Open Source ChromeOS Security Software
Sort By:
Security Software for ChromeOS
Browse free open source Security software and projects for ChromeOS below. Use the toggles on the left to filter open source Security software by OS, license, language, programming language, and project status.
-
Gemini 3 and 200+ AI Models on One PlatformBuild, govern, and optimize agents and models with Gemini Enterprise Agent Platform.
-
Earn up to 16% annual interest with Nexo.Generate interest, access liquidity without selling, and execute trades seamlessly. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
1
Anti-Spam SMTP Proxy Server
Anti-Spam SMTP Proxy Server implements multiple spam filters
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements auto-whitelists, self learning Hidden-Markov-Model and/or Bayesian, Greylisting, DNSBL, DNSWL, URIBL, SPF, SRS, Backscatter, Virus scanning, attachment blocking, Senderbase and multiple other filter methods. Click 'Files' to download the professional version 2.8.1 build 24261. A linux(ubuntu 20.04 LTS) and a freeBSD 12.2 based ready to run OVA of ASSP V2 are also available for download. NOTICE: V1 development has been stopped at the end of 2014 (1.10.1 build 16060). Possibly there will be done some bugfixing in future. Please upgrade to V2, which is and will be actively maintained. -
2
Darik's Boot and Nuke
A hard drive disk wipe and data clearing utility
Darik's Boot and Nuke ("DBAN") is a self-contained boot image that securely wipes hard disk drives (HDDs). DBAN is appropriate for personal use, bulk data destruction, or emergency data destruction for HDDs, but is not recommended for solid-state drives (SSDs), sanitization that requires auditable compliance documentation, or technical support. -
3
BleachBit
deletes junk files to free disk space and improve privacy
BleachBit frees disk space and maintains privacy. Cleans cache, Internet history, temporary files, logs, cookies, Firefox, Google Chrome, Flash, Windows, Linux, and more. Downloads are at www.bleachbit.org and source code is at GitHub. -
4
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. PentestGPT runs in a Docker-first environment, providing a secure, reproducible setup with built-in tooling and session persistence. It offers real-time feedback and live walkthroughs, allowing users to observe each step of the testing process as it unfolds. Built with a modular and extensible architecture, PentestGPT supports cloud and local LLMs, making it suitable for research, education, and authorized security testing. -
Application Monitoring That Won't Slow Your App DownFull APM with errors, performance, logs, and uptime monitoring. 99.999% uptime SLA on the platform itself.
-
5
SeedCrackerX
Minecraft mod designed to reverse-engineer
SeedcrackerX is a Minecraft mod designed to reverse-engineer and determine a world’s seed by analyzing in-game structures and environmental data. It operates by collecting information from structures such as shipwrecks, temples, and monuments, then using that data to progressively narrow down possible seeds until the correct one is identified. The mod automates much of this process, initiating cracking procedures once sufficient data has been gathered, often requiring only exploration of specific structures. It includes a graphical configuration interface that allows users to control which structures are used and how data is collected. The system can also integrate with a shared database to contribute discovered seeds, enabling collaborative data gathering across users. Advanced features include brute-force algorithms that refine seed candidates based on structural patterns and hashed seed calculations. -
6
JXplorer - A Java Ldap Browser
Mature LDAP, LDIF and DSML client with i18n support.
A java LDAP client with LDIF support, security (inc SSL, SASL & GSSAPI), translated into many languages (inc. Chinese), online help, user forms and many other features. The commercial version is available at https://jxworkbench.com for $9.95. It extends JXplorer to include: - custom LDAP reporting - to pdf, word etc. - Find and Replace with regexp and attribute substitution - A secure password vault to store directory connections - etc. Support for JXplorer and JXWorkbench is available at http://jxplorer.org. Commercial support available from sales@jxworkbench.com -
7
JSignPdf
Add digital signatures to PDF documents - GUI and CLI, cross-platform
JSignPdf is a free, open-source Java application for signing PDF documents with digital certificates. It provides a graphical desktop interface for everyday users and a command-line mode for scripted and server-side workflows. Supported capabilities include PKCS#12 keystores, smartcards and hardware tokens (PKCS#11), Windows keystore integration, visible signatures with custom images and positioning, timestamp authority (TSA) support, OCSP/CRL revocation checks, certification signatures, and PDF encryption. Cross-platform (Windows, Linux, macOS), built on the OpenPDF library, and translated into many languages by its community, JSignPdf is a trusted choice for anyone who needs reliable PDF signing without commercial licensing. -
8
fsociety
Modular CLI framework for managing penetration testing tools
fsociety is a modular penetration testing framework designed to provide a unified interface for running and managing a wide range of security tools. It focuses on simplifying penetration testing workflows by integrating multiple external security utilities into a single command line environment. Instead of implementing its own security scanners, the framework acts as a wrapper and orchestrator that helps users discover, install, and execute tools from various GitHub repositories. Its modular architecture organizes tools into categories such as information gathering, networking, web application security, and password testing. This structure allows users to quickly navigate through different security tasks while maintaining a consistent interface. fsociety can automatically clone and manage required tools, reducing the manual effort typically needed to set up a penetration testing toolkit. fsociety is distributed as a Python package. -
9
DAR - Disk ARchive
For full, incremental, compressed and encrypted backups or archives
DAR is a command-line backup and archiving tool that uses selective compression (not compressing already compressed files), strong encryption, may split an archive in different files of given size and provides on-fly hashing, supports differential backup with or without binary delta, ftp and sftp protocols to remote cloud storage Archive internal's catalog, allows very quick restoration even a single file from a huge, eventually sliced, compressed, encrypted archive eventually located on a remote cloud storage, by only reading/fetching the necessary data to perform the operation. Dar saves *all* UNIX inode types, takes care of hard links, sparse files as well as Extended Attributes (MacOS X file forks, Linux ACL, SELinux tags, user attributes) and some Filesystem Specific Attributes (Linux ext2/3/4, Mac OS X HFS+) more details at: http://dar.linux.free.fr/doc/Features.html -
Build Securely on AWS with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
10
malware-samples
A collection of malware samples and relevant dissection information
This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves. -
11
AWStats
AWStats Log Analyzer
AWStats is a free powerful and featureful server logfile analyzer that shows you all your Web/Mail/FTP statistics including visits, unique visitors, pages, hits, rush hours, os, browsers, search engines, keywords, robots visits, broken links and more -
12
WhatsApp Beacon
OSINT tool for tracking WhatsApp online status via Web automation
WhatsApp Beacon is an open source OSINT tool designed to monitor and analyze the online activity status of WhatsApp users through WhatsApp Web. It uses Selenium automation to interact with the web interface and detect when a target account goes online or offline. By continuously monitoring these changes, WhatsApp Beacon records connectivity patterns and builds a historical dataset of activity sessions. The collected information is stored in logs and a local database, allowing users to review behavioral patterns over time. In addition, the project supports exporting collected data to spreadsheet formats for further analysis or reporting. WhatsApp Beacon is designed to run across multiple operating systems and can operate in the background using headless browser automation. It is intended for educational and research purposes related to open-source intelligence (OSINT) and digital investigation. -
13
Instagram OSINT Tool
Instagram OSINT tool for gathering profile data and public posts
InstagramOSINT is an open source intelligence (OSINT) tool designed to collect publicly accessible information from Instagram profiles. It retrieves details that are not always easily visible when browsing an Instagram account normally, allowing investigators, researchers, and developers to gather structured data about a target profile. It works by scraping publicly available profile information and extracting metadata from Instagram pages using Python. It collects various attributes such as the username, profile name, follower counts, account status indicators, and profile metadata. In addition to profile information, it can also retrieve post-related data and download publicly available images associated with an account. The results are saved locally in structured formats such as JSON-style data inside text files, making them easy to analyze or integrate into other applications. InstagramOSINT also exposes a Python API so developers can import the functionality. -
14
Telegram-OSINT
https://github.com/The-Osint-Toolbox/Telegram-OSINT
Telegram-OSINT is an extensive open source repository that compiles tools, techniques, and resources for conducting open source intelligence investigations on the Telegram platform. It serves as a central reference for analysts, researchers, and investigators who want to discover, analyze, and collect publicly available information from Telegram channels, groups, and bots. It organizes a wide variety of utilities that interact with Telegram’s API to gather data such as channel details, posts, and metadata, often exporting the results in formats like JSON for further analysis. The repository also includes utilities that help search for Telegram channels or process lists of channels from input files, making large-scale investigations easier to manage. In addition to direct data collection tools, it provides resources for channel discovery, similar channel analysis, and browser-based interfaces for interacting with Telegram data. -
15
OSINT Framework
OSINT Framework
OSINT-Framework is a web-based intelligence resource map designed to help investigators and researchers quickly locate free open-source intelligence tools and data sources. Rather than functioning as an automated scanner, it organizes hundreds of OSINT resources into a structured, navigable interface grouped by investigation type, such as usernames, email addresses, domains, and social media. The project was originally created from an information security perspective but has since expanded to support journalists, analysts, and digital investigators across many disciplines. Its value lies in curation and discoverability, allowing users to pivot rapidly between relevant intelligence tools during investigations. The framework includes indicators showing whether a resource requires registration, manual editing, or local installation, improving workflow planning. -
16
Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files. The color- respectivly sample-frequencies are not changed thus making the embedding resistant against first-order statistical tests.
-
17
Ignorant
Checks if a phone number is registered on online services
Ignorant is a Python-based OSINT tool designed to determine whether a specific phone number is associated with accounts on various online platforms. It performs phone number enumeration by sending requests to supported services and analyzing their responses to identify whether an account exists for that number. By querying endpoints used during account registration, login, or other interactions, Ignorant can infer the presence of an account without notifying the phone number owner. This allows investigators, researchers, or security professionals to perform reconnaissance without alerting the target. Ignorant supports multiple platforms, including services such as Instagram, Snapchat, and Amazon, using a modular architecture where each platform is implemented as a separate module. Ignorant is built with asynchronous Python technologies, enabling concurrent checks across multiple services for faster results. It also provides standardized output in JSON format. -
18
PhoneInfoga
Information gathering framework for phone numbers
PhoneInfoga is an open-source intelligence framework focused on gathering and analyzing information related to international phone numbers. The tool aggregates data from multiple scanners and external services to provide contextual intelligence such as country, carrier, line type, and potential VoIP provider details. It is designed primarily for investigators, analysts, and security researchers who need structured phone-number reconnaissance rather than real-time tracking. PhoneInfoga intentionally avoids automation of invasive actions and instead assists manual investigations by correlating publicly available data. The platform includes both a command-line interface and a web client backed by a REST API, making it suitable for integration into larger investigative workflows. Because it relies heavily on external data sources, its effectiveness depends on proper configuration of scanners and APIs. -
19
Portecle is a user friendly GUI application for creating, managing and examining key stores, keys, certificates, certificate requests, certificate revocation lists and more.
-
20
holehe
Check if the mail is used on different sites
holehe is a Python-based OSINT utility designed to determine whether a specific email address is registered across a wide range of online services. The tool works by leveraging password-reset mechanisms and other public account-existence checks to infer whether an email is associated with accounts on major platforms. It supports more than a hundred websites and is commonly used during reconnaissance, digital investigations, and account exposure assessments. holehe is designed to operate quickly and quietly, emphasizing efficiency and minimal footprint during enumeration tasks. The project can be used both as a standalone command-line tool and as a library embedded into larger automation pipelines. Overall, holehe provides investigators with a focused and scalable method for mapping an email’s online presence. -
21
JSch is a pure Java implementation of SSH2. JSch allows you to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs.
-
22
EJBCA is an enterprise class PKI Certificate Authority built on JEE technology. It is a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in other JEE applications.
-
23
Toutatis
Extract public Instagram account information from usernames
Toutatis is an open source command-line tool designed to extract publicly available information from Instagram accounts. It helps users gather various data points from a target profile by querying Instagram using a username or account ID. The tool can retrieve details such as profile metadata, follower counts, biography information, and other publicly accessible account attributes. In addition to basic profile data, Toutatis can also reveal contact details that may be publicly exposed, including email addresses and phone numbers associated with the account. The utility is implemented in Python and runs through a simple command-line interface, making it easy to integrate into OSINT workflows and automation scripts. Toutatis is commonly used in open source intelligence investigations, research tasks, and security analysis that involve collecting publicly available social media data. -
24
User Scanner
Scan usernames and emails across many platforms from the CLI
user-scanner is a command-line OSINT tool designed to analyze the presence and availability of usernames and email addresses across many online platforms. It helps users quickly determine whether a specific username or email is already associated with accounts on social networks, developer platforms, creator communities, gaming services, and other sites. user-scanner is useful for security researchers, investigators, and analysts performing open source intelligence, as well as individuals or businesses looking for a unique username across multiple services. By scanning many platforms in a single command, it simplifies the process of checking account existence and identifying a digital footprint. user-scanner uses a modular architecture where each platform is implemented as a small validator module that determines whether a username exists or is available. -
25
Blackbird
OSINT tool for finding accounts across 600+ sites by username or email
Blackbird is an open source OSINT tool designed to search for user accounts across social networks and online platforms using a username or email address. The project focuses on helping investigators, researchers, and security professionals quickly discover where a specific identity appears on the internet. It performs reverse searches across more than 600 websites by leveraging data from the community-driven WhatsMyName project, which improves detection accuracy and reduces false positives. The tool operates primarily through a command line interface, allowing users to run automated searches and gather results from many platforms in a single process. Blackbird also includes an optional AI-powered profiling feature that analyzes discovered sites to generate behavioral and technical insights about a user’s online presence. Results from searches can be exported in formats such as PDF, CSV, or JSON for documentation or reporting purposes.
