Open Source Security Software - Page 9
Sort By:
Security Software
View 5807 business solutions-
MicroStation by Bentley Systems is the trusted computer-aided design (CAD) software built specifically for infrastructure design.MicroStation is the only computer-aided design software for infrastructure design, helping architects and engineers like you bring their vision to life, present their designs to their clients, and deliver their projects to the community.
-
The Most Powerful Software Platform for EHSQ and ESG ManagementChoose from a complete set of software solutions across EHSQ that address all aspects of top performing Environmental, Health and Safety, and Quality management programs.
-
1
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. The hacking progress is tracked on a scoreboard. Finding this scoreboard is actually one of the (easy) challenges! Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a “guinea pig”-application to check how well their tools cope with JavaScript-heavy application frontends and REST APIs. -
2
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws, authentication bypasses, and other exploitable paths in a way that resembles an actual attacker’s workflow. Instead of requiring you to manually reproduce findings, Shannon is designed to produce actionable evidence that a weakness can be weaponized, which helps teams prioritize what truly matters. It positions itself as a pre-attacker safety net, aiming to break your web app before someone else does and thereby reduce the gap between “potentially vulnerable” and “confirmed exploitable.” -
3
uncover
Discover exposed internet hosts using multiple search engine APIs
Uncover is an open source reconnaissance tool designed to quickly discover exposed hosts on the internet by querying multiple search engine APIs through a unified interface. It acts as a Go-based wrapper around well-known internet intelligence platforms, allowing users to gather information about publicly accessible systems from a single command-line tool. By integrating with services such as Shodan, Censys, FOFA, ZoomEye, and others, the tool enables security professionals to efficiently search for internet-facing assets and services. The tool is built with automation in mind, making it suitable for security workflows and pipelines used by penetration testers, researchers, and bug bounty hunters. Instead of manually querying several search engines separately, uncover aggregates results from supported providers and returns them in a standardized format. This approach simplifies large-scale reconnaissance tasks and speeds up the discovery of exposed infrastructure or services. -
4
Antivirus Live CD
4MLinux fork including ClamAV scanner
Antivirus Live CD is an official 4MLinux fork including the ClamAV scanner. It's designed for users who need a lightweight live CD, which will help them to protect their computers against viruses. Ethernet, WiFi, PPP and PPPoE are supported by Antivirus Live CD to enable automatic updates of its virus signature databases. All partitions are mounted during the boot process so that they can be scanned by ClamAV. The Antivirus Live CD ISO images are fully compatible with UNetbootin, which can be used to create an easy-to-use Antivirus Live USB. -
Loan management software that makes it easy.Bryt Software is ideal for lending professionals who are looking for a feature rich loan management system that is intuitive and easy to use. We are 100% cloud-based, software as a service. We believe in providing our customers with fair and honest pricing. Our monthly fees are based on your number of users and we have a minimal implementation charge.
-
5
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo -
6
ModSecurity
Cross platform web application firewall (WAF) engine for Apache
ModSecurity is an open-source, cross-platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language that provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. In general, it provides the capability to load/interpret rules written in the ModSecurity SecRules format and apply them to HTTP content provided by your application via Connectors. Before starting the compilation process, make sure that you have all the dependencies in place. -
7
PDFRip
A multi-threaded PDF password cracking utility
A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks. pdfrip is a fast multithreaded PDF password cracking utility written in Rust with support for wordlist-based dictionary attacks, date and number range bruteforcing, and a custom query builder for password formats. You can write your own queries like STRING{69-420} with the -q option which would generate a wordlist with the full number range. You can pass in an year as the input with the -d option which would bruteforce all 365 days of the year in DDMMYYYY format which is a pretty commonly used password format for PDFs. Just give a number range like 5000-100000 with the -n option and it would bruteforce with the whole range. -
8
Yank Note
A Hackable Markdown Note Application for Programmers
A Hackable Markdown Note Application for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacement. Use Monaco kernel, optimize for Markdown editing, and have the same editing experience as VSCode. Support version control; Applets, runnable code blocks, tables, PlantUML, Drawio, macro replacements, etc., can be embedded in the document; support for OpenAI auto-completion. Data is saved as local Markdown files, and the extension functions are implemented in the original syntax of Markdown as far as possible. Support users to write their own plug-ins to expand the functionality of the editor. Use encryption to save private files such as account number, and the password can be set separately for each file. -
9
uBlacklist
Blocks specific sites from appearing in Google search results
uBlacklist is a Google Search filter for Chrome and Firefox. uBlacklist requires many site permissions on install. They are necessary to support all domains where Google Search is provided (google.com, google.ac, google.ad, ...). You can install uBlacklist from Chrome Web Store, Firefox Add-ons or Mac App Store. To block a site that you are looking at from appearing on the search result page, click the toolbar icon. A "Block this site" dialog will be shown. In recent versions of Chrome, the toolbar icon may be hidden by default. If so, first click the puzzle piece icon. To see and edit blocked sites, open the options page. It can be accessed from the toolbar icon. Blocked sites are displayed on the top of the options page. After editing them, don't forget to press the "Save" button. -
Field Sales+ for MS Dynamics 365 and SalesforceBring Dynamics 365 and Salesforce wherever you go with Resco’s solution. With powerful offline features and reliable data syncing, your team can access CRM data on mobile devices anytime, anywhere. This saves time, cuts errors, and speeds up customer visits.
-
10
A KeePass plugin that downloads and stores favicons. A favicon is the little icon / logo used to identify many websites, typically displayed in the browser's address bar, bookmark list and on tabs.
-
11
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and maintainability over backward compatibility. Unlike OpenSSL, BoringSSL provides no guarantee of stable APIs or ABIs, meaning third-party projects depending on it may frequently break. Google products that use BoringSSL ship their own copies and update them as needed, enabling faster iteration without legacy constraints. BoringSSL includes comprehensive API documentation, build instructions, and guidance for porting code from OpenSSL. -
12
Greenplum Database
Massive parallel data platform for analytics, machine learning and AI
Rapidly create and deploy models for complex applications in cybersecurity, predictive maintenance, risk management, fraud detection, and many other areas. With its unique cost-based query optimizer designed for large-scale data workloads, Greenplum scales interactive and batch-mode analytics to large datasets in the petabytes without degrading query performance and throughput. Based on PostgreSQL, Greenplum provides you with more control over the software you deploy, reducing vendor lock-in, and allowing open influence on product direction. Greenplum reduces data silos by providing you with a single, scale-out environment for converging analytic and operational workloads, like streaming ingestion. All major Greenplum contributions are part of the Greenplum Database project and share the same database core, including the MPP architecture, analytical interfaces, and security capabilities. -
13
Headlamp
A Kubernetes web UI that is fully-featured, user-friendly
Out of the box, Headlamp is a fully functional Kubernetes UI. By leveraging its powerful plugin system, builders can shape Headlamp to fit their bespoke use cases, products, and environments. Headlamp adapts not only to a user's cluster configuration (multiple or single clusters, permissions-based UI, etc.), but its powerful plugin system allows builders to customize the experience with new functionality that fits their products. Headlamp’s plugin system makes it possible to create custom experiences with minimal effort; add/extend views, customize branding, etc. Headlamp adapts to a user’s cluster permissions. It checks RBAC and displays actions like delete or edit only if the user has permission to do so. Keeping with Headlamp’s goal of supporting a fully customizable experience, it can be run as a web app, desktop app, or both. -
14
NPS
Lightweight, high-performance, powerful intranet penetration proxy
NPS is a lightweight, high-performance, powerful intranet penetration proxy server, with a powerful web management terminal. Comprehensive protocol support, compatible with almost all commonly used protocols, such as tcp, udp, http(s), socks5, p2p, http proxy. Full platform compatibility (linux, windows, macos, Synology, etc.), support installation as a system service simply. Comprehensive control, both client and server control are allowed. Https integration, support to convert backend proxy and web services to https, and support multiple certificates. Just simple configuration on web ui can complete most requirements. Complete information display, such as traffic, system information, real-time bandwidth, client version, etc. Powerful extension functions, everything is available (cache, compression, encryption, traffic limit, bandwidth limit, port reuse, etc.) Domain name resolution has functions such as custom headers, 404 page configuration, host modification, etc. -
15
OTPLib
One Time Password (OTP) / 2FA for Node.js and Browser
A JavaScript library for generating and verifying one-time passwords (TOTP/HOTP), commonly used for two-factor authentication (2FA). -
16
mitmproxy
A free and open source interactive HTTPS proxy
mitmproxy is an open source, interactive SSL/TLS-capable intercepting HTTP proxy, with a console interface fit for HTTP/1, HTTP/2, and WebSockets. It's the ideal tool for penetration testers and software developers, able to debug, test, and make privacy measurements. It can intercept, inspect, modify and replay web traffic, and can even prettify and decode a variety of message types. Its web-based interface mitmweb gives you a similar experience as Chrome's DevTools, with the addition of features like request interception and replay. Its command-line version mitmdump allows you to write powerful addons and script mitmproxy so it can automatically modify messages, redirect traffic, and perform many other custom commands. -
17
syslog-ng
Log management solution that improves the performance of SIEM
syslog-ng is the log management solution that improves the performance of your SIEM solution by reducing the amount and improving the quality of data feeding your SIEM. With syslog-ng Store Box, you can find the answer. Search billions of logs in seconds using full text queries with Boolean operators to pinpoint critical logs. syslog-ng Store Box provides secure, tamper-proof storage and custom reporting to demonstrate compliance. syslog-ng can deliver data from a wide variety of sources to Hadoop, Elasticsearch, MongoDB, and Kafka as well as many others. syslog-ng flexibly routes log data from X sources to Y destinations. Instead of deploying multiple agents on hosts, organizations can unify their log data collection and management. syslog-ng Store Box provides automated archiving, tamper-proof encrypted storage, granular access controls to protect log data. The largest appliance can store up to 10TB of raw logs. -
18
This project is an implementation of the TCG TPM 2.0 specification. It is based on the TPM specification Parts 3 and 4 source code donated by Microsoft, with additional files to complete the implementation. See the wiki for additional support - additions to the documentation. See the companion IBM TSS at https://sourceforge.net/projects/ibmtpm20tss/
-
19
-
20
Blackbird
OSINT tool for finding accounts across 600+ sites by username or email
Blackbird is an open source OSINT tool designed to search for user accounts across social networks and online platforms using a username or email address. The project focuses on helping investigators, researchers, and security professionals quickly discover where a specific identity appears on the internet. It performs reverse searches across more than 600 websites by leveraging data from the community-driven WhatsMyName project, which improves detection accuracy and reduces false positives. The tool operates primarily through a command line interface, allowing users to run automated searches and gather results from many platforms in a single process. Blackbird also includes an optional AI-powered profiling feature that analyzes discovered sites to generate behavioral and technical insights about a user’s online presence. Results from searches can be exported in formats such as PDF, CSV, or JSON for documentation or reporting purposes. -
21
Tamper Dev
Extension that allows you to intercept and edit HTTP/HTTPS requests
If you are a developer, you can use Tamper Dev to debug your websites, or if you are a pentester, you can use it to search for security vulnerabilities by inspecting the HTTP traffic from your browser. Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server. This extension provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy, but without the need of additional software, with full support of HTTPS connections, and trivial to set-up (just install). -
22
Toutatis
Extract public Instagram account information from usernames
Toutatis is an open source command-line tool designed to extract publicly available information from Instagram accounts. It helps users gather various data points from a target profile by querying Instagram using a username or account ID. The tool can retrieve details such as profile metadata, follower counts, biography information, and other publicly accessible account attributes. In addition to basic profile data, Toutatis can also reveal contact details that may be publicly exposed, including email addresses and phone numbers associated with the account. The utility is implemented in Python and runs through a simple command-line interface, making it easy to integrate into OSINT workflows and automation scripts. Toutatis is commonly used in open source intelligence investigations, research tasks, and security analysis that involve collecting publicly available social media data. -
23
WhatsApp Beacon
OSINT tool for tracking WhatsApp online status via Web automation
WhatsApp Beacon is an open source OSINT tool designed to monitor and analyze the online activity status of WhatsApp users through WhatsApp Web. It uses Selenium automation to interact with the web interface and detect when a target account goes online or offline. By continuously monitoring these changes, WhatsApp Beacon records connectivity patterns and builds a historical dataset of activity sessions. The collected information is stored in logs and a local database, allowing users to review behavioral patterns over time. In addition, the project supports exporting collected data to spreadsheet formats for further analysis or reporting. WhatsApp Beacon is designed to run across multiple operating systems and can operate in the background using headless browser automation. It is intended for educational and research purposes related to open-source intelligence (OSINT) and digital investigation. -
24
spotify-adblock
Adblocker for Spotify
Spotify adblocker for Linux (macOS untested) works by wrapping getaddrinfo and cef_urlrequest_create. It blocks requests to domains that are not on the allowlist, as well as URLs that are on the denylist. -
25
EncFSMP
Mount EncFS folders - multiplatform style.
EncFSMP can create, mount and edit EncFS (encrypted file system) folders on Windows and Mac OS X.
