Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
DirSearch is a simple tool for finding files and directories on a web server.
DirSearch is a simple tool for finding files and directories on a web server.
A modern directory scanner that can be used to find hidden directories and files on a web server.
A modern directory scanner that can be used to find hidden directories and files on a web server.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A simple tool to take screenshots of HTTPS websites
A simple tool to take screenshots of HTTPS websites
Command line tool for testing CRLF injection on a list of domains.
Command line tool for testing CRLF injection on a list of domains.
A tool to declutter URL lists for crawling and pentesting
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A Burp Suite extension that formats GraphQL requests for easier reading
A Burp Suite extension that formats GraphQL requests for easier reading
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
A command-line tool for parsing, creating, and manipulating JWT tokens
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
A wordlist to bruteforce for Local File Inclusion (LFI) vulnerabilities
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A toolkit for detecting and tracking Blind XSS, XXE, and SSRF vulnerabilities
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A tool for taking a list of resolved subdomains and outputting any corresponding CNAMES en masse.
A tool for taking a list of resolved subdomains and outputting any corresponding CNAMES en masse.
