19 Repos
Protocols and tools for securing network communication, including TLS termination and encryption.
Distinguishing note: Focuses on transport-layer security.
Explore 19 awesome GitHub repositories matching security & cryptography · Network Security. Refine with filters or upvote what's useful.
Open WebUI is a self-hosted, web-based platform designed for interacting with local and remote artificial intelligence models. It functions as a unified interface and orchestration suite, enabling users to build, deploy, and manage specialized AI agents equipped with custom instructions, external tool access, and private knowledge bases. The platform distinguishes itself through a modular architecture that supports complex AI workflows. It features a plugin-based framework for custom logic and pipeline-based request processing, allowing developers to filter or transform data streams before th
Protects deployments with HTTPS and TLS termination for encrypted communication.
Rustfs is a distributed object storage system designed for high availability and horizontal scalability. It functions as a cluster-based platform that manages data across multiple nodes, providing a self-hosted infrastructure for large-scale storage requirements. The system is built to be container-native, utilizing an operator to automate deployment and management within orchestrated environments. It provides compatibility with standard object storage protocols, allowing existing applications and tools to interact with the storage layer through a translation interface. To ensure long-term re
Secures network communication and data in transit using transport layer security certificates.
grpc-go is a Go language implementation of the gRPC framework, providing a remote procedure call library for high-performance service communication. It uses the HTTP/2 protocol to execute functions on remote servers as if they were local methods and utilizes protobuf service bindings to generate type-safe client and server code. The project features a bidirectional streaming transport that supports asynchronous, full-duplex message streams between clients and servers. This networking layer allows for various communication patterns, including client-to-server and server-to-client streaming, to
Secures network traffic using transport layer security certificates to ensure data privacy and server identity.
Crystal is a statically typed, compiled programming language designed for high performance and memory safety. It leverages an LLVM-based compiler to translate source code into optimized machine-executable binaries, while its type-inference-based static analysis enforces strict safety rules during the build process. The language distinguishes itself through a fiber-based concurrent runtime that manages lightweight execution units for asynchronous input and output without blocking the main process. It also features a powerful compile-time macro system that allows for the inspection and transfor
Implements TLS protocols and cryptographic routines to ensure secure network data transmission.
uWebSockets is a high-performance networking engine providing an HTTP web server and a WebSocket server framework. It implements a multi-threaded event loop architecture to deploy isolated application instances across multiple CPU cores and includes an SSL/TLS network layer for secure, encrypted communication. The project features a dedicated WebSocket pub/sub engine for distributing messages to specific groups of connected clients. It optimizes network throughput through syscall corking to reduce kernel overhead and employs payload compression to minimize data transfer sizes. The system cov
Provides transport-layer security through the implementation of SSL and TLS encryption for network communication.
Impacket is a Python network protocol library and packet crafting framework used for constructing, modifying, and sending raw network packets. It functions as a network protocol manipulation toolkit that allows for the implementation of communication protocols through structured object models. The project provides a Windows network security toolkit specifically designed for interacting with Active Directory and SMB services. It enables network security testing and auditing of Windows environments by executing authentication sequences using passwords, hashes, tickets, or security keys. The li
Provides primitives for auditing and researching network authentication and session protocols in Windows environments.
Impacket is a Python network protocol library and low-level implementation foundation. It provides a collection of classes for implementing and manipulating network protocols such as SMB, TCP, and UDP. The project serves as a network authentication framework for verifying user identities using passwords, hashes, and security tickets. It also functions as a network packet manipulation toolkit and security research tool for analyzing protocol behaviors and identifying vulnerabilities. The library covers the creation, parsing, and modification of raw network data to analyze communication stacks
Provides primitives for auditing and researching network authentication and session protocols.
Chisel is a network tunneling tool that facilitates secure communication by encapsulating TCP and UDP traffic within HTTP requests. It functions as a connection multiplexer, consolidating multiple logical network streams into a single persistent connection to improve throughput and reduce overhead. By leveraging standard web protocols, the system enables firewall traversal and provides a mechanism for remote port forwarding and proxying. The project distinguishes itself through its focus on resilient connectivity and granular access control. It maintains persistent network sessions across uns
Encrypts tunneled traffic using standard security protocols to ensure data remains private across untrusted segments.
Impacket is a collection of Python classes designed for the construction, manipulation, and analysis of low-level network packets and services. It functions as a framework for building custom network tools, providing a programmatic interface to interact with communication protocols and service architectures. The library provides primitives for managing authentication, session state, and remote procedure calls within network environments. By offering a modular class hierarchy, it allows for the assembly of network packets and the implementation of specialized communication stacks. The project
Serves as a foundational toolkit for researching network authentication, session management, and remote procedure call protocols.
Tengine is an enhanced Nginx web server distribution designed for high-traffic environments. It functions as a high-performance reverse proxy, dynamic load balancer, and HTTP/3 proxy server, integrating an embedded Lua scripting engine to allow for custom business logic and dynamic request processing. The project distinguishes itself through a focus on modern transport protocols and efficiency, featuring native support for QUIC and HTTP/3 to reduce connection latency. It implements userspace UDP forwarding to bypass the kernel for higher throughput and provides the ability to dynamically upda
Secures network communications using the Network TLS protocol for encrypted transport.
Pwntools is a Python-based framework designed for rapid prototyping and automation in binary exploitation, reverse engineering, and security research. It serves as a comprehensive toolkit for interacting with local and remote processes, providing the primitives necessary to manage complex exploit workflows and streamline security analysis tasks. The framework distinguishes itself through its specialized capabilities for binary manipulation and automated exploit construction. It includes dedicated utilities for parsing executable file formats, assembling and disassembling machine code, and gen
Provides primitives for debugging processes, managing payloads, and researching security vulnerabilities.
Nuclei-templates is a security automation framework and vulnerability scanning library designed for the continuous assessment of distributed infrastructure. It functions as a collection of structured configuration files that define how to identify security flaws and misconfigurations across web applications and network services. The project utilizes a declarative domain-specific language to decouple detection logic from the underlying execution engine. This approach allows for the creation of modular, protocol-agnostic scanning rules that can be updated independently of the core software. By
Validates the security posture of various network protocols by crafting custom requests and verification logic.
Hydra is a network login password cracker and authentication tester designed to identify valid usernames and passwords through automated brute-force and dictionary attacks. It serves as a multi-protocol authentication tester capable of verifying credentials across a wide range of remote network services, including SSH, SMB, FTP, and various database listeners. The project is distinguished by its ability to execute parallelized password attacks against multiple servers and protocols simultaneously. It features a modular system for implementing diverse network authentication schemes, allowing f
Verifies credentials across a wide range of services including SSH, SMB, FTP, and databases.
Hetty is an HTTP intercepting proxy and web security research toolkit used to capture, inspect, and modify traffic between a browser and a server. It functions as an HTTP request editor for creating and replaying manual requests to test server behavior and as a project-based traffic logger that isolates network logs across different security research engagements. The tool provides a request-response interception loop that pauses outgoing requests and incoming responses in transit, allowing for manual editing or cancellation. It includes a manual request replay engine to construct and transmit
Offers a suite of tools for identifying web vulnerabilities through traffic analysis and manual request crafting.
Llama-GPT is a self-hosted generative AI model runner that provides a private web interface for interacting with large language models. By executing these models directly on local hardware, it ensures that all intelligent assistance remains offline and independent of external cloud service providers. The project functions as a private assistant that maintains complete data ownership by storing all application state and model interactions on local storage volumes. It is designed to operate within a broader self-hosted computing environment, allowing users to maintain control over their persona
Configures local services like ad-blocking and encrypted remote access to secure home networks and simplify connectivity.
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Performs automated vulnerability assessment and monitoring to secure internal networks.
This project is a PostgreSQL Kubernetes operator and database orchestrator designed to automate the deployment, scaling, and lifecycle management of high-availability database clusters. It functions as a controller that uses declarative manifests to provision and synchronize the state of database instances within a cluster. The system manages high availability through streaming replication and ensures constant availability during maintenance via rolling updates. It also serves as a backup and recovery manager, handling point-in-time recovery, logical backups, and cluster cloning using cloud s
Implements custom TLS certificates to encrypt and secure communication between the application and database.
AntSword ist ein plattformübergreifender Web-Manager und ein Penetration-Testing-Framework für die zentrale Verwaltung mehrerer Remote-Website-Umgebungen. Es fungiert als Tool für die Remote-Website-Administration und als Web-Shell-Management-Tool, mit dem Benutzer diverse Webserver von einer einzigen Schnittstelle aus organisieren und steuern können. Das Projekt bietet ein Toolkit für Sicherheitsforscher, um autorisierte Sicherheitsaudits durchzuführen und Schwachstellen zu identifizieren. Es unterstützt Workflows für Web-Penetrationstests und Sicherheitsforschung, um das Verhalten von Webanwendungen zu analysieren und potenzielle Exploits zu entdecken. Das System deckt umfassende Funktionen in der Remote-Website-Administration und dem plattformübergreifenden Web-Management ab und ermöglicht die Ausführung administrativer Aufgaben und Sicherheitsüberprüfungen über verschiedene Betriebssysteme und Hosting-Plattformen hinweg.
Supports security research workflows for analyzing web application behavior and discovering potential exploits.
Dieses Projekt ist ein HTTP-Webserver, der Webinhalte mithilfe von HTTP/1.1- und HTTP/2-Protokollen über verschiedene Betriebssysteme hinweg an Clients ausliefert. Er fungiert als Reverse-Proxy-Server, regelbasierter URL-Rewriter, SSL/TLS-Termination-Gateway und Virtual-Host-Manager. Der Server ist in der Lage, mehrere unterschiedliche Domains auf einer einzigen Instanz zu hosten, indem Anfragen auf spezifische Verzeichnisstrukturen gemappt werden. Er verschlüsselt und entschlüsselt Netzwerkverkehr an der Servergrenze, um die Kommunikation zwischen Clients und Servern zu sichern. Zusätzlich transformiert er angeforderte URLs mithilfe einer Engine für reguläre Ausdrücke in andere Pfade, bevor Ressourcen lokalisiert werden. Zu den umfassenden Funktionen gehören das Hosting statischer Websites und die Ausführung dynamischer Inhalte über serverseitige Skripte. Das System bietet Web-Zugriffskontrolle, um den Zugriff auf Dateien und Verzeichnisse basierend auf Benutzeridentität, Authentifizierungsregeln oder Netzwerkursprung einzuschränken oder zu gewähren. Er verwaltet zudem den Datenverkehr durch Weiterleitung eingehender Anfragen an Backend-Server.
Implements transport-layer security to encrypt network sockets between the server and clients.