Best Open Source security Libraries
A curated list of the most popular GitHub repositories tagged with security. Select any project to visualize its architecture and dive into the codebase using RepoMind's AI engine.
#1trimstray/the-book-of-secret-knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
#2Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
#3Developer-Y/cs-video-courses
List of Computer Science courses with video lectures.
#4swisskyrepo/PayloadsAllTheThings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
#5caddyserver/caddy
Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
#6x64dbg/x64dbg
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
#7mitmproxy/mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
#8QuivrHQ/quivr
Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.
#9aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
#10GyulyVGC/sniffnet
Comfortably monitor your Internet traffic 🕵️♂️
#11Lissy93/web-check
🕵️♂️ All-in-one OSINT tool for analysing any website
#12OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
#13trailofbits/algo
Set up a personal VPN in the cloud
#14StevenBlack/hosts
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
#15nginx/nginx
The official NGINX Open Source repository.
#16digitalocean/nginxconfig.io
⚙️ NGINX config generator on steroids 💉
#17projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
#18hwdsl2/setup-ipsec-vpn
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
#19authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
#20community-scripts/ProxmoxVE
Proxmox VE Helper-Scripts (Community Edition)
#21OpenZeppelin/openzeppelin-contracts
OpenZeppelin Contracts is a library for secure smart contract development.
#22keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
#23imthenachoman/How-To-Secure-A-Linux-Server
An evolving how-to guide for securing a Linux server.
#24gitleaks/gitleaks
Find secrets with Gitleaks 🔑
#25Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
#26trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
#27cilium/cilium
eBPF-based Networking, Security, and Observability
#28goauthentik/authentik
The authentication glue you need.
#29Atlas-OS/Atlas
🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability.
#30bee-san/RustScan
🤖 The Modern Port Scanner 🤖
#31bettercap/bettercap
The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.
#32twpayne/chezmoi
Manage your dotfiles across multiple diverse machines, securely.
#33rizinorg/cutter
Free and Open Source Reverse Engineering Platform powered by rizin
#34eosphoros-ai/DB-GPT
open-source agentic AI data assistant for the next generation of AI + Data products.
#35TecharoHQ/anubis
Weighs the soul of incoming HTTP requests to stop AI crawlers
#36fail2ban/fail2ban
Daemon to ban hosts that cause multiple authentication errors
#37ory/hydra
Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on Ory Network or self-host. Trusted by OpenAI and many others for scale and security. Written in Go.
#38cure53/DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
#39javascript-obfuscator/javascript-obfuscator
A powerful obfuscator for JavaScript and Node.js
#40ImranR98/Obtainium
Get Android app updates straight from the source.
#41wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
#42zaproxy/zaproxy
The ZAP by Checkmarx Core project
#43cryptomator/cryptomator
Cryptomator for Windows, macOS, and Linux: Secure client-side encryption for your cloud storage, ensuring privacy and control over your data.
#44winsiderss/systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
#45bytebase/bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
#46projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
#47shadowsocks/shadowsocks-rust
A Rust port of shadowsocks
#48jason5ng32/MyIP
The best IP Toolbox. Easy to check what's your IPs, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, MTR test, check website availability, whois search and more! || 可能是最好用的IP工具箱。轻松检查你的 IP,IP 地理位置,检查DNS泄漏,检查 WebRTC 连接,速度测试,ping 测试,MTR测试,检查网站可用性,查询 Whois 信息等等。
#49hslatman/awesome-threat-intelligence
A curated list of Awesome Threat Intelligence resources
#50frappe/frappe
Low code web framework for real world applications, in Python and Javascript