The Largest Collection of Cybersecurity Tools
Explore 3010 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Continually audit your AWS usage to simplify risk and compliance assessment.
Continually audit your AWS usage to simplify risk and compliance assessment.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
YARA syntax highlighting for Gtk-based text editors
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.
A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.
A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.
A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
A JavaScript steganography module that hides encrypted secrets within text using invisible Unicode characters for covert communication across web platforms.
Comprehensive endpoint security solution for enterprise networks and SMBs
Comprehensive endpoint security solution for enterprise networks and SMBs
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
A set of 48 practical programming exercises in cryptography and application security
A set of 48 practical programming exercises in cryptography and application security
Infosec Resources provides extensive cybersecurity training and certifications to boost cybersecurity skills and careers.
Infosec Resources provides extensive cybersecurity training and certifications to boost cybersecurity skills and careers.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
HoneyDB is a honeypot-based threat intelligence platform that provides real-time insights into attacker behavior and malicious activity on networks.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
A script to enumerate Google Storage buckets and determine access and privilege escalation
A script to enumerate Google Storage buckets and determine access and privilege escalation
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
AVEVA is an industrial software provider offering engineering, operations, and data management solutions for operational technology environments across various industrial sectors.
AVEVA is an industrial software provider offering engineering, operations, and data management solutions for operational technology environments across various industrial sectors.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
Collection of malware persistence information and techniques
Collection of malware persistence information and techniques