The Largest Platform to Find Cybersecurity Tools

MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.

Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.

Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.

Clevis is a pluggable framework that enables automated decryption of data and LUKS volumes through a pin-based plugin system.

PacBot is a cloud security platform that provides continuous compliance monitoring, automated policy enforcement, and security reporting through policy-as-code implementation and multi-source data integration.

An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.

Logdissect is a CLI utility and Python library for analyzing log files and other data.

On-demand access to AWS and ISV compliance reports with time-saving benefits.

Python script to parse the NTFS USN Change Journal.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.

An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.

Azure DDoS Protection and Mitigation Services by Microsoft Azure for secure cloud solutions.

Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.

testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.

Boofuzz is a network protocol fuzzing tool that aims to fuzz everything

A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.

A wargame composed of 27 levels, with files needed in /vortex/ directory.

Reverts sha1 integrity back to sha512 in lock files for enhanced security.

Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.

Makes output from the tcpdump program easier to read and parse.

An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.

A tool that removes Exif metadata from images stored in AWS S3 buckets to protect privacy and eliminate sensitive embedded information.