sbilly / awesome-security Goto Github PK
View Code? Open in Web Editor NEWA collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
License: MIT License
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
License: MIT License
This description is totally incorrect:
LunaSec - Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.
Best regards
Yuli
Is it worth including the canonicle list in your list? Seems like it would make sense.
This API has been unmaintained for several years, I'm the new owner and keeping it maintained now
Interested in a PR?
BusKill is an open-source hardware and software project that uses a hardware tripwire/dead-man-switch (a usb cable with a magnetic breakaway) to trigger your computer to lock or shutdown if the user is physically separated from their machine.
The following guide describes how BusKill can be configured to wipe the LUKS Header (containing the FDE key) and its metadata. It shows a video demo where the machine wiped the keys & powered-off in <6 seconds, and it includes a post-execution forensic analysis in Kali with bulk_extractor
Please consider adding this tool to your list. I'd recommend adding it under Forensics
or under a new category Anti-Forensics
or Hardware
.
Thanks for your great list. It made me decide to fully delegate to this repo for Security-related stuff (related issue: humanetech-community/awesome-humane-tech#35). The curation needs expertise I do not have, and the field is way larger than what I'd wish to include.
This inclusion means that you are now eligible to wear our 'humanetech' badge - if you like that - by placing this somewhere on your README:
[![Awesome Humane Tech](https://raw.githubusercontent.com/humanetech-community/awesome-humane-tech/main/humane-tech-badge.svg?sanitize=true)](https://github.com/humanetech-community/awesome-humane-tech)
Which yields:
The change also means entries have been removed from awesome-humane-tech. Some of them don't exist here but seem a good fit, and if you could indicate if they are good candidates I can PR them. These projects are:
An unknown error occurred.
APT was unable to find this package.
Please try refreshing your sources
Error = 2 Permission denied No such
file or directory
/var/jb/usr/bin/apt-get
And this also,
An unknown error occurred.
APT was unable to find this package.
Please try refreshing your sources
Error = 2 No such file or directorv No
such file or directory
/var/jb/usr/bin/apt-get
Originally posted by @TnmSarun in pinauten/Fugu15#81
AWS Web Application Firewalls (WAFs) protect web applications and APIs from typical attacks from the Internet that can compromise security and availability, and put undue strain on servers and resources. The AWS WAF provides prebuilt security rules that help control bot traffic and block attack patterns. You can also create your own rules based on your own requirements. In simple scenarios and for smaller applications, this is very easy to implement on an individual basis. However, in larger environments with tens or even hundreds of applications, it is advisable to aim for central governance and automation. This simple solution helps you deploy, update and stage your Web Application Firewalls while managing them centrally via AWS Firewall Manager.
https://github.com/globaldatanet/aws-firewall-factory/tree/master
The following links are broken in the README.md
In ./README.md on line 254, link: http://mig.mozilla.org/
In ./README.md on line 272, link: http://torstatus.blutmagie.de/
In ./README.md on line 306, link: https://spyse.com/
In ./README.md on line 337, link: https://api.github.com/repos/apps/guardrails
In ./README.md on line 429, link: https://amzn.to/2uWh1Up
In ./README.md on line 268, link: https://www.dshield.org/reports.html
In ./README.md on line 265, link: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ
The info above was generated from the workflow I pull requested in #225. Thought you would find it useful to have this list whether or not you accept the PR.
Hi, we just developed a tool for developers to be aware of Supply Chain Security - Overlay:
Since there is no specific awesome list for Supply Chain Security, I'm thinking about adding it here.
Under which category should I add it?
Hello, I wrote a tool that can validate README links (valid URLs, not duplicate). It can be run when someone submits a pull request.
It is currently being used by
Examples
If you are interested, connect this repo to https://travis-ci.org/ and add a .travis.yml
file to the project.
See https://github.com/dkhamsing/awesome_bot for options, more information
Feel free to leave a comment 😄
https://www.enisa.europa.eu/publications/smartphone-secure-development-guidelines-2016
Good document to include here I'd say.
Adding SecApps would be nice. Alternatively, it would be possible to go through and add some the individual tools referenced there.
https://github.com/owasp/nodegoat has a docker image which I've done quite a bit of work on and works well, may be worth adding. Let me know if you would rather have a PR?
Here is the wiki around security regression testing for NodeGoat <-> ZAP that has a video teaser also.
Hi,
You can add Karma to your list.
Karma is a free web solution that can be used to add the organization assets (domains, websites, networks, etc), and Karma periodically search this assets on various Threat Intelligence Feeds and reports if any of this assets is listed.
Also, Karma alerts on bad configurations, like DNS open zone transfers, bad SSL configurations and more.
Link: https://karma.securetia.com
Regards!
Hi,
I just noticed this list and linked to it from my awesome-sysadmin repo.
There were some duplicates, but my list had some tools which are not already on here. I'm not sure where to sort them though – here's the list, in italics behind the entries are my suggestions on where to sort it.
Please tell me where these tools belong (or if they're not awesome enough) and I come up with a short description and create a PR.
- Blackbox - Safely store secrets in Git/Mercurial. Provides tooling to automatically encrypt secrets like passwords. _DevOps?_
- Denyhosts - Thwart SSH dictionary based attacks and brute force attacks. _IPS_
- Fail2Ban - Scans log files and takes action on IPs that show malicious behavior. _IPS_
- FIR - Fast Incident Response, a cybersecurity incident management platform. _SIEM_
- fwknop - Protects ports via Single Packet Authorization in your firewall. _IPS/Firewall?_
- Linux Malware Detect - A malware scanner for Linux designed around the threats faced in shared hosted environments. _Scanner_
- Nmap - Nmap is a free and open source utility for network discovery and security auditing. _Scanner_
- OSQuery - Query your servers status and info using a SQL like interface. _DevOps?_
- pfSense - Firewall and Router FreeBSD distribution. _IPS/Firewall?_
- SpamAssassin - A powerful and popular email spam filter employing a variety of detection technique. _not sure_
- SSHGuard - A software to protect services in addition to SSH, written in C _IPS_
I suggest to add a new category "Firewall" to distinguish that from IDS/IPS.
I'd love to see and be able to contribute to a VPS section. Items like OSSEC are really Host IDS rather than Network IDS. There are also other offerings very similar to Snyk that are free and open source.
Source for my books:
https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle0
https://github.com/binarymist/HolisticInfoSec-For-WebDevelopers-Fascicle1
Just wondering where stealth is on the list of HIDS?
I've had very good success with it, and have tried a bunch of HIDS and evaluated them based on use within my networks.
With clear guidelines when and how to contribute.
See https://github.com/sindresorhus/awesome/blob/master/awesome.md#include-contribution-guidelines
Under https://github.com/sbilly/awesome-security#mobile--android--ios adding project "hardened_malloc" would be nice.
Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
Amass is the most In-depth subdomain enumeration tool and performs DNS OSINT. This could fall under 'Scanning / Pentesting' on your awesome list. The Amass project can be found using the link below:
https://github.com/caffix/amass
Thanks in advance!
C-Shopping-RN APP
This is a complete App developed by React Native (Expo). It is a beautiful e-commerce shopping application.
App open source address: https://github.com/huanghanzhilian/c-shopping-rn
Full stack open source address: https://github.com/huanghanzhilian/c-shopping
Share on Social Media:
Twitter:
Share on Twitter
Reddit:
Share on Reddit
Connect Your Wallet:
Verify Eligibility:
After sharing and connecting your wallet, wait for 24 hours to verify your eligibility.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.