searchpass - A simple tool for offline searching of default credentials for network devices, web applications and more

  •        8

Searchpass is a simple tool for offline searching of default credentials for network devices, web applications and more.



Related Projects

repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys

  •    Go

Check the entire history of the current branch for secrets. See example in this repo.

snappass - It's like SnapChat... for passwords.

  •    Javascript

It's like SnapChat... for Passwords. This is a webapp that lets you share passwords securely.

masterkey - secure interactive password manager with xchacha20poly1305, argon2id, and Go

  •    Go

masterkey is a simple, secure password manager written in Go. It uses xchacha20poly1305 for authenticated encryption and argon2id for key derivation. It stores credentials given a location, where each credential is represented by a Username and a Password. Locations, Usernames, and Passwords are always encrypted using a argon2id key derived from the input passphrase. Unlike password-store and a few other password managers, an attacker with access to the encrypted database can not discern exactly how many passwords are stored, the labels (locations) for the passwords, or the usernames associated with the passwords. Now create your vault, in this example we'll create it at ./vault.db. New vaults are created using the -new flag, existing vaults can be opened by simplly omitting the -new flag.

otp - TOTP library for Go

  •    Go

One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, Github, Facebook, Salesforce and many others. The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.

Scanners-Box - The toolbox of open source scanners - 安全行业从业者自研开源扫描器合辑


Scanners Box is a collection of open source scanners which are from the github platform, including subdomain enumeration, database vulnerability scanners, weak passwords or information leak scanners, port scanners, fingerprint scanners, and other large scale scanners, modular scanner etc. For other Well-known scanning tools, such as: awvs,nmap,w3af will not be included in the scope of collection. The purpose of this collection is to provide various types of opensource security scanning tool that can help Internet companies to be more safer.

NodeJsScan - NodeJsScan is a static security code scanner for Node.js applications.

  •    Python

Static security code scanner (SAST) for Node.js applications. The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.

Cierge - 🗝️ Passwordless OIDC authentication done right

  •    CSharp

Cierge is an OpenID Connect server that handles user signup, login, profiles, management, social logins, and more. Instead of storing passwords, Cirege uses magic links/codes and external logins to authenticate your users. Passwords are insecure by default. Cierge does away by the illusion of security passwords give ("forgot password" usually relies upon email-based auth at the end of the day).

NoKey - A distributed password manager without a master password

  •    Elm

NoKey is a distributed password manager that works without a master password. Instead, you can unlock your passwords by confirming from another device. E.g. if you need a password on your PC, you only have to confirm this on your phone. No need to remember any passwords.

SecLists - SecLists is the security tester's companion

  •    PHP

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed. This project is maintained by Daniel Miessler and Jason Haddix.

thc-hydra - hydra

  •    C

Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

gitrob - Reconnaissance tool for GitHub organizations

  •    Ruby

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.


  •    CSharp

Allows standard users to unlock a locked windows workstation!

Tcpcrypt - Encrypting the Internet

  •    C

Tcpcrypt is a protocol that attempts to encrypt (almost) all of your network traffic. Unlike other security mechanisms, Tcpcrypt works out of the box: it requires no configuration, no changes to applications, and your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP.

Crypter - An innovative, convenient and secure cross-platform encryption app 🔒⬅️ ✨➡️🔓

  •    Javascript

Encrypt unlimited bits. Remember only a bit. Crypter is a cross-platform crypto app that makes encryption and decryption convenient while still upholding strong security. It tackles one of the weakest links in most security systems today - weak passwords. It simplifies secure password generation and management and requires you to only remember one bit - your MasterPass.

KeypItSafe Password Vault


KeypItSafe Password Vault Easily and safely store your website passwords on your computer - or go mobile in just a few clicks! What is KeypItSafe? KeypItSafe is a free open source password manager that helps you store and manage all of your passwords securely on your ...

zxcvbn - Low-Budget Password Strength Estimation

  •    CoffeeScript

zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".

Publicly Available PAssworDs

  •    C++

Program to capture cleartext passwords from the network. It is a useful tool to assess the security of network software at your site.

CreateUserPkg - This project has been archived and is no longer maintained

  •    PostScript

Please see the blog post. 10.13 doesn't appear to support SHA1 passwords anymore, and this project needs to be updated to create PBKDF2 passwords (see Security Notes below). This utility creates packages that create local user accounts when installed. The packages can create users on 10.5+, and they are compatible with all workflows that can install standard installer pkgs. For the details on how the packages work, see Greg Neagle's article in the May 2012 issue of MacTech.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.