Top 100 security Repositories
Ranking
| Ranking | Project Name | Stars | Forks | Language | Open Issues | Description | Last Commit |
|---|---|---|---|---|---|---|---|
| 1 | the-book-of-secret-knowledge | 223,279 | 13,388 | - | 0 | A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. | 2024-11-19 |
| 2 | ECC | 188,578 | 29,184 | JavaScript | 5 | The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond. | 2026-05-20 |
| 3 | Awesome-Hacking | 112,881 | 10,341 | - | 0 | A collection of various awesome lists for hackers, pentesters and security researchers | 2026-05-07 |
| 4 | cs-video-courses | 81,524 | 11,272 | - | 0 | List of Computer Science courses with video lectures. | 2026-05-10 |
| 5 | PayloadsAllTheThings | 77,882 | 16,984 | Python | 0 | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | 2026-04-22 |
| 6 | union | 74,040 | 3,891 | Rust | 129 | The trust-minimized, zero-knowledge bridging protocol, designed for censorship resistance, extremely high security, and usage in decentralized finance. | 2026-05-22 |
| 7 | caddy | 72,662 | 4,751 | Go | 195 | Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS | 2026-05-22 |
| 8 | SecLists | 71,088 | 25,010 | PHP | 7 | SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensi... | 2026-05-23 |
| 9 | gatsby | 55,946 | 10,188 | JavaScript | 218 | React-based framework with performance, scalability, and security built in. | 2026-05-22 |
| 10 | Docker-OSX | 52,516 | 2,889 | Shell | 395 | Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers. | 2025-11-11 |
| 11 | x64dbg | 48,440 | 2,743 | C++ | 566 | An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis. | 2026-05-17 |
| 12 | mitmproxy | 43,650 | 4,575 | Python | 366 | An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. | 2026-05-21 |
| 13 | quivr | 39,160 | 3,738 | Python | 4 | Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore:... | 2025-07-09 |
| 14 | sniffnet | 37,734 | 1,526 | Rust | 57 | Comfortably monitor your Internet traffic 🕵️♂️ | 2026-05-22 |
| 15 | trivy | 35,129 | 388 | Go | 172 | Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more | 2026-05-22 |
| 16 | web-check | 33,155 | 2,684 | TypeScript | 56 | 🕵️♂️ All-in-one OSINT tool for analysing any website | 2026-05-22 |
| 17 | CheatSheetSeries | 32,076 | 4,462 | Python | 37 | The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. | 2026-05-19 |
| 18 | nginx | 30,437 | 7,925 | C | 239 | The official NGINX Open Source repository. | 2026-05-22 |
| 19 | hosts | 30,408 | 2,413 | Python | 136 | 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories. | 2026-05-20 |
| 20 | algo | 30,239 | 2,360 | Python | 66 | Set up a personal VPN in the cloud | 2026-05-20 |
| 21 | nanoclaw | 29,286 | 12,858 | TypeScript | 239 | A lightweight alternative to OpenClaw that runs in containers for security. Connects to WhatsApp, Telegram, Slack, Discord, Gmail and other messaging apps,, has memory, scheduled jobs, and runs direct... | 2026-05-22 |
| 22 | SpringAll | 28,982 | 8,130 | Java | 21 | 循序渐进,学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2,博客Spring系列源码:https://mrbird.cc | 2024-05-31 |
| 23 | nuclei | 28,817 | 3,434 | Go | 91 | Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the int... | 2026-05-23 |
| 24 | nginxconfig.io | 28,302 | 2,054 | JavaScript | 62 | ⚙️ NGINX config generator on steroids 💉 | 2024-12-14 |
| 25 | ProxmoxVE | 28,208 | 2,700 | Shell | 8 | Proxmox VE Helper-Scripts (Community Edition) | 2026-05-23 |
| 26 | setup-ipsec-vpn | 27,876 | 6,517 | Shell | 0 | Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP, Cisco IPsec and IKEv2. Supports Ubuntu, Debian, CentOS/RHEL, Amazon Linux, Alpine and Raspberry Pi. Includes client config and ... | 2026-05-22 |
| 27 | authelia | 27,863 | 1,409 | Go | 55 | The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™ | 2026-05-23 |
| 28 | How-To-Secure-A-Linux-Server | 27,428 | 1,802 | - | 32 | An evolving how-to guide for securing a Linux server. | 2026-03-05 |
| 29 | keepassxc | 27,296 | 1,802 | C++ | 766 | KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”. | 2026-05-22 |
| 30 | gitleaks | 27,223 | 2,057 | Go | 250 | Find secrets with Gitleaks 🔑 | 2026-05-21 |
| 31 | openzeppelin-contracts | 27,105 | 12,403 | Solidity | 247 | OpenZeppelin Contracts is a library for secure smart contract development. | 2026-05-22 |
| 32 | infisical | 26,986 | 1,904 | TypeScript | 243 | Infisical is the open-source platform for secrets, certificates, and privileged access management. | 2026-05-23 |
| 33 | h4cker | 26,486 | 5,033 | Jupyter Notebook | 0 | This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vu... | 2026-05-10 |
| 34 | trufflehog | 26,457 | 2,414 | Go | 257 | Find, verify, and analyze leaked credentials | 2026-05-22 |
| 35 | cilium | 24,406 | 3,782 | Go | 807 | eBPF-based Networking, Security, and Observability | 2026-05-22 |
| 36 | radare2 | 23,897 | 3,228 | C | 763 | UNIX-like reverse engineering framework and command-line toolset | 2026-05-23 |
| 37 | slim | 23,266 | 831 | Go | 187 | Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) | 2026-04-16 |
| 38 | osquery | 23,264 | 2,570 | C++ | 531 | SQL powered operating system instrumentation, monitoring, and analytics. | 2026-05-12 |
| 39 | API-Security-Checklist | 23,233 | 2,664 | - | 1 | Checklist of the most important security countermeasures when designing, testing, and releasing your API | 2026-02-10 |
| 40 | macOS-Security-and-Privacy-Guide | 22,405 | 1,461 | - | 7 | Community guide to securing and improving privacy on macOS. | 2026-01-02 |
| 41 | eladmin | 21,926 | 7,366 | Java | 11 | eladmin jpa 版本:项目基于 Spring Boot 2.7.18、 Jpa、 Spring Security、Redis、Vue的前后端分离的后台管理系统,项目采用分模块开发方式, 权限控制采用 RBAC,支持数据字典与数据权限管理,支持一键生成前后端代码,支持动态路由 | 2026-05-09 |
| 42 | sops | 21,870 | 1,027 | Go | 364 | Simple and flexible tool for managing secrets | 2026-05-18 |
| 43 | authentik | 21,593 | 1,602 | Python | 810 | The authentication glue you need. | 2026-05-23 |
| 44 | mimikatz | 21,578 | 4,121 | C | 154 | A little tool to play with Windows security | 2026-04-17 |
| 45 | matomo | 21,531 | 2,849 | PHP | 2459 | Empowering People Ethically 🚀 — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in privacy... | 2026-05-22 |
| 46 | personal-security-checklist | 21,492 | 1,447 | TypeScript | 56 | 🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026 | 2026-02-28 |
| 47 | SafeLine | 21,355 | 1,391 | Go | 87 | SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits. | 2026-05-11 |
| 48 | security-guide-for-developers | 21,086 | 1,581 | - | 0 | Security Guide for Developers | 2025-08-30 |
| 49 | Mobile-Security-Framework-MobSF | 21,065 | 3,676 | JavaScript | 20 | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ... | 2026-05-19 |
| 50 | shardingsphere | 20,725 | 6,900 | Java | 309 | Empowering Data Intelligence with Distributed SQL for Sharding, Scalability, and Security Across All Databases. | 2026-05-22 |
| 51 | Atlas | 20,663 | 733 | Batchfile | 3 | 🚀 An open and lightweight modification to Windows, designed to optimize performance, privacy and usability. | 2026-05-21 |
| 52 | teleport | 20,360 | 2,064 | Go | 2668 | The easiest, and most secure way to access and protect all of your infrastructure. | 2026-05-23 |
| 53 | chezmoi | 19,871 | 646 | Go | 49 | Manage your dotfiles across multiple diverse machines, securely. | 2026-05-19 |
| 54 | RustScan | 19,824 | 1,324 | Rust | 34 | 🤖 The Modern Port Scanner 🤖 | 2026-04-30 |
| 55 | anubis | 19,487 | 604 | Go | 242 | Weighs the soul of incoming HTTP requests to stop AI crawlers | 2026-05-19 |
| 56 | universal-android-debloater | 19,355 | 1,020 | Rust | 497 | Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device. | 2024-08-02 |
| 57 | bettercap | 19,240 | 1,641 | Go | 43 | The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks. | 2026-05-21 |
| 58 | cutter | 18,881 | 1,365 | C++ | 468 | Free and Open Source Reverse Engineering Platform powered by rizin | 2026-05-22 |
| 59 | DB-GPT | 18,819 | 2,710 | Python | 369 | open-source agentic AI data assistant for the next generation of AI + Data products. | 2026-05-21 |
| 60 | CS-Interview-Knowledge-Map | 18,281 | 2,537 | - | 29 | Build the best interview map. The current content includes JS, network, browser related, performance optimization, security, framework, Git, data structure, algorithm, etc. | 2020-05-03 |
| 61 | fail2ban | 17,816 | 1,478 | Python | 158 | Daemon to ban hosts that cause multiple authentication errors | 2026-05-11 |
| 62 | nebula | 17,367 | 1,132 | Go | 50 | A scalable overlay networking tool with a focus on performance, simplicity and security | 2026-05-22 |
| 63 | Obtainium | 17,230 | 479 | Dart | 377 | Get Android app updates straight from the source. | 2026-04-16 |
| 64 | hydra | 17,160 | 1,574 | Go | 101 | Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service on ... | 2026-05-21 |
| 65 | DOMPurify | 17,022 | 848 | JavaScript | 0 | DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: | 2026-05-22 |
| 66 | javascript-obfuscator | 16,062 | 1,726 | TypeScript | 31 | A powerful obfuscator for JavaScript and Node.js | 2026-05-21 |
| 67 | lynis | 15,668 | 1,594 | Shell | 165 | Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. | 2026-05-11 |
| 68 | wazuh | 15,663 | 2,312 | C++ | 2748 | Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads. | 2026-05-23 |
| 69 | 90DaysOfCyberSecurity | 15,536 | 1,762 | - | 4 | This repository contains a 90-day cybersecurity study plan, along with resources and materials for learning various cybersecurity concepts and technologies. The plan is organized into daily tasks, cov... | 2026-03-14 |
| 70 | hacker-roadmap | 15,341 | 1,705 | - | 2 | A collection of hacking tools, resources and references to practice ethical hacking. | 2023-10-16 |
| 71 | zaproxy | 15,163 | 2,554 | Java | 820 | The ZAP by Checkmarx Core project | 2026-05-22 |
| 72 | cryptomator | 15,150 | 1,290 | Java | 286 | Cryptomator for Windows, macOS, and Linux: Secure client-side encryption for your cloud storage, ensuring privacy and control over your data. | 2026-05-18 |
| 73 | systeminformer | 14,768 | 1,695 | C | 256 | A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.co... | 2026-05-23 |
| 74 | wifiphisher | 14,596 | 2,728 | Python | 333 | The Rogue Access Point Framework | 2026-05-22 |
| 75 | hacker101 | 14,418 | 2,662 | SCSS | 0 | Source code for Hacker101.com - a free online web and mobile security class. | 2025-02-22 |
| 76 | awesome-security | 14,359 | 2,242 | - | 31 | A collection of awesome software, libraries, documents, books, resources and cools stuffs about security. | 2026-01-11 |
| 77 | dirsearch | 14,282 | 2,436 | Python | 27 | Web path scanner | 2026-05-22 |
| 78 | nginx-admins-handbook | 14,155 | 1,124 | Shell | 3 | How to improve NGINX performance, security, and other important things. | 2024-11-19 |
| 79 | bytebase | 14,049 | 938 | Go | 148 | World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps. | 2026-05-21 |
| 80 | zuul | 14,013 | 2,439 | Java | 0 | Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more. | 2026-05-22 |
| 81 | openvpn | 13,970 | 3,333 | C | 165 | OpenVPN is an open source VPN daemon | 2026-05-22 |
| 82 | gophish | 13,866 | 2,895 | Go | 653 | Open-Source Phishing Toolkit | 2024-09-23 |
| 83 | prowler | 13,862 | 2,147 | Python | 78 | Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment. | 2026-05-23 |
| 84 | fscan | 13,850 | 1,893 | Go | 15 | 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。(An intranet comprehensive scanning tool, enabling one-click automated, all-round vulnerability scanning) | 2026-05-22 |
| 85 | opennhp | 13,790 | 2,489 | Go | 1 | A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world. | 2026-05-23 |
| 86 | opensnitch | 13,672 | 632 | Python | 144 | OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch. | 2026-04-17 |
| 87 | tink | 13,539 | 1,183 | Java | 0 | Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. | 2024-04-17 |
| 88 | secguide | 13,511 | 1,950 | - | 33 | 面向开发人员梳理的代码安全指南 | 2023-03-20 |
| 89 | crowdsec | 13,406 | 623 | Go | 210 | CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. | 2026-05-22 |
| 90 | awesome-web-security | 13,391 | 1,780 | Python | 3 | 🐶 A curated list of Web Security materials and resources. | 2026-05-14 |
| 91 | GTFOBins.github.io | 13,252 | 1,601 | YAML | 5 | GTFOBins is a curated list of Unix-like executables that can be used to bypass local security restrictions in misconfigured systems. | 2026-04-20 |
| 92 | juice-shop | 13,185 | 18,090 | TypeScript | 10 | OWASP Juice Shop: Probably the most modern and sophisticated insecure web application | 2026-05-19 |
| 93 | routersploit | 13,118 | 2,399 | Python | 86 | Exploitation Framework for Embedded Devices | 2026-05-05 |
| 94 | DVWA | 13,100 | 4,862 | PHP | 1 | Damn Vulnerable Web Application (DVWA) | 2026-05-10 |
| 95 | nmap | 12,927 | 2,811 | C | 521 | Nmap - the Network Mapper. Github mirror of official SVN repository. | 2026-05-18 |
| 96 | keeweb | 12,926 | 1,150 | HTML | 426 | Free cross-platform password manager compatible with KeePass | 2026-05-08 |
| 97 | mastg | 12,902 | 2,738 | Python | 188 | The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP ... | 2026-05-22 |
| 98 | user.js | 12,549 | 558 | JavaScript | 14 | Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening | 2026-05-12 |
| 99 | mvt | 12,425 | 1,212 | Python | 39 | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. | 2026-05-16 |
| 100 | urh | 12,416 | 1,004 | Python | 54 | Universal Radio Hacker: Investigate Wireless Protocols Like A Boss | 2025-12-19 |