Search Results for "security"
Sort By:
Showing 3234 open source projects for "security"
View related business solutions-
Secure File Transfer for Windows with Cerberus by RedwoodCerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
1
SCAP Security Guide
Security automation content in SCAP, Bash, Ansible, and other formats
The purpose of this project is to create security policy content for various platforms, Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, SUSE Linux Enterprise Server (SLES), as well as products, Firefox, Chromium, JRE. We aim to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. -
2
macOS Security Compliance
macOS Security Compliance Project
The macOS Security Compliance Project is an open source effort to provide a programmatic approach to generating security guidance. The configuration settings in this document were derived from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations, Revision 5. -
3
Personal Security Checklist
A compiled checklist of 300+ tips for protecting digital security
Personal Security Checklist is a comprehensive, plain-language checklist for improving personal digital security and privacy across devices, accounts, and everyday workflows. It’s organized so that complete beginners can make quick, high-impact changes, while advanced users can dig into deeper hardening steps. The guidance spans topics like passwords, 2FA, device encryption, browser hygiene, network safety, backups, and incident response planning. -
4
macOS-Security-and-Privacy-Guide
Community guide to securing and improving privacy on macOS
macOS-Security-and-Privacy-Guide is a comprehensive, community-driven resource that provides detailed instructions and best practices for improving the security and privacy of macOS systems. It covers a wide range of topics, including threat modeling, system configuration, encryption, networking, and application security. The guide is designed for both advanced users and beginners who want to adopt stronger security practices on their devices. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
5
spring-security-jwt-guide
Spring Security With JWT
This project is a comprehensive example repository that demonstrates how to secure a Spring Boot application using Spring Security and JSON Web Tokens (JWT). It is built on Spring Boot 3.x and Java 21, and includes integrations such as Spring Security 6.x, JPA (via Hibernate) for persistence, and Redis for session/token management. The goal is to show how to migrate from stateful, session-based auth toward stateless, modern REST API authentication using JWTs, roles, and permission checks. ... -
6
Claude Code Security Reviewer
An AI-powered security review GitHub Action using Claude
The claude-code-security-review repository implements a GitHub Action that uses Claude (via the Anthropic API) to perform semantic security audits of code changes in pull requests. Rather than relying purely on pattern matching or static analysis, this action feeds diffs and surrounding context to Claude to reason about potential vulnerabilities (e.g. injection, misconfigurations, secrets exposure, etc). -
7
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
The SpotBugs plugin for security audits of Java web applications. Find Security Bugs is the SpotBugs plugin for security audits of Java web applications. It can detect 141 different vulnerability types with over 823 unique API signatures. Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more. Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. -
8
Ghidra
Ghidra is a software reverse engineering (SRE) framework
...It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
9
PentestGPT
Automated Penetration Testing Agentic Framework Powered by LLMs
PentestGPT is an AI-powered autonomous penetration testing agent designed to perform intelligent, end-to-end security assessments using large language models. Published at USENIX Security 2024, it combines advanced reasoning with an agentic workflow to automate tasks traditionally handled by human pentesters. The platform supports multiple penetration testing categories, including web security, cryptography, reversing, forensics, privilege escalation, and binary exploitation. ... -
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
fsociety
Modular CLI framework for managing penetration testing tools
fsociety is a modular penetration testing framework designed to provide a unified interface for running and managing a wide range of security tools. It focuses on simplifying penetration testing workflows by integrating multiple external security utilities into a single command line environment. Instead of implementing its own security scanners, the framework acts as a wrapper and orchestrator that helps users discover, install, and execute tools from various GitHub repositories. ... -
11
mhrv-rs
Rust port of @masterking32's MasterHttpRelayVPN
mhrv-rs is a Rust implementation of the MasterHttpRelayVPN project designed to bypass DPI-based internet censorship and access blocked websites through HTTP relay techniques. The software works by routing traffic through a user-deployed Google Apps Script relay, allowing requests to evade filtering systems while remaining lightweight and inexpensive to operate. The project emphasizes portability and efficiency by rewriting the original implementation in Rust, improving performance and... -
12
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ... -
13
Nikto
Web server vulnerability scanner for security assessments
Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows. -
14
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. ... -
15
Wazuh
The Open Source Security Platform
Wazuh is an open-source, unified security platform that delivers extended detection and response (XDR) and SIEM capabilities for on-premises, cloud, container, and endpoint environments. It provides comprehensive threat prevention, detection, integrity monitoring, incident response, and compliance monitoring. SIEM functionality to monitor security across endpoints, workloads, and containers. -
16
fleet
Open-source platform for IT, security, and infrastructure teams
Fleet exposes familiar concepts from traditional MDMs like custom attributes and dynamic grouping, but in a way that lets you work directly with data and events from each native operating system. A device management platform for managing and monitoring endpoints, specifically designed for IT security and compliance teams. -
17
Tor Browser
Browser for using Tor on Windows, Mac OS X or Linux
Tor Browser enables you to use Tor on Windows, Mac OS X, or Linux without needing to install any software. Tor is a software that bounces your communications around a distributed network of relays run by volunteers. This effectively prevents anyone watching your Internet connection from learning what sites you visit; it prevents the sites you visit from learning your physical location; and allows you access to sites which are blocked. Tor Browser can run off a USB flash drive, comes with... -
18
hashcat
World's fastest and most advanced password recovery utility
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking. Download the latest release and unpack it in the desired location. Please remember to use 7z x when unpacking the archive from the command line to ensure full file... -
19
thc-hydra
Shows how easy it would be to gain unauthorized access to a system
Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallelized connects. -
20
ClamAV
Antivirus engine for detecting trojans, viruses and malware
ClamAV is an open-source antivirus engine developed by Cisco Talos that provides cross-platform malware detection for servers, desktops, and mail systems. Originally designed for Unix environments and email security, it has evolved into a flexible antimalware toolkit capable of identifying millions of viruses, worms, trojans, and other threats. The software includes a command-line scanner, an automatically updating signature database, and a scalable multi-threaded daemon that enables high-performance scanning in production environments. ClamAV is widely used in mail gateways, file servers, and security pipelines because it can inspect compressed archives, common document formats, and executable files. ... -
21
hydra
Cloud native, security-first, API security for your infrastructure
Secure access to your applications and APIs, and authenticate third party users. Ory / Hydra is Open Source and OpenID Connect Certified® technology that integrates with any login system. Get started in minutes, and provide secure access to your application and API endpoints. Ory / Hydra works with any login system and only a few lines of code are required. Ory / Hydra is written in Go and we provide SDKs for every language. We work with any login system and it is easy to customize the login... -
22
bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks
bettercap is a powerful, easily extensible and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they might possibly need for performing reconnaissance and attacking WiFi networks, Bluetooth Low Energy devices, wireless HID devices and Ethernet networks. -
23
Prowler
An open source security tool to perform AWS security assessment
Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening, and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Prowler is a command-line tool that helps you with AWS security assessment, auditing, hardening, and incident response. -
24
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. -
25
OSINT Framework
OSINT Framework
...Rather than functioning as an automated scanner, it organizes hundreds of OSINT resources into a structured, navigable interface grouped by investigation type, such as usernames, email addresses, domains, and social media. The project was originally created from an information security perspective but has since expanded to support journalists, analysts, and digital investigators across many disciplines. Its value lies in curation and discoverability, allowing users to pivot rapidly between relevant intelligence tools during investigations. The framework includes indicators showing whether a resource requires registration, manual editing, or local installation, improving workflow planning.
