The Largest Collection of Cybersecurity Tools
Explore 3011 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
Porting GNU/Linux userland tools to the bionic/Linux userland of Android to provide access to the audit stream for Android applications with minimal overhead.
A file search and query tool for ops and security experts.
Comprehensive guide for Iptables configuration and firewall rules.
Comprehensive guide for Iptables configuration and firewall rules.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A tool for identifying potential security vulnerabilities in web applications
A tool for identifying potential security vulnerabilities in web applications
Microsoft Azure service for safeguarding cryptographic keys and secrets.
Microsoft Azure service for safeguarding cryptographic keys and secrets.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
A Fake Protocol Server tool with support for multiple network services and protocols.
A Fake Protocol Server tool with support for multiple network services and protocols.
A tool for generating permutations, alterations and mutations of subdomains and resolving them
A tool for generating permutations, alterations and mutations of subdomains and resolving them
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.
A free, open-source file data recovery software that can recover lost files from hard disks, CD-ROMs, and digital camera memory.
A free, open-source file data recovery software that can recover lost files from hard disks, CD-ROMs, and digital camera memory.
An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.
An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.
GPG Sync is a tool designed to keep OpenPGP public keys up-to-date within an organization by offloading the complexity of key management to a single trusted person.
GPG Sync is a tool designed to keep OpenPGP public keys up-to-date within an organization by offloading the complexity of key management to a single trusted person.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.
Node library for calling Google Play APIs with Nexus device behavior.
