Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Featured Repo: GHIDRA

Ghidra's homepage

Ghidra is a software reverse engineering (SRE) framework that helps analyze malicious code and malware like viruses.

VIEW REPO

NSA-Developed Open Source Software

Welcome to the National Security Agency’s Open Source Software Site. The software listed below was developed within the National Security Agency and is available to the public for use. We encourage you to check it out!

Apache accumulo

Apache Accumulo

Apache NIFI

Automates the flow of data between systems. NiFi implements concepts of Flow-Based Programming and solves common data flow problems faced by enterprises.

AppLocker-Guidance

Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber

AtomicWatch

Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found. #nsacyber

BAM

The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber

beer-garden

The beer-garden application

BitLocker-Guidance

Configuration guidance for implementing BitLocker. #nsacyber

Blocking-Outdated-Web-Technologies

Guidance for blocking outdated web technologies. #nsacyber

Certificate-Authority-Situational-Awareness

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber

CodeGov

Creates a code.gov code inventory JSON file based on GitHub repository information. #nsacyber

Control-Flow-Integrity

A proposed hardware-based method for stopping known memory corruption exploitation techniques. #nsacyber

Cyber-Challenge

Supporting files for cyber challenge exercises. #nsacyber

datawave

DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.

datawave-muchos

This project leverages Ansible to automate DataWave deployments on your cluster

DCP

Digest, stat, and copy files from one location to another in the same read pass

Detect-CVE-2017-15361-TPM

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Driver-Collider

Blocks drivers from loading by using a name collision technique. #nsacyber

emissary

Distributed P2P Data-driven Workflow Framework

enigma-simulator

An educational demonstration of breaking the Enigma machine

Event-Forwarding-Guidance

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber

femto

Sequence Indexing and Search

fractalrabbit

Simulate realistic trajectory data seen through sporadic reporting

ghidra

Ghidra is a software reverse engineering (SRE) framework

ghidra-data

Supporting Data Archives for Ghidra

goSecure

An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber

GRASSMARLIN

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber

Hardware-and-Firmware-Security-Guidance

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

HIRS

Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber

HTTP-Connectivity-Tester

Aids in discovering HTTP and HTTPS connectivity issues. #nsacyber

lemongraph

Log-based transactional graph engine

lemongrenade

Data-driven automation platform

LOCKLEVEL

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

Maplesyrup

Assesses CPU security of embedded devices. #nsacyber

NB Gallery

nbgallery is a user-friendly Jupyter notebook sharing and collaboration platform.

netfil

A kernel network manager with monitoring and limiting capabilities for macOS. #nsacyber

netman

A userland network manager with monitoring and limiting capabilities for macOS. #nsacyber

Open Network Operations Platform

Radically simplifies the operation of enterprise networks with SDN applications that reside on top of an OpenFlow-capable network controller.

OpenAttestation

Software Development Kit to enable remotely retrieval and verify target platforms integrity

owf-framework

OZONE Widget Framework

paccor

The Platform Attribute Certificate Creator can gather component details, create, sign, and validate the TCG-defined Platform Credential. #nsacyber

Pass-the-Hash-Guidance

Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber

PRUNE

Logs key Windows process performance metrics. #nsacyber

qgis-bulk-nominatim

Provides bulk nominatim geocoding for QGIS

qgis-d3datavis-plugin

QGIS D3 Date and Time Heatmap

qgis-kmltools-plugin

Fast KML Importer Plugin for QGIS

qgis-latlontools-plugin

QGIS tools to capture and zoom to coordinates using decimal, DMS, WKT, GeoJSON, MGRS, UTM, and Plus Codes notation. Provides external map support, MGRS & Plus Codes conversion and point digitizing tools.

qgis-searchlayers-plugin

Enhanced textual vector layer searching in QGIS.

qgis-shapetools-plugin

Shape Tools creates geodesic shapes and includes a number of geodesic tools for QGIS including the XY to Line tool, geodesic densify tool, geodesic line break, geodesic measure tool, geodesic measurement layer, geodesic scale, rotate and translate tool, and digitize points at an azimuth & distance tools.

qonduit

A WebSocket library for use with Apache Accumulo

RandPassGenerator

A command-line utility for generating random passwords, passphrases, and raw keys. #nsacyber

RedhawkSDR

A software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications.

Scap Security Guide (SSG)

Security compliance content in SCAP, Bash, Ansible, and other formats

SECURITY ENHANCEMENTS FOR ANDROID (SEANDROID)

Confines privileged processes based on security policies by enforcing mandatory access control over all Android processes. SE for Android has been part of Android since Android 4.3.

SECURITY-ENHANCED LINUX (SELINUX)

A mandatory access control mechanism in the Linux kernel that checks for allowed operations after standard discretionary access controls are checked. It can enforce rules on files and processes in a Linux system, and on the actions they perform, based on defined policies. SELinux has been part of the Linux kernel since version 2.6.0.

serial2pcap

Converts serial IP data, typically collected from Industrial Control System devices, to the more commonly used Packet Capture (PCAP) format. #nsacyber

simon-speck

The SIMON and SPECK families of lightweight block ciphers. #nsacyber

simon-speck-supercop

Fast implementations of the SIMON and SPECK lightweight block ciphers for the SUPERCOP benchmark toolkit. #nsacyber

SIMP

A system automation and configuration management stack targeted toward operational flexibility and policy compliance.

Splunk-Assessment-of-Mitigation-Implementations

Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber

timely

Accumulo backed time series database

unfetter

The main project for the Unfetter-Discover application. This is the project that will hold the configuration files, the docker-compose files, issue tracking, and documentation

WALKOFF

A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

WALKOFF-Apps

WALKOFF-enabled applications. #nsacyber

waterslide

WaterSlide is a streaming event-at-a-time architecture for processing metadata. It is designed to take in a set of streaming events from multiple sources, process them through a set of modules ("kids"), and return meaningful outputs.

Windows-Event-Log-Messages

Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber

Windows-Secure-Host-Baseline

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber