security

keeweb

23 May 2020Last Commit8835 (1920/yr)Github Stars215Issues

This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app.

Apps: Web, Desktop
Timeline: Release Notes, TODO
On one page: Features, FAQ
Website: keeweb.info
Twitter: kee_web
Donate: OpenCollective, GitHub

The app is quite stable now. Basic stuff, as well as more advanced operations, should be rather reliable.

Everything you need to host this app on your server is any static file server. The app is a single HTML file + a service worker (optionally; for offline access). You can download the latest distribution files from gh-pages branch.

mailpile

16 May 2020Last Commit8149 (951/yr)Github Stars380Issues

Mailpile (https://www.mailpile.is/) is a modern, fast web-mail client with user-friendly encryption and privacy features. The development of Mailpile is funded by a large community of backers and all code related to the project is and will be released under an OSI approved Free Software license.

Mailpile places great emphasis on providing a clean, elegant user interface and pleasant user experience. In particular, Mailpile aims to make it easy and convenient to receive and send PGP encrypted or signed e-mail.

onionshare

12 May 2020Last Commit3897 (649/yr)Github Stars109Issues

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from you, or upload files to you. It doesn't require setting up a separate server, using a third party file-sharing service, or even logging into an account.

Unlike services like email, Google Drive, DropBox, WeTransfer, or nearly any other way people typically send files to each other, when you use OnionShare you don't give any companies access to the files that you're sharing. So long as you share the unguessable web address in a secure way (like pasting it in an encrypted messaging app), no one but you and the person you're sharing with can access the files.

privatebin

17 May 2020Last Commit2303 (594/yr)Github Stars90Issues

Current version: 1.3.4

PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data.

Data is encrypted and decrypted in the browser using 256bit AES in Galois Counter mode.

This is a fork of ZeroBin, originally developed by Sébastien Sauvage. ZeroBin was refactored to allow easier and cleaner extensions. PrivateBin has many more features than the original ZeroBin. It is, however, still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore, such installations can be upgraded to PrivateBin without losing any data.

rudder-server

23 May 2020Last Commit1777 (2100/yr)Github Stars34Issues

Short answer: RudderStack is an open-source Segment alternative written in Go, built for the enterprise. .

Long answer: RudderStack is a platform for collecting, storing and routing customer event data to dozens of tools. RudderStack is open-source, can run in your cloud environment (AWS, GCP, Azure or even your data-centre) and provides a powerful transformation framework to process your event data on the fly.

RudderStack runs as a single go binary with Postgres. It also needs the destination (e.g. GA, Amplitude) specific transformation code which are node scripts. This repo contains the core backend and the transformation modules of Rudder. The client SDKs are in a separate repo (link below).

passbolt_api

26 Apr 2020Last Commit1327 (312/yr)Github Stars21Issues

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU Affero General Public License for more details.

Affero General Public License v3

king-phisher

15 Mar 2020Last Commit1115 (174/yr)Github Stars2Issues

Phishing Campaign Toolkit

For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki.

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

hawkpost

10 Mar 2020Last Commit806 (195/yr)Github Stars15Issues

Hawkpost lets you create unique links that you can share with the person that desires to send you important information but doesn't know how to deal with PGP.

You can deploy your own server using the code from this repository or use the official server (that is running an exact copy of this repo) at https://hawkpost.co.

For many web and mobile development studios, no matter how hard they try to secure their client secrets (passwords, API keys, etc), the weakest link resides on the client most of the times, specially when he's not a tech savvy person. This project tries to help minimize this issue on the communication between both parties.

hsimp

30 Dec 2019Last Commit403 (75/yr)Github Stars2Issues

Now you can use the howsecureismypassword.net password strength meter on your own sites.

Rather than just saying a password is "weak" or "strong", How Secure is My Password? lets your users know how long it would take someone to crack their password. It also checks against the top 10,000 most common passwords as well as a number of other checks (such as repeated strings, telephone numbers, and words followed by numbers).

This is the vanilla JS version of the plugin. Other versions are also available:

sup3rs3cretmes5age

15 May 2020Last Commit262 (96/yr)Github Stars8Issues

A simple, secure self-destructing message service, using HashiCorp Vault product as a backend.

Read more about the reasoning behind this project in the relevant blog post.

Now using Let's Encrypt for simple and free SSL certs!

Running locally will use a self-signed SSL certificate for whatever your local dev domain is. The default is localhost, to change it just pass an argument to make. For example, if you set 127.0.0.1 secret.test in your /etc/hosts you would run locally as:

Try it! (you can ignore the safety warning since it's a self-signed cert)

elkarbackup

13 Dec 2019Last Commit222 (31/yr)Github Stars69Issues

ElkarBackup is a free open-source backup solution based on RSync/RSnapshot

Do you need more?

Elkarbackup users can subscribe to our mailing list to receive notifications about new versions or make any question.

Elkarbackup is free open source software. Download the source code, make your changes and create your own Debian package

hrcloud2

21 Nov 2019Last Commit107 (28/yr)Github Stars2Issues

YOUTUBE CHANNEL!

WIKI DOCUMENTATION!

A Fully Featured home-hosted Cloud Storage platform and Personal Assistant that Converts files, OCR's images & documents, Creates archives, Scans for viruses, Protects your server, Keeps itself up-to-date, and Runs your own AppLauncher!

HRCloud2 is a personal Cloud CMS Platform similar to ownCloud but with far greater capability that includes all the same functionality as a commercial end-user based Cloud platform. Functions like file conversion, OCR, archiving, dearchiving, A/V scanning, sharing and more. With HRCloud2 you can perform all your favorite bash and command line tools just by selecting checkboxes and clicking buttons, from anywhere.

fugacious

22 May 2020Last Commit96 (12/yr)Github Stars25Issues

 

Need to send a secret to someone? Use Fugacious to ensure that no permanent record of your secret will remain.

The link to your secret will only remain alive for the preset amount of time or number of views.

Be sure Docker is running, then

That's it, the app is running on http://localhost:3000

See CONTRIBUTING.md for more information

Ensure you have the Heroku Toolbelt installed.

Getting started with Rails 4 on Heroku for more information.

Fugacious URLs should be treated as sensitive information since knowing the URL could allow someone to access the stored secret (assuming it was accessed within the time-to-live of the secret). This means you should be careful about how you configure your HTTP server. Many have a default configuration to log all requests, including these sensitive URLs, to file or to stdout. Most PaaS, like Heroku or Cloud Foundry are configured this way, too.