Open Source Security Software
Sort By:
Security Software
View 765 business solutionsBrowse free open source Security software and projects for Android and Apple iPhone below. Use the toggles on the left to filter open source Security software by OS, license, language, programming language, and project status.
-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
Simple, Secure Domain RegistrationRegister or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.
-
1
OpenH264
Open Source H.264 Codec
Cisco has taken their H.264 implementation and open-sourced it under BSD license terms. Development and maintenance will be overseen by a board from the industry and the open-source community. Furthermore, we have provided a binary form suitable for inclusion in applications across a number of different operating systems and made this binary module available for download from the Internet. We will not pass on our MPEG-LA licensing costs for this module, and based on the current licensing environment, this will effectively make H.264 free for use on supported platforms. OpenH264 is a codec library which supports H.264 encoding and decoding. It is suitable for use in real-time applications such as WebRTC. Constrained Baseline Profile up to Level 5.2 (Max frame size is 36864 macro-blocks). Arbitrary resolution, not constrained to multiples of 16x16. Rate control with adaptive quantization, or constant quantization. -
2
Tamper Dev
Extension that allows you to intercept and edit HTTP/HTTPS requests
If you are a developer, you can use Tamper Dev to debug your websites, or if you are a pentester, you can use it to search for security vulnerabilities by inspecting the HTTP traffic from your browser. Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server. This extension provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy, but without the need of additional software, with full support of HTTPS connections, and trivial to set-up (just install). -
3
frida
Dynamic instrumentation toolkit for developers
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts. Works on Windows, macOS, GNU/Linux, iOS, Android, and QNX. Install the Node.js bindings from npm, grab a Python package from PyPI, or use Frida through its Swift bindings, .NET bindings, Qt/Qml bindings, or C API. Frida is and will always be free software (free as in freedom). We want to empower the next generation of developer tools, and help other free software developers achieve interoperability through reverse engineering. We are proud that NowSecure is using Frida to do fast, deep analysis of mobile apps at scale. Frida has a comprehensive test-suite and has gone through years of rigorous testing across a broad range of use-cases. -
4
Mullvad VPN desktop and mobile app
The Mullvad VPN client app for desktop and mobile
In a society that is increasingly determined to weaken that right, a fast, reliable and easy-to-use VPN connection is a good first step towards achieving this. By connecting to the Internet with Mullvad, we ensure that traffic to and from your device is encrypted to the highest standards, even when using public Wi-Fi in a coffee shop or hotel. We do not keep activity logs or ask for personal information, and we even encourage anonymous payments using cash or any of the accepted cryptocurrencies. Your IP address will be replaced with one of ours, ensuring that device activity and location are not linked to your user. Using Mullvad is quick and easy - just download and install the app. Don't spend time on complicated setup and multi-step registration processes. We designed Mullvad to be easy to use. Privacy is essential in a well-functioning society, as it allows norms, ethics and laws to be safely debated and challenged. Without privacy, a free and open society cannot flourish or exist. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
Lantern
Tool to access videos, messaging, and other popular apps
Can't access your favorite apps? Download Lantern to easily access videos, messaging, and other popular apps while at school or work. Lantern is an application that allows you to bypass firewalls to use your favorite applications and access your favorite websites. Lantern does not cooperate with any law enforcement in any country. Lantern encrypts all of your traffic to blocked sites and services to protect your data and privacy. Lantern passed multiple third party white box security audits to ensure security of our code. Lantern is easy to use, just download and install to start streaming, browsing and using apps, no configuration required. No installation, no registration, no registration, no configuration, just click and go! All you have to do is install it and hit the POWER button! Don't wait forever for your applications to load or the website to appear in your browser. Connect with Lantern and get there fast! -
6
Brook
Brook is a cross-platform strong encryption and not detectable proxy
Brook is a cross-platform strong encryption and not detectable proxy. Brook's goal is to keep it simple, stupid and not detectable. You can run commands after entering the command-line interface. Usually, everyone uses the command line interface on Linux servers. Of course, Linux also has desktops that can also run GUI. Of course, macOS and Windows also have command-line interfaces, but you may not use them frequently. Usually, the applications opened by double-clicking/clicking on macOS/Windows/iOS/Android are all GUIs. Usually, if you use Brook, you will need a combination of Server and Client, Of course Brook CLI also has many other independent functions. The Brook CLI file is an independent command file, it can be said that there is no concept of installation, just download this file to your computer, run it after granting it executable permissions in the command line interface. -
7
Mobile Verification Toolkit
Helps with conducting forensics of mobile devices
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence. MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance. Compare extracted records to a provided list of malicious indicators in STIX2 format. Generate JSON logs of extracted records, and separate JSON logs of all detected malicious traces. -
8
AuthPass.app
Password Manager based on Flutter for all platforms
Password Manager based on Flutter for all platforms. Keepass 2.x (kdbx 3.x) compatible. Load/Decrypt kdbx using password and/or key file. Search through stored credentials. Organize passwords using groups. Desktop (Mac, Linux, Windows): Keyboard shortcuts for Search, Copy, Navigation, etc. Desktop & Mobile: Copy & paste support. Store master password in the KeyStore/KeyChain secured with biometric data. (Fingerprint, Face Unlock, etc.) Hook into native APIs for seamless integration into Form-Fills. (Only available on Android right now) Easily keep your passwords synchronized between all your mobile and desktop devices. Using Google Drive, Dropbox or WebDAV (NextCloud, OwnCloud, etc.) -
9
Ente
End-to-end encrypted cloud for photos, videos and 2FA secrets
Ente is a fully open-source, end‑to‑end encrypted cloud platform designed for securely storing and managing your photos, videos, and 2FA secrets — without needing to trust the service provider. It includes cross‑platform clients and a CLI for self‑hosting needs. Ente is a service that provides a fully open source, end-to-end encrypted platform for you to store your data in the cloud without needing to trust the service provider. On top of this platform, we have built two apps so far: Ente Photos (an alternative to Apple and Google Photos) and Ente Auth (a 2FA alternative to the deprecated Authy). This monorepo contains all our source code - the client apps (iOS / Android / F-Droid / Web / Linux / macOS / Windows) for both the products (and more planned future ones!), and the server that powers them. -
The All-in-One Commerce Platform for Businesses - ShopifyShopify is a leading all-in-one commerce platform that enables businesses to start, build, and grow their online and physical stores. It offers tools to create customized websites, manage inventory, process payments, and sell across multiple channels including online, in-person, wholesale, and global markets. The platform includes integrated marketing tools, analytics, and customer engagement features to help merchants reach and retain customers. Shopify supports thousands of third-party apps and offers developer-friendly APIs for custom solutions. With world-class checkout technology, Shopify powers over 150 million high-intent shoppers worldwide. Its reliable, scalable infrastructure ensures fast performance and seamless operations at any business size.
-
10
Haven
Protect personal spaces and possessions without compromising privacy
Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors. Haven is for people who need a way to protect their personal areas and possessions without compromising their privacy. It is an Android application that leverages on-device sensors to provide monitoring and protection of physical areas. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders. We designed Haven for investigative journalists, human rights defenders and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act. -
11
Wi-PWN
ESP8266 firmware for performing deauthentication attacks
ESP8266 firmware for performing deauthentication attacks, with ease. Wi-PWN is a firmware that performs death attacks on cheap Arduino boards. The ESP8266 is a cheap microcontroller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino. A deauthentication attack is often confused with Wi-Fi jamming, as they both block users from accessing Wi-Fi networks. The 802.11 Wi-Fi protocol contains a so-called deauthentication frame. It is used to disconnect clients safely from a wireless network. Because these management packets are unencrypted, you just need the MAC to address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range. With the 802.11w-2009 updated standards, management frames are encrypted by default. -
12
Proxyman
Web Debugging Proxy for macOS, iOS, and Android
Don't let cumbersome web debugging tools hold you back. With Proxyman's native macOS app, you can capture, inspect, and manipulate HTTP(s) traffic with ease. Intuitive, thoughtful, built with meticulous attention to detail. Comprehensive Guideline to set up with iOS simulator and iOS and Android devices. Proxyman acts as a man-in-the-middle server that capture the traffic between your applications and SSL Web Server. With built-in macOS setup, so you can inspect your HTTP/HTTPS Request and Responses in plain text with just one click. Narrow down your search with Proxyman's Multiple Filters. You can combine complex filtered criteria like Protocol, Content-Type, URL, Request Header, Response Header, Body, etc that find exact what you're looking for. -
13
santoku
Mobile Forensics, Malware Analysis, and App Security Testing
Santoku is an easy to use, Open Source platform, dedicated to mobile forensics, analysis, and security. Version 0.5: md5: c2dcab27e6444730acc9bc351f34e543 sha1: 4d39adc01c443ac24a53a33f0ac077980d77c1fe sha256: ed72a014033c621c0da632b7e9853920b834a4bceae4427513737f7cf5ff0f55 -
14
OWASP Mobile Application Security
Manual for mobile app security testing and reverse engineering
The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources to push the project forward by providing consistent high-impact contributions and continuously spreading the word. -
15
CryptoSwift
Collection of standard and secure cryptographic algorithms
The master branch follows the latest currently released version of Swift. If you need an earlier version for an older version of Swift, you can specify its version in your Podfile or use the code on the branch for that version. Older branches are unsupported. Swift Package Manager uses debug configuration for debug Xcode build, that may result in significant (up to x10000) worse performance. Performance characteristic is different in Release build. XCFrameworks require Xcode 11 or later and they can be integrated similarly to how we’re used to integrating the .framework format. Embedded frameworks require a minimum deployment target of iOS 9 or macOS Sierra (10.12). CryptoSwift uses array of bytes aka Array<UInt8> as a base type for all operations. Every data may be converted to a stream of bytes. You will find convenience functions that accept String or Data, and it will be internally converted to the array of bytes. -
16
Keybase client
Keybase Go library, client, service, OS X, iOS, Android, Electron
Keybase is secure messaging and file-sharing. We use public key cryptography to ensure your messages stay private. Even we can’t read your chats. Keybase works for families, roommates, clubs, and groups of friends, too. Keybase connects to public identities, too. You can connect with communities from Twitter, Reddit, and elsewhere. Don’t live dangerously when it comes to documents. Keybase can store your group’s photos, videos, and documents with end-to-end encryption. You can set a timer on your most sensitive messages. This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software. -
17
PushNotifications
A macOS, Linux, Windows app to test push notifications on iOS Android
PushNotitication is an app used for testing push notifications on iOS and Android. Support macOS, Windows, Linux. Support using certificate and token for authentication with APNS. Auto save settings. To connect to APNs you can use either Provider certificate or Authentication Token. They are different ways and Authentication Token is a new one. Provider certificate expires every year and needs to be regenerated (and reuploaded to your server as .p12). Authentication Token is unlimited and you don't have to recreate and reupload it. -
18
libsodium
A modern, portable, easy to use crypto library
libsodium is a modern, portable, and easy-to-use cryptographic library that serves as an API-compatible fork of NaCl. Consistent behavior and formats across supported platforms. It enhances the original design with build and portability improvements, making it widely deployable across platforms for secure encryption, signatures, hashing, and key derivation. Digital signature creation and verification support. Adds extended cryptographic primitives like BLAKE2 and ChaCha20-Poly1305 beyond NaCl. -
19
shadowsocks-libev
Bug-fix-only libev port of shadowsocks
Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes. Shadowsocks-libev is written in pure C and depends on libev. It's designed to be a lightweight implementation of shadowsocks protocol, in order to keep the resource usage as low as possible. Snap is the recommended way to install the latest binaries. You can build shadowsocks-libev and all its dependencies by script. The latest shadowsocks-libev has provided a redir mode. You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router. Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server's firewall rules to limit connections from each user. We strongly encourage you to install shadowsocks-libev from jessie-backports-sloppy. -
20
YoungerSibling
YoungerSibling: Cross-platform OSINT tool for quick data gathering.
YoungerSibling is a Python-based terminal utility script designed for educational purposes. It provides a set of useful tools to perform tasks like searching the web, performing lookups (Google search, IP lookup, username lookup, etc.), and extracting metadata from images, directly from the terminal. This project aims to help students, developers, and hobbyists learn about web scraping, API usage, and terminal interaction with Python. -
21
BIP39-XOR
Encrypt or decrypt 12, 15, 18, 21 or 24 BIP39 codewords array ("seed")
Encrypt or decrypt 12, 15, 18, 21 or 24 BIP39 codewords array (so-called "seed phrase") using exclusive OR (XOR)/Vernam cipher (a.k.a. One Time Pad). If not input by a user, an encryption key is automatically generated at random. Encryption with such a key preserves integrity of BIP-39 checksums of all keys (that's distinct while also compatible with SeedXOR implementation). -
22
Zynix-Fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
23
StrongKey FIDO Server (SKFS)
FIDO® Certified StrongKey FIDO Server (SKFS)
An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps). -
24
The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set. It works seamlessly in desktop, enterprise, and cloud environments as well. wolfSSL supports industry standards up to the current TLS 1.2 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, OCSP and CRL support, is backed by the robust wolfCrypt cryptography library, and much more. wolfSSL relies on the FIPS 140-2 validated wolfCrypt library for all cryptographic functionality. Visit http://wolfssl.com/wolfSSL/fips.html for more info!
-
25
Smoke Crypto Chat Messenger for Android
Smoke: Android Crypto Chat Messenger
Smoke is an encrypting chat messenger for Android written in Java. Please read the Web site for more information: https://textbrowser.github.io/smoke/ (original, current) https://www.amazon.com/dp/3752691999/ https://smokeappope.sourceforge.io/ (old, third party archive) Smoke App OPE - Open Personal Encryption Download Android APK Installer: https://sourceforge.net/projects/smokeappope/files/ Smoke Source: https://github.com/textbrowser/smoke SmokeStack Source: https://github.com/textbrowser/smokestack (Android) https://github.com/textbrowser/spot-on (Desktop) Smoke appears to be one of the first projects with an open source mobile encrypting chat server., an decentralized and easily-configurable chat server. Smoke is known as the first mobile McEliece Messenger: https://tarnkappe.info/artikel/english/mceliece-messaging-smoke-crypto-chat-the-first-mobile-mceliece-messenger-published-as-a-stable-prototype-worldwide-279847.html