Welcome to the Open Source Security List
This initiavite first came up one night upon talking amongst each other. Conversing about the hardships that different organizations faced. Not to mention that within the community we often see other peers ridiculing the notion of Open-Source. One thing that should be understood is that Open-Source is not terrible. Obvious reasoning being that the code is public and available for fuzzing. Let's be real if someone really wanted to attack an organization with closed source software then they would just use money to purchase the same technology. No matter what every organization needs to have some form of security in place. That being said we are asking everyone to please share this with anyone you think needs this.
We also know that there are many more tools out there, so please feel free to fork this off and add what ever tool you feel fits!
Lets begin the journey!
Project Management:
- Trello https://trello.com/en-US
- MeisterTask https://www.meistertask.com/
- Wrike https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjk6tr6tpvjAhUE4MgKHbv2BR0YABAAGgJxdQ&ohost=www.google.com&cid=CAESEeD20Zpi5P6sIDYSwTN0R6sH&sig=AOD64_3sIr0fiuILpk9tST2kZvVEHO3JnA&q=&ved=2ahUKEwiC_NL6tpvjAhVlu1kKHQsgBtoQ0Qx6BAgOEAE&adurl=
- Bitrix24 https://www.bitrix24.com/
- Teamwork Projects https://www.teamwork.com/project-management-software/
- Todoist https://todoist.com/?lang=en
- Zenkit https://zenkit.com/en/
- Wekan https://wekan.github.io
Asset Management + Supply Chain:
- Snipe-IT https://github.com/snipe/snipe-it
- Ralph https://github.com/allegro/ralph
- Open Boxes https://github.com/openboxes/openboxes
- Spiceworks https://www.spiceworks.com
Vulnerability Management:
- Faraday https://github.com/infobyte/faraday
- Archery Sec https://github.com/archerysec/archerysec
- Jackhammer https://github.com/olacabs/jackhammer
- Watchdog https://github.com/flipkart-incubator/watchdog
- OpenVAS https://sectools.org/tool/openvas/
Configuation Mangement:
- MGMT https://github.com/purpleidea/mgmt
- Chef https://downloads.chef.io/
- Puppet https://puppet.com/download-open-source-puppet
- CFengine https://cfengine.com/product/free-download/
- Juju https://github.com/juju/juju
- Rudder https://www.rudder.io/en/
- Ansible https://www.ansible.com/
- Terraform https://www.terraform.io/downloads.html
- Vagrant https://www.vagrantup.com/downloads
- Bcfg2 http://bcfg2.org/download/
- Saltstack https://www.saltstack.com
SIEM:
- OSSEC https://www.ossec.net/
- WAZUH https://wazuh.com/
- ZEEK https://www.zeek.org/
VPN:
- OpenVPN https://openvpn.net/
- Libreswan VPN https://libreswan.org/
- strongSwan https://www.strongswan.org/
- OpenConnect http://www.infradead.org/openconnect/
- Social VPN http://ipop-project.org/
- SoftEther VPN https://www.softether.org/
- Tinc VPN http://www.tinc-vpn.org/
Linux & Windows System Hardener:
- Lynis https://github.com/CISOfy/lynis
- Microsoft Attack Surface Analyzer https://github.com/microsoft/AttackSurfaceAnalyzer
- Microsoft Baseline Security Analyzer https://www.microsoft.com/en-us/download/details.aspx?id=19892
- Bastille https://github.com/BastilleBSD/bastille
- JShielder https://github.com/Jsitech/JShielder
- nixarmor https://github.com/emirozer/nixarmor
- Zeus (AWS) https://github.com/DenizParlak/Zeus
- Docker-bench (Docker) https://github.com/docker/docker-bench-security
Linux Login Protection:
- Fail2Ban https://www.fail2ban.org/
- DenyHosts https://github.com/denyhosts/denyhosts
- SSHGuard https://www.sshguard.net/
Blacklist Known Campigns:
- Ultimate.Hosts.Blacklist https://github.com/mitchellkrogza/Ultimate.Hosts.Blacklist
- IPSet Firehol https://github.com/firehol/blocklist-ipsets
Government Blocklist:
- NSABlocklist https://github.com/CHEF-KOCH/NSABlocklist
Proxy:
- Squid Proxy http://www.squid-cache.org/
- HAProxy http://www.haproxy.org/
- Swiper Proxy https://swiperproxy.github.io/
- DNSCrypt Proxy https://github.com/jedisct1/dnscrypt-proxy
- NGinx https://www.nginx.com
- ThrottleProxy https://github.com/mistakster/throttle-proxy
Socks Server:
- Shadowsocks https://shadowsocks.org/
- Dante https://github.com/notpeter/dante
- microsocks https://github.com/rofl0r/microsocks
HTTP Tunnel:
- Tinyproxy https://tinyproxy.github.io/
- mitmproxy https://mitmproxy.org/ < -- HTTPS
- OpenProxy https://openproxy.space/
- Privoxy https://www.privoxy.org/
FTP Proxy:
- ftp.proxy http://www.ftpproxy.org/
DNS Proxy:
- dnsmasq http://www.thekelleys.org.uk/dnsmasq/
Server/Network Monitoring:
- Netdata https://github.com/netdata/netdata
- Ganglia http://ganglia.info/
- Spiceworks https://www.capterra.com/p/79191/Spiceworks-IT-Desktop/
- Free Database Performance Analyzer https://www.solarwinds.com/free-tools/database-performance-analyzer-free?CMP=ORG-BLG-DNS
- WMI Monitor https://www.solarwinds.com/free-tools/wmi-monitor?CMP=ORG-BLG-DNS
- Wireshark https://www.wireshark.org
- TCPDump
Network Intrusion Detection System (NIDS):
- Bro Logs https://www.bro.org/
- Snort https://github.com/snort3/snort3
- Pulled Pork https://github.com/shirkdog/pulledpork
- SSHGaurd https://github.com/atenart/sshguard
- Suricata https://suricata-ids.org
Host Intrustion Detection System (HIDS):
- Tripwire https://github.com/Tripwire
- Stealth https://github.com/fbb-git/stealth
- Ossec https://www.ossec.net
- Samhain - https://la-samhna.de/samhain/s_download.html
Monitoring and Logging:
- justniffer https://github.com/onotelli/justniffer
- httpry https://github.com/jbittel/httpry
- ngrep https://github.com/jpr5/ngrep
- passivedns https://github.com/gamelinux/passivedns
- sgan https://github.com/agrimgupta92/sgan
- regshot https://sourceforge.net/projects/regshot/
- greylog https://www.graylog.org/
- Logstash https://www.elastic.co/products/logstash
- Flume https://flume.apache.org/
- LOGalyze http://www.logalyze.com/
- Syslog-ng https://www.syslog-ng.com/products/open-source-log-management/
- Greylog2
- Logstash
- Lumberjack - https://sourceforge.net/projects/lumberjack/
- RabbitMQ - https://www.rabbitmq.com/management-cli.html
- ZeroMQ - http://zeromq.org
-
Anti-Virus:
- ClamAV https://www.clamav.net/
- Sophos https://www.sophos.com/en-us/products/free-tools.aspx
- F-Protection https://www.f-secure.com/us-en/home/products/anti-virus
- Comodo https://personalfirewall.comodo.com/
- 360 Total Security https://www.360totalsecurity.com/en/
-
Infrastructure Evaluation/Simulation:
- Infection Monkey https://www.guardicore.com/infectionmonkey/
- Threatcare https://www.threatcare.com/
- NeSSi2 http://www.nessi2.de/index.html
- Caldera https://github.com/mitre/caldera
- MalwLess https://github.com/n0dec/MalwLess
-
Malware Scanner
- RKHunter http://rkhunter.sourceforge.net/
- GEMR http://www.gmer.net/
- Rootkit Revealer https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer
- chkrootkit http://www.chkrootkit.org/
-
Anti-Spam:
- Spam Assassins https://spamassassin.apache.org/
- Mail Cleaner https://www.mailcleaner.org/
- Scrollout http://www.scrolloutf1.com/
- Proxmox https://www.proxmox.com/en/proxmox-mail-gateway
- OrangeAssassin https://orangeassassin.org/
- RSpamD https://rspamd.com/
-
Threat Intelligence:
- abuse.ch https://abuse.ch/
- Emerging Threats https://rules.emergingthreats.net/
- PhishTank https://www.phishtank.com/
- AutoShun https://www.autoshun.org/
- MISP - Open Source Threat Intelligence Platform https://github.com/MISP/MISP
- YETI https://yeti-platform.github.io/
- http://malc0de.com/dashboard/
-
Web-Application Firewall:
- ModSecurity https://github.com/SpiderLabs/ModSecurity
- NAXSI https://github.com/nbs-system/naxsi
- sql_firewall https://github.com/uptimejp/sql_firewall
- ironbee https://github.com/ironbee/ironbee
- WebKnight https://www.aqtronix.com
- Shadow Daemon - https://shadowd.zecure.org/overview/introduction/
- W00fWaf https://github.com/EnableSecurity/wafw00f
- OpenWAF https://github.com/titansec/OpenWAF
-
Free Compliance Scaning:
- OpenSCAP https://github.com/OpenSCAP
INCIDENT RESPOSNE:
Disk Image Creation Tools:
- AccessData FTK Imager https://github.com/MrMugiwara/FTK-imager-OSX
- Bitscout https://github.com/vitaly-kamluk/bitscout
- GetData Forensic Imager http://www.forensicimager.com/
- Magnet Acquire https://www.magnetforensics.com/products/magnet-acquire/
- ODIN - http://odin-win.sourceforge.net/
- CloneZilla http://clonezilla.org/
Network Analysis:
- Xplico http://www.xplico.org/download
Evidence Collection:
- bulk_extractor https://github.com/simsong/bulk_extractor
- cold disk quick response https://github.com/orlikoski/CDQR
- ir-rescue https://github.com/diogo-fernan/ir-rescue
- Grr https://github.com/google/grr
- CimSweep https://github.com/PowerShellMafia/CimSweep
Log Analysis Tools
- Lorg https://github.com/jensvoid/lorg
- Logdissect https://github.com/dogoncouch/logdissect
- StreamAlert https://github.com/airbnb/streamalert
- SysmonSearch https://github.com/JPCERTCC/SysmonSearch
File System Analysis/Imager:
- The Sleuth Kit (+Autopsy) http://www.sleuthkit.org/
- FTK Imager https://accessdata.com/product-download
Metadata Analysis:
- Exiftool https://www.sno.phy.queensu.ca/~phil/exiftool/
- JustMeta https://github.com/FortyNorthSecurity/Just-Metadata
- Collection https://github.com/metadatacenter/metadata-analysis-tools
- Archer Meta https://github.com/metadatacenter/metadata-analysis-tools
- TensorFlow Based https://github.com/tensorflow/metadata
Memory Analysis Tools:
- Evolve https://github.com/JamesHabben/evolve
- LiME https://github.com/504ensicsLabs/LiME
- Volatility https://www.volatilityfoundation.org/
- VolDiff https://github.com/aim4r/VolDiff
- WindowsSCOPE http://www.windowsscope.com/
Memory Imaging Tools:
- Belkasoft Live RAM Capturer https://belkasoft.com/ram-capturer
- Linux Memory Grabber https://github.com/halpomeranz/lmg
- Magnet RAM Capture https://www.magnetforensics.com/resources/magnet-ram-capture/
- OSForensics https://www.osforensics.com/download.html
- Memoryze https://www.fireeye.com/services/freeware/memoryze.html
- RAMMap https://docs.microsoft.com/en-us/sysinternals/downloads/rammap
MSSP:
- TheHive https://github.com/TheHive-Project/TheHive
OSX Evidence Collection:
- Knocknock https://github.com/synack/knockknock
- mscOS Artifact Parsing Tool (mac_apt)
- OSX Auditor https://github.com/jipegit/OSXAuditor
- OSX Collector https://github.com/Yelp/osxcollector
- Shims (SDB Parser) https://tzworks.net/prototype_page.php?proto_id=33
- SDB-Explorer https://github.com/evil-e/sdb-explorer
Threat Intelligence:
- ActorTrackr https://github.com/jalewis/actortrackr
- AiEngine https://gi thub.com/camp0/aiengine
- Automater https://github.com/1aN0rmus/TekDefense-Automater
- bro-intel-generator https://github.com/exp0se/bro-intel-generator
- GoatRider https://github.com/BinaryDefense/goatrider
- Omnibus https://github.com/InQuest/omnibus
- poortego https://github.com/mgeide/poortego
- QRadio https://github.com/QTek/QRadio
- Redline https://www.fireeye.com/services/freeware/redline.html
- RITA https://github.com/activecm/rita
- HostHunter https://github.com/SpiderLabs/HostHunter
- Combine https://github.com/mlsecproject/combine
- Cyphon https://www.cyphon.io/
Incident Response Operating System:
- DEFT http://www.deftlinux.net/download/
- Plainsight http://www.plainsight.info/download.html
Sandbox:
- Falcon Sandbox https://github.com/PayloadSecurity/VxAPI
- Spender Sandbox https://github.com/spender-sandbox
- Sandboxie https://www.sandboxie.com/DownloadSandboxie
Automated Triaging:
- PE Studio https://www.winitor.com/
- FAME - https://github.com/certsocietegenerale/fame
- VIPER https://github.com/viper-framework/viper
Online Sandbox:
- Reverse.it https://www.reverse.it/
- Any.run https://any.run/
- Hybrid-Analysis https://www.hybrid-analysis.com/
IOC Scanner:
- Fenrir https://github.com/Neo23x0/Fenrir
- Forager https://github.com/opensourcesec/Forager
- Loki https://github.com/Neo23x0/Loki
- Fast IR https://github.com/SekoiaLab/Fastir_Collector
- Zimmermans Toolkit https://ericzimmerman.github.io/#!index.md
- Didier Stevens Toolkit https://blog.didierstevens.com/my-software/
DNS
- Bind https://www.isc.org/downloads/bind/
- djbdns http://cr.yp.to/djbdns.html
- Designate - https://wiki.openstack.org/wiki/Designate
- dnsmasq - http://www.thekelleys.org.uk/dnsmasq/doc.html
- knot - https://www.knot-dns.cz/
Your Friends James Grandoff, Sean Johns (not the clothing brand), Logan Hicks
We thank you for taking the time to look at our list. A lot of thought was put behind this initiative.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent