Security

Maltrail

by


Maltrail

Website

Source Code

License: MIT License

Description:

Maltrail is a malicious traffic detection system that uses public blacklists and heuristics to detect suspicious network activity; it uses a sensor-server architecture and is implemented in Python.

Syft

by


Syft

Website

Source Code

License: Apache-2.0 license

Description:

Syft is a CLI tool and library for generating SBOMs from container images, filesystems, and other artifacts; exports to SPDX/CycloneDX formats and integrates with Grype for vulnerability scanning.

Grype

by


Grype

Website

Source Code

License: Apache-2.0 license

Description:

A vulnerability scanner for container images and filesystems; scans SBOMs and images to identify known vulnerabilities, integrates with Syft and OpenVEX for composable, auditable results.

SpiderFoot

by


SpiderFoot

Website

Source Code

License: MIT license

Description:

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of methods for data analysis, making that data easy to navigate.

SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line. It’s written in Python 3 and MIT-licensed.

fnox

by
fnox

Website

Source Code

License: MIT

Description:

encrypted/remote secret manager. A cross-platform toolset for securely storing and retrieving secrets, with support for age encryption and cloud secret managers (AWS, Azure, GCP), plus OS Keychain and shell integration to load secrets on demand.

OpenThreat

by


OpenThreat

Website

Source Code

License: AGPL-3.0

Description:

OpenThreat is a free, open-source platform for tracking CVEs and security threats. It aggregates data from trusted sources (NVD, CISA KEV, BSI CERT-Bund) into a REST API with a Next.js frontend and PostgreSQL backend, enabling advanced search, filters, and real-time threat intelligence.

Clear NDR Community

by
Clear NDR Community

Website

Source Code

License: GPL-3.0-or-later

Description:

Clear NDR Community is an open-source Suricata-based network detection and response distribution (NSM/IDS). A turnkey Linux stack (Docker or Debian ISO) incorporating Suricata, OpenSearch, EveBox, Arkime, and Scirius; successor to SELKS. Licensed under GPL-3.0-or-later.

BruteForceAI

by
BruteForceAI

Website

Source Code

License: Non-Commercial License

Description:

BruteForceAI is an advanced penetration-testing tool that uses LLMs to analyze login forms and automate multi-threaded brute-force and password-spray attacks, with AI-discovered selectors, evasion features, and webhook notifications for authorized testing.

garak

by
garak

Website

Source Code

License: Apache-2.0

Description:

garak is an open-source LLM vulnerability scanner that probes for weaknesses in large language models, including hallucination, data leakage, prompt injection, misinformation, toxicity, jailbreaks, and more, using static, dynamic, and adaptive probes.