Free Cybersecurity Tools

Web and email security scanner that checks 16 critical security points in 60 seconds

Open-source platform for pentest reporting and security team collaboration

MCP server enabling AI agents to autonomously run 150+ security tools

Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.

Endian Firewall Community is a free, open-source Linux-based firewall solution that provides network security, VPN access, email protection, and traffic management features for home networks.

Password manager with end-to-end encryption and identity protection features

A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.

An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.

Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.

Suped is an email deliverability platform that provides DMARC monitoring, email authentication management, and deliverability optimization tools to protect domains from spoofing and improve inbox placement rates.

An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.

A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.

A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.

A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.

A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.

SafeLine WAF is an open-source web application firewall that protects web services by filtering malicious HTTP traffic through intelligent semantic analysis and machine learning-based detection.

A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.

An automated web application security scanner that evaluates JavaScript library vulnerabilities and HTTP security headers to assess website security posture.

A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.

A forensic analysis tool that extracts and parses logs, notifications, and system information from iOS/iPadOS devices and backups.

A network forensics toolkit that transforms network traffic data into graph-based representations for interactive analysis and visualization through a web interface.

A proof-of-concept Node.js tool that demonstrates automated MFA bypass techniques for Microsoft Outlook accounts using browser automation.

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.