For the fifth year, GoSecure is encouraging everyone to join Hacktoberfest – a month-long celebration of open-source software. GoSecure has multiple projects open to external contributions. For this event, we have tagged issues that are accessible to newcomers with the official tag [hacktoberfest].
For the fifth year, GoSecure is encouraging everyone to join Hacktoberfest – a month-long celebration of open-source software. GoSecure has multiple projects open to external contributions. For this event, we have tagged issues that are accessible to newcomers with the official tag [hacktoberfest].
Why participate to Hacktoberfest 2021?
Hacktoberfest is the perfect opportunity for users to learn about the internals of the tools they utilize. Users with limited development skills can contribute small improvements, bug fixes and even new features to open-source software. Even small improvements can be highly beneficial to a project if the number of those small contributions are significant enough. In return, you benefit from seeing how the code is organized. Longer term, you have the potential to add missing features when needed. Seeing how large project operates is a good way to improve your software architecture skills.
What project to choose?
There is no universal choice, it depends on your interests and the technologies you are familiar with. Below are a few security-oriented suggestions.
GoSecure Projects
Here are some projects that are maintained by GoSecure:
- PyRDP (Python): RDP Monster-in-the-Middle (MITM) tool and library for Python
- Find Security Bugs (Java): Static code analysis for security audits of Java web applications
- Malboxes (Python, DevOps): Builds malware analysis Windows VMs so that you don’t have to
- PyWSUS (Python): Standalone partial implementation of the WSUS spec. Built for offensive security purposes.
Other Open-Source Projects
Other projects of importance to us:
- ldap-scanner (Python): Checks for signature requirements over LDAP
- Ansible (Python, DevOps): Simple IT automation platform that makes your applications and systems easier to deploy and maintain
- Pwndoc (Javascript, Vuejs): Report generation for penetration testing engagements
- Grafana (Typescript, Go): Observability and data visualization platform
Still looking for a project? Here are the top 10 biggest security project enrolled in Hacktoberfest. (As of October 5th)
- x64dbg (C++): Popular user-mode debugger for Windows. A true modern version of OllyDBG with an active community.
- Payloads All The Things (misc): Less of a code project but a highly used repository for payload cheat sheet. Maybe you can improve its documentation.
- Zed Attack Proxy (Java): HTTP debugging proxy and a powerful vulnerability scanner. It is an OWASP flagship project that continues to innovate.
- KeePassXC (C++): A cross-platform password manager. This project improved everyday user security by making an essential tool accessible to all.
- Ory Hydra (Go): OAuth Provider written in Go. Many web developers benefit from this project. Its docker instances received 38 million downloads.
- Radare2 (C): One of the top reverse engineering tools. It is a powerful alternative to IDA Pro and Ghidra with the support of countless architectures.
- Trivy (Go): Scanner for configuration vulnerabilities in container images, repositories and systems.
- Web Security Testing Guide & Mobile Web Security Testing Guide (misc): Both are documentation for security professionals and developers to improve their practices.
- RustScan (Rust): A fast port scanner. This is a relatively new project as it is only one year old.
