Security & Privacy
Network security, encryption and privacy protection technologies
List of free software network services and web applications that can be hosted on your own server.
A collection of inspiring lists, manuals, memos, blogs, hacking tools, one-liners, CLI/Web tools, etc. This project brings together a variety of interesting and practical technical resources aimed at providing inspiration and knowledge for tech enthusiasts.
A selected list of computer science video courses covering areas such as introduction to computer science, data structures and algorithms, system programming, software engineering, artificial intelligence, machine learning, etc., including open courses from famous universities and professional lecturer courses.
A lightweight web server written in Go. Compared to well-known web servers like Apache and Nginx, its distinctive feature is that it provides a compiled executable file, achieving true out-of-the-box functionality. It offers humanized features such as free HTTPS without any configuration and automatically converting Markdown files into HTML. For building small to medium-sized web services, it is more than sufficient and saves time and effort.
A project that integrates various hacking tools, including password cracking, SQL injection, phishing attacks, cross-site scripting attacks (XSS), distributed denial of service attacks (DDoS), etc. This project brings together a variety of hacking techniques with the aim of helping security researchers, white hat hackers, and security enthusiasts better understand cybersecurity and conduct legal security testing.
Reverse engineering the well-known hexadecimal editor Hex to see what's inside
OWASP (Open Web Application Security Project) has produced a technical quick reference table covering user authorization verification, access control, cross-site request forgery, Docker security, session management, SQL injection and other technical quick reference tables related to web security.
A backend development tool open-sourced by Digital Ocean, a well-known cloud server vendor. Through a more humanized visual interface, it helps you quickly set up and generate Nginx configuration files.
Hosts file integration and extension: This project integrates multiple carefully planned source host files, merges them into a unified host file, and removes duplicates. Such integration provides a comprehensive host file, allowing users to choose different customized host files according to their needs to achieve better network security and ad blocking effects.
nginx - nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server and a general TCP / UDP proxy server, originally written by Igor Sysoev.
A powerful open source free website analysis tool that can analyze IP information, SSL chain, DNS records, cookies, domain name information, server location, website performance, etc. of any website.
A powerful and user-friendly network monitoring tool designed for real-time viewing and analysis of device network traffic. This application has a simple interface and practical functions, which can help users easily monitor network usage, suitable for network administrators and ordinary users who want to keep an eye on their network activities.
Cilium - Cilium provides and transparently protects network connectivity and load balancing between application workloads such as application containers or processes
Fully open source, end-to-end encrypted alternative to Google Photos and Apple Photos.
A security tool focused on discovering and verifying credentials in projects. It can scan code repositories, find and report possible credential leaks such as API keys, passwords, and tokens. TruffleHog is one of the key tools to ensure the security of code repositories and prevent sensitive information leaks.
A guide on how to secure Linux servers, covering SSH configuration, basic security measures, network firewalls, system auditing and other security enhancements, with detailed steps and recommendations.
A free YouTube app that focuses on protecting user privacy. It allows users to browse, watch and subscribe to YouTube videos without tracking their activities. FreeTube aims to provide a privacy-friendly way to access YouTube without being interfered by ad tracking or data collection. This is an application dedicated to maintaining user privacy rights.
The authentication glue you need.
Tencent developers have open-sourced the "Code Security Guide" on GitHub, which aims to sort out the risk points at the API level and provide detailed and feasible security coding schemes. It includes multiple versions of different programming languages such as C/C++, JavaScript, Node, Go, Java, Python, etc.
Wazuh, a free and open source security platform on GitHub, integrates threat prevention, vulnerability detection, risk response, and security monitoring. In addition, this open source platform also provides search engines and data visualization tools, allowing users to browse and configure project security monitoring information more intuitively.
A browser data export decryption tool that can run on all platforms and is open source, supporting the decryption of exported content such as passwords, history records, cookies, bookmarks, etc.
Collects and summarizes some resources related to Web security
An open-source end-to-end encrypted note-taking software that can be used as an alternative to Evernote. This project provides features such as note sharing, history tracing, personalized theme customization, rich text editing, and supports exporting notes in formats such as PDF and Markdown.
A free, ad-free offline map application for Android and iOS platforms. It utilizes OpenStreetMap data to provide detailed offline maps for travelers, tourists, hikers, and bikers, supporting features such as cycling routes, voice navigation, contour lines, elevation profiles, peaks, and slopes. This application allows users to easily explore the world without worrying about network connections and ad interference.
A powerful and comprehensive security assessment tool, which is created by several experienced frontline security practitioners. It supports the detection of vulnerabilities such as XSS vulnerabilities, SQL injection, command/code injection, file upload, etc.
An open source meta search engine that provides users with a clean, ad-free Google meta search engine, focusing on privacy security and supporting hosting on private servers.
A detailed guide to planning and tools involved in creating a secure Linux production system
An open source security engineering guide, this guide will take you through the basics of computer network security related to security engineering, security architecture, system defense reinforcement, vulnerability detection, etc.
A "Red Team Security Attack and Defense Tool List" includes a series of security attack and defense tools such as intelligence collection, vulnerability scanning, phishing, penetration testing, terminal remote access, WiFi attacks, and backdoor implantation in embedded devices.
An open-source screen sharing tool that allows you to choose from three sharing modes: full-screen, window, and browser tabs. It offers lower latency and higher quality screen sharing experience.
An open source IP toolbox that can check IP addresses, geographical locations, DNS leaks, internet speed tests, Ping tests and website availability, etc., providing 258 security checklists with detailed explanations.
An enterprise internal SRE technology course open-sourced by LinkedIn on GitHub. It mainly includes Linux, Git, Python, Web, MySQL, big data, system design, network security and other contents.
An open source "Web Security Testing Guide" can be used to test and check the security of Web projects, making it easier to protect against vulnerabilities in a timely manner.
Graylog - An open source log platform built on open standards that seamlessly collects, enriches, stores and analyzes log data
Dependency-Check is a Software Composition Analysis (SCA) tool designed to identify publicly disclosed vulnerabilities in project dependencies by matching them against Common Platform Enumeration (CPE) identifiers and linking to associated CVE entries. It supports multiple integration methods, including CLI, Maven, Gradle, Ant, and Jenkins, and requires Java 11 or higher. The tool relies on the NVD API for vulnerability data, with an API key highly recommended for optimal performance. It supports various technologies like .NET, Go, Ruby, and npm, and can be used in CI environments with caching strategies to manage rate limits. Dependency-Check generates detailed reports and is licensed under Apache 2.0.
I recommend a practical Python script tool: pyWhat, which can quickly extract IP addresses, email addresses, credit cards, digital currency wallet addresses, YouTube videos, and other content from information. Moreover, pyWhat can also scan files and directories, quickly obtain core information through recursive search, and perform operations such as screening, filtering, sorting, and exporting on the results.
A comprehensive cybersecurity platform that integrates multiple cybersecurity tools to provide a one-stop solution from penetration testing to threat analysis. It is suitable for security experts and developers to protect networks and applications from various cyber threats.
A web security learning note, which helps you learn some basic knowledge such as internal network penetration, vulnerability attack and security defense
To protect personal data security, GitHub user ffffffff0x has compiled a set of solutions that integrate digital privacy collection, protection, and cleaning, as well as open source intelligence (OSINT) countermeasures.
Solidity Security: A Comprehensive List of Known Attack Methods and Common Defense Patterns, translated by the SlowMist Security Team
A list of (pure) front-end technologies covering front-end performance optimization, automated testing, engineering, and tools
A collection of safety PPTs from various fields and companies
An open source vulnerability scanning tool that can scan vulnerabilities in Web containers, Web servers, Web middleware and CMS, etc. Web programs, and has the function of vulnerability exploitation.
Portus - Portus is an authorized server and provides a user interface for the next generation Docker Registry.
A collection of super prompts for ChatGPT on GitHub, which collects jailbreak prompts for ChatGPT, GPT agent prompts, prompt injection and protection, various GPT prompts, and Prompt Engineering learning materials, etc. The content is comprehensive and continuously updated.
A middleware that can convert temporary IP to fixed IP, supports multiple protocols, dynamic acquisition, automatic verification, and high concurrency asynchronous processing, suitable for network operation scenarios that require frequent IP replacement.
A system for monitoring GitHub code repositories, which enterprises can use to promptly discover internal code leaks
A backend scaffolding that supports rapid development on GitHub, which can quickly build enterprise-level back-end management systems and provide various convenient starters for functional expansion. It mainly includes front-end and back-end user separation, menu permissions, data permissions, scheduled tasks, access logs, operation logs, exception logs, unified exception handling, XSS filtering, SQL injection prevention, internationalization, and other functions.
A management tool that allows you to quickly access project infrastructure such as Kubernetes and databases. It integrates simple and easy-to-use command line tools, supports configuration synchronization, permission management, logging, API expansion, and other functions. Currently, the project's features are still being continuously updated and iterated.
A personal data breach detection website
A list of PHP security-related resources
An open-source knowledge management software: Cuby Text, which manages content through blocks to make information more organized. The software interface is fresh and simple, with data stored locally for faster search and retrieval, and it supports mainstream operating systems such as Windows, Linux, and macOS.
A simple and powerful website analysis tool that can complete website analysis, performance testing, SEO optimization suggestions with one click, and export complete offline HTML analysis results for website analysis optimization.
