The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A collection of Ansible roles for hardening various systems and services
A collection of Ansible roles for hardening various systems and services
A library for validating and accessing environment variables in Node.js programs
A library for validating and accessing environment variables in Node.js programs
A suite of secret scanners built in Rust for performance.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A Low-cost ICS Security Testbed for Education and Research
A technique to encode data within DNS queries for covert communication channels.
A technique to encode data within DNS queries for covert communication channels.
gVisor is an application kernel that provides isolation for running sandboxed containers.
gVisor is an application kernel that provides isolation for running sandboxed containers.
Check for known vulnerabilities in your Node.js installation.
Check for known vulnerabilities in your Node.js installation.
An open-source tool for finding security vulnerabilities, compliance issues, and infrastructure misconfigurations in infrastructure-as-code
An open-source tool for finding security vulnerabilities, compliance issues, and infrastructure misconfigurations in infrastructure-as-code
GCTI's open-source detection signatures for malware and threat detection
GCTI's open-source detection signatures for malware and threat detection
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
OpenPhish provides real-time phishing trends, detecting new phishing URLs and targeting various brands.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A minimal library to generate YARA rules from JAVA with maven support.
A minimal library to generate YARA rules from JAVA with maven support.
Repository of tools for testing iPhone messaging by Project Zero
Repository of tools for testing iPhone messaging by Project Zero
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A comprehensive list of search filters for the SHODAN search engine.
A comprehensive list of search filters for the SHODAN search engine.
A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.
A collaborative forensic timeline analysis tool for organizing and analyzing data with rich annotations and comments.
A Python script to check system compliance against CIS Benchmarks with customizable options.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Metadata repository with installation tools and cloud provider support.
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
Fast, smart, effective port scanner with extensive extendability and adaptive learning.
A program to extract IOCs from text files using regular expressions
A program to extract IOCs from text files using regular expressions
Advanced Endpoint Protection is a complete endpoint protection platform that provides advanced threat protection against ransomware, data breaches, and malware.
Advanced Endpoint Protection is a complete endpoint protection platform that provides advanced threat protection against ransomware, data breaches, and malware.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.