Open Source Rust Security Software
Sort By:
Rust Security Software
View 5766 business solutionsBrowse free open source Rust Security Software and projects below. Use the toggles on the left to filter open source Rust Security Software by OS, license, language, programming language, and project status.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
RustScan
The Modern Port Scanner
The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported). Scans all 65k ports in 3 seconds. Full scripting engine support. Automatically pipe results into Nmap, or use our scripts (or write your own) to do whatever you want. Adaptive learning. RustScan improves the more you use it. No bloated machine learning here, just basic maths. The usuals you would expect. IPv6, CIDR, file input and more. Automatically pipes ports into Nmap. RustScan is a modern take on the port scanner. Sleek & fast. All while providing extensive extendability to you. Not to mention RustScan uses Adaptive Learning to improve itself over time, making it the best port scanner for you. Speed is guaranteed via RustScan. However, if you want to run a slow scan due to stealth that is possible too. We have tests that check to see if RustScan is significantly slower than the previous version. -
2
PDFRip
A multi-threaded PDF password cracking utility
A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks. pdfrip is a fast multithreaded PDF password cracking utility written in Rust with support for wordlist-based dictionary attacks, date and number range bruteforcing, and a custom query builder for password formats. You can write your own queries like STRING{69-420} with the -q option which would generate a wordlist with the full number range. You can pass in an year as the input with the -d option which would bruteforce all 365 days of the year in DDMMYYYY format which is a pretty commonly used password format for PDFs. Just give a number range like 5000-100000 with the -n option and it would bruteforce with the whole range. -
3
spotify-adblock
Adblocker for Spotify
Spotify adblocker for Linux (macOS untested) works by wrapping getaddrinfo and cef_urlrequest_create. It blocks requests to domains that are not on the allowlist, as well as URLs that are on the denylist. -
4
Findomain
Fast open source tool for discovering and monitoring domain subdomains
Findomain is an open source reconnaissance tool designed to discover and enumerate subdomains associated with a target domain. It focuses on speed and reliability by using Certificate Transparency logs and multiple well tested public APIs instead of relying solely on brute force scanning techniques. By querying multiple passive data sources in parallel, the tool can identify a large number of subdomains within a short time, making it useful for security researchers, penetration testers, and bug bounty hunters. Findomain aggregates information from various online services to provide a comprehensive list of discovered subdomains without directly attacking the target infrastructure. The tool also supports monitoring capabilities that allow users to track newly discovered subdomains and send alerts through integrations such as messaging platforms. Written in Rust, Findomain benefits from strong performance, safe concurrency, and cross platform compatibility. -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
5
tirith
Your browser catches homograph attacks
Tirith is a terminal security guardrail that inspects what you paste or run in your shell and blocks or warns on suspicious patterns before execution, addressing an area where terminals traditionally provide almost no protection. It targets real-world attack classes like Unicode homograph URLs (lookalike domains), terminal injection tricks (ANSI escape sequences and bidi overrides), and “pipe-to-shell” installation patterns such as curl | bash that attackers frequently abuse. The project emphasizes local-only analysis with no telemetry and no background daemons, so it can run offline and keep sensitive command context on-device. It integrates into popular shells via hooks (zsh, bash, fish, and PowerShell), including paste-aware protections so hidden characters or malicious rewrites get caught at the moment they enter the terminal. -
6
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and maintainability over backward compatibility. Unlike OpenSSL, BoringSSL provides no guarantee of stable APIs or ABIs, meaning third-party projects depending on it may frequently break. Google products that use BoringSSL ship their own copies and update them as needed, enabling faster iteration without legacy constraints. BoringSSL includes comprehensive API documentation, build instructions, and guidance for porting code from OpenSSL. -
7
BerserkArch
A bleeding-edge, security-centric Arch-based Linux distribution.
BerserkArch is a security-focused, performance-tuned Linux operating system (OS) based on Arch Linux, designed for developers, hackers, and technical users. A bleeding-edge, security-centric Arch-based Linux distribution crafted for hackers, developers, and nerds alike. Following the Arch Linux philosophy, it is designed to be highly customizable, allowing users to build their environment with only the components they need, rather than having a lot of pre-installed software like some other security distributions (e.g., Kali Linux). As an Arch-based distribution, it benefits from the rolling release model, providing users with the latest software versions and kernel updates. BerserkArch is a dist "designed to make you powerful" for specific use cases like reverse-engineering binaries and automating exploits, rather than being an easy-to-use distribution for general beginners. -
8
Kanidm
Kanidm: A simple, secure, and fast identity management platform
Kanidm is a simple and secure identity management platform, allowing other applications and services to offload the challenge of authenticating and storing identities to Kanidm. The goal of this project is to be a complete identity provider, covering the broadest possible set of requirements and integrations. You should not need any other components (like Keycloak) when you use Kanidm - we already have everything you need. To achieve this we rely heavily on strict defaults, simple configuration, and self-healing components. This allows Kanidm to support small home labs, families, small businesses, and all the way to the largest enterprise needs. If you want to host your own authentication service, then Kanidm is for you. -
9
cargo-crev
A cryptographically verifiable code review system for the cargo
A cryptographically verifiable code review system for the cargo (Rust) package manager. cargo-crev is an implementation of Crev as a command-line tool integrated with cargo. This tool helps Rust users evaluate the quality and trustworthiness of their package dependencies. Crev is a language and ecosystem agnostic, distributed code review system. Use reviews produced by other users. Increase the trustworthiness of your own code. Build a web of trust of other reputable users to help verify the code you use. Static binaries are available from the releases page. Crev is a system for verifying the security and reliability of dependencies based on collaborative code reviews. Crev users review the source code of packages/libraries/crates and share their findings with others. Crev then uses Web of Trust to select trusted reviews and judge the reputation of projects' dependencies. -
Go from Code to Production URL in SecondsSkip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
-
10
Bitwarden Secrets Manager SDK
Bitwarden Secrets Manager SDK
This repository houses the Bitwarden Secret Manager SDK. The SDK is written in Rust and provides a Rust API, CLI, and various language bindings. -
11
s2n-quic
An implementation of the IETF QUIC protocol
s2n-quic is AWS’s open-source implementation of the IETF QUIC transport protocol, written in Rust and designed for performance, security, and modern usage. QUIC is a UDP-based, multiplexed, encrypted transport layer that underpins HTTP/3 and addresses issues such as head-of-line blocking and faster handshake times compared to TCP+TLS. This library integrates with AWS’s s2n-tls or rustls for the TLS 1.3 handshake and leverages Rust’s memory and thread safety guarantees to deliver a robust implementation. It is built with configurability in mind—you can tune congestion control (like CUBIC), pacing, packet size discovery, and other advanced network behaviors. Extensive testing (unit, fuzz, interop) ensures protocol compliance and interoperability with other implementations. Because it is open-source under Apache 2.0, organizations can integrate it into services where low latency, multiple streams, or mobility (connection migration) matter. -
12
Secluso
Privacy-preserving home security camera using end-to-end encryption
Secluso is an open-source, privacy-focused home security camera system that uses advanced end-to-end encryption to protect video data from unauthorized access. Unlike many commercial smart cameras that send footage to cloud servers where providers can potentially access it, Secluso encrypts video streams directly on the camera before they are relayed, ensuring that only the user’s mobile app can view recorded or live content. The design splits responsibilities across distinct components: a camera hub that captures and encrypts footage, a mobile app for monitoring and receiving encrypted event notifications, and a relay server that passes encrypted data without being able to decrypt it. Secluso supports multiple camera types, including Raspberry Pi-based standalone setups and existing IP cameras, as long as they can interface with the system’s recording and encryption pipelines. -
13
authoscope
Scriptable network authentication cracker (formerly `badtouch`)
authoscope is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you may still end up writing your own python scripts when testing credentials for web applications. The scope of authoscope is specifically cracking custom services. This is done by writing scripts that are loaded into a lua runtime. Those scripts represent a single service and provide a verify(user, password) function that returns either true or false. Concurrency, progress indication, and reporting is magically provided by the authoscope runtime. -
14
encrypted_fs
An encrypted file system that mounts with FUSE on Linux
An encrypted file system that mounts with FUSE on Linux. It can be used to create encrypted directories. It can then safely backup the encrypted folder on an untrusted server without worrying about the data being exposed. You can also store it in any clound storage like Google Drive, Dropbox, etc. and have it synced across multiple devices. Crate encrypted_fs on crates.io https://crates.io/crates/encrypted_fs -
15
HydraDragonAntivirus
Dynamic and static analysis with Sandboxie for Windows, including EDR
Dynamic and static analysis with Sandboxie for Windows, including EDR, ClamAV, YARA-X, custom machine learning AI, behavioral analysis, NLP-based detection, website signatures, Ghidra, Suricata, Sigma, and much more than you can imagine -
16
PassForge
An Opensource Password Generator
-
17
Cherrybomb
Cherrybomb is a CLI tool that helps you avoid undefined user behaviour
Cherrybomb is an CLI tool written in Rust that helps prevent incorrect code implementation early in development. It works by validating and testing your API using an OpenAPI file. Its main goal is to reduce security errors and ensure your API functions as intended. Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily. With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error. Config also allows you to override the server's URL with an array of servers, and add security to the request. -
18
Chromepass
Hacking Chrome Saved Passwords
Chromepass is a python-based console application that generates a windows executable with the following features. Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies. Send a file with the login/password combinations and cookies remotely (http server or email) Undetectable by AV if done correctly. Custom icon, custom error message, customize port. The new client build methodology practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion. The dependencies are checked and installed automatically, so you can just skip to Usage. It's recommended that you use a clean VM, just to make sure there are no conflicts. If you don't have the dependencies and your internet isn't fast, this will take a while. -
19
Codegroup
A Java application for transferring computer files in 5 letter groups
Codegroup is a Java application that will allow one to convert binary (or text) computer files in to 5 letter codegroups for transmission over email, landline telephones, radioteletype or Morse Code. Codegroup has internal error correction & limited cryptography capabilities. Codegroup : ZZZZZ YBPIL AIAIG FMOPP CPAAA DGNGP GPGPA ADNJN ELJKO ELIMO GEOHF KIFGP IFBCB PKCPI YJMHE PHBHP PPOBH NCOHD AKLLL AGHFP DEGEF LKELC EAIJI ABAGP AHPPO IHHPH OHPDF YNFPB ALEPO KMPKP Once this program has a graphical user interface, an Enigma like subsystem must be devised for data whitening. For content encryption, the use of Java's facilities is being considered as a long term option. This project's initial sourcecode is related to : http://www.fourmilab.ch/codegroup/ http://winmorse.com/ https://bitbucket.org/bgneal/cpp-enigma http://www.whence.com/minimodem/ For the User Interface http://www.oracle.com/technetwork/java/javafx/tools/ -
20
Constantine
Modular, high-performance, zero-dependency cryptography stack
High-performance cryptography for proof systems and blockchain protocols. This library provides a constant-time implementation of cryptographic primitives with a particular focus on cryptography used in blockchains and zero-knowledge-proof systems. The library aims to be a fast, compact and hardened library for elliptic curve cryptography needs, in particular for blockchain protocols and zero-knowledge proofs system. -
21
FHEVM
Integrate FHE with blockchain applications
FHEVM is a framework built by Zama to enable confidential smart contracts on EVM-compatible blockchains using Fully Homomorphic Encryption (FHE). It lets developers write Solidity contracts that handle encrypted inputs, encrypted state, arithmetic and logical operations on encrypted types, while maintaining privacy (data always encrypted), composability (encrypted state works alongside public state), and security (via threshold decryption, KMS, etc). The framework includes on-chain and off-chain components (contracts, coprocessors, gateway, utilities) to orchestrate the whole encrypted data pipeline. -
22
Good Man in the Middle
Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP
Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript. -
23
NTK Ultra-Compression
Logiciel de compression de fichiers maximal indépendant du temps.
Le logiciel NTK Ultra-Compression répond à une problématique essentielle de l’ère numérique : comment réduire la taille des données à leur minimum absolu sans compromis sur leur intégrité, tout en s’affranchissant des contraintes temporelles ? Dans un monde où les volumes de données explosent et où les solutions actuelles de compression restent limitées par des compromis entre rapidité, efficacité et complexité, nous proposons une approche disruptive. Les solutions actuelles, telles que le format ZIP ou 7z, bien qu’efficaces, atteignent leurs limites en termes de taux de compression et d’efficacité pour les fichiers volumineux ou complexes. Ces outils sont souvent contraints par des compromis entre rapidité d’exécution et efficacité de stockage. Cette approche disruptive s’adresse notamment aux utilisateurs ayant besoin de manipuler des fichiers volumineux, comme les logiciels, les jeux vidéo ou les bases de données, où chaque octet économisé compte. -
24
Ockam
Orchestrate end-to-end encryption, mutual authentication
Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale. Modern applications are distributed and have an unwieldy number of interconnections that must trustfully exchange data. To build trust for data-in-motion, applications need end-to-end guarantees of data authenticity, integrity, and confidentiality. To be private and secure by-design, applications must have granular control over every trust and access decision. Ockam allows you to add these controls and guarantees to any application. We are passionate about making powerful cryptographic and messaging protocols simple and safe to use for millions of builders. Create a mutually authenticated and end-to-end encrypted secure channel between two Ockam nodes. -
25
OpenSK
OpenSK is an open-source implementation for security keys
OpenSK is an open-source implementation of FIDO2 (WebAuthn + CTAP) security keys, written in Rust and designed to run on affordable microcontroller boards. It provides the full authenticator stack—USB/NFC transport, CTAP protocol handling, credential management, and cryptographic operations—so you can build and audit your own hardware token. The project emphasizes defense-in-depth: memory-safe Rust, hardened crypto, isolation via an embedded OS, and explicit user presence/verification flows. Developers can flash reference hardware, customize UX (LEDs, buttons, PIN), and experiment with extensions while staying interoperable with major browsers and platforms. A test and conformance suite validates protocol behavior against the WebAuthn/CTAP specs to ensure compatibility.
