Search Results for "security tools" - Page 3
Sort By:
Showing 462 open source projects for "security tools"
View related business solutions-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
1
Tailsnitch
A security auditor for Tailscale configurations
tailsnitch is a security auditing tool for Tailscale networks (tailnets) that scans configurations and device setups to detect risky or overly permissive settings, helping administrators maintain a secure mesh network. Written in Go and designed to be run either as a CLI or integrated into automated pipelines, tailsnitch performs dozens of checks against common access control policies, authentication key practices, network exposure issues, and device security settings. It outputs structured... -
2
Claw Hunter
MDM-ready scripts for detecting and monitoring OpenClaw
Claw Hunter is an open-source security tool designed to detect, analyze, and mitigate risks associated with autonomous AI agents, specifically those built on platforms like OpenClaw. As agentic AI systems gain popularity, they introduce a new class of security challenges because they can execute commands, access files, and interact with external systems with minimal human oversight. Claw-Hunter addresses this emerging threat landscape by providing visibility into these agents, helping... -
3
cert-manager
Automatic TLS certificate manager for Kubernetes
Automate certificate management in cloud native environments. Cert-manager builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide 'certificates as a service' to developers working within your Kubernetes cluster. upport for popular CA types. Out of the box, cert-manager supports ACME (i.e. Let's Encrypt), HashiCorp Vault, Venafi, self signed and internal CA issuer types.... -
4
X-osint
Open source OSINT tool for gathering data on emails, phones, and IPs
X-osint is an open source intelligence framework designed to collect and analyze publicly available information from multiple sources. It focuses on gathering useful and credible data about entities such as phone numbers, email addresses, and IP addresses using a range of automated OSINT techniques. It provides investigators and researchers with a centralized interface for running information-gathering tasks that would normally require multiple separate tools. X-osint can also perform... -
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
5
Atlantis iOS
A lightweight and powerful iOS framework for intercepting HTTP/HTTPS
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, and built with meticulous attention to detail. Dive into the network level to diagnose and fix problems with reliable and powerful tools. Proxyman acts as a man-in-the-middle server that captures the traffic between your applications and SSL Web Server. With a built-in macOS setup, so you can inspect your... -
6
Argus
Python toolkit for OSINT and reconnaissance with 135+ modules
Argus is a Python-based open source toolkit designed to simplify information gathering and reconnaissance tasks in cybersecurity. It provides an integrated command-line environment that consolidates numerous reconnaissance utilities into a single framework. The tool enables users to collect data about networks, domains, web applications, and infrastructure in an organized and efficient manner. Argus includes a modular architecture with more than 130 modules that support activities such as... -
7
Pacu
The AWS exploitation framework, designed for testing security
Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners. While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. -
8
age
A simple, modern and secure encryption tool (and Go library)
...The project is well-suited for personal data encryption, backup use-cases, scripting encryption workflows, and embedding encryption in tools. Because of its design philosophy, it avoids the bloat of many older encryption utilities while maintaining strong cryptographic hygiene. It’s especially useful for developers or system administrators who want to adopt encryption without learning a multitude of options. -
9
rudderstack
Privacy and Security focused Segment-alternative, in Golang
Quickly deploy flexible, powerful customer data pipelines, then send the data to your entire stack—without the engineering headache. Our complete toolset makes it easy to level-up your customer data stack. Spare your data engineers the headache. Our 180+ integrations, along with custom webhook sources and destinations, save data teams hundred of hours. Say goodbye to different versions of the truth. Our SDKs track anonymous and known users at the source and reconcile users in your warehouse... -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
10
Social-Analyzer
API, CLI, and Web App for analyzing and finding a person's profile
Social Analyzer is an open source OSINT tool that helps investigators discover and analyze a person’s presence across a very large number of social media platforms. It provides a unified API, CLI, and web interface capable of scanning hundreds or thousands of sites for username matches and related metadata. The project includes modular detection and analysis components that users can enable depending on their investigative needs. It is commonly used in cybersecurity, digital forensics, and... -
11
SLSA GitHub Generator
Language-agnostic SLSA provenance generation for Github Actions
This repository contains free tools to generate and verify SLSA Build Level 3 provenance for native GitHub projects using GitHub Actions. Developers can build their software using a secure process that protects against many supply chain attacks and tampering. Users of their software can verify a tamper-proof statement of the process to know how the software was created. -
12
Apiato
PHP Framework for building scalable API's on top of Laravel
The open-source flawless framework for building scalable and testable API-Centric Apps with PHP and Laravel. Authentication with OAuth2.0 for first/third-party clients (using Laravel Passport). Role-Based Access Control (RBAC), seeded with a Super Admin, Roles, and Permissions. Query Parameters support (orderBy, sorted, and filter) with full-text search. Useful Endpoints for managing users, roles/permissions, tokens, and more. API Documentations generator, to generate API docs from PHP... -
13
Infisical
Infisical is the open-source platform for secrets management, PKI
Infisical is an open-source, all-in-one platform for managing secrets, certificates, and privileged access. It delivers modern security workflows like secrets rotation, dynamic credentials, role-based access control, and SSH certificate-based access—tailored for development and infrastructure teams. Manage secrets across projects and environments (e.g. development, production, etc.) through a user-friendly interface. Sync secrets to platforms like GitHub, Vercel, AWS, and use tools like Terraform, Ansible, and more. ... -
14
reNgine
Automated framework for web application reconnaissance and scanning
reNgine is an automated reconnaissance framework designed to simplify and enhance the process of gathering information about web applications during security assessments. It provides a streamlined workflow for penetration testers, bug bounty hunters, and security teams who need to perform reconnaissance efficiently and at scale. The platform integrates multiple open-source reconnaissance tools into a unified environment with a configurable scanning engine and an intuitive web interface. reNgine focuses on improving traditional reconnaissance workflows by organizing collected data in a database and correlating results to make them easier to analyze. ... -
15
Retire.js
Scanner detecting the use of JavaScript libraries
...Scans visited sites for references to insecure libraries and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded. Retire.js has been adapted as a plugin for the penetration testing tools Burp and OWASP ZAP. -
16
ASNmap
CLI tool for mapping organization network ranges using ASN data
...It allows users to convert different types of inputs (such as ASN numbers, IP addresses, domain names, or organization names) into their associated CIDR ranges. This capability makes it particularly useful for security researchers, penetration testers, and reconnaissance workflows that require identifying network infrastructure owned by a target organization. asnmap retrieves ASN-related data and returns structured results that can be easily integrated into automated pipelines. Output can be generated in multiple formats including plain text, JSON, and CSV, enabling flexible data processing and analysis. asnmap also supports reading input from standard input and piping its results directly into other command line tools for chained workflows. -
17
EMAGNET
Automated hacking tool to find leaked databases with 97.1% accuracy
Automated hacking tool that will find leaked databases with 97.1% accurate to grab mail + password. Before using Emagnet, please remember that with great power comes great responsibility. Pastebin patched the vulnerability I previously used in order to get recent uploads, so at the moment it is not possible to get recently uploaded files, you are now limited to all syntaxes exempt the default one (95% get's uploaded as 'text' and this is removed from all recent upload lists). Bruteforce... -
18
Flipper Zero Firmware
Flipper Zero firmware source code
Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like. Flipper Zero is a tiny piece of hardware with a curious personality of a cyber-dolphin. It can interact with digital systems in real life and grow while you use it. Explore any kind of access control system, RFID, radio... -
19
Osquery
SQL operating system instrumentation and monitoring framework
Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive. Osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser... -
20
Domain Digger
Domain analysis toolkit for DNS, IP, and WHOIS lookups
Domain Digger is an open source toolkit designed to help users analyze and explore domain-related information in a structured and visual way. It provides a centralized interface for investigating various technical details associated with a domain, including DNS records, IP information, and WHOIS data. By combining several domain intelligence features into a single platform, it simplifies the process of gathering and understanding domain infrastructure details. Domain Digger presents domain... -
21
A high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is designed to make it easy for developers to model their application permissions and add and integrate fine-grained authorization into their applications. It allows in-memory data storage for quick development, as well as pluggable database modules. It currently supports PostgreSQL 14, MySQL 8, and SQLite (currently in beta). It offers an HTTP API and a gRPC API. It...
-
22
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and... -
23
Password Pusher
An application to securely communicate passwords over the web
Give your users the tools to be secure by default. Password Pusher is an open source application to communicate passwords over the web. Links to passwords expire after a certain number of views and/or time has passed. Only enter a password into the box. Other identifying information can compromise security. All passwords are encrypted prior to storage and are available to only those with the secret link. -
24
Permify
Permify is an open-source authorization service
Permify is an open source authorization service for creating fine-grained and scalable authorization systems. With Permify, you can easily structure your authorization model, store authorization data in your preferred database, and interact with the Permify API to handle all authorization queries from your applications or services. Permify is inspired by Google’s consistent, global authorization system, Google Zanzibar. Our goal is to make Google's Zanzibar available to everyone and help... -
25
OWASP WrongSecrets
Vulnerable app with examples showing how to not use secrets
Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy.
