The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
A non-profit organization focused on improving the security of software through resources and training.
A non-profit organization focused on improving the security of software through resources and training.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Cross-site scripting labs for web application security enthusiasts
Cross-site scripting labs for web application security enthusiasts
Inspeckage is a dynamic analysis tool for Android applications offering insights into app behavior and real-time monitoring capabilities.
Inspeckage is a dynamic analysis tool for Android applications offering insights into app behavior and real-time monitoring capabilities.
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
An observation camera honeypot for proof-of-concept purposes
In-depth analysis of real-world attacks and threat tactics
In-depth analysis of real-world attacks and threat tactics
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A comprehensive cheatsheet for XSS filter evasion techniques.
A comprehensive cheatsheet for XSS filter evasion techniques.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.
A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
Stixview is a JS library for embeddable interactive STIX2 graphs, aiming to bridge the gap between CTI stories and structured CTI snapshots.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A community-led project focused on standardizing security event logs.
A community-led project focused on standardizing security event logs.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
Rspamd is an advanced spam filtering system and email processing framework that evaluates messages using multiple analysis methods and integrates with MTAs for high-volume email processing.
Rspamd is an advanced spam filtering system and email processing framework that evaluates messages using multiple analysis methods and integrates with MTAs for high-volume email processing.