Displaying 1 to 20 from 27 results

awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.

hacker101 - Hacker101

  •    Ruby

Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.

privacy-respecting - Curated List of Privacy Respecting Services and Software


Please read the contribution guidelines before contributing. This is a list of various 'free' services whose business models are to collect as much personal data about you as possible and alternatives you can use to them if you care about not losing control of your data and your privacy.

docker-ipsec-vpn-server - Docker image to run an IPsec VPN server, with IPsec/L2TP and Cisco IPsec

  •    Shell

Docker image to run an IPsec VPN server, with both IPsec/L2TP and Cisco IPsec. Based on Debian 9 (Stretch) with Libreswan (IPsec VPN software) and xl2tpd (L2TP daemon).

setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS

  •    Shell

Set up your own IPsec VPN server in just a few minutes, with both IPsec/L2TP and Cisco IPsec on Ubuntu, Debian and CentOS. All you need to do is provide your own VPN credentials, and let the scripts handle the rest. An IPsec VPN encrypts your network traffic, so that nobody between you and the VPN server can eavesdrop on your data as it travels via the Internet. This is especially useful when using unsecured networks, e.g. at coffee shops, airports or hotel rooms.

Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers


A collection of awesome lists for hackers, pentesters & security researchers. Follow Hack with GitHub on your favorite social media to get daily updates on interesting GitHub repositories related to Security.

awesome-vehicle-security - πŸš— A curated list of resources for learning about vehicle security and car hacking


A curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car. Follow me on Twitter for more security goodness.

node-sec-roadmap - Some thoughts on how Node.js might respond to a changing security environment

  •    Javascript

The security roadmap is a gitbook publication available at nodesecroadmap.fyi.will serve the book via localhost:4000.

scrypto - Cryptographic primitives for Scala

  •    Scala

Scrypto is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications.It was extracted from Scorex, open-source modular blockchain & cryptocurrency framework.

yubikey - PHP library to interface with the Yubikey REST API

  •    PHP

This library lets you easily interface with the Yubico REST API for validating the codes created by the Yubikey. Remember, this will overwrite the current hosts in the class, so be sure you don't still need those. If you just want to add another host, look at the addHost method.

zope.security - Zope Security Framework

  •    Python

The Security framework provides a generic mechanism to implement security policies on Python objects.

striptls - proxy poc implementation of STARTTLS stripping attacks

  •    Python

A generic tcp proxy implementation and audit tool to perform protocol independent ssl/tls interception and STARTTLS stripping attacks on SMTP, POP3, IMAP, FTP, NNTP, XMPP, ACAP and IRC. --generic-ssl-intercept is a global switch to enable generic ssl/tls handshake detection and session conversion. Can be combined with any mangle/vector.

crypto.christmas - πŸ”’πŸŽ„

  •    Javascript

AKA the Twelve Days of Crypto. Spend five minutes per day for 12 days to improve your online privacy and security.

moqui-framework - Use Moqui Framework to build enterprise applications based on Java

  •    Groovy

Note that a runtime directory is required for Moqui Framework to run, but is not included in the source repository. The Gradle get component, load, and run tasks will automatically add the default runtime (from the moqui-runtime repository). For information about the current and near future status of Moqui Framework see the ReleaseNotes.md file.

vault-desktop - πŸ”‘ [really] safe password management desktop UI

  •    HTML

Using 1password? Great. But unless you use it only on offline mode your passwords are now managed by a third-party corporation. Should you trust them? No. Trust no one. Vault is designed to be stateless, that is, your passwords are not stored anywhere. All you need is to remember one passphrase. The combination of this passphrase and the service name (e.g. "twitter") will generate a unique and safe password for you.

end_to_end_encryption_rfc - This repository contains the specification for the end-to-end encryption used by the Nextcloud sync and mobile clients


This repository contains the specification for the end-to-end encryption used by the Nextcloud sync and mobile clients.

legal-bug-bounty - #legalbugbounty project — creating safe harbors on bug bounty programs and vulnerability disclosure programs


This is the #legalbugbounty standardization project. As Amit Elazari explains in her Enigma talk and her papers - the legal landscape of bug bounties is currently lacking. Safe harbor is the exception, not the standard and thousands of thousands of hunters are put in "legal's" harm way. I've suggested that bug bounty legal terms, starting with safe harbor, could and should be standardized. Once standardization of bug bounty legal language is achieved, the bug bounty economy will become an alternate private legal regime in which white-hat hacking is celebrated through regulatory incentives. Standardization will start a race-to-the-top over the quality of bug bounty terms. This project, supported by CLTC, aims to achieve standardization of bug bounty legal terms across platforms, industries and sponsors, in line with the DOJ framework, and akin to the licenses employed by Creative Commons and the open source industry. This will reduce the informational burden and increase hackers’ awareness of terms (salience). It could also signal whether a particular platform or company conforms with the standard terms that are considered best practice.

Argus-SAF - Argus static analysis framework

  •    Scala

This is official reporitory for the Argus-SAF. For test and play with Argus-SAF, you can fork from our Argus-SAF-playground project, which have the basic setup for a Argus-SAF enhanced project with demo codes of how to perform different kind of analysis.

nfr - A lightweight tool to score network traffic and flag anomalies

  •    Go

NFR is a lightweight application which processes network traffic using the AlphaSOC Analytics Engine. NFR can monitor log files on disk (e.g. Microsoft DNS debug logs, Bro IDS logs) or run as a network sniffer under Linux to score traffic. Upon processing the data, alerts are presented in JSON format for escalation. NFR expects to find its configuration file in /etc/nfr/config.yml. You can find an example config.yml file in the repository's root directory. The file defines the AlphaSOC Analytics Engine location and configuration, input preferences (e.g. log files to monitor), output preferences, and other variables. If you already have AlphaSOC API key, update the file with your key and place within the /etc/nfr/ directory.