Security & Privacy

OpenPGP implementation for encryption, signing, and key management.

Network protocol analyzer for deep packet inspection and forensic debugging.

TLS and cryptography toolkit underpinning HTTPS, SSH adjacency, and certificate workflows.

Open security platform combining SIEM, XDR, file integrity monitoring, and compliance checks across endpoints and cloud.

Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.

OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.

Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.

Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.

Fast vulnerability scanner driven by YAML templates—used for recon, misconfigs, CVEs, and custom checks at scale.

Fast HTTP probing CLI: status, title, tech fingerprinting, paths, and pipeline-friendly output for asset lists.

Passive subdomain enumeration aggregating many OSINT sources with resolver validation options.

Attack surface mapping engine: DNS, certificates, APIs, scraping, and graphing for deep asset discovery.

E-mail, subdomain, and host harvesting from search engines, PGP servers, and common OSINT APIs.

Fast web fuzzer for directories, virtual hosts, parameters, and raw HTTP—common in bug bounty playbooks.

Go-based directory/DNS/vhost brute-forcer with threading tuned for pentest wordlists.

Recursive content discovery written in Rust with intelligent filtering and replay-friendly output.

WordPress security scanner: version fingerprinting, plugin/theme vuln DB, weak creds, and user enumeration.

XSS parameter analyzer and reflected/stored/DOM-focused fuzzer with mining and pipeline modes.

Python classes and scripts for low-level Windows network protocols (SMB, MSRPC, Kerberos, LDAP, etc.).

Active Directory attack-path graphing: ingest collectors, map privilege chains, and plan remediations.

Network post-exploitation Swiss Army knife for SMB/WinRM/LDAP/MSSQL/WMI—successor spirit to CrackMapExec.

Ruby WinRM shell for pentesting: remote commands, file upload, Pass-the-Hash, and menu helpers.

LLMNR/NBT-NS/mDNS poisoner and rogue server suite for credential capture in internal test networks.

Interactive TLS-capable HTTP(S) proxy with console, web, and scriptable interception.

Network attack framework: Wi-Fi, BLE, LAN recon, ARP/DNS spoofing, proxy, and modular caplets.

GPU-accelerated password recovery and hash cracking supporting hundreds of algorithms and attack modes.

Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.

802.11 WEP/WPA/WPA2 auditing suite: capture, deauth, handshake cracking, and WPS testing tools.

Python wrapper automating Aircrack/Reaver/Bully flows for WEP/WPA wireless audits.

Curated archive of public exploits and proof-of-concepts with searchsploit CLI for offline lookup.

Advanced memory forensics framework for extracting artifacts from RAM dumps across OS versions.

NSA-released reverse engineering suite: decompiler, disassembler, scripting, and collaboration features.

Unix-style reversing framework: disasm, debug, binary patching, esil, and rich CLI automation.

Qt GUI for Rizin/radare2 with graph views, decompiler plugins, and debugger integration.

Pattern matching for malware researchers—rules over files, memory, and streams in IR pipelines.

CLI probe of TLS/SSL ciphers, protocols, headers, and common misconfigurations on any TCP listener.

Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.

Static analysis engine matching AST patterns—rules for OWASP classes, secrets, and custom policies.

High-performance IDS/IPS and network security monitoring with multi-threading, TLS inspection options, and Lua scripting.

Classic packet-sniffing IDS/IPS with rule language and community rule feeds; Snort 3 improves scaling.

Network security monitor producing rich logs (conn, DNS, HTTP, SSL, files) for analytics—not a classic IDS signature engine.

Cloud-native runtime security for Linux/Kubernetes: syscall and K8s audit rules with Falcoctl and ecosystem outputs.

Linux runtime security using eBPF to trace OS and container events with prebuilt signatures and pipeline exports.

All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.

Vulnerability scanner for container images and filesystems using Anchore’s vulnerability DB and Syft SBOM input.

CLI and library for generating SBOMs (SPDX, CycloneDX) from images, directories, and archives.

Expose OS state as SQL tables—processes, sockets, users, browser extensions—for fleet visibility and compliance.

Full vulnerability management stack: OpenVAS scanner, Greenbone Vulnerability Manager, feeds, and web UI for scan management.

Collaborative intrusion prevention: parse logs, apply scenarios, share reputation (optional), and block via bouncers (firewall, nginx, Cloudflare).

Daemon that watches logs and updates firewall rules to ban brute-force sources (SSH, mail, web, etc.).

Web application firewall engine for Apache, nginx, and IIS with OWASP CRS rule sets and audit logging.

Secrets management, encryption as a service, PKI, identity plugins, and dynamic credentials for apps and platforms.

Threat intelligence sharing platform: IOCs, galaxies, taxonomies, sync between communities, and API automation.

Open cyber threat intelligence platform with knowledge graph, connectors (MISP, STIX/TAXII), and investigation UI.

Security incident response platform: cases, tasks, observables, MISP sync, and timeline collaboration.

Observable analysis engine powering TheHive: run analyzers and responders against IOCs via a unified API.

Open-source security automation (SOAR) with visual workflows, webhooks, and app integrations for SOC glue code.

Application vulnerability management: ingest findings from scanners, dedupe, risk scoring, metrics, and Jira/CI hooks.

Continuous SBOM analysis platform tracking component vulnerabilities, policies, and audit trails for supply chain risk.

SCAP toolkit for compliance scanning: Oval, XCCDF, tailoring files, and remediation snippets (e.g. DISA STIG workflows).

CIS Kubernetes benchmark checker: run checks against nodes, control plane, etcd, and policies with readable reports.

Penetration testing tool for Kubernetes clusters: active hunting modules for API exposure, services, and misconfigs.

Static analysis for Terraform, CloudFormation, Kubernetes, Docker, and more—hundreds of built-in policy checks.

IaC scanner detecting security issues across Terraform, Kubernetes, Helm, Docker, and cloud APIs via OPA/Rego policies.

General-purpose policy engine with Rego: unify authorization and config decisions across K8s, APIs, Terraform plans, and CI.

Kubernetes-native policy engine using YAML (no Rego) for validate, mutate, generate, and image verification rules.

Open cloud security assessment for AWS, Azure, GCP, and M365: CIS, PCI, HIPAA-style checks and compliance reports.

Multi-cloud security auditing: AWS, Azure, GCP, Alibaba—HTML reports highlighting misconfigurations and risky resources.

Host-based IDS: log analysis, file integrity monitoring, rootcheck, and active response—ancestor lineage to Wazuh.

Endpoint visibility and DFIR: Velociraptor Query Language (VQL), hunts, notebooks, and artifact packs across fleets.

Generic signature format for SIEM/detection rules convertible to Splunk, Elastic, KQL, and many backends.

Linux distribution and platform bundling Zeek, Suricata, Elastic stack, and analyst UIs for NSM and log hunting.

Rapidly search and hunt through Windows event logs (EVTX) using Sigma-like rules and built-in threat detections.

Large-scale full packet capture, indexing, and search (SPIE) with a web UI—successor to the Moloch lineage for NSM teams.

Real Intelligence Threat Analytics: ingest Zeek logs to score beaconing, long connections, blacklisted DNS, and lateral patterns.

Collaborative incident response platform: cases, timelines, evidence, tasks, and integrations with MISP, VT, and webhooks.

Analyze files, IPs, domains, and URLs in one request by fanning out to many free/TI analyzers (YARA, PE, DNS, etc.).

Automated adversary emulation platform built on ATT&CK: planners, abilities, sandboxes, and purple-team reporting.

Library of small tests mapped to ATT&CK techniques—run via Invoke-AtomicRedTeam or CI to validate detections.

Google tool to find known vulnerabilities in open source dependencies from lockfiles, SBOMs, or directories using the OSV database.

Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.

Static analysis engine for container images: layer indexing and vulnerability matching against NVD and distro feeds.

Agentless vulnerability scanner for Linux/FreeBSD: SSH-based inventory, CVE reporting, and optional local scan modes.

CNCF eBPF-based observability for Kubernetes: gadgets for tracing DNS, TCP, exec, and security events from kubectl.

CLI to audit Kubernetes manifests and clusters for security misconfigurations (capabilities, read-only root, privileged, etc.).

eBPF-based security observability and runtime enforcement: process/exec monitoring, network hooks, and kill primitives integrated with Cilium.

Secret scanner for git history, CI, and filesystems with verified credential checks against live APIs where safe.

Open Windows EDR-oriented agent using Sysmon/ETW feeds with detection-driven artifact collection and MISP/Elastic export.

SQL layer over cloud and SaaS APIs—compose compliance and inventory queries across AWS, Azure, GCP, GitHub, Okta, and hundreds of plugins.

Rules engine for public cloud governance: tag enforcement, unused resource cleanup, KMS/SG checks, and compliance filters across AWS/Azure/GCP.

Lyft’s tool to sync AWS, GCP, Azure, GitHub, and more into a Neo4j graph for attack-path and permission analysis.

Rhino Security Labs offensive AWS testing framework: modules for privilege escalation, persistence, data exfiltration, and service-specific attacks.

Analyzes AWS IAM policies for dangerous privileges, resource exposure, and data-exfiltration patterns—outputs Markdown/HTML reports.

Malware sandbox forked from Cuckoo lineage: automated unpacking, configurable machinery, and rich reporting for analysts.

CERT.pl malware repository and collaboration platform: samples, configs, tags, Karton pipeline integration, and REST API for teams.

Thinkst low-interaction honeypot daemon emulating services (SSH, HTTP, SMB, etc.) to generate tamper-evident intrusion signals.

Medium-interaction SSH and Telnet honeypot logging brute-force, shell commands, and file drops with JSON/SFTP export options.

Open-source WAF and hardening layer with nginx core.

Open cyberfraud protection and risk analytics platform.

Whistleblowing platform for secure anonymous reporting.

LLM red-teaming framework for jailbreak and prompt-injection testing.

Community awareness document for critical web application risks.

Secret scanning for git repos and CI pipelines.

Hunt usernames across public social sites (OSINT).

OSINT automation aggregating hundreds of public data sources.

Automatic decryption and decoding helper using heuristics and ML.

Open-source antivirus engine and signature database for mail gateways, file servers, and CI scanning.

Cross-platform cleaner for cache, logs, and temporary files with optional file shredding.

Network discovery and security auditing scanner with scripting (NSE) and OS fingerprinting.

Fast and lightweight DNS proxy as ad-blocker for local network with many features

Network-wide ads & trackers blocking DNS server

A black hole for Internet advertisements

A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

A free, secure and open source app for Android to manage your 2-step verification tokens.

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

LuLu is the free open-source macOS firewall

ZITADEL - Identity infrastructure, simplified for you.

Source code for 2FAS Auth Android app

Simple, free and efficient ad-blocker and privacy guard for Windows, macOS and Linux.

Improve your security and privacy by blocking ads, tracking and malware domains.

The next-generation ad blocker for Safari.