Security

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. It works with tons of data supported by an OpenSearch fork and custom WUI.

Fast Incident Response, a cybersecurity incident management platform.

Open Source SIEM (Security Information and Event Management system).

HoneyPy is a low to medium interaction honeypot. It is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations.

Amun Python-based low-interaction Honeypot.

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

HonSSH is a high-interaction Honey Pot solution. HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.

This script will install T-Pot 16.04/17.10 on a fresh Ubuntu 16.04.x LTS (64bit). It is intended to be used on hosted servers, where an Ubuntu base image is given and there is no ability to install custom ISO images. Successfully tested on vanilla Ubuntu 16.04.3 in VMware.

tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis and debugging. Each TCP flow is stored in its own file. Thus, the typical TCP flow will be stored in two files, one for each direction. tcpflow can also process stored 'tcpdump' packet flows.

High-performance remote packet capture and collection tool, distributed tcpdump for cloud native environments.

Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.

Dshell is a network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets.

Open-source VPN server and egress firewall for Linux built on WireGuard that makes it simple to manage secure remote access to your company’s private networks. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.

Advanced transparent Tor proxy with kernel-level iptables routing, post-quantum encryption (Kyber768), kill switch, steganography mode, and AI-powered circuit selection.

PFQ is a functional networking framework designed for the Linux operating system that allows efficient packets capture/transmission (10G and beyond), in-kernel functional processing and packets steering across sockets/end-points.

Fast, free and open-source spam filtering system.

Anti-Spam Scanning Service and Anti-Spam API by @niftylettuce.

Option 3 - Run Nodegoat on Docker

An open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!

IPS for SSH similar to DenyHosts written in Python. It also can gather information about attacker during the attack in a log.

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on Fail2Ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM based infrastructures (by decoupling detection and remediation). Once detected, you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IPs can be sent to CrowdSec for curation before being shared among all users to further strengthen the community

An awesome list of honeypot resources.

A collection of android security related resources.

A curated list of ARM exploitation resources.

A curated list of CTF frameworks, libraries, resources and software.

A curated list of hacking environments where you can train your cyber skills legally and safely.

A curated list of digital security and privacy tips, with links to further resources.

A curated list of awesome Hacking tutorials, tools and resources.

A curated list of awesome malware analysis tools and resources.

A curated list of awesome newsletters to keep up to date on security news via e-mail.

A collection of tools developed by other researchers in the Computer Science area to process network traces.

A collection of awesome penetration testing resources, tools and other shiny things.

A curated list of privacy-respecting software and services.

A curated list of awesome Linux Containers frameworks, libraries and software.

A curated list of resources for incident response.

This list is for anyone wishing to learn about web application security but do not have a starting point.

A curated list of awesome resources about Electron.js (in)security

A curated list of threat intelligence resources.

A curated list of Threat Modeling resources.

Collection of the cheat sheets useful for pentesting

A curated list of resources related to Industrial Control System (ICS) security.

A curated list of awesome YARA rules, tools, and people.

A curated list of awesome threat detection and hunting resources.

A curated list of awesome resources related to container building and runtime security

A curated list of cryptography papers, articles, tutorials and howtos.

A collection of interesting, funny, and depressing search queries to plug into Shodan.io.

A collection of fascinating and bizarre Censys Search Queries.

A collection of awesome tools used to counter forensics activities.

A curated list of awesome security talks, organized by year and then conference.

A curated list of Bluetooth security resources.

A curated list of WebSocket security resources.

A curated list of security related acronyms and concepts

A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list.

A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

awesome- or -awesome lists.

The definitive list of (awesome) lists curated on GitHub.

A curated list of movies every hacker & cyberpunk must watch.

Fast customisable cross-platform suspicious file finder. Supports md5/sha1/sha256 hashs, litteral/wildcard strings, regular expressions and YARA rules. Can easily be packed to be deployed on any windows / linux host.

Simple Indicators of Compromise and Incident Response Scanner

An open-source Content Disarm & Reconstruct software sanitizing Office, PDF and RTF Documents.

Fleet is the lightweight, programmable telemetry platform for servers and workstations. Get comprehensive, customizable data from all your devices and operating systems.

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. Tutorials: How to set up two-factor authentication for SSH login on Linux

Securely assign Digital Authenticity to any written text

A comprehensive manual for mobile app security testing and reverse engineering.

A collection of OSX and iOS security resources

High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.

A tool for reverse engineering Android apk files.

Command line and GUI tools for produce Java source code from Android Dex and Apk files.

A tool for translating Dalvik bytecode to equivalent Java bytecode.

A tool to extract local data storage of an Android application in one click.

An Obfuscation-Neglect Android Malware Scoring System.

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

AMExtractor can dump out the physical content of your Android device even without kernel source code.

Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Android Malware Behavior Editor.

Flutter Reverse Engineering Framework

GRR Rapid Response is an incident response framework focused on remote live forensics.

Python based memory extraction and analysis framework.

ir-rescue is a Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

CLI utility and Python API for analyzing log files and other data.

PowerShell-based Windows artifact collection for threat hunting and incident response.

The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.

Linux Memory Extractor

Maigret collect a dossier on a person by username only, checking for accounts on a huge number of sites and gathering all the available information from web pages.

BunkerWeb is a full-featured open-source web server with ModeSecurity WAF, HTTPS with transparent Let's Encrypt renewal, automatic ban of strange behaviors based on HTTP codes, bot and bad IPs block, connection limits, state-of-the-art security presets, Web UI and much more.

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection.

SQL Firewall Extension for PostgreSQL

IronBee is an open source project to build a universal web application security sensor. IronBee as a framework for developing a system for securing web applications - a framework for building a web application firewall (WAF).

Curiefense adds a broad set of automated web security tools, including a WAF to Envoy Proxy.

open-appsec is an open source machine-learning security engine that preemptively and automatically prevents threats against Web Application & APIs.

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework.

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

A semi automatic pen testing tool for mapping/pen-testing networks. Simulates a human attacker.

ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.

padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI.

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

Full-featured C2 framework which silently persists on webserver via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features.

Keyscope is an extensible key and secret validation for checking active secrets against multiple SaaS vendors built in Rust

The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report. Currently supports: PHP, Java, Scala, Python, Ruby, Javascript, GO, Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks (total ca. 1000 checks)

a fast Rust based CLI that uses SQL to query over files, code, or malware with content classification and processing for security experts

The ultimate web application security testing tool for CakePHP-based web applications. CakeFuzzer employs a predefined set of attacks that are randomly modified before execution. Leveraging its deep understanding of the Cake PHP framework, Cake Fuzzer launches attacks on all potential application entry points.

URL security scanner with WHOIS, SSL, threat intelligence (URLhaus, PhishTank, Spamhaus), and 40+ scam/phishing pattern detection. Includes optional AI analysis via Ollama. (Demo)

Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Scans React 19.x and Next.js projects for critical remote code execution flaws.

Detect indicators of compromise from the Shai Hulud 2.0 npm supply chain attack that compromised 796+ packages. Performs comprehensive security checks for malicious files, hashes, and patterns.

A modular vulnerability scanner with automatic report generation capabilities.

An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the project achieved nearly no false positives. And less than 3% performance reduction is observed under heavy server load.

Leverage the OWASP Zed Attack Proxy (ZAP) within your NodeJS applications with this official API.

A GitHub App that provides security feedback in Pull Requests.

Scan code for security risks and vulnerabilities leading to sensitive data exposures.

A static analysis tool for infrastucture as code (Terraform).

A static analysis tool for infrastucture as code (Terraform).

Scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks.

A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js).

Node.js file-upload malware scanner with MIME sniffing, ZIP-bomb protection and optional YARA rules.