plus

1. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
2. edb-debugger. edb is a cross platform x86/x86-64 debugger.
3. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet
4. botan. Crypto and TLS for C++11

c-sharp

1. QuasarRAT. Remote Administration Tool for Windows
2. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

cache

1. spring-boot. spring-boot 项目实践总结
2. edgedns. A high performance DNS cache designed for Content Delivery Networks

captcha

1. captcha. Captcha for Laravel 5
2. Captcha. PHP Captcha library
3. rucaptcha. Captcha gem for Rails Application. No dependencies. No ImageMagick, No RMagick.
4. invisible_captcha. 🍯 Unobtrusive and flexible spam protection for Rails apps

cas

1. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
2. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

cctv

1. cameradar. Cameradar hacks its way into RTSP videosurveillance cameras
2. zmNinja. High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder or other NVRs

cdn

1. sites-using-cloudflare. 💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
2. decentraleyes. Decentraleyes - Local emulation of Content Delivery Networks.
3. nginxconfig.io. nginx config generator
4. edgedns. A high performance DNS cache designed for Content Delivery Networks

cheatsheet

1. awesome-pentest-cheat-sheets. Collection of the cheat sheets useful for pentesting
2. filterbypass.

checklist

1. zen-rails-security-checklist. Checklist of security precautions for Ruby on Rails applications.
2. rails-security-checklist. 🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

chrome

1. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
2. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera

cli

1. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
2. bane. Custom & better AppArmor profile generator for Docker containers.

cloud

1. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
2. scans. AWS security scanning checks

cloud-native

1. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
2. pouch. Pouch is an open-source project created to promote the container technology movement.

communication

1. system-bus-radio. Transmits AM radio on computers without radio transmitting hardware.
2. wire-ios. 📱 Wire for iOS (iPhone and iPad)
3. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet

compliance

1. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
2. inspec. InSpec: Auditing and Testing Framework
3. prowler. AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf). It performs extra checks as well.
4. wazuh. Wazuh - Host and endpoint security
5. scap-security-guide. Baseline compliance content in SCAP formats

configuration

1. iniscan. A php.ini scanner for best security practices
2. pcc. PHP Secure Configuration Checker

container

1. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
2. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture

containers

1. labs. This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
2. pouch. Pouch is an open-source project created to promote the container technology movement.
3. Portus. Authorization service and frontend for Docker registry (v2)
4. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
5. docker-slim. DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)
6. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.
7. subuser. Run programs on linux with selectively restricted permissions.
8. bane. Custom & better AppArmor profile generator for Docker containers.
9. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
10. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture
11. contained.af. A stupid game for learning about containers, capabilities, and syscalls.
12. amicontained. Container introspection tool. Find out what container runtime is being used as well as features available.

cracking

1. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
2. KeychainCracker. macOS keychain cracking tool

cross-site-scripting

1. DOMPurify. DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
2. csp-builder. Build Content-Security-Policy headers from a JSON file (or build them programmatically)

crypto

1. cryptomator. Multi-platform transparent client-side encryption of your files in the cloud
2. piknik. Copy/paste anything over the network
3. PrivateBin. A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
4. botan. Crypto and TLS for C++11
5. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
6. ghostunnel. A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
7. CTF-All-In-One. 一本 CTF 书
8. libsodium-php. PHP extension for libsodium
9. libsodium-php. PHP extension for libsodium
10. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

cryptography

1. cryptomator. Multi-platform transparent client-side encryption of your files in the cloud
2. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
3. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet
4. cryptocat. Secure chat software for your computer.
5. ring. Safe, fast, small crypto using Rust
6. PrivateBin. A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
7. botan. Crypto and TLS for C++11
8. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
9. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
10. themis. Human friendly crypto library for storage and messaging for mobile apps, servers and front-ends.
11. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com
12. libsodium-php. PHP extension for libsodium
13. libsodium-php. PHP extension for libsodium
14. miscreant. Misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support
15. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

csrf

1. hacker101. Hacker101
2. nosurf. CSRF protection middleware for Go.

ctf

1. awesome-ctf. A curated list of CTF frameworks, libraries, resources and softwares
2. CTFd. CTFs as you need them
3. ctf. Ctf solutions from p4 team
4. CTF-All-In-One. 一本 CTF 书

curve25519

1. ring. Safe, fast, small crypto using Rust
2. nacl. Pure Go implementation of the NaCL set of API's

cyber-security

1. Free-Security-eBooks. Free Security and Hacking eBooks
2. slurp. Enumerate S3 buckets via certstream, domain, or keywords

cybersecurity

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. awesome-incident-response. A curated list of tools for incident response
3. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
4. dawnscanner. Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
5. Passhunt. Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

debugger

1. x64dbg. An open-source x64/x32 debugger for windows.
2. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
3. edb-debugger. edb is a cross platform x86/x86-64 debugger.
4. Detect-It-Easy. Detect it Easy

devops

1. faraday. Collaborative Penetration Test and Vulnerability Management Platform
2. sops. Secrets management stinks, use some sops!
3. inspec. InSpec: Auditing and Testing Framework

dfir

1. bro. Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
2. awesome-incident-response. A curated list of tools for incident response
3. timesketch. Collaborative forensic timeline analysis

dictionary-attack

1. routersploit. The Router Exploitation Framework
2. cameradar. Cameradar hacks its way into RTSP videosurveillance cameras

disassembler

1. x64dbg. An open-source x64/x32 debugger for windows.
2. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
3. panopticon. A libre cross-platform disassembler.
4. bap. Binary Analysis Platform
5. Detect-It-Easy. Detect it Easy

distributed

1. meshbird. Distributed private networking
2. Hive2Hive. Java library for secure, distributed, P2P-based file synchronization and sharing.

django

1. hawkpost. Generate links that users can use to submit messages encrypted with your public key.
2. django-DefectDojo. DefectDojo is an open-source defect tracking application

dns

1. sites-using-cloudflare. 💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
2. amass. In-depth subdomain enumeration written in Go
3. awesome-checker-services. ✅ List of links to the various checkers out there on the web for sites, domains, security etc.
4. rita. Real Intelligence Threat Analytics
5. edgedns. A high performance DNS cache designed for Content Delivery Networks

docker

1. teleport. Modern SSH server for clusters and teams.
2. labs. This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
3. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
4. Portus. Authorization service and frontend for Docker registry (v2)
5. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
6. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
7. docker-slim. DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)
8. cameradar. Cameradar hacks its way into RTSP videosurveillance cameras
9. dockerscan. Docker security analysis & hacking tools
10. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.
11. subuser. Run programs on linux with selectively restricted permissions.
12. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
13. bane. Custom & better AppArmor profile generator for Docker containers.
14. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
15. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture
16. contained.af. A stupid game for learning about containers, capabilities, and syscalls.
17. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com
18. dagda. a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
19. amicontained. Container introspection tool. Find out what container runtime is being used as well as features available.

docker-image

1. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
2. cameradar. Cameradar hacks its way into RTSP videosurveillance cameras

dotnet

1. labs. This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
2. IdentityServer4. OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
3. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

dynamic-analysis

1. bap. Binary Analysis Platform
2. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

education

1. hacker101. Hacker101
2. CTFd. CTFs as you need them

elasticsearch

1. search-guard. Search Guard is an Open Source Elasticsearch plugin that offers encryption, authentication, and authorisation.
2. MozDef. MozDef: The Mozilla Defense Platform
3. elasticsearch-readonlyrest-plugin. Free Elasticsearch and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
4. sigma. Generic Signature Format for SIEM Systems
5. wazuh. Wazuh - Host and endpoint security

electron

1. keeweb. Free cross-platform password manager compatible with KeePass
2. buttercup-desktop. 🔑 Javascript Password Vault - Multi-Platform Desktop Application

elk

1. search-guard. Search Guard is an Open Source Elasticsearch plugin that offers encryption, authentication, and authorisation.
2. MozDef. MozDef: The Mozilla Defense Platform

elk-stack

1. search-guard. Search Guard is an Open Source Elasticsearch plugin that offers encryption, authentication, and authorisation.
2. MozDef. MozDef: The Mozilla Defense Platform

email

1. hawkpost. Generate links that users can use to submit messages encrypted with your public key.
2. FiercePhish. FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.

embedded

1. routersploit. The Router Exploitation Framework
2. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com

emulation

1. manticore. Symbolic execution tool
2. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

emulator

1. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
2. bap. Binary Analysis Platform

encrypted

1. PrivateBin. A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
2. uTox. µTox the lightest and fluffiest Tox client

encryption

1. algo. Set up a personal IPSEC VPN in the cloud
2. hawk. ✔️ Secure, simple key-value storage for Android
3. wire-ios. 📱 Wire for iOS (iPhone and iPad)
4. buttercup-desktop. 🔑 Javascript Password Vault - Multi-Platform Desktop Application
5. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
6. SwiftyRSA. RSA public/private key encryption in Swift
7. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation
8. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core
9. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.
10. jasypt-spring-boot. Jasypt integration for Spring boot

enumeration

1. amass. In-depth subdomain enumeration written in Go
2. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
3. slurp. Enumerate S3 buckets via certstream, domain, or keywords
4. kernelpop. kernel privilege escalation enumeration and exploitation framework
5. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

ethereum

1. zeppelin-solidity. OpenZeppelin, a framework to build secure smart contracts on Ethereum
2. smart-contract-best-practices. A guide to smart contract security best practices
3. manticore. Symbolic execution tool
4. Solium. Linter to identify and fix style & security issues in Solidity

exfiltration

1. system-bus-radio. Transmits AM radio on computers without radio transmitting hardware.
2. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

exploit

1. AutoSploit. Automated Mass Exploiter
2. linux-kernel-exploitation. A bunch of links related to Linux kernel exploitation
3. labs. Vulnerability Labs for security analysis
4. vulscan. Advanced vulnerability scanning with Nmap NSE
5. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
6. Am-I-affected-by-Meltdown. Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.
7. htshells. Self contained htaccess shells and attacks
8. CTF-All-In-One. 一本 CTF 书

exploitation

1. AutoSploit. Automated Mass Exploiter
2. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction

exploits

1. routersploit. The Router Exploitation Framework
2. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
3. exploits. Miscellaneous exploit code
4. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
5. wordpress-exploit-framework. A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
6. kernelpop. kernel privilege escalation enumeration and exploitation framework

federation

1. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
2. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core

file-integrity-management

1. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
2. wazuh. Wazuh - Host and endpoint security

file-sharing

1. onionshare. Securely and anonymously share a file of any size
2. Hive2Hive. Java library for secure, distributed, P2P-based file synchronization and sharing.

firefox

1. user.js. user.js -- Firefox configuration hardening
2. ghacks-user.js. An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting
3. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera

firewall

1. teleport. Modern SSH server for clusters and teams.
2. opensnitch. OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.

flask

1. CTFd. CTFs as you need them
2. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
3. Flask-HTTPAuth. Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

forensics

1. Free-Security-eBooks. Free Security and Hacking eBooks
2. timesketch. Collaborative forensic timeline analysis
3. bap. Binary Analysis Platform
4. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

framework

1. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
2. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
3. owtf. Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp http://owtf.org
4. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
5. objection. 📱 objection - runtime mobile exploration
6. honeytrap. Advanced Honeypot framework.

fuzzer

1. syzkaller. syzkaller is an unsupervised, coverage-guided kernel fuzzer
2. dirsearch. Web path scanner

fuzzing

1. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
2. oss-fuzz. OSS-Fuzz - continuous fuzzing of open source software
3. syzkaller. syzkaller is an unsupervised, coverage-guided kernel fuzzer
4. dirsearch. Web path scanner
5. honggfuzz. Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (software- and hardware-based)

github

1. notes. Some public notes
2. Hawkeye. GitHub 泄露监控系统(GitHub Sensitive Information Leakage Monitor)

go

1. teleport. Modern SSH server for clusters and teams.
2. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
3. gitleaks. Searches full repo history for secrets and keys 🔑
4. bettercap. The state of the art network attack and monitoring framework.
5. docker-slim. DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)
6. secure. HTTP middleware for Go that facilitates some quick security wins.
7. bluemonday. bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
8. nosurf. CSRF protection middleware for Go.
9. sshesame. A fake SSH server that lets everyone in and logs their activity
10. memguard. Easy and secure handling of sensitive memory, in pure Go.
11. amass. In-depth subdomain enumeration written in Go
12. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.
13. ghostunnel. A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
14. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

golang

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. gitleaks. Searches full repo history for secrets and keys 🔑
3. gophish. Open-Source Phishing Toolkit
4. bettercap. The state of the art network attack and monitoring framework.
5. docker-slim. DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)
6. cameradar. Cameradar hacks its way into RTSP videosurveillance cameras
7. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
8. secure. HTTP middleware for Go that facilitates some quick security wins.
9. sshesame. A fake SSH server that lets everyone in and logs their activity
10. gas. Go AST Scanner
11. memguard. Easy and secure handling of sensitive memory, in pure Go.
12. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.
13. slurp. Enumerate S3 buckets via certstream, domain, or keywords
14. nacl. Pure Go implementation of the NaCL set of API's
15. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

graylog

1. graylog2-server. Free and open source log management
2. nzyme. Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

guide

1. guide. Kubernetes clusters for the hobbyist.
2. kubernetes-security-best-practice. Kubernetes Security - Best Practice Guide

hack

1. cameradar. Cameradar hacks its way into RTSP videosurveillance cameras
2. awesome-iot-hacks. A Collection of Hacks in IoT Space so that we can address them (hopefully).

hacking

1. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
2. hacker101. Hacker101
3. urh. Universal Radio Hacker: investigate wireless protocols like a boss
4. awesome-sec-talks. A collected list of awesome security talks
5. DVWA. Damn Vulnerable Web Application (DVWA)
6. bettercap. The state of the art network attack and monitoring framework.
7. nishang. Nishang - PowerShell for penetration testing and offensive security.
8. Free-Security-eBooks. Free Security and Hacking eBooks
9. dirsearch. Web path scanner
10. pentest-wiki. PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
11. exploits. Miscellaneous exploit code
12. dockerscan. Docker security analysis & hacking tools
13. FiercePhish. FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
14. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
15. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
16. KeychainCracker. macOS keychain cracking tool
17. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
18. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
19. CTF-All-In-One. 一本 CTF 书

hacking-tool

1. wpscan. WPScan is a black box WordPress vulnerability scanner
2. trape. People tracker on the Internet: Learn to track the world, to avoid being traced.
3. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
4. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
5. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
6. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

hacking-tools

1. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
2. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

halite

1. libsodium-php. PHP extension for libsodium
2. libsodium-php. PHP extension for libsodium

hardening

1. hardentools. Hardentools is a utility that disables a number of risky Windows features.
2. prowler. AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf). It performs extra checks as well.
3. awesome-windows-domain-hardening. A curated list of awesome Security Hardening techniques for Windows.

hkdf

1. ring. Safe, fast, small crypto using Rust
2. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

hmac

1. itsdangerous. Various helpers to pass trusted data to untrusted environments
2. ring. Safe, fast, small crypto using Rust
3. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

honeypot

1. cowrie. Cowrie SSH/Telnet Honeypot
2. sshesame. A fake SSH server that lets everyone in and logs their activity
3. conpot. ICS/SCADA honeypot
4. invisible_captcha. 🍯 Unobtrusive and flexible spam protection for Rails apps
5. honeytrap. Advanced Honeypot framework.

html

1. DOMPurify. DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
2. bluemonday. bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

http

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
3. sozu. Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It will be awesome when it will be ready. Not So Secret Project! Ping us on gitter to know more
4. protools. 历经开发周期两年，并且应用过千万级别项目的工具箱
5. csp-builder. Build Content-Security-Policy headers from a JSON file (or build them programmatically)

http2

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. nginxconfig.io. nginx config generator

https

1. sites-using-cloudflare. 💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
2. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
3. nginxconfig.io. nginx config generator
4. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software
5. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com

identity

1. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
2. IdentityServer4. OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
3. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4

identityserver4

1. IdentityServer4. OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
2. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4

ids

1. fail2ban. Daemon to ban hosts that cause multiple authentication errors
2. suricata. Suricata git repository maintained by the OISF
3. sigma. Generic Signature Format for SIEM Systems
4. wazuh. Wazuh - Host and endpoint security
5. SELKS. A Suricata based IDS/IPS distro

ikev2

1. algo. Set up a personal IPSEC VPN in the cloud
2. setup-ipsec-vpn. Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS

incident-response

1. awesome-incident-response. A curated list of tools for incident response
2. wazuh. Wazuh - Host and endpoint security

information-security

1. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
2. AIL-framework. AIL framework - Analysis Information Leak framework

infosec

1. routersploit. The Router Exploitation Framework
2. awesome-sec-talks. A collected list of awesome security talks
3. DVWA. Damn Vulnerable Web Application (DVWA)
4. nishang. Nishang - PowerShell for penetration testing and offensive security.
5. faraday. Collaborative Penetration Test and Vulnerability Management Platform
6. awesome-infosec. A curated list of awesome infosec courses and training resources.
7. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
8. security-txt. A proposed standard that allows websites to define security policies.
9. amass. In-depth subdomain enumeration written in Go
10. bugbounty-cheatsheet. A list of interesting payloads, tips and tricks for bug bounty hunters.
11. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
12. changeme. A default credential scanner.
13. metta. An information security preparedness tool to do adversarial simulation.
14. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
15. GourdScanV2. 被动式漏洞扫描系统
16. nzyme. Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.
17. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

intelligence

1. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
2. xray. XRay is a tool for recon, mapping and OSINT gathering from public networks.

intrusion-detection

1. osquery. SQL powered operating system instrumentation, monitoring, and analytics.
2. fail2ban. Daemon to ban hosts that cause multiple authentication errors
3. maltrail. Malicious traffic detection system
4. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
5. awesome-threat-detection. A curated list of awesome threat detection and hunting resources
6. wazuh. Wazuh - Host and endpoint security

ios

1. Valet. Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
2. wire-ios. 📱 Wire for iOS (iPhone and iPad)
3. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
4. secure-ios-app-dev. Collection of the most common vulnerabilities found in iOS applications
5. needle. The iOS Security Testing Framework
6. objection. 📱 objection - runtime mobile exploration
7. SwiftyRSA. RSA public/private key encryption in Swift
8. EllipticCurveKeyPair. Sign, verify, encrypt and decrypt using the Secure Enclave

iot

1. urh. Universal Radio Hacker: investigate wireless protocols like a boss
2. awesome-iot-hacks. A Collection of Hacks in IoT Space so that we can address them (hopefully).
3. zmNinja. High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder or other NVRs

ips

1. fail2ban. Daemon to ban hosts that cause multiple authentication errors
2. suricata. Suricata git repository maintained by the OISF
3. SELKS. A Suricata based IDS/IPS distro

ipsec

1. algo. Set up a personal IPSEC VPN in the cloud
2. setup-ipsec-vpn. Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
3. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
4. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

java

1. labs. This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
2. spring-security. Spring Security
3. cryptomator. Multi-platform transparent client-side encryption of your files in the cloud
4. drozer. The Leading Security Assessment Framework for Android.
5. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
6. elasticsearch-readonlyrest-plugin. Free Elasticsearch and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
7. find-sec-bugs. The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)
8. Note. 常规Java工具，算法，加密，数据库，面试题，源代码分析，解决方案
9. jasypt-spring-boot. Jasypt integration for Spring boot
10. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

javascript

1. keeweb. Free cross-platform password manager compatible with KeePass
2. helmet. Help secure Express apps with various HTTP headers
3. DOMPurify. DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
4. retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities
5. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
6. express-gateway. A microservices API Gateway built on top of ExpressJS
7. vm2. Advanced vm/sandbox for Node.js
8. zmNinja. High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder or other NVRs
9. Detect-It-Easy. Detect it Easy
10. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera
11. NodeJsScan. NodeJsScan is a static security code scanner for Node.js applications.

jwt

1. API-Security-Checklist. Checklist of the most important security countermeasures when designing, testing, and releasing your API
2. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
3. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core
4. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

jwt-authentication

1. c-jwt-cracker. JWT brute force cracker written in C
2. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core

kafka

1. graylog2-server. Free and open source log management
2. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP

kali-linux

1. Free-Security-eBooks. Free Security and Hacking eBooks
2. WhatWeb. Next generation web scanner
3. owtf. Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp http://owtf.org
4. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

kernel

1. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
2. syzkaller. syzkaller is an unsupervised, coverage-guided kernel fuzzer
3. kernelpop. kernel privilege escalation enumeration and exploitation framework

keychain

1. KeychainAccess. Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
2. Valet. Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
3. UICKeyChainStore. UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults.
4. envchain. Environment variables meet macOS Keychain and gnome-keyring <3
5. KeychainCracker. macOS keychain cracking tool
6. EllipticCurveKeyPair. Sign, verify, encrypt and decrypt using the Secure Enclave

kubernetes

1. guide. Kubernetes clusters for the hobbyist.
2. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
3. kubernetes-security-best-practice. Kubernetes Security - Best Practice Guide
4. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.
5. kubernetes-network-policy-recipes. Tutorials and Recipes for Kubernetes Network Policies feature

kvm

1. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
2. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture

l2tp

1. setup-ipsec-vpn. Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
2. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
3. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

lab

1. labs. This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
2. awesome-infosec. A curated list of awesome infosec courses and training resources.

lambda

1. streamalert. StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
2. binaryalert. BinaryAlert: Serverless, Real-time & Retroactive Malware Detection

laravel

1. bouncer. Eloquent roles and abilities.
2. sentinel. A framework agnostic authentication & authorization system.
3. captcha. Captcha for Laravel 5
4. nginxconfig.io. nginx config generator
5. laravel-url-signer. Create and validate signed URLs with a limited lifetime

ldap

1. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
2. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

letsencrypt

1. nginxconfig.io. nginx config generator
2. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software

library

1. sslyze. Fast and powerful SSL/TLS server scanning library.
2. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.

libsodium

1. sigmavpn. Light-weight, secure and modular VPN solution
2. airship. Secure Content Management for the Modern Web - "The sky is only the beginning"
3. libsodium-php. PHP extension for libsodium
4. libsodium-php. PHP extension for libsodium

libsodium-php

1. libsodium-php. PHP extension for libsodium
2. libsodium-php. PHP extension for libsodium

lint

1. sonarwhal. A linting tool for the web
2. Solium. Linter to identify and fix style & security issues in Solidity

linux

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. fail2ban. Daemon to ban hosts that cause multiple authentication errors
3. opensnitch. OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
4. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
5. syzkaller. syzkaller is an unsupervised, coverage-guided kernel fuzzer
6. linux-kernel-exploitation. A bunch of links related to Linux kernel exploitation
7. nsjail. A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
8. edb-debugger. edb is a cross platform x86/x86-64 debugger.
9. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
10. Note. 常规Java工具，算法，加密，数据库，面试题，源代码分析，解决方案
11. bane. Custom & better AppArmor profile generator for Docker containers.
12. uTox. µTox the lightest and fluffiest Tox client
13. contained.af. A stupid game for learning about containers, capabilities, and syscalls.
14. Detect-It-Easy. Detect it Easy
15. bleachbit. BleachBit system cleaner for Windows and Linux
16. amicontained. Container introspection tool. Find out what container runtime is being used as well as features available.
17. SELKS. A Suricata based IDS/IPS distro

list

1. android-security-awesome. A collection of android security related resources
2. awesome-incident-response. A curated list of tools for incident response
3. awesome-web-security. 🐶 A curated list of Web Security materials and resources.
4. awesome-checker-services. ✅ List of links to the various checkers out there on the web for sites, domains, security etc.

log-analysis

1. graylog2-server. Free and open source log management
2. wazuh. Wazuh - Host and endpoint security

loganalyzer

1. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
2. wazuh. Wazuh - Host and endpoint security

logging

1. graylog2-server. Free and open source log management
2. sigma. Generic Signature Format for SIEM Systems

login

1. buttercup-desktop. 🔑 Javascript Password Vault - Multi-Platform Desktop Application
2. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

logs

1. spring-boot. spring-boot 项目实践总结
2. rita. Real Intelligence Threat Analytics

lua

1. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
2. vulscan. Advanced vulnerability scanning with Nmap NSE

mac

1. security-growler. 📡 A Mac menubar app that notifies you whenever SSH, VNC, sudo, or other auth events occur.
2. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

machine-learning

1. cs-video-courses. List of Computer Science courses with video lectures.
2. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
3. cleverhans. An adversarial example library for constructing attacks, building defenses, and benchmarking both

macos

1. macOS-Security-and-Privacy-Guide. A practical guide to securing macOS.
2. fail2ban. Daemon to ban hosts that cause multiple authentication errors
3. Valet. Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
4. KeychainCracker. macOS keychain cracking tool
5. osx-and-ios-security-awesome. OSX and iOS related security tools
6. EllipticCurveKeyPair. Sign, verify, encrypt and decrypt using the Secure Enclave

macros

1. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
2. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

malware

1. wifiphisher. The Rogue Access Point Framework
2. maltrail. Malicious traffic detection system

malware-analysis

1. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
2. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
3. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

malware-detection

1. binaryalert. BinaryAlert: Serverless, Real-time & Retroactive Malware Detection
2. dagda. a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

man-in-the-middle

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
3. bettercap. The state of the art network attack and monitoring framework.

messenger

1. wire-ios. 📱 Wire for iOS (iPhone and iPad)
2. uTox. µTox the lightest and fluffiest Tox client

microservices

1. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
2. express-gateway. A microservices API Gateway built on top of ExpressJS

middleware

1. helmet. Help secure Express apps with various HTTP headers
2. secure. HTTP middleware for Go that facilitates some quick security wins.
3. nosurf. CSRF protection middleware for Go.

mips

1. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
2. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
3. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
4. bap. Binary Analysis Platform
5. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

mitm

1. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
2. bettercap. The state of the art network attack and monitoring framework.
3. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
4. Seth. Perform a MitM attack and extract clear text credentials from RDP connections

mobile

1. wire-ios. 📱 Wire for iOS (iPhone and iPad)
2. drozer. The Leading Security Assessment Framework for Android.
3. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
4. needle. The iOS Security Testing Framework
5. objection. 📱 objection - runtime mobile exploration

mobile-app

1. wire-ios. 📱 Wire for iOS (iPhone and iPad)
2. zmNinja. High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder or other NVRs

mobile-security

1. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
2. StaCoAn. StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

monitor

1. snyk. CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
2. trape. People tracker on the Internet: Learn to track the world, to avoid being traced.

monitoring

1. osquery. SQL powered operating system instrumentation, monitoring, and analytics.
2. bettercap. The state of the art network attack and monitoring framework.
3. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
4. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
5. sigma. Generic Signature Format for SIEM Systems
6. wazuh. Wazuh - Host and endpoint security
7. SELKS. A Suricata based IDS/IPS distro

nacl

1. sigmavpn. Light-weight, secure and modular VPN solution
2. nacl. Pure Go implementation of the NaCL set of API's

netty

1. elasticsearch-readonlyrest-plugin. Free Elasticsearch and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing
2. protools. 历经开发周期两年，并且应用过千万级别项目的工具箱

network

1. setup-ipsec-vpn. Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
2. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
3. meshbird. Distributed private networking
4. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
5. ivre. Network recon framework.
6. xray. XRay is a tool for recon, mapping and OSINT gathering from public networks.
7. xiringuito. SSH-based "VPN for poors"
8. metta. An information security preparedness tool to do adversarial simulation.
9. SELKS. A Suricata based IDS/IPS distro

network-analysis

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. ivre. Network recon framework.

network-discovery

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
3. ivre. Network recon framework.

network-monitoring

1. maltrail. Malicious traffic detection system
2. bro. Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
3. ivre. Network recon framework.
4. suricata. Suricata git repository maintained by the OISF

network-security

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. ivre. Network recon framework.
3. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

network-visualization

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. ivre. Network recon framework.

networking

1. opensnitch. OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
2. cilium. HTTP, gRPC, and Kafka Aware Security and Networking for Containers with BPF and XDP
3. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.
4. metta. An information security preparedness tool to do adversarial simulation.
5. kubernetes-network-policy-recipes. Tutorials and Recipes for Kubernetes Network Policies feature

nginx

1. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
2. nginxconfig.io. nginx config generator

nmap

1. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
2. ivre. Network recon framework.
3. vulscan. Advanced vulnerability scanning with Nmap NSE
4. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
5. Seccubus. Easy automated vulnerability scanning, reporting and analysis

nmap-scripts

1. ivre. Network recon framework.
2. vulscan. Advanced vulnerability scanning with Nmap NSE

nodejs

1. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
2. notes. Some public notes
3. accesscontrol. Role and Attribute based Access Control for Node.js
4. protect. Proactively protect your Node.js web services
5. NodeJsScan. NodeJsScan is a static security code scanner for Node.js applications.

nsm

1. bro. Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
2. suricata. Suricata git repository maintained by the OISF

oauth

1. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
2. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
3. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

oauth2

1. API-Security-Checklist. Checklist of the most important security countermeasures when designing, testing, and releasing your API
2. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
3. IdentityServer4. OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
4. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
5. express-gateway. A microservices API Gateway built on top of ExpressJS
6. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core
7. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4

obfuscator

1. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
2. Hikari. LLVM Obfuscator

oci

1. pouch. Pouch is an open-source project created to promote the container technology movement.
2. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
3. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture

opencontainers

1. bane. Custom & better AppArmor profile generator for Docker containers.
2. contained.af. A stupid game for learning about containers, capabilities, and syscalls.
3. amicontained. Container introspection tool. Find out what container runtime is being used as well as features available.

openid

1. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core
2. AspNet5IdentityServerAngularImplicitFlow. OpenID Connect Implicit Flow with Angular and ASP.NET Core 2.0 IdentityServer4

openid-connect

1. hydra. OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure. Written in Go. SDKs for any language.
2. IdentityServer4. OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
3. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
4. fosite. Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
5. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

openpgp

1. hawkpost. Generate links that users can use to submit messages encrypted with your public key.
2. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software

openssl

1. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet
2. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com

osint

1. gitrob. Reconnaissance tool for GitHub organizations
2. aquatone. A Tool for Domain Flyovers
3. xray. XRay is a tool for recon, mapping and OSINT gathering from public networks.
4. amass. In-depth subdomain enumeration written in Go
5. trape. People tracker on the Internet: Learn to track the world, to avoid being traced.
6. intrigue-core. Discover your attack surface!
7. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

ossec

1. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
2. wazuh. Wazuh - Host and endpoint security

osx

1. macOS-Security-and-Privacy-Guide. A practical guide to securing macOS.
2. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
3. uTox. µTox the lightest and fluffiest Tox client
4. osx-and-ios-security-awesome. OSX and iOS related security tools

owasp

1. awesome-appsec. A curated list of resources for learning about application security
2. bluemonday. bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
3. owtf. Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp http://owtf.org
4. find-sec-bugs. The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)
5. django-DefectDojo. DefectDojo is an open-source defect tracking application

packet-crafting

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. scapy. Network packet and pcap file crafting/sniffing/manipulation/visualization security tool (based on scapy) with python3 compatibility

parser

1. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
2. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

password

1. keeweb. Free cross-platform password manager compatible with KeePass
2. KeychainCracker. macOS keychain cracking tool
3. Passhunt. Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.

password-manager

1. keeweb. Free cross-platform password manager compatible with KeePass
2. buttercup-desktop. 🔑 Javascript Password Vault - Multi-Platform Desktop Application
3. passbolt_api. Passbolt backend, a JSON API written with Cakephp
4. mooltipass. Github repository dedicated to the mooltipass project

passwords

1. sites-using-cloudflare. 💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
2. mooltipass. Github repository dedicated to the mooltipass project

paste

1. piknik. Copy/paste anything over the network
2. PrivateBin. A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

pcap

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. bro. Bro is a powerful network analysis framework that is much different from the typical IDS you may know. Official mirror of git.bro.org/bro.git .
3. scapy. Network packet and pcap file crafting/sniffing/manipulation/visualization security tool (based on scapy) with python3 compatibility

pci-dss

1. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
2. wazuh. Wazuh - Host and endpoint security
3. scap-security-guide. Baseline compliance content in SCAP formats

penetration

1. awesome-ctf. A curated list of CTF frameworks, libraries, resources and softwares
2. evilgrade.

penetration-testing

1. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
2. nishang. Nishang - PowerShell for penetration testing and offensive security.
3. faraday. Collaborative Penetration Test and Vulnerability Management Platform
4. awesome-infosec. A curated list of awesome infosec courses and training resources.
5. Free-Security-eBooks. Free Security and Hacking eBooks
6. WhatWeb. Next generation web scanner
7. awesome-web-security. 🐶 A curated list of Web Security materials and resources.
8. awesome-pentest-cheat-sheets. Collection of the cheat sheets useful for pentesting
9. vulscan. Advanced vulnerability scanning with Nmap NSE
10. Passhunt. Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
11. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
12. htshells. Self contained htaccess shells and attacks
13. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
14. changeme. A default credential scanner.
15. intrigue-core. Discover your attack surface!

pentest

1. awesome-infosec. A curated list of awesome infosec courses and training resources.
2. dirsearch. Web path scanner
3. pentest-wiki. PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
4. awesome-pentest-cheat-sheets. Collection of the cheat sheets useful for pentesting
5. owtf. Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp http://owtf.org
6. amass. In-depth subdomain enumeration written in Go
7. evilgrade.
8. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
9. objection. 📱 objection - runtime mobile exploration
10. filterbypass.
11. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

pentest-tool

1. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
2. Passhunt. Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords.
3. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

pentest-tools

1. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
2. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

pentesting

1. faraday. Collaborative Penetration Test and Vulnerability Management Platform
2. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
3. drozer. The Leading Security Assessment Framework for Android.
4. needle. The iOS Security Testing Framework
5. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
6. DeathStar. Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)
7. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.
8. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
9. GourdScanV2. 被动式漏洞扫描系统
10. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

performance

1. sonarwhal. A linting tool for the web
2. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
3. sozu. Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It will be awesome when it will be ready. Not So Secret Project! Ping us on gitter to know more

permissions

1. bouncer. Eloquent roles and abilities.
2. sentinel. A framework agnostic authentication & authorization system.
3. lock. A flexible, driver based Acl package for PHP 5.4+
4. accesscontrol. Role and Attribute based Access Control for Node.js

phishing

1. wifiphisher. The Rogue Access Point Framework
2. gophish. Open-Source Phishing Toolkit
3. FiercePhish. FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more.
4. king-phisher. Phishing Campaign Toolkit

php

1. DVWA. Damn Vulnerable Web Application (DVWA)
2. bouncer. Eloquent roles and abilities.
3. iniscan. A php.ini scanner for best security practices
4. sentinel. A framework agnostic authentication & authorization system.
5. captcha. Captcha for Laravel 5
6. lock. A flexible, driver based Acl package for PHP 5.4+
7. security-checker. PHP frontend for security.sensiolabs.org
8. exploits. Miscellaneous exploit code
9. PrivateBin. A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
10. Captcha. PHP Captcha library
11. pcc. PHP Secure Configuration Checker
12. security. The Security component provides a complete security system for your web application.
13. laravel-url-signer. Create and validate signed URLs with a limited lifetime
14. security-bundle. The security system is one of the most powerful parts of Symfony and can largely be controlled via its configuration.
15. csp-builder. Build Content-Security-Policy headers from a JSON file (or build them programmatically)
16. airship. Secure Content Management for the Modern Web - "The sky is only the beginning"
17. libsodium-php. PHP extension for libsodium
18. libsodium-php. PHP extension for libsodium
19. latte. ☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.

php-extension

1. libsodium-php. PHP extension for libsodium
2. libsodium-php. PHP extension for libsodium

play-framework

1. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
2. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

poc

1. exploits. Miscellaneous exploit code
2. Am-I-affected-by-Meltdown. Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN.

policy

1. security-txt. A proposed standard that allows websites to define security policies.
2. felix. Project Calico's per-host agent Felix, responsible for programming routes and security policy.

policy-monitoring

1. ossec-hids. OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
2. wazuh. Wazuh - Host and endpoint security

powerpc

1. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
2. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
3. bap. Binary Analysis Platform
4. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

powershell

1. nishang. Nishang - PowerShell for penetration testing and offensive security.
2. PowerShdll. Run PowerShell with rundll32. Bypass software restrictions.
3. GoFetch. GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.

privacy

1. macOS-Security-and-Privacy-Guide. A practical guide to securing macOS.
2. wire-ios. 📱 Wire for iOS (iPhone and iPad)
3. meshbird. Distributed private networking
4. cryptomator. Multi-platform transparent client-side encryption of your files in the cloud
5. decentraleyes. Decentraleyes - Local emulation of Content Delivery Networks.
6. user.js. user.js -- Firefox configuration hardening
7. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
8. privacy-respecting. 🔐 Curated List of Privacy Respecting Services and Software
9. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet
10. toxic. An ncurses-based Tox client
11. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
12. ghacks-user.js. An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting
13. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera
14. bleachbit. BleachBit system cleaner for Windows and Linux

program-analysis

1. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
2. manticore. Symbolic execution tool
3. bap. Binary Analysis Platform

protection

1. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
2. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera

proxy

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
3. bettercap. The state of the art network attack and monitoring framework.
4. sozu. Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It will be awesome when it will be ready. Not So Secret Project! Ping us on gitter to know more
5. ghostunnel. A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

pyparsing

1. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
2. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

python

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. wifiphisher. The Rogue Access Point Framework
3. routersploit. The Router Exploitation Framework
4. fail2ban. Daemon to ban hosts that cause multiple authentication errors
5. AutoSploit. Automated Mass Exploiter
6. maltrail. Malicious traffic detection system
7. onionshare. Securely and anonymously share a file of any size
8. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
9. sslyze. Fast and powerful SSL/TLS server scanning library.
10. MozDef. MozDef: The Mozilla Defense Platform
11. itsdangerous. Various helpers to pass trusted data to untrusted environments
12. dirsearch. Web path scanner
13. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
14. ivre. Network recon framework.
15. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
16. manticore. Symbolic execution tool
17. exploits. Miscellaneous exploit code
18. owtf. Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient @owtfp http://owtf.org
19. security-growler. 📡 A Mac menubar app that notifies you whenever SSH, VNC, sudo, or other auth events occur.
20. hawkpost. Generate links that users can use to submit messages encrypted with your public key.
21. tuf. A framework for securing software update systems
22. needle. The iOS Security Testing Framework
23. subuser. Run programs on linux with selectively restricted permissions.
24. king-phisher. Phishing Campaign Toolkit
25. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
26. featherduster. An automated, modular cryptanalysis tool; i.e., a Weapon of Math Destruction
27. DeathStar. Automate getting Domain Admin using Empire (https://github.com/EmpireProject/Empire)
28. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
29. BrainDamage. Remote administration tool which uses Telegram as a C&C server
30. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
31. Flask-HTTPAuth. Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes
32. changeme. A default credential scanner.
33. metta. An information security preparedness tool to do adversarial simulation.
34. conpot. ICS/SCADA honeypot
35. django-DefectDojo. DefectDojo is an open-source defect tracking application
36. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software
37. exitmap. A fast and modular scanner for Tor exit relays.
38. bleachbit. BleachBit system cleaner for Windows and Linux
39. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

python2

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.

python3

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
3. hawkpost. Generate links that users can use to submit messages encrypted with your public key.
4. scapy. Network packet and pcap file crafting/sniffing/manipulation/visualization security tool (based on scapy) with python3 compatibility

rails

1. brakeman. A static analysis security vulnerability scanner for Ruby on Rails applications
2. Portus. Authorization service and frontend for Docker registry (v2)
3. zen-rails-security-checklist. Checklist of security precautions for Ruby on Rails applications.
4. rails-security-checklist. 🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
5. best-practices-badge. Core Infrastructure Initiative Best Practices Badge
6. dawnscanner. Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
7. railsgoat. A vulnerable version of Rails that follows the OWASP Top 10
8. invisible_captcha. 🍯 Unobtrusive and flexible spam protection for Rails apps

rbac

1. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
2. accesscontrol. Role and Attribute based Access Control for Node.js

reconnaissance

1. amass. In-depth subdomain enumeration written in Go
2. intrigue-core. Discover your attack surface!

red-team

1. nishang. Nishang - PowerShell for penetration testing and offensive security.
2. Cloakify. CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection
3. DumpsterFire. "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

redis

1. spring-boot. spring-boot 项目实践总结
2. metta. An information security preparedness tool to do adversarial simulation.

reverse-engineering

1. x64dbg. An open-source x64/x32 debugger for windows.
2. Awesome-Hacking. A collection of various awesome lists for hackers, pentesters and security researchers
3. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
4. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
5. panopticon. A libre cross-platform disassembler.
6. edb-debugger. edb is a cross platform x86/x86-64 debugger.
7. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
8. bap. Binary Analysis Platform
9. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.
10. CTF-All-In-One. 一本 CTF 书
11. Detect-It-Easy. Detect it Easy

roles

1. bouncer. Eloquent roles and abilities.
2. sentinel. A framework agnostic authentication & authorization system.
3. accesscontrol. Role and Attribute based Access Control for Node.js

ruby

1. brakeman. A static analysis security vulnerability scanner for Ruby on Rails applications
2. Portus. Authorization service and frontend for Docker registry (v2)
3. zen-rails-security-checklist. Checklist of security precautions for Ruby on Rails applications.
4. WhatWeb. Next generation web scanner
5. dawnscanner. Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
6. railsgoat. A vulnerable version of Rails that follows the OWASP Top 10

ruby-cli

1. gitrob. Reconnaissance tool for GitHub organizations
2. aquatone. A Tool for Domain Flyovers

ruby-on-rails

1. zen-rails-security-checklist. Checklist of security precautions for Ruby on Rails applications.
2. rails-security-checklist. 🔑 Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
3. railsgoat. A vulnerable version of Rails that follows the OWASP Top 10

rust

1. panopticon. A libre cross-platform disassembler.
2. ring. Safe, fast, small crypto using Rust
3. sozu. Sōzu HTTP reverse proxy, configurable at runtime, fast and safe, built in Rust. It will be awesome when it will be ready. Not So Secret Project! Ping us on gitter to know more
4. edgedns. A high performance DNS cache designed for Content Delivery Networks

saml

1. pac4j. Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
2. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

scan

1. dockerscan. Docker security analysis & hacking tools
2. slurp. Enumerate S3 buckets via certstream, domain, or keywords

scanner

1. routersploit. The Router Exploitation Framework
2. retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities
3. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
4. iniscan. A php.ini scanner for best security practices
5. WhatWeb. Next generation web scanner
6. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
7. slurp. Enumerate S3 buckets via certstream, domain, or keywords
8. SQLiScanner. Automatic SQL injection with Charles and sqlmap api
9. GourdScanV2. 被动式漏洞扫描系统
10. exitmap. A fast and modular scanner for Tor exit relays.

scanning

1. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
2. Reconnoitre. A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
3. rita. Real Intelligence Threat Analytics

scans

1. sslyze. Fast and powerful SSL/TLS server scanning library.
2. ivre. Network recon framework.

scapy

1. scapy. Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
2. scapy. Network packet and pcap file crafting/sniffing/manipulation/visualization security tool (based on scapy) with python3 compatibility

seccomp

1. docker-slim. DockerSlim (docker-slim): Optimize and secure your Docker containers (free and open source)
2. contained.af. A stupid game for learning about containers, capabilities, and syscalls.

secure

1. cryptocat. Secure chat software for your computer.
2. uTox. µTox the lightest and fluffiest Tox client
3. airship. Secure Content Management for the Modern Web - "The sky is only the beginning"

secure-by-default

1. csp-builder. Build Content-Security-Policy headers from a JSON file (or build them programmatically)
2. airship. Secure Content Management for the Modern Web - "The sky is only the beginning"

self-hosted

1. privacy-respecting. 🔐 Curated List of Privacy Respecting Services and Software
2. PrivateBin. A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

serverless

1. streamalert. StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
2. binaryalert. BinaryAlert: Serverless, Real-time & Retroactive Malware Detection

service-discovery

1. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
2. express-gateway. A microservices API Gateway built on top of ExpressJS

siem

1. graylog2-server. Free and open source log management
2. MozDef. MozDef: The Mozilla Defense Platform
3. sigma. Generic Signature Format for SIEM Systems
4. nzyme. Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

signature

1. jose-jwt. Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core
2. Detect-It-Easy. Detect it Easy

smart-contracts

1. smart-contract-best-practices. A guide to smart contract security best practices
2. Solium. Linter to identify and fix style & security issues in Solidity

sniffing

1. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
2. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.

software-composition-analysis

1. retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities
2. DependencyCheck. OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

solidity

1. zeppelin-solidity. OpenZeppelin, a framework to build secure smart contracts on Ethereum
2. smart-contract-best-practices. A guide to smart contract security best practices
3. Solium. Linter to identify and fix style & security issues in Solidity

sparc

1. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
2. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
3. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
4. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

spoofing

1. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
2. bettercap. The state of the art network attack and monitoring framework.

spring

1. spring-security. Spring Security
2. spring-boot. spring-boot 项目实践总结
3. jasypt-spring-boot. Jasypt integration for Spring boot

spring-boot

1. spring-boot. spring-boot 项目实践总结
2. jasypt-spring-boot. Jasypt integration for Spring boot

sql

1. osquery. SQL powered operating system instrumentation, monitoring, and analytics.
2. play-pac4j. Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

sql-injection

1. hacker101. Hacker101
2. DVWA. Damn Vulnerable Web Application (DVWA)
3. protect. Proactively protect your Node.js web services

ssh

1. teleport. Modern SSH server for clusters and teams.
2. YubiKey-Guide. Guide to using YubiKey as a SmartCard for GPG and SSH
3. cowrie. Cowrie SSH/Telnet Honeypot
4. sshesame. A fake SSH server that lets everyone in and logs their activity
5. xiringuito. SSH-based "VPN for poors"

ssh-tunnel

1. algo. Set up a personal IPSEC VPN in the cloud
2. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

ssl

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. sites-using-cloudflare. 💔 Archived list of domains using Cloudflare DNS at the time of the CloudBleed announcement.
3. sslyze. Fast and powerful SSL/TLS server scanning library.
4. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
5. nginxconfig.io. nginx config generator
6. ghostunnel. A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
7. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com

ssllabs

1. sslyze. Fast and powerful SSL/TLS server scanning library.
2. Seccubus. Easy automated vulnerability scanning, reporting and analysis

sslstrip

1. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
2. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.

static-analysis

1. brakeman. A static analysis security vulnerability scanner for Ruby on Rails applications
2. panopticon. A libre cross-platform disassembler.
3. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
4. bap. Binary Analysis Platform
5. sobelow. Security-focused static analysis for the Phoenix Framework
6. Solium. Linter to identify and fix style & security issues in Solidity
7. dagda. a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
8. NodeJsScan. NodeJsScan is a static security code scanner for Node.js applications.

static-code-analysis

1. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
2. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
3. StaCoAn. StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

subdomain

1. amass. In-depth subdomain enumeration written in Go
2. subjack. Hostile Subdomain Takeover tool written in Go featuring self-reliant subdomain discovery with amass integration, allowing for simultaneous checking for subdomain takeovers while enumerating DNS.

swift

1. wire-ios. 📱 Wire for iOS (iPhone and iPad)
2. SwiftyRSA. RSA public/private key encryption in Swift

symfony

1. nginxconfig.io. nginx config generator
2. security. The Security component provides a complete security system for your web application.
3. security-bundle. The security system is one of the most powerful parts of Symfony and can largely be controlled via its configuration.

taint-analysis

1. pyt. A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
2. manticore. Symbolic execution tool
3. find-sec-bugs. The FindBugs plugin for security audits of Java web applications and Android applications. (Also work with Groovy and Scala projects)
4. bap. Binary Analysis Platform

terraform

1. guide. Kubernetes clusters for the hobbyist.
2. streamalert. StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
3. binaryalert. BinaryAlert: Serverless, Real-time & Retroactive Malware Detection

testing

1. syzkaller. syzkaller is an unsupervised, coverage-guided kernel fuzzer
2. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
3. inspec. InSpec: Auditing and Testing Framework
4. manticore. Symbolic execution tool

threat-analysis

1. cowrie. Cowrie SSH/Telnet Honeypot
2. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

threat-hunting

1. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)
2. awesome-threat-detection. A curated list of awesome threat detection and hunting resources

threat-sharing

1. cowrie. Cowrie SSH/Telnet Honeypot
2. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

threatintel

1. cowrie. Cowrie SSH/Telnet Honeypot
2. MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

tls

1. mitmproxy. An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
2. bettercap. DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap
3. sslyze. Fast and powerful SSL/TLS server scanning library.
4. badssl.com. 🔒 Memorable site for testing clients against bad SSL configs.
5. botan. Crypto and TLS for C++11
6. ghostunnel. A simple SSL/TLS proxy with mutual authentication for securing non-TLS services
7. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com
8. istlsfastyet.com. Is TLS fast yet? Yes, yes it is.

tls13

1. sslyze. Fast and powerful SSL/TLS server scanning library.
2. wolfssl. wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. http://www.wolfssl.com

tor

1. onionshare. Securely and anonymously share a file of any size
2. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
3. GlobaLeaks. GlobaLeaks - The Open-Source Whistleblowing Software
4. exitmap. A fast and modular scanner for Tor exit relays.

tor-network

1. OnionBrowser. An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network
2. exitmap. A fast and modular scanner for Tor exit relays.

totp

1. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail
2. SecurityDriven.Inferno. ✅ .NET crypto done right. Professionally audited.

touch-id

1. KeychainAccess. Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.
2. Valet. Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
3. UICKeyChainStore. UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS. Makes using Keychain APIs as easy as NSUserDefaults.

tox

1. toxic. An ncurses-based Tox client
2. uTox. µTox the lightest and fluffiest Tox client

tracking

1. trape. People tracker on the Internet: Learn to track the world, to avoid being traced.
2. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera

tunnel

1. sigmavpn. Light-weight, secure and modular VPN solution
2. ghostunnel. A simple SSL/TLS proxy with mutual authentication for securing non-TLS services

tvos

1. Valet. Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
2. SwiftyRSA. RSA public/private key encryption in Swift

two-factor

1. teleport. Modern SSH server for clusters and teams.
2. twofactorauth. List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
3. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

twofactorauth

1. twofactorauth. List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software.
2. yosai. A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

typescript

1. javascript-obfuscator. A powerful obfuscator for JavaScript and Node.js
2. AspNetCoreSpa. Asp.Net Core 2 & Angular (5+) SPA with Angular CLI full featured application. Live demo:

update

1. evilgrade.
2. tuf. A framework for securing software update systems

vba

1. oletools. oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
2. ViperMonkey. A VBA parser and emulation engine to analyze malicious macros.

video

1. wire-ios. 📱 Wire for iOS (iPhone and iPad)
2. uTox. µTox the lightest and fluffiest Tox client
3. zmNinja. High performance, cross platform ionic app for Home/Commerical Security Surveillance using ZoneMinder or other NVRs

virtual-machine

1. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
2. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture

virtualization

1. runtime. OCI (Open Containers Initiative) compatible runtime using Virtual Machines
2. cc-oci-runtime. OCI (Open Containers Initiative) compatible runtime for Intel® Architecture

vpn

1. algo. Set up a personal IPSEC VPN in the cloud
2. setup-ipsec-vpn. Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
3. openvpn. OpenVPN is an open source VPN daemon
4. meshbird. Distributed private networking
5. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
6. i2pd. 🛡 I2P: End-to-End encrypted and anonymous Internet
7. xiringuito. SSH-based "VPN for poors"
8. sigmavpn. Light-weight, secure and modular VPN solution
9. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

vpn-client

1. algo. Set up a personal IPSEC VPN in the cloud
2. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

vpn-server

1. algo. Set up a personal IPSEC VPN in the cloud
2. setup-ipsec-vpn. Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS
3. docker-ipsec-vpn-server. Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec
4. AWS-VPN-Server-Setup. Setup your own private, secure, free* VPN on the Amazon AWS Cloud in 10 minutes. CloudFormation

vulnerabilities

1. brakeman. A static analysis security vulnerability scanner for Ruby on Rails applications
2. retire.js. scanner detecting the use of JavaScript libraries with known vulnerabilities
3. snyk. CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
4. dawnscanner. Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.
5. railsgoat. A vulnerable version of Rails that follows the OWASP Top 10
6. kernelpop. kernel privilege escalation enumeration and exploitation framework
7. dagda. a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

vulnerability

1. faraday. Collaborative Penetration Test and Vulnerability Management Platform
2. labs. Vulnerability Labs for security analysis
3. vulscan. Advanced vulnerability scanning with Nmap NSE

vulnerability-assessment

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
3. secure-ios-app-dev. Collection of the most common vulnerabilities found in iOS applications
4. vulscan. Advanced vulnerability scanning with Nmap NSE
5. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

vulnerability-databases

1. vulscan. Advanced vulnerability scanning with Nmap NSE
2. django-DefectDojo. DefectDojo is an open-source defect tracking application

vulnerability-detection

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
3. DependencyCheck. OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
4. vulscan. Advanced vulnerability scanning with Nmap NSE
5. wazuh. Wazuh - Host and endpoint security
6. Seccubus. Easy automated vulnerability scanning, reporting and analysis

vulnerability-management

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. faraday. Collaborative Penetration Test and Vulnerability Management Platform
3. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
4. django-DefectDojo. DefectDojo is an open-source defect tracking application
5. Seccubus. Easy automated vulnerability scanning, reporting and analysis

vulnerability-scanners

1. vuls. Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
2. faraday. Collaborative Penetration Test and Vulnerability Management Platform
3. xunfeng. 巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。
4. vulscan. Advanced vulnerability scanning with Nmap NSE
5. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
6. intrigue-core. Discover your attack surface!

vulnerability-scanning

1. vulscan. Advanced vulnerability scanning with Nmap NSE
2. jackhammer. Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

watchos

1. Valet. Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
2. SwiftyRSA. RSA public/private key encryption in Swift

web

1. WhatWeb. Next generation web scanner
2. awesome-web-security. 🐶 A curated list of Web Security materials and resources.
3. CTF-All-In-One. 一本 CTF 书
4. jasypt-spring-boot. Jasypt integration for Spring boot

webapp

1. hawkpost. Generate links that users can use to submit messages encrypted with your public key.
2. jasypt-spring-boot. Jasypt integration for Spring boot

website

1. awesome-checker-services. ✅ List of links to the various checkers out there on the web for sites, domains, security etc.
2. jasypt-spring-boot. Jasypt integration for Spring boot

whitelist

1. bluemonday. bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
2. scriptsafe. a browser extension to bring security and privacy to chrome, firefox, and opera

wifi

1. wifiphisher. The Rogue Access Point Framework
2. bettercap. The state of the art network attack and monitoring framework.
3. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
4. nzyme. Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

wifi-security

1. bettercap. The state of the art network attack and monitoring framework.
2. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.

windows

1. x64dbg. An open-source x64/x32 debugger for windows.
2. labs. This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
3. nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
4. QuasarRAT. Remote Administration Tool for Windows
5. processhacker. A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
6. hardentools. Hardentools is a utility that disables a number of risky Windows features.
7. exploits. Miscellaneous exploit code
8. awesome-windows-domain-hardening. A curated list of awesome Security Hardening techniques for Windows.
9. uTox. µTox the lightest and fluffiest Tox client
10. bleachbit. BleachBit system cleaner for Windows and Linux

wireless

1. urh. Universal Radio Hacker: investigate wireless protocols like a boss
2. bettercap. The state of the art network attack and monitoring framework.
3. BoopSuite. A Suite of Tools written in Python for wireless auditing and security testing.
4. airgeddon. This is a multi-use bash script for Linux systems to audit wireless networks.

wordpress

1. wpscan. WPScan is a black box WordPress vulnerability scanner
2. wordpress-exploit-framework. A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
3. nginxconfig.io. nginx config generator

x86

1. x64dbg. An open-source x64/x32 debugger for windows.
2. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
3. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
4. edb-debugger. edb is a cross platform x86/x86-64 debugger.
5. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
6. bap. Binary Analysis Platform
7. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

x86-64

1. x64dbg. An open-source x64/x32 debugger for windows.
2. capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, M68K, Mips, PPC, Sparc, SystemZ, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell)
3. unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
4. edb-debugger. edb is a cross platform x86/x86-64 debugger.
5. keystone. Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
6. keypatch. Multi-architecture assembler for IDA Pro. Powered by Keystone Engine.

xss

1. hacker101. Hacker101
2. DOMPurify. DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
3. Web-Security-Learning. Web-Security-Learning
4. bluemonday. bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
5. filterbypass.
6. csp-builder. Build Content-Security-Policy headers from a JSON file (or build them programmatically)
7. latte. ☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.
8. protect. Proactively protect your Node.js web services

yubikey

1. teleport. Modern SSH server for clusters and teams.
2. YubiKey-Guide. Guide to using YubiKey as a SmartCard for GPG and SSH