The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Command line tool for testing CRLF injection on a list of domains.
Command line tool for testing CRLF injection on a list of domains.
A tool to declutter URL lists for crawling and pentesting
A security tool to identify interesting files in AWS S3 buckets
A Burp Suite extension that formats GraphQL requests for easier reading
A Burp Suite extension that formats GraphQL requests for easier reading
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
A command-line tool for parsing, creating, and manipulating JWT tokens
A framework for testing and exploiting race conditions in software
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A tool to dump a Git repository from a website
A collection of tools for extracting and analyzing information from .git repositories
A collection of tools for extracting and analyzing information from .git repositories
A tool for taking a list of resolved subdomains and outputting any corresponding CNAMES en masse.
A tool for taking a list of resolved subdomains and outputting any corresponding CNAMES en masse.
A tool for detecting and exploiting vulnerabilities in web applications
A tool for detecting and exploiting vulnerabilities in web applications
Burp extension for identifying cloud buckets and testing for vulnerabilities
Burp extension for identifying cloud buckets and testing for vulnerabilities
A command-line tool for taking website screenshots and mobile emulations
A command-line tool for taking website screenshots and mobile emulations
A collection of scripts for Turbo Intruder, a penetration testing tool
A collection of scripts for Turbo Intruder, a penetration testing tool
A tool for analyzing pentest screenshots using a convolutional neural network
A tool for analyzing pentest screenshots using a convolutional neural network
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.