25 Repos
Mechanisms for encrypting and storing sensitive data locally on devices.
Distinguishing note: Focuses on encrypted storage for sensitive credentials and keys.
Explore 25 awesome GitHub repositories matching security & cryptography · Secure Storage. Refine with filters or upvote what's useful.
Expo is a universal mobile framework designed to build native iOS and Android applications from a single codebase using web-standard technologies. It provides a comprehensive development environment that includes a unified runtime for testing, cloud-based infrastructure for compiling and signing native binaries, and automated tools for managing the entire mobile release lifecycle, including app store submission. The framework distinguishes itself through a plugin-based native configuration engine that programmatically modifies project files, allowing developers to integrate native modules wit
Expo allows encrypting and storing sensitive key-value pairs locally on a device to ensure data remains protected from unauthorized access.
Insomnia is a cross-platform API development environment that integrates a request debugger, schema design tools, a mocking server, and a test automation framework. It provides a unified workspace for sending requests and analyzing responses across REST, GraphQL, gRPC, and WebSocket protocols. The platform enables the design and preview of API specifications through a visual editor and allows for the simulation of backend behavior using mocking tools. It supports organizing and synchronizing API collections via local storage, cloud synchronization, or Git. The suite includes a command-line i
Stores sensitive configuration settings and credentials locally using encrypted storage to prevent cloud leaks.
This project is a reactive, offline-first NoSQL database engine designed for JavaScript applications. It provides a robust framework for managing application state by synchronizing data across browsers, mobile devices, and server-side runtimes. By treating local storage as the primary source of truth, it enables applications to remain functional without network connectivity, automatically reconciling changes with remote backends once a connection is restored. The database distinguishes itself through a modular architecture that supports cross-environment synchronization and high-performance d
Provides encrypted storage for sensitive document fields to ensure data remains protected at rest within the client environment.
FastMCP is a Python framework designed for building servers that expose functions, resources, and prompts to AI models using the Model Context Protocol. It simplifies the development process by automatically deriving tool metadata, input schemas, and documentation directly from Python function signatures and type hints. The framework provides a unified container for managing these components, allowing developers to build modular applications that integrate seamlessly with AI assistants. The project distinguishes itself through its support for interactive, server-defined user interface compone
Persists authentication credentials using file-based storage backends to prevent vulnerabilities associated with insecure deserialization.
Zephyr is a real-time operating system and cross-platform embedded framework designed for resource-constrained hardware architectures. It provides an embedded kernel that manages memory, power consumption, and hardware peripherals across multiple microcontroller architectures. The project utilizes a hardware abstraction layer to decouple high-level kernel services from physical hardware through standardized driver interfaces. It employs a device tree hardware description format and a hierarchical configuration system to optimize binaries and feature sets for specific hardware constraints. Th
Provides mechanisms for encrypting and storing sensitive data locally on embedded devices.
Capacitor is a cross-platform mobile framework that enables developers to build native applications using web technologies. It functions as a hybrid app container, wrapping web assets within a native runtime that provides a standardized bridge to device hardware and system-level services. By exposing native functionality through a plugin-based architecture, it allows web applications to access platform-specific features while maintaining a consistent interface across mobile and desktop environments. The project distinguishes itself by maintaining native project files as source assets, allowin
Utilizes native hardware-backed storage APIs to protect encryption keys and session tokens on mobile devices.
This project is a software engineering style guide and a curated collection of architectural patterns and coding standards. It provides a multi-language coding standard to ensure maintainable software across Ruby, Python, JavaScript, and Swift. The project establishes a development workflow specification for version control, continuous integration, and peer review to maintain a linear project history. It also includes a web accessibility framework based on ARIA and WCAG standards, using design tokens and semantic HTML patterns to build inclusive interfaces. The guides cover a broad range of
Defines patterns for storing authentication tokens and private credentials in encrypted on-device storage.
Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst
Enables the extraction and analysis of sensitive credentials from keychains, SQLite databases, and local storage.
Pundit is an authorization framework for Ruby applications that enforces permissions through plain Ruby policy objects. It maps controller actions to policy methods, automatically inferring which policy class and query method to call based on the action name, and raises a custom exception when access is denied. The framework distinguishes itself by using plain Ruby classes without external DSLs or configuration files, and by providing a development-time verification guard that raises an error if a controller action runs without an authorization call. It also supports namespace-based policy or
Raises an exception in development if a controller action runs without an authorization check.
Pundit is a Ruby authorization framework that implements policy-based access control. It maps domain models to dedicated logic classes that determine whether a user is permitted to perform specific actions on data objects. The framework utilizes plain Ruby objects to decouple authorization logic from the model. It includes mechanisms for data query scoping to filter record collections based on user permissions, as well as attribute-level permission control to restrict which specific model fields a user can modify. The system provides tools for authorization coverage verification to ensure se
Confirms security checks were executed during a request to prevent accidental data exposure.
Paperless is a self-hosted document management system designed to digitize, index, and archive paper documents. It functions as an optical character recognition system that converts scanned images and PDFs into a searchable digital library, providing a web-based interface for querying and retrieving documents from a database. The system features an automated file ingestion pipeline that monitors specific directories and email inboxes to process and import documents without manual uploading. To maintain a private archive, it includes on-disk encryption for sensitive files and the ability to or
Protects sensitive digitized documents using on-disk encryption and secure network access.
Publishes results from independent security audits covering encryption, server, and client code so users can verify the system's integrity.
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
Covers cloud provider security audits as part of vendor risk management education.
自动化反编译微信小程序,小程序安全评估工具,发现小程序安全问题,自动解密,解包,可还原工程目录,支持Hook,小程序修改
Decrypts, unpacks, and inspects WeChat mini program packages to discover hardcoded secrets and security flaws.
Expands permission trees and streams real-time changes to inspect and verify access control decisions.
Dieses Projekt ist ein TypeScript-Scaffold für mobile Anwendungen und ein Framework-Template für den Aufbau plattformübergreifender iOS- und Android-Anwendungen. Es bietet einen standardisierten architektonischen Ausgangspunkt, der die Trennung von Belangen (Separation of Concerns) betont, indem Geschäftslogik von der Benutzeroberfläche isoliert wird. Das Template fungiert als Architektur-Kit mit integrierter Unterstützung für umgebungsabhängige Konfigurationen, was unterschiedliche API-Geheimnisse und Einstellungen über Entwicklungs- und Produktions-Builds hinweg ermöglicht. Es dient zudem als internationalisiertes Starter-Projekt mit dynamischer visueller Theme-Injektion und mehrsprachiger Lokalisierung. Die Codebasis deckt mehrere Kernbereiche ab, einschließlich Stack-basiertem Navigations-Routing, asynchroner Remote-API-Datenintegration und sicherem lokalem Datenspeicher über einen Key-Value-Store. Es organisiert den Entwicklungsprozess weiter durch integriertes Management von Umgebungsvariablen und ein einheitliches System für das mobile UI-Theme-Management.
Provides secure local data storage for persisting sensitive information and application state.
BaoTa ist ein webbasiertes Linux-Server-Control-Panel und Systemadministrations-Dashboard, das für die Verwaltung von Hosting-Umgebungen und Systemressourcen entwickelt wurde. Es bietet eine grafische Oberfläche, um administrative Aktionen in Systemkonfigurationen zu übersetzen, was es Benutzern ermöglicht, Linux-Server und Web-Hosting-Stacks zu verwalten, ohne sich ausschließlich auf die Befehlszeile verlassen zu müssen. Die Plattform zeichnet sich durch KI-gesteuerte Serveroperationen aus und nutzt künstliche Intelligenz für Performance-Analysen und die Ausführung von Wartungsaufgaben mittels natürlichsprachlicher Befehle. Sie unterstützt Multi-Node-Orchestrierung, was die Koordination mehrerer Serverinstanzen für Load-Balancing, Datenreplikation und Maschinenmigrationen von einer einzigen Schnittstelle aus ermöglicht. Die Software deckt ein breites Spektrum administrativer Funktionen ab, einschließlich Docker-Container-Orchestrierung, Datenbank-Lifecycle-Management und automatisierter SSL-Zertifikatsausstellung. Sie bietet umfassende Security-Hardening-Tools wie System-Firewalls, Schutz vor Brute-Force-Angriffen und Multi-Faktor-Authentifizierung, neben Monitoring-Tools für Echtzeit-Performance-Tracking und automatisierte Gesundheitsberichte. Die Installation und Bereitstellung des Panels erfolgt über ein Befehlszeilenskript auf sauberen Linux-Systemen.
Scans for security risks such as firewall gaps and provides actionable remediation steps.
Hive is a lightweight NoSQL key-value database written in pure Dart for local data persistence. It functions as a type-safe document store that allows for the saving and retrieval of complex data structures and custom objects. The system distinguishes itself through the use of custom adapters for object serialization and symmetric-key encryption to secure data at rest. For web environments, it provides a persistence layer that wraps IndexedDB and utilizes web workers. The project covers broad capability areas including container management, atomic transactional writes, and indexed data retri
Implements encrypted storage for sensitive data using symmetric-key encryption to protect information at rest.
Dieses Projekt ist ein SSH-Sicherheitsaudit-Tool, das zur Analyse von Server- und Client-Konfigurationen entwickelt wurde. Es fungiert als kryptografischer Analysator, der Schlüsselaustausch-, MAC- und Verschlüsselungsalgorithmen bewertet, um schwache oder veraltete Primitive zu identifizieren und die Sicherheitskonformität sicherzustellen. Das Tool zeichnet sich dadurch aus, dass es einen Härtungsleitfaden mit plattformspezifischen Konfigurationsanweisungen und Algorithmus-Empfehlungen zur Behebung erkannter Schwachstellen bereitstellt. Es enthält zudem einen Denial-of-Service-Tester, der die Server-Resilienz gegen CPU-Erschöpfung und gleichzeitige Socket-Verbindungsangriffe misst. Breite Funktionen decken Sicherheitsaudits und Schwachstellentests ab, einschließlich der Validierung von Sicherheitsrichtlinien und der Identifizierung von Softwareversionen. Das Projekt führt zudem kryptografische Validierungen durch Diffie-Hellman-Modulus-Größentests durch und bewertet das Verhalten von Client-Software mittels listener-basierter Analyse.
Evaluates key-exchange, host-key, encryption, and MAC algorithms to determine if they are unsafe or legacy.
This project is a static analysis tool and linter for Ruby on Rails designed to identify architectural smells and violations of best practices. It serves as a code quality linter, architectural auditor, security scanner, and performance analyzer for Rails applications. The tool evaluates the separation of concerns between controllers, models, and view templates to reduce technical debt. It identifies suboptimal coding patterns and enforces stylistic consistency, while specifically scanning for security vulnerabilities such as unprotected mass assignment in models. The analysis surface covers
Provides automated auditing of model configurations to detect unauthorized attribute modification vulnerabilities.