User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Security

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Oct. 26, 2021, 3:06 p.m.

Thank you sbilly & contributors
View Topic on GitHub:
sbilly/awesome-security

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Scanning / Pentesting

Metasploit Framework

23.2K
10.98K
8m
n/a

A Linux packet crafting tool.

382
36
11m
GPL-2.0

Great packages that use Scapy

31
12
9m
CC-BY-4.0

Find exploit tool

783
265
3y 25d
GPL-3.0

In-depth Attack Surface Mapping and Asset Discovery

1.65K
206
9m
Apache-2.0

The most powerful UDP-based load generator, written in Rust

7
23
2y 8m
GPL-3.0

A coroutines-driven Low & Slow traffic sender, written in Rust

5
15
2y 5m
GPL-3.0

Legion is an open source, easy-to-use, super-extensible and semi-automated network penetration testing tool that aids in discovery, reconnaissance and exploitation of information systems.

565
116
1y 4m
GPL-3.0

Fast subdomains enumeration tool for penetration testers

5.69K
1.44K
1y 90d
GPL-2.0

๐Ÿค– The Modern Port Scanner ๐Ÿค–

3.4K
293
10m
GPL-3.0

A fork and successor of the Sulley Fuzzing Framework

1.15K
233
8m
GPL-2.0

Fast HTTP enumerator

85
10
1y 60d
MIT

Discover internet-wide misconfigurations while drinking coffee

257
26
5m
MIT

Identify vulnerabilities in running containers, images, hosts and repositories

357
46
10m
n/a

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs).

Nmap is a free and open source utility for network discovery and security auditing.

Monitoring / Logging

A network sniffer that logs all DNS server replies for use in a passive DNS setup

1.43K
367
1y 39d
n/a

A modern tool for the Windows kernel exploration and tracing

1.1K
128
8m
n/a

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

5.69K
327
8m
GPL-3.0

Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all "intercepted" files from the HTTP traffic.

httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

Sagan uses a 'Snort like' engine and rules to analyze logs (syslog/event log/snmptrap/netflow/etc).

Similar feature set to Snyk, but free in most cases, and very cheap for others.

Ntopng is a network traffic probe that shows the network usage, similar to what the popular top Unix command does.

IDS / IPS / Host IDS / Host IPS

Intrusion Prevention System (IPS) for Secure Shell (SSH)

28
6
8y 100d
n/a

CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.

3.84K
180
16d
MIT

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO. In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".

Powerful network analysis framework focused on security monitoring, formerly known as Bro.

Comprehensive Open Source HIDS. Not for the faint of heart. Takes a bit to get your head around how it works. Performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. Plenty of reasonable documentation. Sweet spot is medium to large deployments.

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

File integrity checker that leaves virtually no sediment. Controller runs from another machine, which makes it hard for an attacker to know that the file system is being checked at defined pseudo random intervals over SSH. Highly recommended for small to medium deployments.

AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others.

Thwart SSH dictionary based attacks and brute force attacks.

Scans log files and takes action on IPs that show malicious behavior.

A software to protect services in addition to SSH, written in C

Honey Pot / Honey Net

an awesome list of honeypot resources

4.77K
898
8m
Artistic-2.0

A low to medium interaction honeypot.

408
85
1y 9m
GPL-2.0

Amun Honeypot

44
21
2y 6m
GPL-2.0

Kippo - SSH Honeypot

1.34K
255
5y 28d
n/a

HonSSH is designed to log all SSH communications between a client and server.

345
72
3y 6m
BSD-3-Clause

ICS/SCADA Honeypot. Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols we created the basics to build your own system, capable to emulate complex infrastructures to convince an adversary that he just found a huge industrial complex. To improve the deceptive capabilities, we also provided the possibility to server a custom human machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because we are providing complete stacks of the protocols, Conpot can be accessed with productive HMI's or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of very big giants.

Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.

Kojoney is a low level interaction honeypot that emulates an SSH server. The daemon is written in Python using the Twisted Conch libraries.

Bifrozt is a NAT device with a DHCP server that is usually deployed with one NIC connected directly to the Internet and one NIC connected to the internal network. What differentiates Bifrozt from other standard NAT devices is its ability to work as a transparent SSHv2 proxy between an attacker and your honeypot. If you deployed an SSH server on Bifroztโ€™s internal network it would log all the interaction to a TTY file in plain text that could be viewed later and capture a copy of any files that were downloaded. You would not have to install any additional software, compile any kernel modules or use a specific version or type of operating system on the internal SSH server for this to work. It will limit outbound traffic to a set number of ports and will start to drop outbound packets on these ports when certain limits are exceeded.

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, DionaeaFR, an ELK stack and much more. Lastly, almost 90 well-known malware analysis, forensics and network monitoring related tools are also present in the distribution.

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

T-Pot is based on the network installer of Ubuntu Server 16/17.x LTS. The honeypot daemons as well as other support components being used have been containerized using docker. This allows us to run multiple honeypot daemons on the same network interface while maintaining a small footprint and constrain each honeypot within its own environment. Installation over vanilla Ubuntu - T-Pot Autoinstall - This script will install T-Pot 16.04/17.10 on a fresh Ubuntu 16.04.x LTS (64bit). It is intended to be used on hosted servers, where an Ubuntu base image is given and there is no ability to install custom ISO images. Successfully tested on vanilla Ubuntu 16.04.3 in VMware.

Full Packet Capture / Forensic

TCP/IP packet demultiplexer. Download from:

1.22K
209
8m
GPL-3.0

Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

4.62K
860
8m
n/a

Dshell is a network forensic analysis framework.

5.28K
1.17K
8m
n/a

Stenographer is a packet capture solution which aims to quickly spool all packets to disk, then provide simple, fast access to subsets of those packets. Discussion/announcements at [email protected]

1.58K
193
11m
Apache-2.0

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isnโ€™t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

OpenFPC is a set of tools that combine to provide a lightweight full-packet network traffic recorder & buffering system. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log management tools.

Sniffer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

netsniff-ng is a free Linux networking toolkit, a Swiss army knife for your daily Linux network plumbing if you will. Its gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.

Live HTTP headers is a free firefox addon to see your browser requests in real time. It shows the entire headers of the requests and can be used to find the security loopholes in implementations.

Security Information & Event Management

Fast Incident Response

1.27K
433
8m
GPL-3.0

Open Source SIEM (Security Information and Event Management system).

100
40
1y 4m
MIT

Prelude is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".

OSSIM provides all of the features that a security professional needs from a SIEM offering โ€“ event collection, normalization, and correlation.

VPN

OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.

Fast Packet Processing

Functional Network Framework for Multi-Core Architectures

510
70
2y 5m
GPL-2.0

DPDK is a set of libraries and drivers for fast packet processing.

PF_RING is a new type of network socket that dramatically improves the packet capture speed.

PF_RING ZC (Zero Copy) is a flexible packet processing framework that allows you to achieve 1/10 Gbit line rate packet processing (both RX and TX) at any packet size. It implements zero copy operations including patterns for inter-process and inter-VM (KVM) communications.

netmap is a framework for high speed packet I/O. Together with its companion VALE software switch, it is implemented as a single kernel module and available for FreeBSD, Linux and now also Windows.

Firewall

Firewall and Router FreeBSD distribution.

is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.

Protects ports via Single Packet Authorization in your firewall.

Anti-Spam

Rapid spam filtering system.

1.39K
272
8m
Apache-2.0

A powerful and popular email spam filter employing a variety of detection technique.

Docker Images for Penetration Testing & Security

Anti-Virus / Anti-Malware

Loki - Simple IOC and Incident Response Scanner

1.85K
426
9m
GPL-3.0

A malware scanner for Linux designed around the threats faced in shared hosted environments.

A Rootkit Hunter for Linux

Content Disarm & Reconstruct

Sanitising your documents, one threat at a time. โ€” Content Disarm & Reconstruction Software

109
26
1y 7m
MIT

Configuration Management

Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance. Automate common system administration tasks (installation, configuration); Enforce configuration over time (configuring once is good, ensuring that configuration is valid and automatically fixing it is better); Inventory of all managed nodes; Web interface to configure and manage nodes and their configuration; Compliance reporting, by configuration and/or by node.

Authentication

Open source version of Google Authenticator (except the Android app)

4.44K
876
1y 29d
Apache-2.0

Hide secrets with invisible characters in plain text securely using passwords ๐Ÿง™๐Ÿปโ€โ™‚๏ธโญ

2.32K
143
75d
n/a

Mobile / Android / iOS

A collection of android security related resources

5.14K
1.2K
10m
Apache-2.0

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

7.02K
1.5K
9m
CC-BY-SA-4.0

A collection of OSX and iOS security resources

499
95
1y 7m
Apache-2.0

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

1.36K
112
22d
Apache-2.0

A tool for reverse engineering Android apk files

11.36K
2.71K
10m
Apache-2.0

Dex to Java decompiler

25.16K
3.07K
8m
Apache-2.0
599
72
1y 7m
Apache-2.0

A tool to extract local data storage of an Android application in one click.

8
1
2y 10m
GPL-3.0

Android Malware (Analysis | Scoring System)

482
62
8m
GPL-3.0

Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.

466
51
8m
MIT
9
4
5y 9m
n/a

Clone this repo to build Frida

6.07K
706
1y 63d
NOASSERTION

Android Malware Behavior Deleter

22
0
4m
GPL-3.0

A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences. *

A collection of mobile security resources.

Free-of-charge standalone tool based on ReSharper's bundled decompiler. It can reliably decompile any .NET assembly into equivalent C# or IL code. It can create Visual Studio solutions based on the original binary files in a straight-forward way. [Proprietary] [Free]

Forensics

GRR Rapid Response: remote live forensics for incident response

3.72K
669
8m
Apache-2.0

An advanced memory forensics framework

4.3K
917
10m
GPL-2.0

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

309
76
10m
n/a

CLI utility and Python module for analyzing log files and other data.

84
12
8m
MIT

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

284
61
9m
GPL-3.0

Rekall Memory Forensic Framework

1.73K
371
1y 10d
GPL-2.0

mig

MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security.

Threat Intelligence

FireEye Publicly Shared Indicators of Compromise (IOCs)

410
98
5y 4m
Apache-2.0

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

569
228
1y 57d
n/a

DEPRECATED - USE v3 (bearded-avenger)

223
65
3y 9m
LGPL-3.0

ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist.

Emerging Threats began 10 years ago as an open source community for collecting Suricata and SNORTยฎ rules, firewall rules, and other IDS rulesets. The open source community still plays an active role in Internet security, with more than 200,000 active users downloading the ruleset daily. The ETOpen Ruleset is open to any user or organization, as long as you follow some basic guidelines. Our ETOpen Ruleset is available for download any time.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation.

The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.

AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.

The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.

CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. TOR Node List / DNS Blacklists / Tor Node List

The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.

The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS.

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries (taxonomies, threat-actors and various malware), an extensive data model to share new information using objects and default feeds.

Phishing Statistics with search for IP, domain and website title.

Social Engineering

Powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.

Organization

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

Web Application Firewall

NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX

3.69K
534
9m
GPL-3.0

SQL Firewall Extension for PostgreSQL

163
28
6y 38d
n/a

Universal web application security sensor intended for real-time monitoring and defense.

282
59
5y 9m
n/a

Curiefense is a unified, open source platform protecting cloud native applications.

201
31
112d
Apache-2.0

ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.

Scanning / Pentesting

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

1.21K
274
1y 4m
GPL-3.0

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

3.55K
1.01K
8m
n/a

Infection Monkey - An automated pentest tool

5.03K
579
8m
GPL-3.0

Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.

212
76
1y 5m
MIT

๐Ÿ”“ CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI.

134
31
11m
MIT

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

1.57K
91
8m
Apache-2.0

Full-featured C2 framework which silently persists on webserver via evil PHP oneliner

981
302
1y 56d
GPL-3.0

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

98
4
21d
Apache-2.0

Spyse is an OSINT search engine that provides fresh data about the entire web. All the data is stored in its own DB for instant access and interconnected with each other for flexible search.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

ZAP

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

List of some controls to test during a web vulnerability assessment. Markdown version may be found here.

w3af is a Web Application Attack and Audit Framework. The projectโ€™s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Runtime Application Self-Protection

๐Ÿ”ฅOpen source RASP solution

1.71K
419
8m
Apache-2.0

Automated and Real-Time Security for Ruby Apps. Protect your app in 30 seconds.

Development

16
6
1y 85d
Apache-2.0

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

2.07K
225
8m
Apache-2.0

๐Ÿ”’๐ŸŒ Security scanner for your Terraform code

1.88K
125
11m
MIT

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

477
58
4m
n/a

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

208
39
9m
MIT

Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020)

Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release fall 2017)

Free eBook sampler that gives some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them.

Book that teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server.

Exploits & Payloads

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

16.33K
5.23K
1y 55d
MIT

Red Team Infrastructure Deployment

Automated Red Team Infrastructure deployement using Docker

469
114
1y 7m
MIT

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

1.72K
279
8m
MIT

Usability

Usable Security course at coursera. Quite good for those looking for how security and usability intersects.

Big Data

Data Hacking Project

705
281
2y 7m
MIT

Hadoop library to read packet capture (PCAP) files

194
104
9m
LGPL-3.0

OpenSOC Apache Hadoop Code

534
185
1y 8m
Apache-2.0

Apache Metron

819
507
1y 5m
Apache-2.0

Mirror of Apache Spot

312
205
1y 108d
Apache-2.0

Scalable Binary Data Extraction in Hadoop

136
42
7y 107d
Apache-2.0

A scalable python framework for security research and development teams.

DevOps

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

2.02K
391
8m
n/a

nginx Docker image secure by default.

1.78K
70
11m
n/a

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI

6.45K
567
8m
Apache-2.0

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

36
7
4m
Apache-2.0

A secrets management tool for developers built in Go - never leave your command line for secrets.

379
15
4m
Apache-2.0

A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure.

Privacy & Security

Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.

Operating System designed for anonymity.

A live media, Linux-based operating system that is designed to allow the use of a computer without leaving a digital footprint.

Online resources

Datastores

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

719
82
8m
Apache-2.0

Safely store secrets in Git/Mercurial/Subversion

5.67K
313
9m
MIT

Confidant: your secret keeper. https://lyft.github.io/confidant

1.63K
99
10m
Apache-2.0

A secure and easy-to-use store for your production secrets

154
14
3y 6m
n/a

Go server for two-man rule style file encryption and decryption.

1.29K
130
1y 14d
n/a

A vault for securely storing and accessing AWS credentials in development environments

4.62K
408
8m
MIT

A little utility for managing credentials in the cloud

1.93K
201
1y 6m
Apache-2.0

CLI for managing secrets

1.8K
140
8m
MIT

A Vault CLI

330
27
9m
MIT

Simple and flexible tool for managing secrets

6.86K
402
1y 43d
MPL-2.0

Multiplatform command-line password manager

904
64
3y 6m
MIT

The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP.

An encrypted datastore secure enough to hold environment and application secrets.

Fraud prevention

Browser fingerprinting library with the highest accuracy and stability.

12.86K
1.57K
7m
MIT

Swiss army knife for identifying and fingerprinting Android devices.

171
16
5m
MIT

EBooks

Free and downloadable book series with very broad and deep coverage of what Web Developers and DevOps Engineers need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises

A step by step process for breaking into a BANK, Sparc Flow, 2017

A hackerโ€™s tale breaking into a secretive offshore company, Sparc Flow, 2018

Live a real crisis to master the secrets of forensic analysis, Sparc Flow, 2017

This early-access book teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications.

Other Security Awesome Lists

A collection of android security related resources

5.14K
1.2K
10m
Apache-2.0

A collection of awesome videos, articles, books and resources about ARM exploitation.

120
26
1y 24d
n/a

A curated list of CTF frameworks, libraries, resources and softwares

5.47K
1.1K
1y 5m
CC0-1.0

A curated list of hacking environments where you can train your cyber skills legally and safely

1.64K
335
1y 1d
Apache-2.0

๐Ÿ”’ A curated checklist of 300+ tips for protecting digital security and privacy in 2021

1.62K
154
8m
CC-BY-4.0

A curated list of awesome Hacking tutorials, tools and resources

6.81K
1.21K
8m
MIT

an awesome list of honeypot resources

4.77K
898
8m
Artistic-2.0

Defund the Police.

7.01K
1.94K
1y 64d
n/a

A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.

2.13K
375
1y 5m
n/a

A collection of awesome penetration testing resources, tools and other shiny things

13.56K
3.48K
8m
n/a

A curated list of awesome Linux Containers frameworks, libraries and software

1.08K
138
1y 24d
Apache-2.0

A curated list of tools for incident response

4.01K
992
8m
Apache-2.0

A list of web application security

3.24K
877
9m
n/a

A curated list of awesome resources about Electron.js (in)security

199
24
8m
n/a

A curated list of Awesome Threat Intelligence resources

4.09K
938
10m
Apache-2.0

a curated list of useful threat modeling resources

58
11
11m
Apache-2.0

Collection of the cheat sheets useful for pentesting

2.26K
595
1y 8m
n/a

A curated list of resources related to Industrial Control System (ICS) security.

10
3
5y 5m
Apache-2.0

A curated list of awesome YARA rules, tools, and people.

1.35K
229
9m
n/a

A curated list of awesome threat detection and hunting resources

1.45K
330
10m
n/a

A curated list of cryptography papers, articles, tutorials and howtos.

961
90
11m
n/a

๐Ÿ” A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ ๐Ÿ‘ฉโ€๐Ÿ’ป

2.06K
341
1y 6m
CC0-1.0

Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.

37
9
8m
CC-BY-4.0

A collected list of awesome security talks

3.1K
397
1y 4m
n/a

Other Common Awesome Lists

A curated list of awesome awesomeness

27.24K
3.34K
8m
n/a

The definitive list of lists (of lists) curated on GitHub and elsewhere

7.08K
596
8m
CC0-1.0

๐ŸŽฌ A curated list of movies every hacker & cyberpunk must watch.

8.57K
813
10m
CC0-1.0