This project demonstrates how to integrate Tailscale into a minimal Linux host VM for each container instance on macOS. It runs Tailscale in userspace networking mode, enabling secure SSH connections and MagicDNS without exposing ports or configuring separate SSH servers.

Kubesplaining is a Kubernetes security assessment CLI that maps RBAC privilege-escalation paths in K8s clusters. It analyzes RBAC bindings and pod configurations to identify potential attack vectors by mapping out the paths an attacker could take to gain cluster-admin access or other privileged capabilities. The tool produces risk-prioritized HTML/JSON/CSV/SARIF reports showing the exact escalation chains with remediation guidance.

Onionlink is a small C++20 Tor v3 onion-service client that communicates directly with Tor relays, builds necessary circuits for v3 access, and supports raw data exchange or HTTP requests with the service. It omits extensive security features present in standard Tor clients to focus on interoperability.

This tool detects running processes that utilize the AF_ALG socket interface to help determine if it is safe to disable the AF_ALG kernel module. It outputs a list of processes and their file descriptors associated with AF_ALG.

Detects hidden characters in code that can be used to hide executable payloads, flags sequences of invisible characters as potential threats, and identifies stray invisible characters from copy-paste operations. Runs entirely client-side with no data leaving the user's machine.

Implit is a tool that scans AI-generated code and validates every import before it's run to prevent broken builds caused by non-existent or incorrectly imported packages.

MCP Spine is a local-first proxy that sits between an LLM and MCP servers, providing security, routing, token control, and compliance. It offers features like rate limiting, secret scrubbing, semantic routing, schema minification for token savings, state guard for file version control, and a plugin system for custom middleware hooks.

Kloak intercepts HTTPS traffic in Kubernetes using eBPF to replace hashed placeholders with real secrets at the network edge. Applications never see actual credentials, so compromised processes cannot leak secrets. Kloak can be installed with Helm.

ZCAM is a camera app that uses advanced cryptographic techniques to verify the authenticity of images and videos captured by users, proving they were created by real humans under specific conditions.

Verifies that the SDocs website serves the same code available in its GitHub repository, ensuring client-side privacy and security for sensitive data handled within Markdown files. This process uses SHA-256 hashing to compare file contents.

Hodor is a Windows 11 credential provider DLL that accepts unlock commands over a named pipe. Any application that can write to a pipe can unlock the lock screen or approve a credential prompt without requiring Windows Hello enrollment or built-in biometric hardware. The DLL runs inside LogonUI.exe on the lock screen and hands credentials to Windows for validation.

CreepJS is a browser fingerprinting tool that collects and analyzes various properties and characteristics of a web browser to generate a unique identifier. It captures information about the browser's configuration, installed plugins, system fonts, screen resolution, and other attributes to create a distinctive fingerprint. The service is used to demonstrate how easily unique browser identifiers can be generated for tracking purposes.

Humanoid.js is a tool designed to analyze interaction signals in real-time, providing metrics such as pressure, displacement, and curvature to determine the humanness of user inputs. It supports multi-touch and trajectory visualization.

This browser extension allows users to manage Content Security Policy (CSP) settings directly from their browser. Users can debug CSP violations, test policies, and ensure secure web development practices.

A platform that allows users to test the resilience of artificial intelligence agents through a series of challenges. The AI becomes progressively more intelligent with each round, and players can assess its vulnerabilities.

Locki provides enterprise-grade, zero-knowledge encryption for protecting sensitive data within existing web applications. Users can encrypt text directly from their browser by right-clicking and selecting the Locki option.

Eris is a focused PGP workstation designed to manage your own keys, store them in an encrypted vault, and handle encryption and verification workflows. It allows users to create key pairs, import public keys from contacts, and perform encryption, signing, decryption, and verification tasks locally using a secure vault file.

Malext.io is a threat intelligence database that tracks and provides information about malicious, suspicious, and policy-violating Chrome extensions. It includes a list of extensions that have been removed from the Chrome Web Store but are still active elsewhere. The database is maintained through community reports and automated monitoring of the Chrome Web Store.

I Spy AI provides a tool to instantly detect whether an image is generated by AI or manipulated using deepfake technology. It supports JPEG, PNG, and WebP formats up to 15MB in size. The service can be integrated into various MCP-compatible AI agents for extended use.

Browser Sysinfo uses client-side JavaScript to probe a user's browser and reveal information that websites can gather about the system, hardware, network, and identity without requiring installation or permission. It displays details such as CPU performance, GPU capabilities, memory usage, and various privacy-related metrics. The service also provides a privacy score and estimates uniqueness based on collected data.

AgentKey provides secure, on-demand access to API credentials for AI agents. Instead of storing sensitive keys in .env files, agents request credentials as needed and administrators approve each request. This prevents credentials from being hardcoded into agent implementations while maintaining proper access controls.

This service detects and mitigates bot activity using an air-gapped Bluetooth mesh network. It appears to be a security solution focused on bot attacks.

BR-FVD is a service that verifies the authenticity of AI-synthesized voices. It offers both general and personalized models optimized for multiple speakers and specific individuals, respectively.

Nilbox provides an isolated VM environment for running OpenClaw with zero-token security. It blocks key exposure, restricts file access to explicitly allowed directories, filters network traffic using allowlists, and enforces API usage spending caps.

Bor enables users to define, distribute, and enforce desktop configuration policies across their fleet in real time. It is open source and designed to be secure by default, suitable for enterprise Linux environments.

Keycard는 .env 파일과 노트 간에 API 키를 전환하는 것을 중지하도록 설계된 로컬 중심 워크플로우입니다. 빠르게 저장하고 환경별로 정리한 뒤 subprocess에 직접 주입합니다. 클라우드 없이 빠르고 집중적이며 사용자의 것입니다.

Veylt provides encrypted asset sharing that is gated by facial detection, ensuring one-time viewing and then permanent deletion. It uses cryptographic protocols to ensure secure transmission without the need for user trust in the platform.

landdown is a service that offers simple sandboxing capabilities for shell scripts, which helps protect servers from unauthorized access or malicious activities. It appears to be used for security purposes, particularly against mass scraping by AI companies that can cause website downtime.

Scans code repositories for security vulnerabilities using over 350 checks across multiple languages and technologies. Identifies potential security risks in code, dependencies, configurations, and secrets.

Provides a comprehensive database of over 160,000 disposable email domains for identification and filtering. Helps validate email addresses by detecting temporary or throwaway email domains.

Kjell parses shell commands and classifies them as read, write, or unknown. It enables AI coding agents to automatically approve safe read commands and require confirmation for potentially destructive write commands.

Builds data flow graphs to track tainted input across functions, files, and frameworks. Performs full inter-procedural analysis for identifying potential security vulnerabilities.

Provides configuration rules for restricting AI agent command execution. Evaluates command permissions by checking only the first token of compound commands.

Provides a secure payment infrastructure for AI agents with transaction signing, trust scoring, and spend limit enforcement. Enables safe autonomous financial interactions by tracking agent behavior and preventing unauthorized transactions.

Performs structural analysis on code repositories to detect potential security risks and code quality issues. Scans pull requests using advanced techniques like AST analysis, clone detection, and dependency tracking.

ToolTrust Scanner detects security vulnerabilities in AI tool configurations, scanning MCP servers for potential risks like prompt injection, data exfiltration, and privilege escalation. It provides a trust grading system for tools before they are added to an AI agent's configuration.

VeilVault stores password vault data locally on your device without cloud sync or online servers. It provides offline password management with strong encryption and integrity enforcement.

Provides security verification for npm package websites. Checks and validates web requests to protect against malicious bot activities.

Picca is a Rust program for generating file checksums using multiple threads. It can hash files using various algorithms and verify file integrity by comparing checksums.

VoidLLM acts as a middleware between applications and LLM providers, providing organizational control and governance for AI API usage. It enables secure, tracked, and controlled access to language models through a self-hosted proxy.

Urlx is a complete reimplementation of curl in Rust, providing HTTP/network transfer capabilities with a focus on memory safety and performance. It supports multiple protocols including HTTP, FTP, SSH, WebSocket, and more, with a compatible CLI and library interface.

Analyzes GitHub repositories across security, process, and documentation dimensions. Provides comprehensive scorecards that highlight potential issues and recommended fixes for engineering teams.

Agent Auditor opens any signed interaction record and displays details about who acted, what happened, and whether the proof is genuine. Users can drop a receipt file to see it decoded and verified instantly, with inspections occurring locally in either a browser or CLI.

Zen-Hunt is a high-performance forensic scanner designed for rapid data triage and deep-pattern hunting in large datasets. It supports various formats and offers specialized capabilities for both mechanical and modern SSD storage systems.

Batear is an acoustic drone warning system that detects drone rotor sounds using a MEMS microphone. It operates entirely on the edge, requiring no internet connection or cloud service, making it a cost-effective solution for drone detection.

DialectForge OS is designed to provide a secure operating system option with penetration-proof features. It employs a multi-tier trust model and various security mechanisms such as per-process memory encryption and USB auto-quarantine.

The investigation analyzes how fitness app Strava inadvertently exposes military personnel and assets through publicly available GPS data. It highlights significant incidents and vulnerabilities associated with the use of fitness tracking devices by military members.

YoloAI provides a secure environment for AI agents to operate without risking the integrity of the user's system. It employs multiple isolation modes to ensure that the agent cannot bypass security measures while allowing for a review workflow where users can see changes before applying them.

Agent-password is designed to securely manage passwords for agent workflows on macOS. Secrets are encrypted and stored in a local SQLite vault, accessible via a shared session using Touch ID for authentication.

The Baltic Shadow Fleet Tracker monitors over 1200 vessels in the Baltic Sea using real-time AIS data. It alerts users to vessel proximity to undersea cables and detects transshipment activities between Russian and Western ports.

AgentGuard is a governance layer for AI-driven financial operations. It evaluates intent, policy, and approval states before transactions are executed, ensuring safe and audited payment processing.

Cybertt provides a library of incident response scenarios for organizations to run live exercises. Users can select scenarios like ransomware outbreaks or phishing-led breaches to simulate and improve their response strategies.

This service provides a comprehensive list of open source operating systems and their status regarding age verification laws in various jurisdictions. It includes information on which systems comply, do not comply, or are planning to implement such measures.

Node9 provides a security layer for autonomous AI agents, intercepting potentially dangerous commands before they execute. It also allows users to revert AI changes with Git snapshots, enhancing safety and control during automated processes.

This tool allows users to enter a CVE ID and visualize the attack chain associated with that vulnerability. It fetches live data to provide a comprehensive analysis of the vulnerabilities' real-world impact and exploitation methods.

MCPSaaS provides end-to-end security for AI agents by implementing a zero trust model. It verifies message integrity, protects against replay attacks, and ensures agent identity through a simplified configuration change.

CameraClaw provides a sandbox for AI agents with monitoring features. It captures console output, network activity, and other metrics to ensure security and transparency during the agent's operation.

Snare detects hijacked AI agents before they can make AWS API calls by planting fake credentials in their environment. When a compromised agent attempts to use these credentials, Snare triggers an alert, providing immediate notification of the breach.