The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.
Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Okta Workforce Identity Cloud is an identity and access management platform that provides secure, streamlined access for an organization's workforce across various applications and resources.
Okta Workforce Identity Cloud is an identity and access management platform that provides secure, streamlined access for an organization's workforce across various applications and resources.
Okta Customer Identity Cloud is a CIAM solution that provides secure, customizable identity management for consumer and SaaS applications.
Okta Customer Identity Cloud is a CIAM solution that provides secure, customizable identity management for consumer and SaaS applications.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
XBOW is an AI-driven tool that autonomously discovers and exploits web application vulnerabilities, aiming to match the capabilities of experienced human pentesters.
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.
A comprehensive guide on utilizing advanced SSH tunneling techniques for network penetration testing and red team engagements, with a focus on Windows environments and firewall bypass methods.
A comprehensive guide on utilizing advanced SSH tunneling techniques for network penetration testing and red team engagements, with a focus on Windows environments and firewall bypass methods.
A comprehensive guide on Linux persistence mechanisms, focusing on scheduled tasks and jobs, their implementation, detection, and hunting strategies.
A comprehensive guide on Linux persistence mechanisms, focusing on scheduled tasks and jobs, their implementation, detection, and hunting strategies.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
The Ransomware Tool Matrix is a repository that lists and categorizes tools used by ransomware gangs, aiding in threat hunting, incident response, and adversary emulation.
AWS IAM Access Analyzer is a tool for implementing and maintaining least privilege access in AWS environments through automated analysis and validation of IAM policies and permissions.
AWS IAM Access Analyzer is a tool for implementing and maintaining least privilege access in AWS environments through automated analysis and validation of IAM policies and permissions.
A comprehensive analysis of AWS IAM Access Analyzer, evaluating its capabilities, limitations, and effectiveness in identifying publicly exposed AWS resources.
A comprehensive analysis of AWS IAM Access Analyzer, evaluating its capabilities, limitations, and effectiveness in identifying publicly exposed AWS resources.
OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.
OpenVAS is an open-source vulnerability scanner that provides extensive testing capabilities for identifying security weaknesses in networks and systems.
Wazuh is an open-source security platform offering unified XDR and SIEM protection for endpoints and cloud workloads, integrating various security functions into a single architecture.
Wazuh is an open-source security platform offering unified XDR and SIEM protection for endpoints and cloud workloads, integrating various security functions into a single architecture.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.
EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.
EvoMaster is an open-source tool that automatically generates system-level test cases for web APIs using AI-driven techniques.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.