Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
Simple script to check a domain's email protections and identify vulnerabilities.
Simple script to check a domain's email protections and identify vulnerabilities.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
BotScout.com provides proactive bot detection, screening, and banning through a powerful API.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.
Komiser is an open-source cloud-agnostic resource manager that analyzes and manages cloud cost, usage, security, and governance across multiple cloud providers in a unified platform.
Komiser is an open-source cloud-agnostic resource manager that analyzes and manages cloud cost, usage, security, and governance across multiple cloud providers in a unified platform.
A leading cybersecurity podcast network offering in-depth discussions on current security trends and insights.
A leading cybersecurity podcast network offering in-depth discussions on current security trends and insights.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
A command-line tool for searching AWS CloudWatch logs using pattern matching with configurable parameters for log groups, time ranges, and regions.
A command-line tool for searching AWS CloudWatch logs using pattern matching with configurable parameters for log groups, time ranges, and regions.
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
A Node.js Ebook by GENTILHOMME Thomas, covering Node.js development and resources
A honeypot tool with RDP and VNC feed support.
Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.
Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
hpfeeds is a lightweight authenticated publish-subscribe protocol with Python 3 compatible broker and client.
hpfeeds is a lightweight authenticated publish-subscribe protocol with Python 3 compatible broker and client.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A collection of detailed CTF challenge writeups organized by category, providing explanations of problems and their solutions for educational purposes.
A collection of detailed CTF challenge writeups organized by category, providing explanations of problems and their solutions for educational purposes.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
drozer is an open source Android security testing framework that identifies vulnerabilities in mobile apps and devices through Android Runtime and IPC endpoint interaction.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
Package verification tool for npm with various verification and testing capabilities.
Package verification tool for npm with various verification and testing capabilities.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
An Outlook add-in that enables one-click reporting of suspicious emails to security teams with integrated statistics tracking and SMTP header collection.
API for querying domain security information, categorization, and related data.
API for querying domain security information, categorization, and related data.
A secure file and drive wiping tool that overwrites data with randomized ASCII characters to prevent data recovery.
A secure file and drive wiping tool that overwrites data with randomized ASCII characters to prevent data recovery.
A network responder supporting various protocols with minimal assumptions on client intentions.
A network responder supporting various protocols with minimal assumptions on client intentions.
