The Largest Collection of Cybersecurity Tools

A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.

A collection of customizable automation scripts for Turbo Intruder that facilitate vulnerability scanning, exploitation, and data extraction in penetration testing workflows.

A tool for analyzing pentest screenshots using a convolutional neural network

A DNS rebinding attack framework for security researchers and penetration testers.

SSTImap is an automated detection tool that identifies Server-Side Template Injection vulnerabilities in web applications through systematic testing and analysis.

A tool to discover new target domains using Content Security Policy

A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.

JavaScript library scanner and SBOM generator

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.

S3cario is an AWS S3 bucket security testing tool that validates permissions and identifies potential vulnerabilities through scenario simulation.

A simple Python script to test for a hypothetical JWT vulnerability

An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.

A command line utility for searching and downloading exploits from multiple exploit databases including Exploit-DB and Packet Storm.

A PowerShell security assessment script that evaluates Siemens SIMATIC PCS 7 industrial control systems for security misconfigurations and vulnerabilities.

Cybersecurity training platform with courses, certifications, and study guides.

A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.

VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.

Insider is an open-source CLI tool that performs static source code analysis to detect OWASP Top 10 vulnerabilities across multiple programming languages including Java, Kotlin, Swift, .NET, C#, and JavaScript.

A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.

mXtract is a Linux-based tool for memory analysis and dumping with regex pattern search capabilities.

TrailScraper is a command-line tool for extracting information from AWS CloudTrail logs and generating IAM policies based on actual API usage patterns.

A tool that generates .NET serialized gadgets for triggering assembly load and execution through BinaryFormatter deserialization in JavaScript, VBScript, and VBA scripts.

A comprehensive resource for threat hunting in Active Directory environments, covering tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity.