Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Cloud Native Runtime Security

Linux Runtime Security and Forensics using eBPF

Kernel-enforced agent sandbox and agent security CLI and SDKs. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

ebpfkit is a rootkit powered by eBPF

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)

Deep Linux runtime visibility meets Wireshark

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

The antivirus for OpenClaw — approve dangerous actions, scan skills, block secret leaks, and keep humans in control, for safety.

🐝 BPFBox 📦 Exploring process confinement in eBPF

Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.

Community curated list of System and Network policy templates for the KubeArmor and Cilium

AI Agent Security Middleware — 8-layer defense, DLP data flow, prompt injection detection, zero dependencies. SDK + OpenClaw plugin.

eBPF Security Monitoring Agent Based on Aya

Kubernetes offensive framework built in eBPF

PyRASP is a Runtime Application Self Protection package for Python-based Web Servers (Flask, FastAPI and Django), Serverless Functions (AWS Lambda, Azure and Google Cloud Functions) and MCP Servers (FastMCP)

Runtime security layer for multi-agent AI. 23 anomaly types. OWASP MCP Top 10 coverage. Active intervention. 100% local.

Linux based vulnerabilities (CVE) exploit detection through runtime security using Falco/Osquery/Yara/Sigma

Obfuscation framework. Safeguard Your Sensitive Data

Jibril: A performant and low impact Linux runtime security tool agent.

Proactive security monitoring and threat detection in CI/CD

Ansible playbooks to provision firecracker VMs and run Falco kernel tests

Declarative firewall for OpenClaw tool calls.

Dralyxor: Advanced C++ header-only library for robust string obfuscation, shielding binaries from static/dynamic analysis. Uses a consteval micro-program engine with variable NOPs. Runtime anti-debug/tamper checks (canaries, content checksums) plus RAII "just-in-time" decryption ensure secure, minimal memory exposure of plain-text data.

Runtime security proxy for MCP: lockfile enforcement, drift detection, artifact pinning, Sigstore/Ed25519 signing, CEL policy, OpenTelemetry tracing. Works with Claude Desktop, LangChain, AutoGen, CrewAI.

A Minecraft client injection platform with in-environment JVM object resolution against obfuscation.

Runtime security layer for AI agents — enforces policy on tool calls to help prevent prompt injection, unsafe actions, and data exfiltration.

eBPF-based runtime agent for Endpoint Detection and Response for Linux based operating systems.