security

Provides a tight integration of the Security component into the Symfony full-stack framework

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected"...

兜哥出品 <一本开源的NLP入门书籍>

🕵️ OSINT Tools for gathering information and actions forensics 🕵️

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository s...

一款部署于云端或本地的隧道代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

🕵️‍♂️ TUI for sniffing network traffic using eBPF on Linux

U2F USB token optimized for physical security, affordability, and style

A collection of smart contract vulnerabilities along with prevention methods

Adversary tradecraft detection, protection, and hunting

Semi-automatic OSINT framework and package manager

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Powerful framework for rogue access point attack.

Cross-platform desktop GUI app to clean image metadata

Fast, multi-protocol credential brute-forcer. Parses Nmap, Nessus, and Nexpose output to automatically test default and custom credentials across 30+...

A Collection of Hacks in IoT Space so that we can address them (hopefully).

Open-source tool to build your Windows script from scratch. It includes debloat, privacy, performance & app installing scripts.

A p2p, secure file storage, social network and application protocol

🛡️ Awesome Cloud Security Resources ⚔️

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata al...

Solo 1 firmware in C

Automating situational awareness for cloud penetration tests.

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security.

Creepy device and browser fingerprinting

HTTP middleware for Go that facilitates some quick security wins.

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

A fork and successor of the Sulley Fuzzing Framework

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

🚀 Caido releases, wiki and roadmap

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

XRay is a tool for recon, mapping and OSINT gathering from public networks.

A curated list of awesome embedded and IoT security resources.

:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

A cryptographically verifiable code review system for the cargo (Rust) package manager.

🖖 GoCaptcha: A high-performance, interactive behavior captcha library for Go. Supporting click, slide, drag-drop, and rotation modes to secure your a...

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables r...

A simple,high performance and secure live media server in pure Rust (RTMP[cluster]/RTSP/WebRTC[whip/whep]/HTTP-FLV/HLS).🦀

Role and Attribute based Access Control for Node.js

:fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.

OWASP API Security Project

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

针对SpringBoot的开源渗透框架，以及Spring相关高危漏洞利用工具

Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and...

Security scanner for AI agents, MCP servers and agent skills.

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

Daily feed of bad IPs (with blacklist hit scores)

A Vault swiss-army knife: A CLI tool to init, unseal and configure Vault (auth methods, secret engines).

🔐🌐 Privacy-respecting web frontends for popular services

This challenge is Inon Shkedy's 31 days API Security Tips.