The Largest Collection of Cybersecurity Tools
Explore 2989 curated tools and resources
Join Mandos Brief
Get weekly cybersecurity updates, straight in your inbox.
PINNED
Promoted • 4 tools
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A powerful penetration testing platform for identifying vulnerabilities and weaknesses in computer systems.
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A ruby script that scans for vulnerable 3rd-party web applications
A ruby script that scans for vulnerable 3rd-party web applications
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
shellfirm will prompt challenges to verify risky shell commands, acting as a captcha for your terminal.
shellfirm will prompt challenges to verify risky shell commands, acting as a captcha for your terminal.
Go bindings for YARA with installation and build instructions.
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
A machine learning-based approach to detect and prevent data breaches using natural language processing and machine learning algorithms.
A machine learning-based approach to detect and prevent data breaches using natural language processing and machine learning algorithms.
Ansible role for deploying and managing Bifrozt honeypots
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
Fake SSH server that sends push notifications for login attempts
Fake SSH server that sends push notifications for login attempts
A PowerShell toolkit for attacking Azure environments
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
A digital artifact extraction framework for extracting data from volatile memory (RAM) samples, providing visibility into the runtime state of a system.
Azure Guardrails enables rapid enforcement of cloud security guardrails by generating Terraform files for Azure Policy Initiatives.
Azure Guardrails enables rapid enforcement of cloud security guardrails by generating Terraform files for Azure Policy Initiatives.
A video-sharing platform for creators to share their content and for users to discover new content, with a focus on cybersecurity.
A collection of CTF source files and write-ups that anyone can contribute to.
A collection of CTF source files and write-ups that anyone can contribute to.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Open source web application security scanner with 200+ vulnerability identification capabilities.
Open source web application security scanner with 200+ vulnerability identification capabilities.
A tool for parsing Google Protobuf encoded blobs without the accompanying definition, providing a colored representation of the contents.
A tool for parsing Google Protobuf encoded blobs without the accompanying definition, providing a colored representation of the contents.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
A reference implementation for collecting events and performing CAR analytics to detect potential adversary activity.
A reference implementation for collecting events and performing CAR analytics to detect potential adversary activity.
