The Largest Collection of Cybersecurity Tools

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

ThreatNote is a threat intelligence platform that provides real-time updates on emerging cybersecurity threats, vulnerabilities, and attack vectors to help organizations enhance their security posture.

CyBot is a free and open source threat intelligence chat bot with a community-driven plugin framework.

Exploiting simple stack overflow vulnerabilities using return oriented programming (ROP) to defeat data execution prevention - DEP.

YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.

Frontpage of the IO wargame with various versions and connection details.

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

Docker-based honeypot setup with detailed installation and configuration instructions.

Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.

EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.

RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.

A simple Docker-based honeypot to detect port scanning

CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.

kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.

A honeypot system that simulates RDP services on port 3389, automatically assigns virtual machines to incoming connections, and captures comprehensive forensic data including packet captures and disk images.

CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.

A tool that reveals invisible links within JavaScript files

pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.

Andrew Case's personal page for research, software projects, and speaking events

A standard for conducting penetration tests, covering seven main sections from planning to reporting.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.

DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.