Free Cybersecurity Tools
Find the right solution for your security needs without any cost.Explore 2625 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
LATEST ADDITIONS
RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.
RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
A compilation of Red Teaming resources including cheatsheets, notes, scripts, and practice platforms for cybersecurity learning and skill development.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
LLM Guard is a security toolkit that enhances the safety and security of interactions with Large Language Models (LLMs) by providing features like sanitization, harmful language detection, data leakage prevention, and resistance against prompt injection attacks.
LLM Guard is a security toolkit that enhances the safety and security of interactions with Large Language Models (LLMs) by providing features like sanitization, harmful language detection, data leakage prevention, and resistance against prompt injection attacks.
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
Goof is a vulnerable Node.js demo application that includes a series of vulnerabilities and exploits
A tool to easily automate and multithread your pentesting and bug bounty workflow without any coding
A tool to easily automate and multithread your pentesting and bug bounty workflow without any coding
A lightweight and portable Docker container for penetration testers and CTF players
A lightweight and portable Docker container for penetration testers and CTF players
Fetches known URLs from various sources for a given domain
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
Grype is a vulnerability scanner for container images and filesystems that scans for known vulnerabilities and supports various image formats.
Grype is a vulnerability scanner for container images and filesystems that scans for known vulnerabilities and supports various image formats.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
