VPN-Chainer allows you to chain multiple WireGuard VPNs together, dynamically reordering routes for improved anonymity and security. It includes auto-installation as a system service, API-based VPN rotation, and a customizable pre/post spin-up/down hook system. You can optionally test VPN speeds and select the fastest. By default, VPNs are selected in random order. Automatically configured firewall rules and routing. Supports pre- and post-execution scripts. Has its own REST API. Can install itself as a systemd service.
A gamified self-discovering documentation system that transforms traditional network documentation into an immersive mystery adventure.
Network Chronicles revolutionizes technical documentation by transforming it from a passive reading experience into an interactive adventure. By embedding critical infrastructure knowledge within an engaging narrative framework, it addresses the fundamental challenge of IT documentation: making it compelling enough that people actually want to engage with it.
Players assume the role of a new system administrator tasked with maintaining a network after the mysterious disappearance of their predecessor, known only as "The Architect." Through exploration, puzzle-solving, and documentation, players uncover both the network's secrets and the truth behind The Architect's vanishing.
Run on Linux or OSX. Written for bash and zsh. Requires jq; node.js is optional but provides advanced features.
Can be installed system-wide (as root) or isolated to a user (without additional privileges).
Simple minimodem BBS with a 3d printed acoustic coupler case. The acoustic coupler was designed to hold a USB speaker and microphone, which you can buy from Adafruit.
Requires Linux. PJSUA and minimodem must be installed. The BBS uses shell scripts and javascript to relay messages via minimodem over VoIP. On the server side, start PJSUA then start the phoneMonitor.sh script. Minimodem is set to run at 100bps. Edit the shell scripts if you want to change the baud. You will need to edit the clientSide.sh script, minimodem -A alsa option should match your USB microphone and speaker. Use arecord -l and aplay -l linux commands to find their card numbers.
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and more. It includes network visibility, host visibility, intrusion detection honeypots, log management, and case management.
For network visibility, we offer signature based detection via Suricata, rich protocol metadata and file extraction using either Zeek or Suricata, full packet capture using either Stenographer or Suricata, and file analysis. For host visibility, we offer the Elastic Agent which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All of these logs flow into Elasticsearch and we’ve built our own user interfaces for alerts, dashboards, threat hunting, case management, and grid management.
It's a pretty heavy stack, but they're aiming for the enterprise environment so it has to be.
Haserl is a small program that uses shell or Lua script to create cgi web scripts. It is intended for environments where PHP or ruby are too big. It was written for Linux, but is known to run on FreeBSD. A typical use is to run cgi scripts in an embedded environment, using a small web server, such as mini-httpd, lighty, or the server built into busybox.
he haserl binary typically compiles to less than 20KB (stripped). The lua language adds less than 150K if linked in statically. Parses like other scripting languages: Anything that is not enclosed in <% ... %> tags is sent verbatim to the client. Form elements sent from the client are automatically parsed and placed into environment variables. The script can then reference the variables without any extra work. Mime data sent via the enctype="multipart/form-data" method is transparently decoded. This method is used when uploading files from the client. Attempts to drop its privileges to the uid/gid of the owner of the script for security.
Xonsh is a modern, full-featured and cross-platform shell. The language is a superset of Python 3.6+ with additional shell primitives that you are used to from Bash and IPython. It works on all major systems including Linux, OSX, and Windows. Xonsh is meant for the daily use of experts and novices.
The xonsh shell lets you easily mix Python and shell commands in a powerful and simplified approach to the command line.
Github: https://github.com/xonsh/xonsh
Linux-like shell interface for MicroPython. ( See cpy_shell for the CircuitPython version.) Inspired by mipyshell and busybox, here is a command-line shell for your MicroPython board carefully implementing a range of useful commands and features.
Everything is written to save RAM and Flash; command bytecode is not loaded if you don't run the command, history is stored in a file, not in RAM, pipes use flash instead of RAM, command recall and editing and tab-completion is intelligent, etc.
import sh starts the shell.
Has a surprising amount of functionality! Very Busybox-like.
Dehydrated is a client for signing certificates with an ACME-server (e.g. Let's Encrypt) implemented as a relatively simple (zsh-compatible) bash-script. This client supports both ACME v1 and the new ACME v2 including support for wildcard certificates! It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed. Other dependencies are: cURL, sed, grep, awk, mktemp (all found pre-installed on almost any system, cURL being the only exception).
Current features:
- Signing of a list of domains (including wildcard domains!)
- Signing of a custom CSR (either standalone or completely automated using hooks!)
- Renewal if a certificate is about to expire or defined set of domains changed
- Certificate revocation
- and lots more.
Generally you want to set up your WELLKNOWN path first, and then fill in domains.txt. Please note that you should use the staging URL when experimenting with this script to not hit Let's Encrypt's rate limits. See docs/staging.md.
The security helper tool was created to help you reduce the probability of a security violation in a new code, infrastructure or IAM configuration by providing a fast and easy tool to conduct preliminary security check as early as possible within your development process.
It is not a replacement of a human review nor standards enforced by your team/customer. It uses light, open source tools to maintain its flexibility and ability to run from anywhere. ASH is cloning and running different open-source tools, such as: git-secrets, bandit, Semgrep, Grype, Syft, nbconvert, npm-audit, checkov, cdk-nag and cfn-nag. Please review the LICENSE file before use.
A CLI stopwatch utility written as a self-contained shell script. Counts up, can save the last time value and resume at that point.
A collection of handy Bash One-Liners, hotkeys, and terminal tricks for data processing and Linux system maintenance.
Github org for Simplenetes, a full implementation of Kubernetes with shell scripts. Does not require root.
Associative arrays (hash tables) in bash.
The manpage for the ASH shell.
A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php. This awesome collection is also available on Unix-Shell.ZEEF.com.
A collection of pure POSIX sh alternatives to external processes.
Wallabag-client is a command line client for the self hosted read-it-later app wallabag. Unlike to other services, wallabag is free and open source.
Wallabag-client is refactored version of existed wallabag-cli tool.
List articles, read articles, add and delete entries, make minor edits.
Convert the name of your main development branch from master to main with ease.
Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis was commonly used by system administrators and auditors to assess the security defenses of their systems.
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection
A simple, self-contained, serverless, zero-configuration, json document store.