Free & Open Source Security Tools

Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.

PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.

A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.

Java MODBUS simulator with scriptable functions and dynamic resource creation.

A comprehensive guide for customizing Cobalt Strike's C2 profiles to enhance stealth and operational security.

A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.

Aggregates security threats from online sources and outputs to various formats.

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

A comprehensive platform for software developers to learn, create, and optimize applications for Arm-based processors

An HTTP proxy, monitor, and reverse proxy tool for viewing HTTP and SSL/HTTPS traffic.

Azucar is a multi-threaded plugin-based tool that performs read-only security assessments of Azure Cloud environments, analyzing various assets and configurations without modifying deployed resources.

Easy-to-use live forensics toolbox for Linux endpoints with various capabilities such as process inspection, memory analysis, and YARA scanning.

A simple framework for extracting actionable data from Android malware

A low overhead rate limiter for your routes

Galah is an LLM-powered web honeypot that mimics various web applications by dynamically responding to HTTP requests.

A decentralized network panic button that triggers emergency system shutdowns across networked machines via UDP broadcasts and HTTP to prevent cold boot attacks.

Continually audit your AWS usage to simplify risk and compliance assessment.

A tool to dump login passwords from Linux desktop users, leveraging cleartext credentials in memory.

A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.

YARA syntax highlighting for Gtk-based text editors

Recreates the File/Directory tree structure from an extracted $MFT file with detailed record mapping and analysis capabilities.

A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.

NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.

A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.