Awesome Security

Metasploit Framework

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

The most advanced free and open-source browser fingerprinting library

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Enterprise-ready zero-trust access platform built on WireGuard®.

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

Infection Monkey - An open-source adversary emulation platform

Open device management

Open Source Cloud Native Application Protection Platform (CNAPP)

GRR Rapid Response: remote live forensics for incident response

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

🔥Open source RASP solution

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Rapid spam filtering system.

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Rekall Memory Forensic Framework

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

:star: :star: Distributed tcpdump for cloud native environments :star: :star:

Confidant: your secret keeper. https://lyft.github.io/confidant

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Safety guardrails for ai coding agents and human terminal commands

Apache Metron

ClamAV antivirus scanning for Node.js — scan file uploads with a single function call. Zero dependencies. Typed Symbol verdicts. Local or Docker/clamd.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

🔥 A fully open source audit logs service and embeddable UI easily deployed to your own Kubernetes cluster. Brought to you by replicated.com and boxyhq.com 🚀

Mirror of Apache Spot

Aggregates security advisories from 10 international CERTs daily and provides an AI skill that cross-references alerts against your project's tech stack.

🔓 CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

No description.

Android Malware Behavior Deleter

Is this app legit? Check before you connect. Free URL security scanner for indie developers and AI builders. Live at trustscanpro.com