Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
Azure DDoS Protection and Mitigation Services by Microsoft Azure for secure cloud solutions.
Azure DDoS Protection and Mitigation Services by Microsoft Azure for secure cloud solutions.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
testssl.sh is a free command line tool for checking server's TLS/SSL configurations with clear and machine-readable output.
Boofuzz is a network protocol fuzzing tool that aims to fuzz everything
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
Reverts sha1 integrity back to sha512 in lock files for enhanced security.
Reverts sha1 integrity back to sha512 in lock files for enhanced security.
Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.
Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.
Makes output from the tcpdump program easier to read and parse.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.
A tool that removes Exif metadata from images stored in AWS S3 buckets to protect privacy and eliminate sensitive embedded information.
A tool that removes Exif metadata from images stored in AWS S3 buckets to protect privacy and eliminate sensitive embedded information.
JSON.parse() drop-in replacement with prototype poisoning protection.
JSON.parse() drop-in replacement with prototype poisoning protection.
WordPress plugin to reduce comment spam with a smarter honeypot.
WordPress plugin to reduce comment spam with a smarter honeypot.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.
Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.
A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.
A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.
A network protocol analyzer for capturing and analyzing network traffic with a focus on TCP/IP flow reconstruction and response time tracking.
A library for integrating communication channels with the Cobalt Strike External C2 server.
A library for integrating communication channels with the Cobalt Strike External C2 server.
Generate Yara rules from function basic blocks in x64dbg.
Generate Yara rules from function basic blocks in x64dbg.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
A free, open-source network protocol analyzer for capturing and displaying packet-level data.
A free, open-source network protocol analyzer for capturing and displaying packet-level data.
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
IAM Zero detects identity and access management issues and automatically suggests least-privilege policies by analyzing application errors and access patterns in cloud environments.
IAM Zero detects identity and access management issues and automatically suggests least-privilege policies by analyzing application errors and access patterns in cloud environments.
