Find the right solution for your security needs without any cost.Explore 2629 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
Endian Firewall Community is a free, open-source Linux-based firewall solution that provides network security, VPN access, email protection, and traffic management features for home networks.
Endian Firewall Community is a free, open-source Linux-based firewall solution that provides network security, VPN access, email protection, and traffic management features for home networks.
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.
Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.
Suped is an email deliverability platform that provides DMARC monitoring, email authentication management, and deliverability optimization tools to protect domains from spoofing and improve inbox placement rates.
Suped is an email deliverability platform that provides DMARC monitoring, email authentication management, and deliverability optimization tools to protect domains from spoofing and improve inbox placement rates.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.
An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.
A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.
A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
SafeLine WAF is an open-source web application firewall that protects web services by filtering malicious HTTP traffic through intelligent semantic analysis and machine learning-based detection.
SafeLine WAF is an open-source web application firewall that protects web services by filtering malicious HTTP traffic through intelligent semantic analysis and machine learning-based detection.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.
A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.
A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.
A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.
A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A low-interaction honeypot that simulates network services to detect and monitor potential intrusion attempts on internal networks.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
A secret scanning tool that examines NPM modules and ZIP files for exposed credentials and sensitive information using nuclei templates.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.
AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.