Open Source TypeScript Security Software
Sort By:
TypeScript Security Software
View 5816 business solutionsBrowse free open source TypeScript Security Software and projects below. Use the toggles on the left to filter open source TypeScript Security Software by OS, license, language, programming language, and project status.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
Earn up to 16% annual interest with Nexo.Put idle assets to work with competitive interest rates, borrow without selling, and trade with precision. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
1
Aviator Predictor
Aviator hack: seed-inspection of aviator crash predictor & aviator app
Our downloadable SHA256 analysis tool powers the Aviator predictor, Aviator predictor app, and aviator crash predictor. Available for desktop, it’s designed for research, fairness verification, and safe demo testing Demo-focused aviator predictor tools — seed-inspection helpers (SHA-512 / SHA-256), AI-assisted summaries, and demo bot templates for aviator crash predictor, Start in demo mode to test safely. Disclaimer: Provided for analytical and testing purposes only. No predictive guarantees or gameplay assurances. -
2
World Monitor
Real-time global intelligence dashboard
World Monitor is an open-source real-time intelligence dashboard that aggregates global news, geopolitical signals, and infrastructure data into a unified situational awareness interface. Built primarily with TypeScript and modern web technologies, the project aims to reduce information fragmentation by consolidating hundreds of curated feeds into a single interactive environment. The platform emphasizes geospatial context through features such as interactive maps and a 3D WebGL globe, enabling users to visualize global events dynamically. It incorporates AI-assisted summarization and local LLM support to help users process large volumes of information more efficiently. The application can run as a native desktop app or progressive web app, reflecting a focus on accessibility and offline-capable intelligence workflows. Overall, worldmonitor positions itself as a free OSINT-style monitoring hub for analysts, researchers, and anyone needing real-time global awareness. -
3
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws, authentication bypasses, and other exploitable paths in a way that resembles an actual attacker’s workflow. Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. It positions itself as a pre-attacker safety net, aiming to break your web app before someone else does and thereby reduce the gap between “potentially vulnerable” and “confirmed exploitable.” -
4
FlareSolverr
Proxy server to bypass Cloudflare protection
FlareSolverr is a proxy server to bypass Cloudflare and DDoS-GUARD protection. FlareSolverr starts a proxy server, and it waits for user requests in an idle state using few resources. When some request arrives, it uses puppeteer with the stealth plugin to create a headless browser (Firefox). It opens the URL with user parameters and waits until the Cloudflare challenge is solved (or timeout). The HTML code and the cookies are sent back to the user, and those cookies can be used to bypass Cloudflare using other HTTP clients. Web browsers consume a lot of memory. If you are running FlareSolverr on a machine with few RAM, do not make many requests at once. With each request, a new browser is launched. It is also possible to use a permanent session. However, if you use sessions, you should make sure to close them as soon as you are done using them. It is recommended to install using a Docker container because the project depends on an external browser that is already included. -
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
5
Tamper Dev
Extension that allows you to intercept and edit HTTP/HTTPS requests
If you are a developer, you can use Tamper Dev to debug your websites, or if you are a pentester, you can use it to search for security vulnerabilities by inspecting the HTTP traffic from your browser. Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server. This extension provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy, but without the need of additional software, with full support of HTTPS connections, and trivial to set-up (just install). -
6
Kubernetes Dashboard
General-purpose web UI for Kubernetes clusters
Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself. To access Dashboard from your local workstation you must create a secure channel to your Kubernetes cluster. Kubeconfig Authentication method does not support external identity providers or certificate-based authentication. Metrics-Server has to be running in the cluster for the metrics and graphs to be available. Make sure that you know what you are doing before proceeding. Granting admin privileges to Dashboard's Service Account might be a security risk. In most cases after provisioning cluster using kops, kubeadm or any other popular tool, the ClusterRole cluster-admin already exists in the cluster. We can use it and create only ClusterRoleBinding for our ServiceAccount. If it does not exist then you need to create this role first and grant required privileges manually. -
7
apk-mitm
Application that automatically prepares Android APK files for HTTPS
Inspecting a mobile app's HTTPS traffic using a proxy is probably the easiest way to figure out how it works. However, with the Network Security Configuration introduced in Android 7 and app developers trying to prevent MITM attacks using certificate pinning, getting an app to work with an HTTPS proxy has become quite tedious. -
8
uBlacklist
Blocks specific sites from appearing in Google search results
uBlacklist is a Google Search filter for Chrome and Firefox. uBlacklist requires many site permissions on install. They are necessary to support all domains where Google Search is provided (google.com, google.ac, google.ad, ...). You can install uBlacklist from Chrome Web Store, Firefox Add-ons or Mac App Store. To block a site that you are looking at from appearing on the search result page, click the toolbar icon. A "Block this site" dialog will be shown. In recent versions of Chrome, the toolbar icon may be hidden by default. If so, first click the puzzle piece icon. To see and edit blocked sites, open the options page. It can be accessed from the toolbar icon. Blocked sites are displayed on the top of the options page. After editing them, don't forget to press the "Save" button. -
9
Buttercup Desktop
Cross-Platform Passwords & Secrets Vault
Buttercup for desktop is a beautifully-simple password manager designed to help manage your credentials. Buttercup uses very strong encryption to protect your sensitive details under a single master password - Feel free to use stronger and more complex passwords for each service and let Buttercup store them securely. Buttercup is free to download and use and is available for Windows, Mac and Linux. Use it alongside the browser extension and mobile app for a completely portable experience. Strong 256bit AES encrypted vaults that meet today's security standards. Rest assured that your credentials are safe. Easy-to-use interfaces with basic concepts make storing and finding your login details a piece of cake. Buttercup's software is free to download and use, forever. It's also available for all major platforms. -
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
10
Mitaka
Browser extension for fast OSINT searches and IOC investigation
Mitaka is a browser extension designed to streamline Open Source Intelligence (OSINT) investigations by enabling quick searches and scans directly from the browser. It allows security researchers, analysts, and investigators to easily examine various indicators of compromise (IoCs) such as IP addresses, domains, URLs, hashes, email addresses, and more. Instead of manually copying and pasting suspicious indicators into multiple intelligence platforms, users can simply highlight a value on any webpage and access multiple OSINT services through a context menu. Mitaka automatically detects the type of indicator and generates appropriate search options for relevant threat intelligence services. Mitaka also includes a refanging capability that converts obfuscated indicators, such as example[.]com or hxxp://example.com, into valid formats that can be analyzed immediately. -
11
Situation Monitor
Real-time dashboard for monitoring global news and markets
Situation Monitor is an open-source real-time dashboard designed to aggregate and visualize global information streams related to news, financial markets, technology, and geopolitical developments. The project aims to provide a centralized situational awareness interface where users can observe multiple sources of high-signal information without constantly switching between separate applications or websites. Instead of functioning as a traditional news reader, the platform is designed more like an intelligence monitoring system that highlights important signals from diverse data feeds. The dashboard aggregates real-time updates about economic indicators, corporate developments, geopolitical events, and other macro-level signals that may influence markets or public discourse. Its architecture is implemented using modern frontend technologies, allowing data streams to update quickly while maintaining low resource consumption. -
12
Infisical
Infisical is the open-source platform for secrets management, PKI
Infisical is an open-source, all-in-one platform for managing secrets, certificates, and privileged access. It delivers modern security workflows like secrets rotation, dynamic credentials, role-based access control, and SSH certificate-based access—tailored for development and infrastructure teams. Manage secrets across projects and environments (e.g. development, production, etc.) through a user-friendly interface. Sync secrets to platforms like GitHub, Vercel, AWS, and use tools like Terraform, Ansible, and more. Keep track of every secret and project state; roll back when needed. Deliver secrets to your Kubernetes workloads and automatically reload deployments. -
13
Web-Check
All-in-one OSINT tool for analysing any website
Comprehensive, on-demand open source intelligence for any website. Get an insight into the inner-workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently the dashboard will show: IP info, SSL chain, DNS records, cookies, headers, domain info, search crawl rules, page map, server location, redirect ledger, open ports, traceroute, DNS security extensions, site performance, trackers, associated hostnames, carbon footprint. Stay tuned, as I'll add more soon. The aim is to help you easily understand, optimize and secure your website. -
14
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a scoreboard. Finding this scoreboard is actually one of the (easy) challenges! Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a “guinea pig”-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs. -
15
OpenCTI
Open Cyber Threat Intelligence Platform
OpenCTI is a comprehensive open-source cyber threat intelligence platform designed to help organizations collect, structure, analyze, and share information about cyber threats. It provides a modern web application backed by a GraphQL API and a data model aligned with the STIX2 standard to ensure interoperability across the threat intelligence ecosystem. The platform enables teams to correlate technical indicators such as observables and TTPs with higher-level context like attribution and victimology, creating a unified intelligence knowledge base. OpenCTI is built to integrate with external tools including MISP, TheHive, and MITRE ATT&CK, allowing it to function as a central intelligence hub in security operations. Its design emphasizes traceability by linking intelligence objects back to their original sources and tracking confidence levels and temporal metadata. -
16
Domain Digger
Domain analysis toolkit for DNS, IP, and WHOIS lookups
Domain Digger is an open source toolkit designed to help users analyze and explore domain-related information in a structured and visual way. It provides a centralized interface for investigating various technical details associated with a domain, including DNS records, IP information, and WHOIS data. By combining several domain intelligence features into a single platform, it simplifies the process of gathering and understanding domain infrastructure details. Domain Digger presents domain information through organized views and visual components, making it easier to interpret relationships between domains, DNS records, and network addresses. This can be useful for developers, security researchers, system administrators, and anyone working with domain infrastructure. Domain Digger aims to streamline domain analysis workflows by offering quick lookups and consolidated data sources in one environment. -
17
FingerprintJS
Browser fingerprinting library
FingerprintJS is a source-available, client-side, browser fingerprinting library that queries browser attributes and computes a hashed visitor identifier from them. Unlike cookies and local storage, a fingerprint stays the same in incognito/private mode and even when browser data is purged. Since FingerprintJS processes and generates the fingerprints from within the browser itself, the accuracy is limited (40% - 60%). For example, when 2 different users send requests using identical (i.e. same version, same vendor, same platform), browsers, FingerprintJS will not be able to tell these two browsers apart, primarily because the attribitutes from these browsers will be identical. Fingerprint Identification is a closed-source, commercial device identification product designed for fraud detection, device identification, marketing attribution, and analytics. -
18
NanoClaw
A lightweight alternative to Clawdbot / OpenClaw
Nanoclaw is a lightweight, security-focused personal agent runtime designed as a slimmer alternative to larger “personal assistant” agent stacks, with an emphasis on being easy to audit and safe by default. It runs agent execution inside Apple containers to provide strong isolation boundaries, so individual chats and actions can be sandboxed with tighter filesystem and process separation than a typical single-process bot. The project connects directly to WhatsApp, letting you deploy an assistant that can chat in a familiar interface while still supporting real agent behaviors instead of simple call-and-response prompts. It includes memory so the assistant can retain important context across interactions, enabling more consistent follow-through on ongoing tasks. It also supports scheduled jobs, making it suitable for recurring reminders, periodic automations, and timed workflows without needing an external orchestrator. -
19
Ring
Unofficial packages for Ring Doorbells, Cameras, Alarm System
This repo contains unofficial packages to enable interaction and automation with the majority of Ring products. The ring-client-API is a TypeScript package designed to be used by developers to create their own apps/programs which interact with Rings API. homebridge-ring allows users to integrate Ring products into Apple HomeKit via homebridge easily. With Ring you can control your home from your smartphone, tablet or PC. Each Ring device includes a camera, speakers, and an integrated microphone so you can view, listen, and speak to anyone on your property from anywhere. Ring's customizable motion sensors allow you to focus on the most important areas of your home. You will receive instant warnings as soon as your Ring device detects movement, so you are always the first to know if someone has gotten too close to your property. Ring allows you to monitor every corner of your property. -
20
privacy.sexy
Open-source tool to enforce privacy & security best-practices
Enforce privacy & security best practices on Windows, macOS, and Linux, because privacy is sexy. Regularly applying your configuration with privacy.sexy is recommended, especially after each new release and major operating system updates. Each version updates scripts to enhance stability, privacy, and security. -
21
Authenticator
Authenticator generates 2-Step Verification codes in your browser
Authenticator generates two-factor authentication (2FA) codes in your browser. Use it to add an extra layer of security to your online accounts. Always keep a backup of your secrets in a safe location. Encrypting your secrets is strongly recommended, especially if you are logged into a Google account. Back up your secrets to a file, Google Drive, Microsoft OneDrive, or Dropbox. Sync your secrets with your Google Account. Available for Chrome, Firefox, and Microsoft Edge. Import data from Google Authenticator's official mobile App. -
22
Flowsint
Graph-based OSINT investigation platform w visual relationship mapping
Flowsint is an open source OSINT investigation platform designed to help analysts explore and understand relationships between digital entities through a visual graph interface. The platform focuses on reconnaissance and open source intelligence workflows, enabling investigators to map connections between domains, IP addresses, organizations, individuals, and other data points. By presenting these relationships in an interactive graph, Flowsint allows users to quickly identify patterns, associations, and investigative leads that might be difficult to detect through traditional data analysis methods. The system includes automated enrichers that gather additional intelligence about entities such as domain records, social media profiles, network infrastructure, and cryptocurrency activity. Its modular architecture separates the frontend application, API server, core services, and enrichment modules, making the platform extensible and easier to expand with new investigative capabilities. -
23
RedAmon
AI-powered framework for automated penetration testing and red teaming
RedAmon is an AI-powered red team framework designed to automate offensive cybersecurity operations from reconnaissance to exploitation and post-exploitation. It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
24
Wabe
Your backend in minutes not days
Wabe is an open-source backend that allows you to create your own fully customizable backend in just a few minutes. It handles database access, automatic GraphQL API generation, authentication with various methods (classic or OAuth), permissions, security, and more for you. -
25
SANTETIN
Santetin is a website stress test and DDOS simulation tool
Santetin is a powerful desktop application built with Electron to perform website stress tests, penetration testing simulations, DDOS attacks, and traffic jingling for testing and educational purposes. ⚠️ Disclaimer: This tool is intended for educational and testing purposes only. Do not use it against any website without explicit permission from the owner.
