Security
I use 1Password password manager for saving all my passwords, various other credentials and private notes and it has been a lifesaver thus far. Having a unique password for all my accounts and using 2FA wherever available means I should be quite safe in case any of my accounts gets breached or the password gets leaked.
Lynis - Security auditing and hardening tool, for UNIX-based systems.
SeKey - Use Touch ID / Secure Enclave for SSH Authentication.
SOPS - Editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.
ClusterFuzz - Scalable fuzzing infrastructure which finds security and stability issues in software.
RAMBleed - Reading Bits in Memory Without Accessing Them.
Sliver - General purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.
Infosec_Reference - Information Security Reference That Doesn't Suck.
Messaging Layer Security (MLS) - Security layer for encrypting messages in groups of size two to many.
Molasses - Rust implementation of the Message Layer Security group messaging protocol.
mkcert - Simple zero-config tool to make locally trusted development certificates with any names you'd like.
Boulder - ACME-based CA, written in Go.
HoneyTrap - Extensible and opensource system for running, monitoring and managing honeypots.
Flan Scan - Lightweight network vulnerability scanner.
Hardenize - Meet the new standard for network and security configuration monitoring.
american fuzzy lop - Security-oriented fuzzer.
Pwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.
is-website-vulnerable - Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
camo - HTTP proxy to route images through SSL. Making insecure assets look secure.
OSS-Fuzz - Continuous Fuzzing for Open Source Software.
Wifiphisher - Rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. (Code)
crunchy - Finds common flaws in passwords. Like cracklib, but written in Go.
Dispatch - All of the ad-hoc things you're doing to manage incidents today, done for you, and much more.
Sublist3r - Fast subdomains enumeration tool for penetration testers.
disclose.io - Cross-industry, vendor-agnostic standardization project for safe harbor† best practices to enable good-faith security research. (Code)
Awesome Zero trust - Curated collection of awesome resources for the zero-trust security model.
vaulted - Spawning and storage of secure environments.
Destructive Farm - Exploit farm for attack-defense CTF competitions.
Panther - Cloud-native platform for detecting threats with log data, improving cloud security posture, and conducting investigations.
bettercap - Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
security.txt - Proposed standard which allows websites to define security policies.
lego - Let's Encrypt client and ACME library written in Go.
hashcat - World's fastest and most advanced password recovery utility.
Brim - Open source desktop application for security and network specialists.
testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
Awake Security - Advanced Network Traffic Analysis Solution.
OpenSC - Open source smart card tools and middleware.
SnapPass - Share passwords securely.
yubikey-agent - Seamless ssh-agent for YubiKeys. (HN)
The SSO Wall of Shame - List of vendors that treat single sign-on as a luxury feature, not a core security requirement.
Password Manager Resources - Place for creators of password managers to collaborate on resources to make password management better for everyone.
gopass - Password manager for the command line written in Go.
Rosetta - Simple, scriptable file encryption tool.
OWASP Amass - In-depth Attack Surface Mapping and Asset Discovery.
Flipper Zero - Tamagochi for Hackers. (HN) (HN) (Flipper Android App) (Firmware)
DEF CON - Hacking Conference.
Payloads All The Things - List of useful payloads and bypass for Web Application Security and Pentest/CTF.
F-Secure Labs - Cyber security research and development.
Chamber - CLI for managing secrets. Currently it does so by storing secrets in SSM Parameter Store, an AWS service for storing secrets.
HowToHunt - Some Tutorials and Things to Do while Hunting Particular Vulnerability.
EarlyBird - Sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
Awesome Hacking - Curated list of hacking tools for hackers, pentesters and security researchers. (Web)
HashiCorp Boundary (2020) - Simple and secure remote access — to any system anywhere based on trusted identity. (Code) (Announcement) (HN)
mc2 - Multiparty Collaboration + Coopetition projects.
Google Security Research - Hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google.
Timesketch - Collaborative forensic timeline analysis.
XSStrike - Advanced XSS Detection Suite.
GHunt - Investigate Google Accounts with emails.
HideAndSec - Group of cybersecurity enthusiasts.
OWASP Cheat Sheets - Collection of high value information on specific application security topics. (Code)
Web Hacker's Weapons - Collection of cool tools used by Web hackers.
Spacehuhn Technologies - Open Source Hacking Tools. (GitHub)
Infection Monkey - Open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection.
OpenEDR - Free and open source platform allows you to analyze what’s happening across your entire environment at base-security-event level.
Neurax - Library for constructing self-spreading binaries.
Cloud Custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources. (Web)
Honest Security - Guide to endpoint security and device management that doesn't erode your values. (Code)
Metasploit - Penetration testing framework. (Code)
Quarkslab - Software and security services.
HackTricks - Penetration testing hacks/tricks. (Code)
Drata - Put SOC 2 Compliance On Autopilot.
Hacker Roadmap - Beginner pen-testing start guide.
Darkbit - Cloud-native security built for your business.
CALDERA - Scalable Automated Adversary Emulation Platform.
Hack The Box - Hacking Training For The Best. Individuals & Companies.
resync - Curate, monitor, and derive signal from the world's attack surface.
Aqua Security - Full lifecycle security for containers and cloud-native applications. (GitHub)
Starting Up Security - Collection of information security essays and links to help growing teams manage risks.
Secretless Broker - Secure your apps by making them Secretless.
zxcvbn - Low-Budget Password Strength Estimation.
Mobile Verification Toolkit (MVT) - Forensic tool to look for signs of infection in smartphone devices. (HN)
The Insecurity Industry (2021) - The greatest danger to national security has become the companies that claim to protect it. (HN)
Elkeid - Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
go-tuf - Go implementation of The Update Framework (TUF), a framework for securing software update systems.
Blocksec CTFs - Curated list of blockchain security Capture the Flag (CTF) competitions.
Vaultwarden - Unofficial Bitwarden compatible server written in Rust.
OWASP Top 10 2021 - Nonprofit foundation that works to improve the security of software. (Code) (HN)
