Open Source Mac Cybersecurity Tools
Sort By:
Cybersecurity Tools for Mac
View 109 business solutionsBrowse free open source Cybersecurity tools and projects for Mac below. Use the toggles on the left to filter open source Cybersecurity tools by OS, license, language, programming language, and project status.
-
MyQ Print Management SoftwareBoost your digital or traditional workplace with MyQ’s secure print and scan solutions that respect your time and help you focus on what you do best.
-
Vibes don’t ship, Retool doesVibe coding tools create cool demos, but Retool helps you build software your company can actually use. Generate internal apps that connect directly to your data—deployed in your cloud with enterprise security from day one. Build dashboards, admin panels, and workflows with granular permissions already in place. Stop prototyping and ship on a platform that actually passes security review.
-
1
Ghidra
Ghidra is a software reverse engineering (SRE) framework
Ghidra is a free and open-source reverse engineering framework developed by the NSA for analyzing compiled software. It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
2
cyborghawk v1.1
Latest-v1.1 of The World's most advanced pen testing distribution ever
updated version of The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment. -
3
Greenplum Database
Massive parallel data platform for analytics, machine learning and AI
Rapidly create and deploy models for complex applications in cybersecurity, predictive maintenance, risk management, fraud detection, and many other areas. With its unique cost-based query optimizer designed for large-scale data workloads, Greenplum scales interactive and batch-mode analytics to large datasets in the petabytes without degrading query performance and throughput. Based on PostgreSQL, Greenplum provides you with more control over the software you deploy, reducing vendor lock-in, and allowing open influence on product direction. Greenplum reduces data silos by providing you with a single, scale-out environment for converging analytic and operational workloads, like streaming ingestion. All major Greenplum contributions are part of the Greenplum Database project and share the same database core, including the MPP architecture, analytical interfaces, and security capabilities. -
4
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
Atera all-in-one platform IT management software with AI agentsAtera’s AI agents don’t just assist, they act. From detection to resolution, they handle incidents and requests instantly, taking your IT management from automated to autonomous.
-
5
cyborg hawk v 1.0
The World's most advanced penetration testing distribution ever
The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment. -
6
Watcher
Open Source Cybersecurity Threat Hunting Platform
Watcher is a file integrity monitoring tool that detects unauthorized changes to files, helping organizations maintain compliance and security. -
7
GUN
Cybersecurity protocol for syncing decentralized graph data
GUN is a small, easy, and fast data sync and storage system that runs everywhere JavaScript does. The aim of GUN is to let you focus on the data that needs to be stored, loaded, and shared in your app without worrying about servers, network calls, databases, or tracking offline changes or concurrency conflicts. This lets you build cool apps fast. When a browser peer asks for data, it'll merge the reply with its own data using a CRDT, then cache the result. GUN is fully decentralized (peer-to-peer or multi-master), meaning that changes are not controlled by a centralized server. A server can be just another peer in the network, one that may have more reliable resources than a browser. You save data on one machine, and it will sync it to other peers without needing a complex consensus protocol. It just works. GUN can be used in both browsers and servers. We have made it easy to install in many different environments. -
8
pyWhat
Identify emails, IP addresses, and more
pyWhat is a Python-based identification tool designed to figure out “what” a piece of text or file content represents, especially in security and OSINT workflows. Given inputs such as hex strings, URLs, email addresses, IP addresses, credit card numbers, cryptocurrency wallets, or entire .pcap capture files, it scans for structured patterns and tells you what it finds. The tool is recursive: it can traverse files and directories to extract meaningful entities, which is useful when analyzing malware samples, network captures, or code repositories at scale. It offers powerful filters called “tags” and distributions that let you narrow results to specific categories like bug bounties, cryptocurrencies, or AWS-related artifacts. For automation and integration, pyWhat provides a CLI with options for rarity filtering, sorting, and JSON export, as well as an API that can be imported into other Python programs. -
9
ODS3 Virtual Machine Challenge
Virtual Machine Image To Test Penetration Skills
The ODS3 Virtual Machine Challenge are downloadable images that can be run as VMWare or VirtualBox instances. The Idea behind the challenge is to test and exercise web application penetration testing in a controlled environment. These images are great for cyber security students, penetration testers and hobbyist. Care should be taken if installed on an Internet access host as the application are purposely vulnerable to attack and exploitation. -
Find Hidden Risks in Windows Task SchedulerWindows Task Scheduler might be hiding critical failures. Download the free JAMS diagnostic tool to uncover problems before they impact production—get a color-coded risk report with clear remediation steps in minutes.
-
10
cardionet
A beautiful, modern Terminal User Interface (TUI) for nmap
CardioNet simplifies network scanning by providing an intuitive graphical interface for nmap, making it accessible to both beginners and advanced users. Build complex scanning commands visually, execute them in real-time, and export results in multiple formats. -
11
S2OPC - Safe & Secure OPC UA
An Open Source Safe & Secure OPC UA stack
Open-source Safe and Secure OPC UA Toolkit designed with embedded devices in mind (see https://www.s2opc.com). Its demo server is certified by the OPC Foundation and CSPN(-BSZ). -
12
Ethical Hacking - Pokhara
Educating Nepalese on about Cyber Security & Ethical Hacking.
This project is basically based on giving free/paid workshop/training/seminar on "Cyber Security & Ethical Hacking", to the people/students of Nepal. Being Nepali, I always thought of helping people of Nepal in New and Rising Topic of World. Now, that topic is "Cyber Security & Ethical Hacking". My involvement in this Project can be found in detail in my own website here : http://www.bijayacharya.com/about-me/bj-as-hacker/ -
13
openWrt-snort
Image of OpenWrt OS, with snort community featured in.
Image of OpenWrt OS, with snort community featured in, for Raspberry Pi 4/ 4B+ and 400, basically for Processor BCM2711. Installed Snort Community Model to Intrusion Detection system. Prevention system not installed. eth0 used as output/ LAN socket, to run internet and access router. eth1, which can be USB -> Ethernet port, is used as WAN port, to connect Pi board to Internet IP. to flash img file, you can restore in SD card, or use Balena Etcher to flash. or you can use DD commend of UNIX. **USERNAME** - root **PASSWORD** - bing.google12 -
14
Java Vulnerable Lab - Pentesting Lab
a deliberately vulnerable Web application
This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation (www.cysecurity.org) for Java programmers The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ WAR file: ---------- https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download Virtualbox VM file: -------------------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download Credentials for the VM: ------------------------ Username: root Password: cspf Stand-alone file: (Run the Jar file directly) -------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download -
15
SecurityInfinity Cybersecurity
Secure your website in 10 minutes in one click.
Secure your website in 10 minutes in one click. AI enabled cybersecurity suite for vulnerability assessment and realtime analytics. Assess your website, cloud platform and identify vulnerabilities now. -
16
Lakhash
An experimental cloud storage service featuring client-side encryption
An experimental cloud storage service built with Next.js, featuring client-side file encryption, a dedicated password vault, advanced integrity verification functionality, and a convenient UI. Lakhash is also equipped with the password vault. Check it out at https://lakhash.netlify.app GitHub repository: https://github.com/Northstrix/Lakhash Codeberg repository: https://codeberg.org/Northstrix/Lakhash/ The related Medium article can be found at https://medium.com/@Northstrix/2be1c60ec6e8 -
17
Midbar ESP32 CYD Firebase Edition
A version of Midbar data vault adapted for the ESP32 CYD and WebFlash.
A version of Midbar data vault adapted for the ESP32 CYD and WebFlash. It keeps the cryptographic keys in the ESP32 RAM and stores the ciphertexts (encrypted data) in the Google Firebase. The tutorial is available at: https://www.instructables.com/How-to-Turn-ESP32-CYD-Into-a-Secure-IoT-Data-Vault/ WebFlash for ESP32-CYD: https://northstrix.github.io/Midbar-ESP32-CYD-Firebase-Edition/flash WebFlash for ESP32-CYD2USB: https://northstrix.github.io/Midbar-ESP32-CYD2USB-Firebase-Edition/flash -
18
tirreno
Open Security Analytics
tirreno is open security analytics. tirreno [tir.ˈrɛ.no] helps understand, monitor, and protect your applications from cyber threats, account takeovers, bots, and abuse. While classic cybersecurity focuses on infrastructure and network perimeter, most breaches occur through compromised accounts and application logic abuse that bypasses firewalls, SIEM, WAFs, and other defenses. tirreno detects threats where they actually happen: inside your product. It adds a security layer to internal or external applications to identify malicious activity by analyzing user behavior, account activity, field changes history, and business logic abuse that infrastructure tools are unable to detect. -
19
In-Browser-File-Encrypter
The source code of the In-Browser-File-Encrypter web app
The In-Browser File Encrypter is a simple web application that enables you to securely encrypt your files directly in your browser using the AES-256 encryption algorithm in CBC mode. Check it out at: https://codepen.io/Northstrix/pen/xxvXvJL and https://northstrix.github.io/In-Browser-File-Encrypter/V1.0/web-app.html GitHub page: https://github.com/Northstrix/In-Browser-File-Encrypter The download shortcut: https://sourceforge.net/projects/in-browser-file-encrypter/files/V1.0%20%28Improved%20UI%29/V1.0%20%28Improved%20UI%29.zip/download Successfully tested in Google Chrome on Windows 11 and Fedora 40. -
20
BTS Pentesting Lab
BTS Pentesting Lab - a deliberately vulnerable Web application
BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... Java version of this application can be found here: https://sourceforge.net/p/javavulnerablelab/ -
21
BTS-SIO-SLAM-CYBER-INTERVENTION
Cybersecurity intervention for BTS SIO SLAM
You will find all the files to prepare a security intervention in a BTS SIO (SLAM - development part). This training aims to highlight the role of the developer in cybersecurity. Different software vulnerabilities are presented as well as the good practices that allow limiting them. To this goal, some aspects of a secure system design are addressed. Informations and documentation are here: https://sourceforge.net/p/bts-sio-slam-cyberintervention/wiki/Home/. -
22
Bootleg-Password-Vault
A password vault with client-side encryption and nice-looking UI
A password vault with client-side encryption and nice-looking UI built with React. The app is hosted at https://northstrix.github.io/Bootleg-Password-Vault/ The source code can also be found at: https://github.com/Northstrix/Bootleg-Password-Vault https://codeberg.org/Northstrix/Bootleg-Password-Vault The related article is available at: https://medium.com/@Northstrix/adbd8dad0442 -
23
-
24
CVE-Alert
Real-time CVE tracking and email alerts for security vulnerabilities
CVE-Alert helps organizations and individuals track Common Vulnerabilities and Exposures (CVEs) in real-time. Get notified about security issues affecting your vendors and products. Key capabilities: - Real-time CVE tracking - Automatically sync with CVE.org's CVE List (cvelistV5) to stay current with published security vulnerabilities - Custom subscriptions - Subscribe to specific vendors, products, or severity levels to receive alerts only for what matters to your organization - Email notifications - Receive timely email alerts with detailed information about CVEs affecting your subscribed vendors and products - Comprehensive reports - Search and browse CVE entries with detailed information including severity scores, descriptions, and affected products - Free to use - No cost for individuals and organizations CVE-Alert is designed for security professionals, IT administrators, developers, and anyone responsible for maintaining secure systems. Stay ahead of vulnerabilities -
25
Falcon_ArchLinux
Falcon ArchLinux pruple team tools cyber security
uses repo BlackArchlinux and ArchLinux
