The Largest Collection of Cybersecurity Tools
Explore 3010 curated tools and resources
Search by name, description, or purpose... (⌘+K)
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
Read by professionals from
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Smart traffic sniffing tool for penetration testers
Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.
Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Collect various intelligence sources for hosts in CSV format.
A tool that visits suspected phishing pages, takes screenshots, and extracts interesting files.
A tool that visits suspected phishing pages, takes screenshots, and extracts interesting files.
Comprehensive business security suite with enhanced features to protect against malware, phishing, and advanced threats.
Comprehensive business security suite with enhanced features to protect against malware, phishing, and advanced threats.
Xcitium's unified zero-trust platform secures endpoints to cloud workloads using patented Zero Dwell technology, providing complete protection from ransomware and malware infections.
Xcitium's unified zero-trust platform secures endpoints to cloud workloads using patented Zero Dwell technology, providing complete protection from ransomware and malware infections.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container, aiding in digital forensic triage.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
A project focusing on understanding and combating threats to the Internet economy and net citizens.
Phish Report is inaccessible without JavaScript and cookies enabled.
Phish Report is inaccessible without JavaScript and cookies enabled.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.
Web interface for the Volatility Memory Forensics Framework
Web interface for the Volatility Memory Forensics Framework
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
A toolkit to attack Office365, including tools for password spraying, password cracking, token manipulation, and exploiting vulnerabilities in Office365 APIs and services.
A Flask-based honeypot that simulates Outlook Web App (OWA) environments to attract and analyze malicious activities targeting OWA systems.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.
A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement
A blog post about abusing exported functions and exposed DCOM interfaces for pass-thru command execution and lateral movement
Pentest active directory LAB project for practicing attack techniques.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
AWS IR is a Python command line utility for automated incident response and mitigation of instance and key compromises in Amazon Web Services environments.
ARM TrustZone provides a secure execution environment for applications on ARM processors.
ARM TrustZone provides a secure execution environment for applications on ARM processors.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
