Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.
HoneyView is a tool for analyzing honeyd logfiles graphically and textually.
HoneyView is a tool for analyzing honeyd logfiles graphically and textually.
A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.
A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
Aaia visualizes AWS IAM and Organizations data in Neo4j graph format to help identify security outliers and conduct privilege escalation analysis through Cypher queries.
Aaia visualizes AWS IAM and Organizations data in Neo4j graph format to help identify security outliers and conduct privilege escalation analysis through Cypher queries.
Incident response framework focused on remote live forensics
Incident response framework focused on remote live forensics
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
WordPress honeypot tool running in a Docker container for monitoring access attempts.
WordPress honeypot tool running in a Docker container for monitoring access attempts.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A tool to run YARA rules against node_module folders to identify suspicious scripts
A tool to run YARA rules against node_module folders to identify suspicious scripts
Comprehensive suite for advanced file analysis and software supply chain security.
Comprehensive suite for advanced file analysis and software supply chain security.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
A JavaScript scanner built in PHP for scraping URLs and other information.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
A foundational guide for using deception against computer network adversaries using honeypots to detect adversaries before they accomplish their goals.
Archive of information, tools, and references regarding CTF competitions.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A demonstration site for the Acunetix Web Vulnerability Scanner, intentionally vulnerable to various web-based attacks.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
Stronghold is the easiest way to securely configure your Mac.
Syntax highlighting for Smali (Dalvik) Assembly language in Vim.
Syntax highlighting for Smali (Dalvik) Assembly language in Vim.
Collection of industry and community cybersecurity courses and materials by M. E. Kabay.
Collection of industry and community cybersecurity courses and materials by M. E. Kabay.
A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.
A command-line tool for discovering domains and subdomains related to a target domain during reconnaissance activities.
Collection of slides, materials, demos, crackmes, and writeups from r2con-2017 conference.
Collection of slides, materials, demos, crackmes, and writeups from r2con-2017 conference.
A guide to secure Ruby development, providing guidelines and recommendations for secure coding practices.
A guide to secure Ruby development, providing guidelines and recommendations for secure coding practices.
