The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A subdomain scan tool that helps you find subdomains of a given domain.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
HTTP parameter discovery suite
A Burp extension to detect alias traversal via NGINX misconfiguration at scale.
A Burp extension to detect alias traversal via NGINX misconfiguration at scale.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A collection of Android security related resources
Obtain GraphQL API schema even if the introspection is disabled
A tool for identifying sensitive secrets in public GitHub repositories
A tool to bypass Content Security Policy (CSP) restrictions
A fast and multi-purpose DNS toolkit for DNS reconnaissance and testing
Pre-commit hook for validating outgoing changeset
A bash script for scanning a target network for HTTP resources through XXE
A bash script for scanning a target network for HTTP resources through XXE
A deserialization payload generator for .NET formatters
DirSearch is a simple tool for finding files and directories on a web server.
DirSearch is a simple tool for finding files and directories on a web server.
A modern directory scanner that can be used to find hidden directories and files on a web server.
A modern directory scanner that can be used to find hidden directories and files on a web server.
A tool to replace query string values with a user-supplied value
A simple tool to take screenshots of HTTPS websites