Open Source Mac Cybersecurity Tools
Sort By:
Cybersecurity Tools for Mac
View 109 business solutionsBrowse free open source Cybersecurity tools and projects for Mac below. Use the toggles on the left to filter open source Cybersecurity tools by OS, license, language, programming language, and project status.
-
The fastest way to host, scale and get paid on WordPressLightning-fast hosting, AI-assisted site management, and enterprise payments all in one platform designed for agencies and growth-focused businesses.
-
Cycloid: Hybrid Cloud DevOps collaboration platformEnable your developers to do their best work and increase time-to-market speed with a leading DevOps and Hybrid Cloud platform.
-
1
Ghidra
Ghidra is a software reverse engineering (SRE) framework
Ghidra is a free and open-source reverse engineering framework developed by the NSA for analyzing compiled software. It supports a wide array of instruction sets and executable formats, offering features such as decompilation, disassembly, scripting, and interactive graphing. Designed for security researchers and analysts, Ghidra provides a robust environment for understanding malware, auditing code, and performing software forensics. It includes both GUI-based and headless analysis modes. -
2
cyborghawk v1.1
Latest-v1.1 of The World's most advanced pen testing distribution ever
updated version of The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment. -
3
Greenplum Database
Massive parallel data platform for analytics, machine learning and AI
Rapidly create and deploy models for complex applications in cybersecurity, predictive maintenance, risk management, fraud detection, and many other areas. With its unique cost-based query optimizer designed for large-scale data workloads, Greenplum scales interactive and batch-mode analytics to large datasets in the petabytes without degrading query performance and throughput. Based on PostgreSQL, Greenplum provides you with more control over the software you deploy, reducing vendor lock-in, and allowing open influence on product direction. Greenplum reduces data silos by providing you with a single, scale-out environment for converging analytic and operational workloads, like streaming ingestion. All major Greenplum contributions are part of the Greenplum Database project and share the same database core, including the MPP architecture, analytical interfaces, and security capabilities. -
4
Watcher
Open Source Cybersecurity Threat Hunting Platform
Watcher is a file integrity monitoring tool that detects unauthorized changes to files, helping organizations maintain compliance and security. -
Diagnose and Resolve IT Issues in Real TimeScreenMeet’s unique combination of video calling, screen share, and remote desktop functionality lets you quickly diagnose hardware and software issues with no frustration.
-
5
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
6
pyWhat
Identify emails, IP addresses, and more
pyWhat is a Python-based identification tool designed to figure out “what” a piece of text or file content represents, especially in security and OSINT workflows. Given inputs such as hex strings, URLs, email addresses, IP addresses, credit card numbers, cryptocurrency wallets, or entire .pcap capture files, it scans for structured patterns and tells you what it finds. The tool is recursive: it can traverse files and directories to extract meaningful entities, which is useful when analyzing malware samples, network captures, or code repositories at scale. It offers powerful filters called “tags” and distributions that let you narrow results to specific categories like bug bounties, cryptocurrencies, or AWS-related artifacts. For automation and integration, pyWhat provides a CLI with options for rarity filtering, sorting, and JSON export, as well as an API that can be imported into other Python programs. -
7
Stegcore
A cross-platform crypto-steganography toolkit
Stegcore combines cryptography and steganography to hide encrypted data inside ordinary files. It encrypts your payload before embedding it, so the hidden content is unreadable even if someone extracts it, and invisible to anyone who doesn't know it's there. Unlike basic steganography tools that hide data without encrypting it, Stegcore ensures the payload is cryptographically protected at rest. Unlike pure encryption tools, the payload isn't even visible. Designed for journalists, security researchers, red teamers, digital forensics professionals, and CTF participants. -
8
Scalytics Open Intelligence - OSINT
Open OSINT stack for monitoring, analysis, and risk detection
EUOSINT is the open-source edition of the OSINT pipeline built by Scalytics for real-world intelligence monitoring, situation analysis, and risk detection. It is not a toy dashboard or a loose script bundle. It is a packaged operational stack with a web interface, a Go-based collector runtime, configurable ingestion and refresh cadence, Docker-first deployment, and local or server installation options. The public release removes non-public and protected integrations while preserving the pipeline structure and deployment model that make the system usable in practice. EUOSINT is built for teams that need continuous monitoring, reproducible installs, and a base they can extend for their own intelligence and security workflows. -
9
cyborg hawk v 1.0
The World's most advanced penetration testing distribution ever
The most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. Its real strength comes from the understanding that a tester requires a strong and efficient system,that benefits from a strong selection of tools, integrated with a stable linux environment. -
New Relic provides the most powerful cloud-based observability platform built to help companies create more perfect software.Correlate issues across your stack. Debug and collaborate from your IDE. AI assistance at every step. All in one connected experience - not a maze of charts.
-
10
ODS3 Virtual Machine Challenge
Virtual Machine Image To Test Penetration Skills
The ODS3 Virtual Machine Challenge are downloadable images that can be run as VMWare or VirtualBox instances. The Idea behind the challenge is to test and exercise web application penetration testing in a controlled environment. These images are great for cyber security students, penetration testers and hobbyist. Care should be taken if installed on an Internet access host as the application are purposely vulnerable to attack and exploitation. -
11
tirreno
Open-source security framework for devs and product teams
tirreno is an open-source security framework. tirreno [tir.ˈrɛ.no] helps understand, monitor, and protect your product from threats, fraud, and abuse. While classic cybersecurity focuses on infrastructure and network perimeter, most breaches occur through compromised accounts and application logic abuse that bypasses firewalls, SIEM, WAFs, and other defenses. tirreno detects threats where they actually happen: inside your product. tirreno is a few-dependency, "low-tech" PHP/PostgreSQL application. After a straightforward five-minute installation, you can ingest events through API calls and immediately access a real-time threat dashboard. -
12
Java Vulnerable Lab - Pentesting Lab
a deliberately vulnerable Web application
This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation (www.cysecurity.org) for Java programmers The full course on Hacking and Securing Web Java Programs is available in https://www.udemy.com/hacking-securing-java-web-programming/ WAR file: ---------- https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download Virtualbox VM file: -------------------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download Credentials for the VM: ------------------------ Username: root Password: cspf Stand-alone file: (Run the Jar file directly) -------------- http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download -
13
Midbar ESP32 CYD Firebase Edition
A version of Midbar data vault adapted for the ESP32 CYD and WebFlash.
A version of Midbar data vault adapted for the ESP32 CYD and WebFlash. It keeps the cryptographic keys in the ESP32 RAM and stores the ciphertexts (encrypted data) in the Google Firebase. The tutorial is available at: https://www.instructables.com/How-to-Turn-ESP32-CYD-Into-a-Secure-IoT-Data-Vault/ WebFlash for ESP32-CYD: https://northstrix.github.io/Midbar-ESP32-CYD-Firebase-Edition/flash WebFlash for ESP32-CYD2USB: https://northstrix.github.io/Midbar-ESP32-CYD2USB-Firebase-Edition/flash -
14
Naeon
The safest way to store private data in untrusted (cloud) environments
Naeon is a data encryption and sharding method designed to secure data in potentially untrusted off-site storage locations. It uses AES-256 encryption with a randomly generated passphrase, followed by obfuscation techniques to make the encrypted file unidentifiable. The data is then sharded into one private chunk containing the encryption key and part of the data, and multiple public chunks. Each chunk is renamed using its SHA-512 hash, and all chunks are timestamped equally. A filename conversion table is created to restore the concatenation order during a restore. The method aims to guarantee confidentiality, integrity, and availability of data, regardless of the trustworthiness of the chosen storage environment, while protecting against data breaches and unauthorized access. Threshold Key Sharing further enhances security and resilience by splitting the private key into parts requiring cooperation from multiple parties for reconstruction, thereby minimizing single points of failure. -
15
CookieGuardAudit
A beginner-friendly Python CLI tool that audits website cookies.
CookieGuardAudit is a simple Python command-line security tool that checks a website's cookies for common security flag issues. It helps users quickly spot weak cookie settings such as missing Secure, missing HttpOnly, missing SameSite, and SameSite=None without Secure. This project is designed for beginners, defenders, students, and anyone learning basic web security auditing. -
16
Falcon_ArchLinux
Falcon ArchLinux pruple team tools cyber security
uses repo BlackArchlinux and ArchLinux -
17
A professional PE (Portable Executable) analysis and modification tool for Windows executables and DLLs.
-
18
BTS Pentesting Lab
BTS Pentesting Lab - a deliberately vulnerable Web application
BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... Java version of this application can be found here: https://sourceforge.net/p/javavulnerablelab/ -
19
FileSentinel
Simple Python file integrity checker for defensive security
FileSentinel is an open-source Python tool that helps users monitor folders for unexpected file changes. It creates a baseline using SHA-256 hashes and later compares the folder against that baseline to detect added, modified, and deleted files. It is designed as a beginner-friendly defensive security utility for students, small offices, and anyone learning basic file integrity monitoring. -
20
INVISIX
INVISIX.IO - Corporate-grade privacy solution, out of the box.
🚫 One tiny box. Infinite freedom. Network-wide AdBlocker and TrackerBlocker. 💼 Secure free VPN through your office or home network — remote traffic enjoys the same AdBlock protection. 🏆 Designed for corporations, freelancers, and small companies. Simple enough for home users due to its reduced price. -
21
maskphish
MaskPhish: First ever URL masking tool for Phishing
MaskPhish can hide any URL to another URL. We can make https://ngrok.io/4GTJ78C [Example Link] to https://google.com/live-football@is.gd/6hts4 [Example Link] For more Cybersecurity information visit https://www.kalilinux.in -
22
S2OPC - Safe & Secure OPC UA
An Open Source Safe & Secure OPC UA stack
Open-source Safe and Secure OPC UA Toolkit designed with embedded devices in mind (see https://www.s2opc.com). Its demo server is certified by the OPC Foundation and CSPN(-BSZ). -
23
openWrt-snort
Image of OpenWrt OS, with snort community featured in.
Image of OpenWrt OS, with snort community featured in, for Raspberry Pi 4/ 4B+ and 400, basically for Processor BCM2711. Installed Snort Community Model to Intrusion Detection system. Prevention system not installed. eth0 used as output/ LAN socket, to run internet and access router. eth1, which can be USB -> Ethernet port, is used as WAN port, to connect Pi board to Internet IP. to flash img file, you can restore in SD card, or use Balena Etcher to flash. or you can use DD commend of UNIX. **USERNAME** - root **PASSWORD** - bing.google12 -
24
In-Browser-File-Encrypter
The source code of the In-Browser-File-Encrypter web app
The In-Browser File Encrypter is a simple web application that enables you to securely encrypt your files directly in your browser using the AES-256 encryption algorithm in CBC mode. Check it out at: https://codepen.io/Northstrix/pen/xxvXvJL and https://northstrix.github.io/In-Browser-File-Encrypter/V1.0/web-app.html GitHub page: https://github.com/Northstrix/In-Browser-File-Encrypter The download shortcut: https://sourceforge.net/projects/in-browser-file-encrypter/files/V1.0%20%28Improved%20UI%29/V1.0%20%28Improved%20UI%29.zip/download Successfully tested in Google Chrome on Windows 11 and Fedora 40. -
25
BTS-SIO-SLAM-CYBER-INTERVENTION
Cybersecurity intervention for BTS SIO SLAM
You will find all the files to prepare a security intervention in a BTS SIO (SLAM - development part). This training aims to highlight the role of the developer in cybersecurity. Different software vulnerabilities are presented as well as the good practices that allow limiting them. To this goal, some aspects of a secure system design are addressed. Informations and documentation are here: https://sourceforge.net/p/bts-sio-slam-cyberintervention/wiki/Home/.
