Free Cybersecurity Tools

JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.

A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.

Vulnerability scanner for Linux/FreeBSD, written in Go, agent-less, informs users of vulnerabilities related to the system and affected servers.

An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.

Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.

A Python library to interface with a cuckoo-modified instance.

A deprecated digital forensics tool by Netflix that helped investigators scope compromises across AWS cloud instances by identifying behavioral differences and outliers during security incidents.

Ensnare is a Ruby on Rails gem that deploys honey traps and automated responses to detect and interfere with malicious behavior in web applications.

Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset

A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.

MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.

Docker Explorer is a forensic tool that enables investigators to explore and analyze offline Docker container filesystems by reconstructing layered filesystem structures.

Runtime Mobile Security (RMS) is a powerful web interface powered by FRIDA for manipulating Android and iOS Apps at Runtime.

COPS is a YAML-based schema standard for creating collaborative DFIR playbooks that provide structured guidance for incident response processes.

A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.

Automated script to install and deploy a honeypot with kippo, dionaea, and p0f on Ubuntu 12.04.

A powerful enumeration tool for discovering assets and subdomains.

Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.

Pure Python implementation of Microsoft RDP protocol with various tools and support for different security layers.

MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.

A collection of Mac OS X and iOS forensics resources with a focus on artifact collection and collaboration.

A generator for YARA rules that creates rules from strings found in malware files while removing strings from goodware files.

An open convention/conference discussing computer security, privacy, and information technology

A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.