Free Cybersecurity Tools
Find the right solution for your security needs without any cost.Explore 2627 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
LATEST ADDITIONS
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
A ruby script that scans for vulnerable 3rd-party web applications
A ruby script that scans for vulnerable 3rd-party web applications
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.
shellfirm will prompt challenges to verify risky shell commands, acting as a captcha for your terminal.
shellfirm will prompt challenges to verify risky shell commands, acting as a captcha for your terminal.
Go bindings for YARA with installation and build instructions.
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A tool for reading Portable Executable (PE) files with detailed information about the file structure.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Metabadger helps prevent SSRF attacks on AWS EC2 by automating upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
A machine learning-based approach to detect and prevent data breaches using natural language processing and machine learning algorithms.
A machine learning-based approach to detect and prevent data breaches using natural language processing and machine learning algorithms.
Ansible role for deploying and managing Bifrozt honeypots
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
Fake SSH server that sends push notifications for login attempts
Fake SSH server that sends push notifications for login attempts
A PowerShell toolkit for attacking Azure environments