Open-source security tools for a safer digital world 🇱🇺
The National Cybersecurity Competence Center (NC3) is Luxembourg's dedicated center for cybersecurity excellence, operating under the Luxembourg House of Cybersecurity. Our mission is to strengthen the cyber protection of companies, institutions, and all stakeholders across the Grand Duchy and beyond.
We work across four strategic pillars:
| Pillar | Description | |
|---|---|---|
| 📚 | Learn | Build knowledge and understand the evolving cyber landscape |
| 🔍 | Assess | Evaluate organizational risks and develop cyber resilience roadmaps |
| 🎮 | Practice | Conduct realistic cyber simulations and staff training exercises |
| 🚀 | Deploy | Implement strategic solutions, tools, and best practices at scale |
NC3 develops and maintains an open-source cybersecurity portfolio spanning threat assessment, governance, infrastructure testing, and cyber range training. All our tools are designed to be modular, interoperable, and community-driven.
| Project | Description | Language | License |
|---|---|---|---|
| TestingPlatform | Internet security standards testing platform | Python | AGPL-3.0 |
| cyberfraud.lu | Cyber fraud awareness portal for Luxembourg | TypeScript | AGPL-3.0 |
| code.lhc.lu | Open-source at Luxembourg House of Cybersecurity | CSS | MIT |
Our work extends across several dedicated GitHub organizations, each focused on a specific domain of cybersecurity.
Governance platform components developed by NC3-LU, including the NIS Incident Notification Platform (NISINP) and integration with the MONARC risk analysis framework.
Highlights:
- NISINP — Regulatory incident reporting
- MONARC integration for risk-driven governance
- Open governance architecture documentation
🛡️ MONARC
A tool and method for optimised, precise, and repeatable risk assessment. MONARC enables organisations of all sizes to conduct cost-effective security risk analyses by capitalising on previously identified vulnerabilities and threats across similar business contexts.
Highlights:
- Context establishment, asset modelling, and risk evaluation
- Reusable knowledge base of threats and vulnerabilities
- Ongoing security monitoring and reporting
A modular v4 security and network analysis toolkit for evaluating domains and mail infrastructure. Each module operates as a standalone service with a consistent API interface.
Modules:
subdomainenum— Passive & active subdomain discoverymailvalidator— SPF, DKIM, DMARC validationheadersvalidator— HTTP security headers analysischainvalidator— TLS/SSL & DNSSEC chain validationzoneripper— DNSSEC zone walking vulnerability testing
🎯 Range#42
A modular cyber range platform built on Proxmox and Ansible, enabling deployment of reproducible offensive, defensive, and hybrid training environments. A single operator workstation can manage multiple infrastructures running diverse lab scenarios.
Highlights:
- Infrastructure-as-code with Ansible playbooks
- Pre-built lab scenarios (network, offensive, defensive)
- Reusable role catalog for firewalls, VMs, and security tools
- Led by NC3 and DIGISQUAD teams
🔄 openXeco
openXeco (open exchange for ecosystems, OXE) is an open-source initiative designed to manage and interconnect ecosystems.
Highlights:
- Community management
- ECCC ATLAS connector
- V2 under development
NC3 collaborates closely with the national and international cybersecurity community:
All our projects are open source and contributions are welcome. Whether you're reporting a bug, suggesting a feature, or submitting a pull request — check the CONTRIBUTING.md in each repository to get started.
For general inquiries or collaboration proposals, reach out at opensource@nc3.lu.
Building a safer digital Luxembourg — one commit at a time.
📍 122 rue Adolphe Fischer, L-1521 Luxembourg | 📞 +352 274 00 98 601 | 🌐 nc3.lu
