Tools

Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.

Infisical is the open-source platform for secrets, certificates, and privileged access management.

Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

secure, local, cross-platform and programmable sandboxes for AI agents

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

The authentication glue you need.

Open device management

All in one IP Toolbox. Easy to check what's your IPs, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, MTR test, check website availability and more.

Open-source file upload security for Node.js. Scan files before storage to detect malware, MIME spoofing, and risky archives.

Fully-featured, zero trust, full mesh overlay network. Includes a 2FA support out of the box, clients for all major desktop/mobile OS'es.

☁ The Most Secure and Easy Selfhosted Home Server. Take control of your data and privacy without sacrificing security and stability (Authentication, anti-DDOS, anti-bot)

Honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks.

The easiest, and most secure way to access and protect all of your infrastructure.

Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

Find, verify, and analyze leaked credentials

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

Single Sign-On for Your Self-Hosted Universe

Industry-leading high-performance, AI and semantic technology web application firewall and API security gateway (fork of nginx).

HTTP and reverse proxy server, mail proxy server, and generic TCP/UDP proxy server.

Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.

Kanidm: A simple, secure, and fast identity management platform

Open-source security reports — no paywalls, just actionable insights.

SSH bastion server with access control, session recording, and optional TPM-backed key protection. `EUPL-1.2` `Go/Docker`

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

Splunk Security Content

Whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

A vulnerability scanner for container images and filesystems

☁ Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust.

Centralized network visibility and continuous asset discovery. Monitor devices, detect change, and stay aware across distributed networks.

MCP server for OpenClaw AI assistant integration. Enables Claude to delegate tasks to OpenClaw agents with sync/async tools, OAuth 2.1 auth, and SSE transport for Claude.ai.

UNIX-like reverse engineering framework and command-line toolset

Enterprise-ready zero-trust access platform built on WireGuard®.

Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE version detection. Zero config, runs locally.

Empowering People Ethically — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in privacy. Easily collect, visualise, and analyse data from websites & apps. Star us on GitHub ⭐ – Pull Requests welcome!

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

MCP-native agent evaluation and observability server with trace logging, output quality evaluation, cost tracking, 12 built-in eval rules, real-time dashboard, and PII detection.

Malicious traffic detection system

Distributed, secure messenger with audio and video chat capabilities.

Open-source and next-generation Web Application Firewall (WAF)

Deterministic execution engine for AI agents with 412 modules across 78 categories (browser, file, Docker, data, crypto, scheduling). Features execution trace, evidence snapshots, replay from any step, and supports both STDIO and Streamable HTTP transport.

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud