Displaying 1 to 20 from 432 results

secure - HTTP middleware for Go that facilitates some quick security wins.

  •    Go

Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many frameworks or directly with Go's net/http package.Be sure to include the Secure middleware as close to the top (beginning) as possible (but after logging and recovery). It's best to do the allowed hosts and SSL check before anything else.

oauth2-server - A spec compliant, secure by default PHP OAuth 2.0 Server

  •    PHP

league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.This library was created by Alex Bilbie. Find him on Twitter at @alexbilbie.




awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.

OpenZeppelin - A Framework to build secure smart contracts on Ethereum

  •    Javascript

OpenZeppelin is a library for writing secure Smart Contracts on Ethereum. With OpenZeppelin, you can build distributed applications, protocols and organizations. It is meant to provide secure, tested and audited code to enable the new generation of distributed applications, protocols and organizations. OpenZeppelin is a community effort to reduce the hurdle to develop and use them.

nosurf - CSRF protection middleware for Go.

  •    Go

nosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application.Even though CSRF is a prominent vulnerability, Go's web-related package infrastructure mostly consists of micro-frameworks that neither do implement CSRF checks, nor should they.

zxcvbn - Low-Budget Password Strength Estimation

  •    CoffeeScript

zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.Consider using zxcvbn as an algorithmic alternative to password composition policy — it is more secure, flexible, and usable when sites require a minimal complexity score in place of annoying rules like "passwords must contain three of {lower, upper, numbers, symbols}".


KeychainAccess - Simple Swift wrapper for Keychain that works on iOS, watchOS, tvOS and macOS.

  •    Swift

KeychainAccess is a simple Swift wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs extremely easy and much more palatable to use in Swift. Any Operation that require authentication must be run in the background thread. If you run in the main thread, UI thread will lock for the system to try to display the authentication dialog.

UICKeyChainStore - UICKeyChainStore is a simple wrapper for Keychain on iOS, watchOS, tvOS and macOS

  •    Objective-C

UICKeyChainStore is a simple wrapper for Keychain that works on iOS and OS X. Makes using Keychain APIs as easy as NSUserDefaults. Try KeychainAccess. KeychainAccess is next generation of UICKeyChainStore.

OnionBrowser - An open-source, privacy-enhancing web browser for iOS, utilizing the Tor anonymity network

  •    Objective-C

This is the Onion Browser 2.X branch, based on Endless. The old version of Onion Browser can be found here. Onion Browser is a free web browser for iPhone and iPad that encrypts and tunnels web traffic through the Tor network. See the official site for more details and App Store links.

BouncyCastle - Lightweight Cryptography API for Java and CSharp

  •    Java

Bouncy Castle Crypto APIs is a lightweight cryptography API for Java and CSharp. It has provider for the Java Cryptography Extension and the Java Cryptography Architecture. It supports TLS, PKCS7, PKCS12, OpenPGP, S/MIME, OCSP, TSP, CMP, Extended Access Control, ASN and lot more.

cleverhans - An adversarial example library for constructing attacks, building defenses, and benchmarking both

  •    Python

This repository contains the source code for CleverHans, a Python library to benchmark machine learning systems' vulnerability to adversarial examples. You can learn more about such vulnerabilities on the accompanying blog. The CleverHans library is under continual development, always welcoming contributions of the latest attacks and defenses. In particular, we always welcome help towards resolving the issues currently open.

aquatone - A Tool for Domain Flyovers

  •    Ruby

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface. AQUATONE depends on Node.js and NPM package manager for its web page screenshotting capabilities. Follow this guide for Installation instructions.

gitrob - Reconnaissance tool for GitHub organizations

  •    Ruby

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.

awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security

  •    

A collection of awesome software, libraries, documents, books, resources and cool stuff about security. Inspired by awesome-php, awesome-python.

algo - Set up a personal IPSEC VPN in the cloud

  •    Shell

Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices. See our release announcement for more information. The easiest way to get an Algo server running is to let it set up a new virtual machine in the cloud for you.

maltrail - Malicious traffic detection system

  •    Python

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware). Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs). In case of a positive match, it sends the event details to the (central) Server where they are being stored inside the appropriate logging directory (i.e. LOG_DIR described in the Configuration section). If Sensor is being run on the same machine as Server (default configuration), logs are stored directly into the local logging directory. Otherwise, they are being sent via UDP messages to the remote server (i.e. LOG_SERVER described in the Configuration section).

captcha - Captcha for Laravel 5

  •    PHP

A simple Laravel 5 service provider for including the Captcha for Laravel 5. The Captcha Service Provider can be installed via Composer by requiring the mews/captcha package and setting the minimum-stability to dev (required for Laravel 5) in your project's composer.json.

system-bus-radio - Transmits AM radio on computers without radio transmitting hardware.

  •    C

This program transmits radio on computers / phones without radio transmitting hardware. Some computers are intentionally disconnected from the rest of the world. This includes having their internet, wireless, bluetooth, USB, external file storage and audio capabilities removed. This is called "air gapping". Even in such a situation, this program can transmit radio.