Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
A blog post discussing the often overlooked dangers of CSV injection in applications.
A blog post discussing the often overlooked dangers of CSV injection in applications.
Java decompiler GUI tool for Procyon under Apache License.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
rpCheckup is an AWS resource policy security analysis tool that identifies public, external, intra-organizational, and private resource access patterns across AWS accounts.
rpCheckup is an AWS resource policy security analysis tool that identifies public, external, intra-organizational, and private resource access patterns across AWS accounts.
A fully managed service that securely stores, rotates, and manages sensitive data such as database credentials and API keys.
A fully managed service that securely stores, rotates, and manages sensitive data such as database credentials and API keys.
A simple Postgres honey pot inspired by Elastichoney.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.
Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.
A multithreaded YARA scanner for incident response or malware zoos.
A multithreaded YARA scanner for incident response or malware zoos.
A tool for automated security scanning of web applications and manual penetration testing.
A tool for automated security scanning of web applications and manual penetration testing.
A low-interaction SSH honeypot that logs connection attempts, usernames, and passwords without allowing actual login access.
A low-interaction SSH honeypot that logs connection attempts, usernames, and passwords without allowing actual login access.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
A simpler version of a honeypot that looks for connections from external parties and performs a specific action, usually blacklisting.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
Fuzzapi is a Rails application with a user-friendly UI for API_Fuzzer gem and Docker setup.
Fuzzapi is a Rails application with a user-friendly UI for API_Fuzzer gem and Docker setup.
A collaborative malware analysis framework with various features for automated analysis tasks.
A collaborative malware analysis framework with various features for automated analysis tasks.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
HoneyThing is a honeypot for Internet of TR-069 things, emulating vulnerabilities and supporting TR-069 protocol.
A collection of detections for Panther SIEM with detailed setup instructions.
A collection of detections for Panther SIEM with detailed setup instructions.
GBHackers offers up-to-date cybersecurity news and insights, focusing on threats, vulnerabilities, and innovative defense strategies.
GBHackers offers up-to-date cybersecurity news and insights, focusing on threats, vulnerabilities, and innovative defense strategies.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
Passive SSL client fingerprinting tool using handshake analysis.
Passive SSL client fingerprinting tool using handshake analysis.
Steganography brute-force utility with performance issues, deprecated in favor of stegseek.
Steganography brute-force utility with performance issues, deprecated in favor of stegseek.
