Free Cybersecurity Tools
Find the right solution for your security needs without any cost.Explore 2627 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
LATEST ADDITIONS
Machine learning project for intuitive threat analysis with a web interface.
Machine learning project for intuitive threat analysis with a web interface.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
A Perl honeypot program for monitoring hostile traffic and wasting hackers' time.
Open Source computer forensics platform with modular design for easy automation and scripting.
Open Source computer forensics platform with modular design for easy automation and scripting.
A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.
A discontinued project for Windows system administration that has been archived due to the author's dissatisfaction with the Windows operating system.
A module-based AWS response tool for incident response in AWS environments.
A module-based AWS response tool for incident response in AWS environments.
Check if a domain is in the Alexa or Cisco top one million domain list.
Check if a domain is in the Alexa or Cisco top one million domain list.
Open-source universal secret manager for developers with seamless integration to various cloud services and vaults.
Open-source universal secret manager for developers with seamless integration to various cloud services and vaults.
A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.
A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
A collection of security vulnerabilities in regular expressions used in WAFs with a focus on bypass examples and high severity issues.
A PoC tool for generating Excel files with embedded macros without using Excel.
A PoC tool for generating Excel files with embedded macros without using Excel.