The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool that executes programs in memory from various sources
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
A high-performance digital forensics exploitation tool for extracting structured information from various inputs without parsing file system structures.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
Impost is a powerful network security auditing tool with honey pot and packet sniffer capabilities.
Contains various use cases of Kubernetes Network Policies and sample YAML files.
Contains various use cases of Kubernetes Network Policies and sample YAML files.
A wargame that challenges your hacking skills
Santa is a binary and file access authorization system for macOS.
A collection of mobile security resources with tools, white papers, ebooks, and webinars.
A collection of mobile security resources with tools, white papers, ebooks, and webinars.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
A tool that safely installs packages with npm/yarn by auditing them as part of your install process.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
The Node.js Bug Bounty Program is a program aimed at identifying and fixing security vulnerabilities in the Node.js ecosystem.
A DevSecOps command line asset inventory tool
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
steg86 is a format-agnostic steganographic tool for x86 and AMD64 binaries.
steg86 is a format-agnostic steganographic tool for x86 and AMD64 binaries.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Tool to inform about potential risks in project dependencies list.
Tool to inform about potential risks in project dependencies list.
Community-driven collection of open source tools being archived with limited support.
Community-driven collection of open source tools being archived with limited support.
Automate the process of writing YARA rules based on executable code within malware.
Automate the process of writing YARA rules based on executable code within malware.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
An informational repo about hunting for adversaries in your IT environment.
An informational repo about hunting for adversaries in your IT environment.
A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.
A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
A collection of real-world scenarios to evaluate command injection detection and exploitation abilities
Collection of CTF writeups from September 2018 onwards, including various CTFs and HackTheBox.
Collection of CTF writeups from September 2018 onwards, including various CTFs and HackTheBox.