Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
A subdomain enumeration tool for bug hunting and pentesting
A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.
A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.
A Chrome extension that automatically detects and lists Amazon S3 buckets while browsing websites.
A Chrome extension that automatically detects and lists Amazon S3 buckets while browsing websites.
A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.
A CLI tool that enhances Nmap with 31 modules containing 459 scan profiles for streamlined network reconnaissance and security assessments.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A subdomain scan tool that helps you find subdomains of a given domain.
A subdomain scan tool that helps you find subdomains of a given domain.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A Go-based web crawler that supports multiple protocols and authentication methods for systematic web resource discovery and collection.
A Go-based web crawler that supports multiple protocols and authentication methods for systematic web resource discovery and collection.
Obtain GraphQL API schema even if the introspection is disabled
A tool for identifying sensitive secrets in public GitHub repositories
A fast CLI tool to find SSRF or Out-of-band resource load
A tool to bypass Content Security Policy (CSP) restrictions
A fast and multi-purpose DNS toolkit for DNS reconnaissance and testing
Pre-commit hook for validating outgoing changeset
A bash script for scanning a target network for HTTP resources through XXE
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
