Search Results for "security"
Sort By:
Showing 189 open source projects for "security"
View related business solutions-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
Auth0 B2B Essentials: SSO, MFA, and RBAC Built InAuth0's B2B Essentials plan gives you everything you need to ship secure multi-tenant apps. Unlimited orgs, enterprise SSO, RBAC, audit log streaming, and higher auth and API limits included. Add on M2M tokens, enterprise MFA, or additional SSO connections as you scale.
-
1
frida
Dynamic instrumentation toolkit for developers
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts. Works on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Install the Node.js bindings from npm, grab a Python package from PyPI, or use Frida through its Swift bindings, .NET bindings, Qt/Qml bindings, or C API. ... -
2
Anthropic Cybersecurity Skills
754 structured cybersecurity skills for AI agents
...It is particularly useful for developers exploring how AI can augment traditional cybersecurity practices. Overall, the project serves as a foundation for building AI-driven security tools and workflows. -
3
GHunt
Offensive Google framework
GHunt (v2) is an offensive Google framework, designed to evolve efficiently. It's currently focused on OSINT, but any use related with Google is possible. It will automatically use venvs to avoid dependency conflicts with other projects. First, launch the listener by doing ghunt login and choose between 1 of the 2 first methods. Put GHunt on listening mode (currently not compatible with docker) Paste base64-encoded cookies. Enter manually all cookies. The development of this extension has... -
4
DefectDojo
DefectDojo is a DevSecOps and vulnerability management tool
DefectDojo is a security orchestration and vulnerability management platform. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings to systems like JIRA and Slack. DefectDojo enriches and refines vulnerability data using a number of heuristic algorithms that improve with the more you use the platform. -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
5
Pacu
The AWS exploitation framework, designed for testing security
Pacu (named after a type of Piranha in the Amazon) is a comprehensive AWS security-testing toolkit designed for offensive security practitioners. While several AWS security scanners currently serve as the proverbial “Nessus” of the cloud, Pacu is designed to be the Metasploit equivalent. Written in Python 3 with a modular architecture, Pacu has tools for every step of the pen testing process, covering the full cyber kill chain. -
6
Impacket
A collection of Python classes for working with network protocols
Impacket is a collection of Python classes designed for working with network protocols. It was primarily created in the hopes of alleviating some of the hindrances associated with the implementation of networking protocols and stacks, and aims to speed up research and educational activities. It provides low-level programmatic access to packets, and the protocol implementation itself for some of the protocols, like SMB1-3 and MSRPC. It features several protocols, including Ethernet, IP, TCP,... -
7
GuardDog
GuardDog is a CLI tool to Identify malicious PyPI and npm packages
guarddog is an open-source security tool by DataDog designed to detect risks in open-source dependencies. It helps developers analyze software supply chain risks and prevent malicious or vulnerable packages from being used. -
8
Copy Fail - CVE-2026-31431
epository that demonstrates and analyzes a Linux kernel vulnerability
...Overall, it contributes to the study of system-level security flaws and mitigation strategies. -
9
Bandit
Bandit is a tool designed to find common security issues in Python
Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA. -
Gemini 3 and 200+ AI Models on One PlatformBuild, govern, and optimize agents and models with Gemini Enterprise Agent Platform.
-
10
aws-encryption-sdk-cli
CLI wrapper around aws-encryption-sdk-python
This command line tool can be used to encrypt and decrypt files and directories using the AWS Encryption SDK. If you have not already installed cryptography, you might need to install additional prerequisites as detailed in the cryptography installation guide for your operating system. Installation using a python virtual environment is recommended to avoid conflicts between system packages and user-installed packages. For the most part, the behavior of aws-encryption-cli in handling files is... -
11
mobsfscan
Static analysis tool that can find insecure code patterns in code
mobsfscan is a fast and powerful static analysis tool for identifying security vulnerabilities in mobile app source code. It supports Android, iOS, and Flutter codebases and helps developers secure apps before deployment. -
12
Docker-OSX
Run macOS VM in a Docker! Run near native OSX-KVM in Docker
Run Mac OS X in Docker with near-native performance! X11 Forwarding. iMessage security research! iPhone USB working! macOS in a Docker container. -
13
FATE
An industrial grade federated learning framework
...FedAI is a community that helps businesses and organizations build AI models effectively and collaboratively, by using data in accordance with user privacy protection, data security, data confidentiality and government regulations. -
14
Django Hijack
With Django Hijack, admins can log in and work on behalf of others
With Django Hijack, admins can log in and work on behalf of other users without having to know their credentials. 3.x docs are available in the docs folder. This version provides a security-first design, easy integration, customization, out-of-the-box Django admin support and dark mode. It is a complete rewrite and all former APIs are broken. A form is used to perform a POST including a CSRF-token for security reasons. The field user_pk is mandatory and the value must be set to the target users' primary key. The optional field next determines where a user is forwarded after a successful hijack. ... -
15
Wemake Django Template
Bleeding edge django template focused on code quality and security
What this project is all about? The main idea of this project is to provide a fully configured template for django projects, where code quality, testing, documentation, security, and scalability are number one priorities. This template is a result of implementing our processes, it should not be considered as an independent part. When developing this template we had several goals in mind. Development environment should be bootstrapped easily, so we use docker-compose for that. Development should be consistent, so we use strict quality and style checks. ... -
16
NGINX Admin’s Handbook
How to improve NGINX performance, security, and other important things
...The handbook spans fundamentals and advanced topics alike, from HTTP and SSL/TLS basics to reverse proxy patterns, performance tuning, debugging workflows, and hardening strategies. A centerpiece is its prioritized checklist of 79 rules, grouped by criticality, helping readers focus on what most impacts security, reliability, and speed. Instead of copy-paste snippets in isolation, it emphasizes understanding trade-offs, avoiding common pitfalls, and balancing security with usability. Designed for system administrators and web application engineers, it aims to be a living companion that encourages experimentation, measurement, and continuous improvement of NGINX configurations -
17
Metarget
Framework for automatic construction of vulnerable infrastructures
Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. During security research, we might find that the deployment of a vulnerable environment often takes much time, while the time spent on testing PoC or ExP is comparatively short. In the field of cloud-native security, thanks to the complexity of cloud-native systems, this issue is more terrible. There are already some excellent security projects like Vulhub, and VulApps in the open-source community, which pack vulnerable scenes into container images so that researchers could utilize them and deploy scenes quickly. ... -
18
CTFd
CTFs as you need them
CTFd is a Capture The Flag framework focusing on ease of use and customizability. It comes with everything you need to run a CTF and it's easy to customize with plugins and themes. Create your own challenges, categories, hints, and flags from the Admin Interface. Dynamic Scoring Challenges. Unlockable challenge support. Challenge plugin architecture to create your own custom challenges. Static & Regex-based flags. Custom flag plugins. Unlockable hints. File uploads to the server or an Amazon... -
19
sqlmap
Automatic SQL injection and database takeover tool
sqlmap is a powerful, feature-filled, open source penetration testing tool. It makes detecting and exploiting SQL injection flaws and taking over the database servers an automated process. sqlmap comes with a great range of features that along with its powerful detection engine make it the ultimate penetration tester. It offers full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, and many other database management systems. It also... -
20
JumpServer
Manage assets on different clouds at the same time
The JumpServer bastion machine complies with the 4A specification of operation and maintenance security audit. Zero threshold, fast online acquisition and installation. Just a browser, the ultimate Web Terminal experience. Easily support massive concurrent access. One system manages assets on different clouds at the same time. Audit recordings are stored in the cloud and will never be lost. One system, is used by multiple subsidiaries and departments at the same time. -
21
Django-CRM
Open Source CRM based on Django
Django CRM is opensource CRM developed on django framework. It has all the basic features of CRM to start with. We welcome code contributions and feature requests via github. Create and activate a virtual environment. Install the project's dependency after activating env. -
22
Authlib
The ultimate Python library in building OAuth, OpenID Connect
...Supporting a wide range of social network service connections, powered by Loginpass. Authlib is built from low level of specifications to high level of framework integrations. Security matters in Authlib. We have a section on security process at the very first begin. Authlib is created with sustainable maintainence in mind. Consider to buy a commercial plan. -
23
Maltrail
Malicious traffic detection system
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name, URL, IP address (e.g. 185.130.5.231 for the known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic... -
24
Crosvm
The Chrome OS Virtual Machine Monitor
crosvm (ChromeOS Virtual Machine Monitor) is a secure, lightweight virtual machine monitor built on top of the Linux KVM hypervisor. Developed for ChromeOS, it is designed to isolate and execute Linux and Android guests efficiently while maintaining strong security boundaries. Unlike general-purpose emulators like QEMU, crosvm avoids full hardware emulation and focuses on modern paravirtualized I/O using the virtio standard, reducing complexity and attack surface. Written in Rust, it emphasizes memory safety and modularity, allowing sandboxed device emulation with fine-grained privilege separation. crosvm underpins several ChromeOS subsystems, including Android Runtime for Chrome (ARCVM) and Crostini Linux containers, enabling rich application compatibility within a tightly controlled environment. -
25
react2shell-scanner
High Fidelity Detection Mechanism for RSC/Next.js RCE
react2shell-scanner is a security-oriented tool that bridges modern JavaScript (React) applications and shell scripting by auditing web front-ends for exposed interfaces that could be manipulated or controlled through command execution. It scans React codebases, identifies places where user input interacts with shell-executable contexts, and flags risky patterns that might lead to command injection, unvalidated arguments, or unsafe bindings between UI controls and underlying system actions. ...
