Free Cybersecurity Tools

SentinelOne's Singularity Platform is an AI-powered enterprise security platform providing autonomous endpoint, cloud, identity, and data protection through its integrated XDR solution.

A reference guide providing Docker commands and concepts for containerized application development and deployment.

Coursera offers free online learning resources and courses during the COVID-19 pandemic.

An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.

A tool for identifying and analyzing Java serialized objects in network traffic

MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.

Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.

Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.

Clevis is a pluggable framework that enables automated decryption of data and LUKS volumes through a pin-based plugin system.

PacBot is a cloud security platform that provides continuous compliance monitoring, automated policy enforcement, and security reporting through policy-as-code implementation and multi-source data integration.

An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.

Logdissect is a CLI utility and Python library for analyzing log files and other data.

On-demand access to AWS and ISV compliance reports with time-saving benefits.

Python script to parse the NTFS USN Change Journal.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.

An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.

Azure DDoS Protection and Mitigation Services by Microsoft Azure for secure cloud solutions.

Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.

testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.

Boofuzz is a network protocol fuzzing tool that aims to fuzz everything

A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.

A wargame composed of 27 levels, with files needed in /vortex/ directory.