Free Cybersecurity Tools

ScubaGear is a PowerShell-based assessment tool that evaluates Microsoft 365 tenant configurations against CISA security baselines using Open Policy Agent and generates compliance reports.

A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.

The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.

LLM Guard is a security toolkit that enhances the safety and security of interactions with Large Language Models (LLMs) by providing features like sanitization, harmful language detection, data leakage prevention, and resistance against prompt injection attacks.

Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.

A tool to easily automate and multithread your pentesting and bug bounty workflow without any coding

A Docker-based penetration testing toolkit that provides a portable environment with GUI support and pre-installed security tools for web application testing and CTF activities.

Fetches known URLs from various sources for a given domain

Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.

Grype is a vulnerability scanner for container images and filesystems that scans for known vulnerabilities and supports various image formats.

A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.

A binary analysis platform for analyzing binary programs

A powerful reverse engineering framework

A reverse engineering framework with a focus on usability and code cleanliness

A Python library for working with network protocols

BloodHound is a Javascript web application that uses graph theory to analyze Active Directory and Azure environments, revealing hidden relationships and potential attack paths through visual mapping.

A penetration testing framework for identifying and exploiting vulnerabilities.

A comprehensive Linux log analysis tool that streamlines the investigation of security incidents by extracting and organizing critical details from supported log files.

A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.

A collaborative platform that gathers and analyzes security data to help professionals identify and mitigate cyber threats.

The DShield Raspberry Pi Sensor is a tool that turns a Raspberry Pi into a honeypot to collect and submit security logs to the DShield project for analysis.

SecurityVulnerability.io simplifies the process of collecting, enriching, and presenting vulnerability information for both human and machine consumption.

A tool to find XSS vulnerabilities in web applications

Find exploits in local and online databases instantly