Free & Open Source Security Tools

MIDAS (Mac Intrusion Detection Analysis System) - archived and no longer supported.

A curated list of resources for learning about deploying, managing, and hunting with Microsoft Sysmon.

A tool for extracting static and dynamic features from Android APKs.

Automate security incident handling and facilitate real-time activities of incident handlers.

Sysreptor offers a customizable reporting solution for penetration testing and red teaming.

A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.

SentinelOne's Singularity Platform is an AI-powered enterprise security platform providing autonomous endpoint, cloud, identity, and data protection through its integrated XDR solution.

A reference guide providing Docker commands and concepts for containerized application development and deployment.

Coursera offers free online learning resources and courses during the COVID-19 pandemic.

An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.

A tool for identifying and analyzing Java serialized objects in network traffic

MCIR is a unified framework for building code injection vulnerability testbeds that combines SQL, XML, shell, and XSS injection testing tools with shared functionality and template-based extensibility.

Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

Turbinia is an open-source framework for automating the running of common forensic processing tools to help with processing evidence in the Cloud.

Hash Extender is a command-line tool that automates length extension attacks against various hashing algorithms including MD5, SHA-1, SHA-256, and others.

Clevis is a pluggable framework that enables automated decryption of data and LUKS volumes through a pin-based plugin system.

PacBot is a cloud security platform that provides continuous compliance monitoring, automated policy enforcement, and security reporting through policy-as-code implementation and multi-source data integration.

An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.

Logdissect is a CLI utility and Python library for analyzing log files and other data.

On-demand access to AWS and ISV compliance reports with time-saving benefits.

Python script to parse the NTFS USN Change Journal.

A tool that generates Yara rules from training data using logistic regression and random forest classifiers.

A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.

An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.