Refolk
Sign in

Top Security repositories on GitHub

Offensive and defensive security tools and libraries.

Ranked by stars across 5,089 repositories tagged security. Refreshed daily.

  1. 1
    trimstray/the-book-of-secret-knowledge229,426 · ⑂ 13,741

    A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

    • awesome
    • awesome-list
    • lists
    • manuals
    • resources
    • howtos
  2. 2
    Hack-with-Github/Awesome-Hacking114,746 · ⑂ 10,439

    A collection of various awesome lists for hackers, pentesters and security researchers

    • hacking
    • security
    • bug-bounty
    • awesome
    • android
    • fuzzing
  3. 3
    Developer-Y/cs-video-courses81,877 · ⑂ 11,307

    List of Computer Science courses with video lectures.

    • computer-science
    • algorithms
    • systems
    • databases
    • machine-learning
    • web-development
  4. 4
    swisskyrepo/PayloadsAllTheThings78,559 · ⑂ 17,100

    A list of useful payloads and bypass for Web Application Security and Pentest/CTF

    • pentest
    • payload
    • bypass
    • web-application
    • hacking
    • vulnerability
  5. 5
    caddyserver/caddy73,453 · ⑂ 4,781

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    • go
    • web-server
    • caddyfile
    • http
    • http-server
    • reverse-proxy
  6. 6
    x64dbg/x64dbg48,696 · ⑂ 2,753

    An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

    • debugger
    • windows
    • x64
    • disassembler
    • reverse-engineering
    • security
  7. 7
    mitmproxy/mitmproxy43,995 · ⑂ 4,599

    An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

    • python
    • security
    • man-in-the-middle
    • tls
    • ssl
    • http
  8. 8
    GyulyVGC/sniffnet39,455 · ⑂ 1,680

    Comfortably monitor your Internet traffic 🕵️‍♂️

    • network-analysis
    • networking
    • packet-sniffer
    • rust-crate
    • linux
    • macos
  9. 9
    QuivrHQ/quivr39,163 · ⑂ 3,723

    Opiniated RAG for integrating GenAI in your apps 🧠 Focus on your product rather than the RAG. Easy integration in existing products with customisation! Any LLM: GPT4, Groq, Llama. Any Vectorstore: PGVector, Faiss. Any Files. Anyway you want.

    • ai
    • llm
    • api
    • chatbot
    • chatgpt
    • database
  10. 10
    aquasecurity/trivy36,508 · ⑂ 482

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    • security
    • security-tools
    • docker
    • containers
    • vulnerability-scanners
    • vulnerability-detection
  11. 11
    lissy93/web-check33,809 · ⑂ 2,767

    🕵️‍♂️ All-in-one OSINT tool for analysing any website

    • osint
    • privacy
    • security
    • security-tools
    • sysadmin
  12. 12
    OWASP/CheatSheetSeries32,355 · ⑂ 4,506

    The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

    • owasp
    • code
    • security
    • cheatsheets
    • best-practices
    • appsec
  13. 13
    nginx/nginx30,954 · ⑂ 8,013

    The official NGINX Open Source repository.

    • content-cache
    • load-balancer
    • reverse-proxy
    • web-server
    • http
    • https
  14. 14
    StevenBlack/hosts30,581 · ⑂ 2,419

    🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.

    • python
    • unified-hosts
    • malware
    • ad-blocker
    • porn-filter
    • social-media-filter
  15. 15
    trailofbits/algo30,288 · ⑂ 2,360

    Set up a personal VPN in the cloud

    • vpn-server
    • strongswan
    • ansible
    • vpn
    • ikev2
    • security
  16. 16
    projectdiscovery/nuclei29,288 · ⑂ 3,500

    Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

    • cve-scanner
    • subdomain-takeover
    • nuclei-engine
    • vulnerability-detection
    • vulnerability-assessment
    • vulnerability-scanner
  17. 17
    community-scripts/ProxmoxVE28,642 · ⑂ 2,748

    Proxmox VE Helper-Scripts (Community Edition)

    • home-assistant
    • home-automation
    • homelab
    • homelab-setup
    • lxc
    • proxmox
  18. 18
    digitalocean/nginxconfig.io28,289 · ⑂ 2,048

    ⚙️ NGINX config generator on steroids 💉

    • nginx
    • nginx-configuration
    • php-fpm
    • ssl
    • letsencrypt
    • cdn
  19. 19
    authelia/authelia28,100 · ⑂ 1,420

    The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

    • totp
    • ldap
    • sso-authentication
    • yubikey
    • two-factor-authentication
    • docker
  20. 20
    hwdsl2/setup-ipsec-vpn28,060 · ⑂ 6,517

    Set up your own IPsec VPN server in just a few minutes, with IPsec/L2TP, Cisco IPsec and IKEv2. Supports Ubuntu, Debian, CentOS/RHEL, Amazon Linux, Alpine and Raspberry Pi. Includes client config and management scripts.

    • vpn
    • ipsec
    • l2tp
    • ikev2
    • security
    • vpn-server
  21. 21
    imthenachoman/How-To-Secure-A-Linux-Server27,797 · ⑂ 1,836

    An evolving how-to guide for securing a Linux server.

    • linux
    • hardening
    • hardening-steps
    • security
    • security-hardening
    • server
  22. 22
    gitleaks/gitleaks27,792 · ⑂ 2,122

    Find secrets with Gitleaks 🔑

    • security
    • security-tools
    • git
    • golang
    • go
    • secret
  23. 23
    keepassxreboot/keepassxc27,714 · ⑂ 1,823

    KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.

    • keepassxc
    • keepass
    • password-manager
    • linux
    • windows
    • cross-platform
  24. 24
    Infisical/infisical27,449 · ⑂ 1,999

    Infisical is the open-source platform for secrets, certificates, and privileged access management.

    • cli
    • environment-variables
    • secret-management
    • secrets
    • security
    • open-source
  25. 25
    OpenZeppelin/openzeppelin-contracts27,151 · ⑂ 12,388

    OpenZeppelin Contracts is a library for secure smart contract development.

    • ethereum
    • solidity
    • evm
    • security
    • smart-contracts

Find engineers shipping Security

The list above ranks the most-starred public repositories tagged with the Security topic, drawn from the public GitHub graph. Across 5,089 repositories tagged this way, the maintainers and top contributors are a tight cluster of the people actually building Security.

Looking for engineers who’ve worked on Security for real, not just listed it on LinkedIn? The fastest path is the contributor list of these repos. Their commits, issues, and READMEs are public proof of depth.

Refolk turns this list into a search. Ask for “maintainers of top Security repos who are hiring”, Security engineers in San Francisco”, or “founders shipping Security” and Refolk returns a ranked shortlist with sources.

How this list is built

Refolk searched GitHub for public repositories tagged with the Security topic, ranked them by stargazer count, and kept those with at least 50 stars. The list refreshes once a day.

Last refreshed: Sun, 21 Jun 2026 07:08:22 GMT

Need a list like this for any search?

Refolk runs natural-language searches across GitHub, LinkedIn, and the open web. Try one of these:

Browse other topics

See all repository lists.

Security by language