Open Source Windows Security Software - Page 13
Sort By:
Security Software for Windows
View 1532 business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
OpenCTI
Open Cyber Threat Intelligence Platform
OpenCTI is a comprehensive open-source cyber threat intelligence platform designed to help organizations collect, structure, analyze, and share information about cyber threats. It provides a modern web application backed by a GraphQL API and a data model aligned with the STIX2 standard to ensure interoperability across the threat intelligence ecosystem. The platform enables teams to correlate technical indicators such as observables and TTPs with higher-level context like attribution and victimology, creating a unified intelligence knowledge base. OpenCTI is built to integrate with external tools including MISP, TheHive, and MITRE ATT&CK, allowing it to function as a central intelligence hub in security operations. Its design emphasizes traceability by linking intelligence objects back to their original sources and tracking confidence levels and temporal metadata. -
2
Openblocks
The Open Source Retool Alternative
It's cumbersome to create a single app. You had to design user interfaces, write code in multiple languages and frameworks, and understand how all of that code works together. Low-code/No-code platforms are fast to get started with but quickly become unmaintainable and inflexible. This creates more problems than it solves. Retool-like solutions are great for their simplicity and flexibility, but they can also be limited in different ways compared to frameworks like React/Vue. An all-in-one IDE to create internal or customer-facing apps. A place to create, build and share building blocks of web applications. A domain-specific language that UI-configurable block is the first-class citizen. Openblocks is open-source. You don't need to worry about vendor lock-in or being stuck with an outdated version of the software. -
3
PHP dotenv
Loads environment variables automatically
You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments, such as database credentials or credentials for 3rd party services, should be extracted from the code into environment variables. Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project, Apache, Nginx, CLI, and even PHP's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, and you're going to love it! -
4
Personal Management System
Your web application for managing personal data
It's easier to understand this web application when you think about a CMS (WordPress) or CRM (SugarCRM); the logic behind this system is very similar to those two. My PMS may offer fewer possibilities than those systems above, but it just does what I want it to do. Additionally, writing extensions is not too hard, depending on the logic required. Anyone with development knowledge can pretty much write their own extensions for personal needs. Keep a track of your personal goals. You can use tools to keep track of your goals progress or use the payments submodule to keep an eye of the money amount that you want to collect for something. Add any personal note to the desired category. Here, you can keep any small information that you need; it can be either quick notes from phone calls, a bunch of information collected all around different pages, or some links to things that you want to check somewhere later in the future. -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
5
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt-retire scans your grunt-enabled app for use of vulnerable JavaScript libraries and/or node modules. Scans visited sites for references to insecure libraries and puts warnings in the developer console. An icon on the address bar displays will also indicate if vulnerable libraries were loaded. Retire.js has been adapted as a plugin for the penetration testing tools Burp and OWASP ZAP. -
6
SCAP Security Guide
Security automation content in SCAP, Bash, Ansible, and other formats
The purpose of this project is to create security policy content for various platforms, Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, SUSE Linux Enterprise Server (SLES), as well as products, Firefox, Chromium, JRE. We aim to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. For general use, we recommend Source DataStreams because they contain all the data you need to evaluate and put machines into compliance. The datastreams are part of our release ZIP archives. "Ansible content" refers to Ansible playbooks generated from security profiles. These can be used both in check-mode to evaluate compliance, as well as run-mode to put machines into compliance. -
7
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
8
Sigma
Main Sigma Rule Repository
Welcome to the Sigma main rule repository. The place where detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules. The repository offers more than 3000 detection rules of different type and aims to make reliable detections accessible to all at no cost. Sigma is an open-source tool for defining generic detection rules for security event logs, enabling security professionals to detect threats across platforms. -
9
SiteDorks
Automate search engine dorking across hundreds of websites
SiteDorks is a command line tool designed to automate advanced search queries across multiple search engines and websites. It allows users to perform search engine “dork” queries against a large set of predefined domains, making it easier to discover publicly available information across different platforms. SiteDorks supports several major search engines including Google, Bing, Brave, Ecosia, DuckDuckGo, Yahoo, and Yandex. Instead of manually running the same query for many sites, SiteDorks generates and executes the queries automatically using lists of “dorkable” websites. A built-in dataset contains hundreds of websites grouped into categories such as cloud services, developer platforms, documentation sites, social platforms, and communication tools. Users can also supply custom domain lists or CSV files to tailor searches for tasks like penetration testing, bug bounty research, or OSINT investigations. -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
10
UACMe
Defeating Windows user account control
Run executable from command line, akagi32 [Key] [Param] or akagi64 [Key] [Param]. First parameter is a number of methods to use, second is an optional command (executable file name including full path) to run. The second parameter can be empty - in this case, the program will execute elevated cmd.exe from the system32 folder. Since 3.5.0 version all "fixed" methods are considered obsolete and removed altogether with all supporting code/units. If you still need them. This tool shows ONLY popular UAC bypass method used by malware, and re-implement some of them in a different way improving original concepts. There are different, not yet known to the general public, methods. This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft, use it at your own risk. -
11
Unshackle
Tool to bypass windows and linux passwords from bootable USB
Unshackle is an open-source tool to bypass Windows and Linux user passwords from a bootable USB based on Linux. Open-source tool to bypass windows and Linux passwords from bootable USB. -
12
Username Anarchy
Username generator for penetration testing and user enumeration
Username Anarchy is an open source command line tool designed to generate possible usernames for use in penetration testing and security assessments. It focuses on solving one of the common challenges in authentication attacks: identifying valid usernames before attempting password attacks. It generates large sets of potential usernames based on a person’s name and common naming conventions used in corporate or online systems. These generated username lists can then be used for activities such as username enumeration, password spraying, or brute force testing during security audits. Username Anarchy supports numerous formatting styles, allowing security testers to replicate patterns commonly used in enterprise environments such as first.last, flast, or firstinitiallastname. Username Anarchy can also utilize name sources gathered from OSINT techniques such as social networks or other public data to produce realistic username lists. -
13
Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
-
14
Untangle is a Linux-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, bandwidth control, captive portal, VPN, firewall, and more. Visit http://untangle.com
-
15
HT is a file editor/viewer/analyzer for executables. The goal is to combine the low-level functionality of a debugger and the usability of IDEs. We plan to implement all (hex-)editing features and support of the most important file formats.
-
16
GlobalPlatform
Implementation of GlobalPlatform smart card specification
The GlobalPlatform card specification is a standard for the management of the contents on a smart card. Mainly this comprises the installation and the removal of applications. This project offers a C library and a command line shell. Find more information on https://kaoh.github.io/globalplatform/ -
17
CyoHash
Shell extension for easily calculating a file's hash (MD5/SHA1/etc.)
CyoHash is a simple shell extension that is used from within Windows Explorer to calculate the MD5 hash, SHA1 hash, or CRC32 checksum of a file. (Additional SHA256, SHA384, and SHA512 algorithms are available for users of Windows XP SP3 or newer.) -
18
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script gives you the perfect ingredients to create the best dating web app or social networking site on the World Wide Web! -- Get Involved! -- If you want to work on an Innovative Open Source Social/Dating Software Project with a Beautiful PHP Code using the latest PHP Features while collaborating with nice people and finally if you love the "Social" and "Dating" Services, ...you HAVE TO DO IT! - Fork the repo http://github.com/pH7Software/pH7-Social-Dating-CMS -
19
File system/directory monitoring utilities with loggin and task processing support (can execute files or make a WCF service call). Multiple configuration options. Source code libraries can be used to create a custom file system monitor.
-
20
Argus
Python toolkit for OSINT and reconnaissance with 135+ modules
Argus is a Python-based open source toolkit designed to simplify information gathering and reconnaissance tasks in cybersecurity. It provides an integrated command-line environment that consolidates numerous reconnaissance utilities into a single framework. The tool enables users to collect data about networks, domains, web applications, and infrastructure in an organized and efficient manner. Argus includes a modular architecture with more than 130 modules that support activities such as DNS analysis, port scanning, web application inspection, and threat intelligence lookups. Its interactive CLI allows users to browse available modules, configure targets, run scans, and review results from within a unified interface. The project aims to reduce the complexity of using multiple separate reconnaissance tools by bringing them together in one streamlined platform. Argus also supports integrations with external intelligence services. -
21
Boulder
An ACME-based certificate authority, written in Go
This is an implementation of an ACME-based CA. The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains. Boulder is the software that runs Let's Encrypt. This component model lets us separate the function of the CA by security context. The Web Front End, Validation Authority, OCSP Responder and Publisher need access to the Internet, which puts them at greater risk of compromise. The Registration Authority can live without Internet connectivity, but still needs to talk to the Web Front End and Validation Authority. The Certificate Authority need only receive instructions from the Registration Authority. All components talk to the SA for storage. Internally, the logic of the system is based around five types of objects: accounts, authorizations, challenges, orders (for ACME v2) and certificates. -
22
Buster
OSINT tool for discovering information linked to email addresses
Buster is an open source OSINT tool designed for email reconnaissance and information gathering. It helps investigators, security researchers, and penetration testers discover publicly available information related to email addresses and usernames. It can analyze an email address to identify associated social media accounts, references across the web, and potential data breaches linked to that email. It also performs reverse WHOIS lookups to discover domains that may have been registered using a specific email address. In addition to investigating existing addresses, Buster can generate possible email combinations and usernames based on personal details such as a person’s name, birthdate, or additional hints. Buster supports validating generated email addresses and retrieving contextual information about them. By combining multiple online sources and services, Buster helps automate the process of gathering intelligence related to digital identities. -
23
Chromepass
Hacking Chrome Saved Passwords
Chromepass is a python-based console application that generates a windows executable with the following features. Decrypt Google Chrome, Chromium, Edge, Brave, Opera and Vivaldi saved paswords and cookies. Send a file with the login/password combinations and cookies remotely (http server or email) Undetectable by AV if done correctly. Custom icon, custom error message, customize port. The new client build methodology practically ensures a 0% detection rate, even without AV-evasion tactics. If this becomes false in the future, some methods will be implemented to improve AV evasion. The dependencies are checked and installed automatically, so you can just skip to Usage. It's recommended that you use a clean VM, just to make sure there are no conflicts. If you don't have the dependencies and your internet isn't fast, this will take a while. -
24
Global Threat & Event Intelligence Map
Interactive map for exploring global conflicts & geopolitical threats
GlobalThreatMap is an open source web application designed to visualize geopolitical events, conflicts, and military activity around the world on an interactive map. It helps users explore ongoing wars, international tensions, military base locations, and historical conflict data across different countries. It aggregates and processes global event information and presents it geographically so users can quickly understand where significant geopolitical developments are occurring. GlobalThreatMap is built to assist researchers, analysts, and curious users who want a clearer view of global security dynamics. Users can browse event feeds, investigate country-level conflicts, and explore geopolitical entities directly from the interface. It also supports both self-hosted deployments and an authenticated mode using the Valyu platform for accessing additional data features. -
25
Hetty
An HTTP toolkit for security research
Hetty is an HTTP toolkit for security research. It aims to become an open-source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty communities. Machine-in-the-middle (MITM) HTTP proxy, with logs and advanced search. HTTP client for manually creating/editing requests, and replay proxied requests. Intercept requests and responses for manual review (edit, send/receive, cancel) Scope support, to help keep work organized. Easy-to-use web-based admin interface. Project-based database storage, to help keep work organized.
