This list of open-source security projects is designed for security practitioners, gathering exceptional open-source initiatives to aid security professionals in developing enterprise security capabilities. Each project focuses on addressing specific security challenges.
Project Collection Ideas:
One approach is to focus on the security open-source projects from Internet companies/teams, whose best practices are worth emulating after internal enterprise practice. Another approach is determined by the needs of enterprise security capability building, categorized by requirements such as WAF, HIDS, Git monitoring, etc.
This collection is an ongoing process. I created a project on GitHub specifically for collecting some excellent security projects.
GitHub Project URL:
Code language: javascriptCopy
https://github.com/Bypass007/Safety-Project-CollectionProject Content
According to the needs of enterprise security capability building, the types can be roughly divided as follows:
Asset Management
- insight: A platform integrating application system asset management, vulnerability lifecycle management, and security knowledge management.https://github.com/creditease-sec/insight
- xunfeng: A rapid emergency response and scanning system for internal enterprise networks.https://github.com/ysrc/xunfeng
Secure Development
- rhizobia_J: JAVA security SDK and coding standard.https://github.com/momosecurity/rhizobia_J
- rhizobia_P: PHP security SDK and coding standard.https://github.com/momosecurity/rhizobia_P
Automated Code Auditing
- fortify: Static code scanning tool.http://www.fortify.net/
- RIPS: Static source code analyzer for PHP script vulnerabilities.http://rips-scanner.sourceforge.net/
- OpenStack Bandit: A Python AST-based static analyzer for detecting common security issues in Python code.https://github.com/openstack/bandit/releases/
- Cobra: A source code security auditing tool capable of detecting most significant security issues and vulnerabilities in multiple development language source codes.https://github.com/WhaleShark-Team/cobra
- banruo: An automated code auditing system based on fortify.https://github.com/yingshang/banruo
WAF
- ngx_lua_waf: A web application firewall based on LUA-nginx module (openresty).https://github.com/loveshell/ngx_lua_waf
- OpenRASP: A free and open-source application runtime self-protection product.https://rasp.baidu.com/
- ModSecurity: An engine for intrusion detection and prevention.http://www.modsecurity.org/
- Jinyi Shield: Next-generation web application firewall developed based on openresty (nginx+lua).http://www.jxwaf.com/
Bastion Host
- Jumpserver: The world’s first fully open-source bastion host, a professional operation and maintenance audit system compliant with 4A standards.https://github.com/jumpserver/jumpserver
- teleport: An easy-to-use open-source bastion host system supporting RDP/SSH/SFTP/Telnet protocol for remote connection and audit management.https://tp4a.com/
- CrazyEye: An easy-to-use IT audit bastion host developed with Python.https://github.com/triaquae/CrazyEye
- gateone: A web-based SSH terminal emulator written using HTML5 technology.https://github.com/liftoff/GateOne
- Qilin Bastion Host: The open-source version supports only some functionalities, with the remaining requiring purchase.https://www.tosec.com.cn/
HIDS
- OSSEC: An open-source IDS detection system including log analysis, integrity checking, rootkit detection, time-based alerting, and active response.https://www.ossec.net/
- Wazuh: A free, open-source, enterprise-level security monitoring solution for threat detection, integrity monitoring, event response, and compliance.http://wazuh.com/
- Suricata: A free, open-source, mature, fast, and powerful network threat detection engine.https://suricata-ids.org/
- Snort: A network intrusion detection and prevention system.https://www.snort.org/
- Samhain Labs: A comprehensive open-source solution for centralized host integrity monitoring.https://www.la-samhna.de/
- Firestorm: A high-performance network intrusion detection system (NIDS).http://www.scaramanga.co.uk/firestorm/
- MozDef: Mozilla Defense Platform, an integrated real-time platform that allows monitoring, reacting, collaborating, and improving relevant protective functions.https://github.com/mozilla/MozDef
- YuLong HIDS: An open-source host intrusion detection system.https://github.com/ysrc/yulong-hids
- AgentSmith-HIDS: A lightweight HIDS system with low performance impact, using LKM technology.https://github.com/DianrongSecurity/AgentSmith-HIDS
- Sobek-Hids: A Host IDS system based on Python.http://www.codeforge.cn/article/331327
Network Traffic Analysis
- Zeek: A powerful network analysis framework.https://www.zeek.org/
- Kismet: A wireless network and device detector, sniffer, driver tool, and WIDS (wireless intrusion detection) framework.https://www.kismetwireless.net/
Enterprise Cloud Storage
- KodExplorer: KodCloud, a private cloud online document management solution based on Web technology.https://kodcloud.com/
- Seafile: An open-source enterprise cloud storage solution prioritizing reliability and performance.https://www.seafile.com/home/
- NextCloud: An open-source network drive system.https://nextcloud.com/
- owncloud: An open-source cloud project based on Linux.https://owncloud.com/products/
- iBarn: An open-source network drive based on PHP.http://www.godeye.org/code/ibarn
- Cloudreve: Quickly set up a public and private network drive system at minimal cost.http://cloudreve.org/
- Filebrowser: A lightweight file management system based on GO.https://github.com/filebrowser/filebrowser/releases/latest
- FileRun: A powerful multifunctional network drive and file manager.https://filerun.com/
- kiftd: A private network drive system specifically aimed at individuals, teams, and small organizations.https://github.com/KOHGYLW/kiftd
DLP
- OpenDLP: A free, open-source, agent and agentless data loss prevention tool, centrally managed and massively deployable.https://code.google.com/archive/p/opendlp/
GitHub Monitoring
- GSIL: GitHub Sensitive Information Leakage Tool.https://github.com/FeeiCN/GSIL
- Hawkeye: Monitors GitHub repositories to promptly detect and alert against employee actions of hosting company code on GitHub, reducing code leakage risk.https://github.com/0xbug/Hawkeye
- Github-Monitor: A system for monitoring Github repositories.https://github.com/VKSRC/Github-Monitor
- gshark: Easily and effectively scan sensitive information in GitHub.https://github.com/neal1991/gshark
- GitGuardian: A solution for real-time scanning of GitHub activities.https://www.gitguardian.com/
Honeypot Technology
- T-Pot: A multi-honeypot platform with visual analysis.https://github.com/dtag-dev-sec/tpotce/
- opencanary_web: A network management platform for honeypots.https://github.com/p1r06u3/opencanary_web
- Honeyd: A small daemon that creates virtual hosts on a network.http://www.honeyd.org/
- Glastopf: A Python web application honeypot.https://github.com/mushorg/glastopf
- Cowrie: A medium interaction SSH and Telnet honeypot for recording brute force attacks and shell interaction by attackers.https://github.com/cowrie/cowrie
- Kippo: A medium interaction SSH honeypot for recording brute force attacks, and most importantly, the entire shell interaction performed by the attacker.https://github.com/desaster/kippo
- Dionaea: A low interaction honeypot capable of simulating services like FTP/HTTP/MSSQL/MYSQL/SMB.https://github.com/DinoTools/dionaea
- Conpot: An ICS honeypot aimed at collecting intelligence about the motivation and method of adversaries targeting industrial control systems.https://github.com/mushorg/conpot
- Wordpot: A WordPress honeypot capable of detecting probes for plugins, themes, timthumbs, and other typical files used for fingerprinting WordPress installations.https://github.com/gbrindisi/wordpot
- Shockpot: A web application honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271.https://github.com/threatstream/shockpot
Risk Control Systems
- TH-Nebula: Nebula risk control system is a platform for internet risk control analysis and detection.https://github.com/threathunterX/nebula
- Liudao: “Liudao” real-time business risk control system.https://github.com/ysrc/Liudao
- Momo Risk Control System: A static rule engine, able to configure various complex rules easily and conveniently with zero background, efficiently manage and control abnormal user behaviors in real-time.https://github.com/momosecurity/aswan
- Drools: A powerful open-source rule engine based on Java.https://www.drools.org/
SIEM/SOC
- OSSIM: An open-source security information management system, it is an open-source security information and event management system, integrating a series of tools that help administrators better manage computer security, intrusion detection, and prevention.https://www.alienvault.com/products/ossim
- Apache Metron: A cybersecurity application framework that enables organizations to detect network anomalies and rapidly respond to identified abnormalities.https://github.com/apache/metron
- SIEMonster: Monitors the entire network at a minimal cost.https://siemonster.com/
- SeMF: An enterprise intranet security management platform that includes asset management, vulnerability management, account management, knowledge base management, and automated security scanning function modules, usable for internal security management.https://gitee.com/gy071089/SecurityManageFramwork
- Prelude: A SIEM framework combining other various open-source tools.https://www.prelude-siem.org/
- MozDef: Mozilla Defense Platform, an integrated real-time platform for monitoring, reacting, collaborating, and improving related protective functions.https://github.com/jeffbryner/MozDef
Of course, there are many other excellent free open-source projects; the ones listed above are just a small part. I will continue to update this project.