souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 1 / 4
75 results tagged security  ✕   ✕
Everything Claude Code https://ecc.tools/
25/03/2026 cluster icon
  • Claude Code Guide : Learn the WHY behind Claude Code, not just the config
  • superpowers : Superpowers is a complete software development methodology for your coding agents, built on top of a set of composable skills and some initial instruc...
  • claude-mem : A Claude Code plugin that automatically captures everything Claude does during your coding sessions, compresses it with AI (using Claude's agent-sdk),...
  • Get Shit Done : A light-weight and powerful meta-prompting, context engineering and spec-driven development system for Claude Code, OpenCode, Gemini CLI, Kilo, Codex,...
  • Omnigent : Omnigent is an open-source AI agent framework and meta-harness: orchestrate Claude Code, Codex, Cursor, Pi, and custom agents — swap harnesses without...

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

ai agent skills security claudecode
Semgrep https://github.com/semgrep/semgrep
04/02/2025 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • GoCD : Open source continuous delivery server to model and visualize complex workflows with ease. Automate and streamline your build-test-release cycle for r...
  • dotmesh : Dotmesh captures snapshots from stateful Docker and Kubernetes applications as ’datadots‘, and gives you the ability to label, store and share them as...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...

Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.

opensource staticanalysis security bugs continuousintegration
Gitleaks https://github.com/gitleaks/gitleaks
23/05/2023 cluster icon
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Bazel : Bazel is an open-source build and test tool similar to Make, Maven, and Gradle. It uses a human-readable, high-level build language. Bazel supports pr...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
thumbnail

Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords, API keys and tokens in Git repositories. It can be used as a Git pre-commit hook or in the CI/CD pipeline.

opensource staticanalysis security test tool
TruffleHog https://github.com/trufflesecurity/trufflehog
23/05/2023 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Kali Linux : Penetration Testing Linux OS containing tools to test the security of system or a network.
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • GrumPHP : Sick and tired of defending code quality over and over again? GrumPHP will do it for you! This composer plugin will register some git hooks in your pa...
thumbnail

TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab repositories are the most popular use cases, it can also be used to scan cloud storage buckets like S3 and GCS, local files and directories and CircleCI logs. Developers can set up TruffleHog as a pre-commit hook or scan the history of existing repositories in an entire GitHub organization to detect secrets.

opensource staticanalysis security test tool
Syncthing https://syncthing.net/
21/05/2023 cluster icon
  • harry : text-mode audio file viewer
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • Gixy : Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...

Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it’s transmitted over the internet.

file backup sync tool security
tfsec https://github.com/aquasecurity/tfsec
12/04/2022 cluster icon
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
thumbnail

tfsec uses static analysis of your terraform code to spot potential misconfigurations.

security staticanalysis infrastructureascode
Grype https://github.com/anchore/grype
12/04/2022 cluster icon
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Testcontainers : Testcontainers is an open source library for providing throwaway, lightweight instances of databases, message brokers, web browsers, or just about any...
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • dotmesh : Dotmesh captures snapshots from stateful Docker and Kubernetes applications as ’datadots‘, and gives you the ability to label, store and share them as...
  • Watchtower : A container-based solution for automating Docker container base image updates.
thumbnail

A vulnerability scanner for container images and filesystems.

docker container security scan
TheHive Project https://thehive-project.org/
06/03/2022 cluster icon
  • Fider : Fider is an open platform to collect and organize customer feedback. By using the platform, your community can share, vote and discuss on ideas they h...
  • Pyroscope : Pyroscope is an open source continuous profiling platform. It will help you: Find performance issues in your code Resolve issues with high CPU utiliz...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Lemmy : Lemmy is a selfhosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means t...
  • sim : Open-source platform to build and deploy AI agent workflows.
thumbnail

A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

opensource security platform
The Bastion https://github.com/ovh/the-bastion
30/10/2020 cluster icon
  • OverTheWire: Wargames : The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
  • Better Auth : Better Auth is a framework-agnostic authentication and authorization framework for TypeScript. It provides a comprehensive set of features out of the ...
  • Ockam : Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, ...
  • Snowflake : Snowflake is a graphical SSH client. It has a enhanced SFTP file browser, SSH terminal emulator, remote resource/process manager, server disk space an...
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
thumbnail

Bastions are a cluster of machines used as the unique entry point by operational teams to securely connect to devices using ssh.
The Bastion provides mechanisms for authentication, authorization, traceability and auditability for the whole infrastructure.

ssh security tracing audit authentication authorization
How to systematically secure anything https://github.com/veeral-patel/how-to-secure-anything
06/09/2020 cluster icon
  • Security Guide for Developers : A practical security guide for web developers.
  • The SaaS CTO Security Checklist : This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your sta...
  • Everything you need to know about HTTP security headers : This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
  • CWE/SANS Top 25 Most Dangerous Programming Errors : The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in so...
thumbnail

Security engineering is the discipline of building secure systems.

Its lessons are not just applicable to computer security. In fact this repo aims to document a process for securing anything, whether it's a medieval castle, an art museum, or a computer network.

security reference
Pyre https://pyre-check.org/
10/08/2020 cluster icon
  • Flake8 : flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code....
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...

Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.

Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications.

python staticanalysis security tool
Bandit https://github.com/PyCQA/bandit
24/06/2020 cluster icon
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • Locust : Locust is an easy-to-use, distributed, user load testing tool. It is intended for load-testing web sites (or other systems) and figuring out how many ...
  • Kali Linux : Penetration Testing Linux OS containing tools to test the security of system or a network.
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
thumbnail

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

security python tool test
OpenVAS https://www.openvas.org/
29/04/2020 cluster icon
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

security scan test tool
SpiderFoot https://www.spiderfoot.net/
11/02/2020 cluster icon
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
thumbnail

With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (OSINT) about IP addresses, domain names, e-mail addresses, usernames, names, subnets and ASNs from many sources such as AlienVault, HaveIBeenPwned, SecurityTrails, SHODAN and more.

security osint scan tool
Report URI https://report-uri.com/
07/12/2019 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • REDbot : REDbot is lint for HTTP resources; it tests protocol correctness, cacheability, content negotiation and more. REDbot checks HTTP resources to see how ...
  • Prometheus : Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Prometheus's main features are: a multi-dimensio...
  • HTTP Security Report : Get an instant report of how your website measures up to the best practices. Check connection encryption, content security, information disclosure and...
  • Mockbin : Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
thumbnail

Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your site in real time you react faster and more efficiently, allowing you to rectify issues without your users ever having to tell you.

monitoring http security service
CryptPad https://github.com/xwiki-labs/cryptpad
24/11/2019 cluster icon
  • HedgeDoc : HedgeDoc (formerly known as CodiMD) is an open-source, web-based, self-hosted, collaborative markdown editor. You can use it to easily collaborate on ...
  • Conclave : Conclave is a peer-to-peer, real-time, collaborative text editor built from scratch in JavaScript. Intrigued by collaborative text editors such as Goo...
  • Riot : Riot allows teams to communicate across a wide range of collaboration apps. If some team members use Riot while others use IRC, Slack or Gitter, Riot ...
  • Kinto : Kinto is a lightweight JSON storage service with synchronisation and sharing abilities.
  • Teletype for Atom : Teletype for Atom lets developers share their workspace with team members and collaborate on code in real time.
thumbnail

CryptPad is the Zero Knowledge realtime collaborative editor.

Encryption carried out in your web browser protects the data from the server, the cloud and the NSA. It relies on the ChainPad realtime engine.

encryption collaboration realtime security editor storage opensource selfhosted
security.txt https://securitytxt.org/
10/08/2019 cluster icon
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
  • XSS (Cross Site Scripting) Prevention Cheat Sheet : The following rules are intended to prevent all XSS in your application. While these rules do not allow absolute freedom in putting untrusted data int...
  • API Security Checklist : Checklist of the most important security countermeasures when designing, testing, and releasing your API.
  • 2016 Guide to User Data Security : This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorith...
thumbnail

A proposed standard which allows websites to define security policies.

standards security
Lynis https://cisofy.com/lynis/
24/04/2019 cluster icon
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • Infection Monkey : The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The M...
  • Lighthouse : Lighthouse is an open-source, automated tool for improving the quality of web pages. You can run it against any web page, public or requiring authenti...
thumbnail

Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing.

opensource security test tool
SSL Server Test https://www.ssllabs.com/ssltest/
21/10/2018 cluster icon
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • Subgraph Vega : Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XS...
  • BounCA : BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web ...

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

https ssl security test
OpenSCAP https://www.open-scap.org/
03/10/2018 cluster icon
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...

The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines. We maintain great flexibility and interoperability, reducing the costs of performing security audits.

security tool scan
page 1 / 4
1655 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn