Showing 446 open source projects for "code"

View related business solutions
  • Our Free Plans just got better! | Auth0 Icon
    Our Free Plans just got better! | Auth0

    With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

    You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
    Try free now
  • Host LLMs in Production With On-Demand GPUs Icon
    Host LLMs in Production With On-Demand GPUs

    NVIDIA L4 GPUs. 5-second cold starts. Scale to zero when idle.

    Deploy your model, get an endpoint, pay only for compute time. No GPU provisioning or infrastructure management required.
    Try Free
  • 1
    Claude Code Security Reviewer

    Claude Code Security Reviewer

    An AI-powered security review GitHub Action using Claude

    The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc).
    Downloads: 0 This Week
    Last Update:
    See Project
  • 2
    Defending Code Reference Harness

    Defending Code Reference Harness

    Skills for threat modeling, scanning, triage, patching, etc.

    ...Its default pipeline focuses on finding memory bugs in C and C++ code using ASAN as the crash detector. The overall architecture is meant to be adaptable, so teams can modify it for other languages, bug classes, and detection systems. Its main value is giving defenders a practical framework for exploring AI-assisted secure code review and remediation.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 3
    Ghidra

    Ghidra

    Ghidra is a software reverse engineering (SRE) framework

    ...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes.
    Downloads: 9,175 This Week
    Last Update:
    See Project
  • 4
    frida

    frida

    Dynamic instrumentation toolkit for developers

    Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts. Works on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Install the Node.js bindings from npm, grab a Python package from PyPI, or use Frida through its Swift bindings, .NET bindings, Qt/Qml bindings, or C API. ...
    Downloads: 200 This Week
    Last Update:
    See Project
  • Compliant and Reliable File Transfers Backed by Top Security Certifications Icon
    Compliant and Reliable File Transfers Backed by Top Security Certifications

    Cerberus FTP Server delivers SOC 2 Type II certified security and FIPS 140-2 validated encryption.

    Stop relying on non-certified, legacy file transfer tools that creak under the weight of modern security demands. Get full audit trails, advanced access controls and more supported by an award-winning team of experts. Start your free 25-day trial today.
    Start Free Trial
  • 5
    SimpleX

    SimpleX

    The first messaging platform operating without user identifiers

    ...Many communication platforms are vulnerable to MITM attacks by servers or network providers. To prevent it SimpleX apps pass one-time keys out-of-band when you share an address as a link or a QR code. Double-ratchet protocol. OTR messaging with perfect forward secrecy and break-in recovery. NaCL cryptobox in each queue to prevent traffic correlation between message queues if TLS is compromised.
    Downloads: 97 This Week
    Last Update:
    See Project
  • 6
    cargo-crev

    cargo-crev

    A cryptographically verifiable code review system for the cargo

    ...Increase the trustworthiness of your own code. Build a web of trust of other reputable users to help verify the code you use. Static binaries are available from the releases page. Crev is a system for verifying the security and reliability of dependencies based on collaborative code reviews. Crev users review the source code of packages/libraries/crates and share their findings with others.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 7
    Terrascan

    Terrascan

    Detect compliance and security violations across Infrastructure

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. As you embrace Infrastructure as Code (IaC) such as Terraform, Kubernetes, Argo CD, Atlantis and AWS CloudFormation, it is important to ensure that security best practices and compliance requirements are observed. Terracan provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark. ...
    Downloads: 7 This Week
    Last Update:
    See Project
  • 8
    Claude BugHunter

    Claude BugHunter

    A Claude Code skill bundle for bug hunting

    Claude-BugHunter is a Claude Code skill bundle focused on bug hunting, security testing, and external red-team research workflows. It packages a large collection of specialized skills, slash commands, and disclosed-report patterns so Claude Code can reason through common vulnerability classes more systematically. The project is meant to help authorized testers structure reconnaissance, triage, hypothesis building, exploitation reasoning, and reporting.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 9
    theHarvester

    theHarvester

    E-mails, subdomains and names

    theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources.
    Downloads: 34 This Week
    Last Update:
    See Project
  • Ship Agents Faster Icon
    Ship Agents Faster

    Transform your applications and workflows into powerful agentic systems at global scale.

    Gemini Enterprise Agent Platform lets you rapidly build, scale, govern and optimize production-ready agents grounded in your organization's data. The platform enables developers to build custom or pre-built agents for virtually any use case. New customers get $300 in free credits.
    Get Started Free
  • 10
    hydra

    hydra

    Cloud native, security-first, API security for your infrastructure

    ...Ory / Hydra is Open Source and OpenID Connect Certified® technology that integrates with any login system. Get started in minutes, and provide secure access to your application and API endpoints. Ory / Hydra works with any login system and only a few lines of code are required. Ory / Hydra is written in Go and we provide SDKs for every language. We work with any login system and it is easy to customize the login experience. Our documentation makes integrating Ory / Hydra a snap. The Ory Community stands on the shoulders of individuals, companies, and maintainers. We thank everyone involved, from submitting bug reports and feature requests, to contributing patches, to sponsoring our work.
    Downloads: 62 This Week
    Last Update:
    See Project
  • 11
    KeePassXC

    KeePassXC

    KeePassXC is a cross-platform community-driven port

    ...Every feature looks, feels, works, and is tested on Windows, macOS, and Linux. You can expect a seamless experience no matter which operating system you are using. The full source code is published under the terms of the GNU General Public License and made available on GitHub. Use, inspect, change, and share at will; contributions by everyone are welcome.
    Downloads: 38 This Week
    Last Update:
    See Project
  • 12
    Amplication

    Amplication

    Amplication is an open‑source development tool

    ...Generated apps include NestJS, Prisma, REST & GraphQL API, a React admin UI, logging, authentication, and authorization. Safely customize your generated app Node.js code using your favorite IDE. Decide whether to download the app within a Docker container that’s ready for deployment or to deploy to the Amplication cloud. At any point you’re free to download the source code and continue development elsewhere. We are a group of creators who love open‑source and low‑code. We believe that low‑code application development will evolve into a modern‑day programming language.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 13
    Password Pusher

    Password Pusher

    An application to securely communicate passwords over the web

    Give your users the tools to be secure by default. Password Pusher is an open source application to communicate passwords over the web. Links to passwords expire after a certain number of views and/or time has passed. Only enter a password into the box. Other identifying information can compromise security. All passwords are encrypted prior to storage and are available to only those with the secret link. Once expired, encrypted passwords are unequivocally deleted from the database.
    Downloads: 8 This Week
    Last Update:
    See Project
  • 14
    Coroot

    Coroot

    Open-source observability for microservices

    ...Analyze any unexpected spike in CPU or memory usage down to the precise line of code. Don't make assumptions, know exactly what the resources were spent on. Easily investigate any anomaly by comparing it to the system's baseline behavior.
    Downloads: 12 This Week
    Last Update:
    See Project
  • 15
    tfsec

    tfsec

    Security scanner for your Terraform code

    tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take effect. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 16
    OpenZeppelin Contracts

    OpenZeppelin Contracts

    OpenZeppelin Contracts is a library for secure smart contracts

    ...Reduce the risk of vulnerabilities in your applications by using standard, tested, community-reviewed code.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 17
    IPBan

    IPBan

    IPBan is a trusted, free security software to block hackers

    Since 2011, IPBan is the world's most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Auto-ban ip addresses by detecting failed logins from event viewer and/or log files. On Linux, SSH is watched by default. On Windows, RDP, OpenSSH, VNC, MySQL, SQL Server, Exchange, SmarterMail, and MailEnable are watched. More applications can easily be added...
    Downloads: 13 This Week
    Last Update:
    See Project
  • 18
    VeraCrypt

    VeraCrypt

    Disk encryption with strong security based on TrueCrypt

    ...It is used to create encrypted file containers, encrypt partitions, and protect storage devices so data remains unreadable without the correct credentials. The project supports multiple desktop platforms and includes source code, documentation, build instructions, translations, tests, and packaging workflows. VeraCrypt is known for strong encryption, on-the-fly access to mounted volumes, and support for hidden volumes that can help with plausible deniability in specific threat models. It also provides graphical and text-based usage options, making it useful for both everyday users and more technical environments. ...
    Downloads: 34 This Week
    Last Update:
    See Project
  • 19
    FlareSolverr

    FlareSolverr

    Proxy server to bypass Cloudflare protection

    ...When some request arrives, it uses puppeteer with the stealth plugin to create a headless browser (Firefox). It opens the URL with user parameters and waits until the Cloudflare challenge is solved (or timeout). The HTML code and the cookies are sent back to the user, and those cookies can be used to bypass Cloudflare using other HTTP clients. Web browsers consume a lot of memory. If you are running FlareSolverr on a machine with few RAM, do not make many requests at once. With each request, a new browser is launched. It is also possible to use a permanent session. ...
    Downloads: 38 This Week
    Last Update:
    See Project
  • 20
    thc-hydra

    thc-hydra

    Shows how easy it would be to gain unauthorized access to a system

    Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS. ...
    Downloads: 47 This Week
    Last Update:
    See Project
  • 21
    PHP dotenv

    PHP dotenv

    Loads environment variables automatically

    You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments, such as database credentials or credentials for 3rd party services, should be extracted from the code into environment variables. Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    Flipper Zero Firmware

    Flipper Zero Firmware

    Flipper Zero firmware source code

    Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like. Flipper Zero is a tiny piece of hardware with a curious personality of a cyber-dolphin. It can interact with digital systems in real life and grow while you use it. Explore any kind of access control system, RFID, radio...
    Downloads: 29 This Week
    Last Update:
    See Project
  • 23
    Brakeman

    Brakeman

    A static analysis security vulnerability scanner for Ruby on Rails app

    Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs. In testing, this has dramatically improved speed for large code bases, around 35% reduction in overall scan time. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 24
    Shannon

    Shannon

    Fully autonomous AI hacker to find actual exploits in your web apps

    Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws, authentication bypasses, and other exploitable paths in a way that resembles an actual attacker’s workflow. Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. ...
    Downloads: 16 This Week
    Last Update:
    See Project
  • 25
    grype

    grype

    A vulnerability scanner for container images and filesystems

    ...The destination directory doesn't need to be /usr/local/bin, it just needs to be a location found in the user's PATH and writable by the user that's installing Grype. If you're using GitHub Actions, you can simply use our Grype-based action to run vulnerability scans on your code or container images during your CI workflows.
    Downloads: 11 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • 5
  • Next
Auth0 Logo