Free Cybersecurity Tools
Find the right solution for your security needs without any cost.
Explore 2624 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
LATEST ADDITIONS
An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.
An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.
Steampipe is a zero-ETL solution for getting data directly from APIs and services.
Steampipe is a zero-ETL solution for getting data directly from APIs and services.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
Steganographic Swiss army knife for encoding and decoding data into images.
Steganographic Swiss army knife for encoding and decoding data into images.
The SOC Academy offers official VirusTotal certification courses to help cybersecurity professionals maximize its functionalities and advance their careers.
The SOC Academy offers official VirusTotal certification courses to help cybersecurity professionals maximize its functionalities and advance their careers.
Show the history and changes between configuration versions of AWS resources
Show the history and changes between configuration versions of AWS resources
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
Pwndbg is a GDB plug-in that enhances the debugging experience for low-level software developers, hardware hackers, reverse-engineers, and exploit developers.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
ONYPHE is a cyber defense search engine that discovers exposed assets and provides real-time monitoring to identify vulnerabilities and potential risks.
ONYPHE is a cyber defense search engine that discovers exposed assets and provides real-time monitoring to identify vulnerabilities and potential risks.
Open-source honeypot tool for detecting and analyzing malicious activities in the Apache Struts exploit.
A Scriptable Android Debugger for reverse engineers and developers.
A project sharing malicious URLs used for malware distribution to help protect networks.
A project sharing malicious URLs used for malware distribution to help protect networks.
