Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
E-book guide for evaluating AI-powered pentesting solutions and guardrails
E-book guide for evaluating AI-powered pentesting solutions and guardrails
OpenSCA Project is a dependency security scanner that runs in the browser.
OpenSCA Project is a dependency security scanner that runs in the browser.
Searchable repository of Sigma detection rules for threat hunting and SIEM
Searchable repository of Sigma detection rules for threat hunting and SIEM
AI-powered web security testing platform for vulnerability and compliance scanning
AI-powered web security testing platform for vulnerability and compliance scanning
AI-powered platform for SSL/TLS security testing and compliance assessment
AI-powered platform for SSL/TLS security testing and compliance assessment
Free cloud storage security scanner for AWS, Azure, and GCP environments
Free cloud storage security scanner for AWS, Azure, and GCP environments
Website privacy and security testing tool for cookie and third-party analysis
Website privacy and security testing tool for cookie and third-party analysis
Bash script for blocking domain access on Linux via iptables/ip6tables rules
Bash script for blocking domain access on Linux via iptables/ip6tables rules
Web and email security scanner that checks 16 critical security points in 60 seconds
Web and email security scanner that checks 16 critical security points in 60 seconds
Open-source platform for pentest reporting and security team collaboration
Open-source platform for pentest reporting and security team collaboration
MCP server enabling AI agents to autonomously run 150+ security tools
MCP server enabling AI agents to autonomously run 150+ security tools
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.
Endian Firewall Community is a free, open-source Linux-based firewall solution that provides network security, VPN access, email protection, and traffic management features for home networks.
Endian Firewall Community is a free, open-source Linux-based firewall solution that provides network security, VPN access, email protection, and traffic management features for home networks.
Password manager with end-to-end encryption and identity protection features
Password manager with end-to-end encryption and identity protection features
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
An open-source framework that enables building and deploying AI-powered security automation tools for both offensive and defensive cybersecurity operations using over 300 AI models.
Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.
Red Hand Analyzer is an online tool that provides automated behavioral analysis of PCAP files to detect malicious network activities and security vulnerabilities without decrypting traffic content.
Suped is an email deliverability platform that provides DMARC monitoring, email authentication management, and deliverability optimization tools to protect domains from spoofing and improve inbox placement rates.
Suped is an email deliverability platform that provides DMARC monitoring, email authentication management, and deliverability optimization tools to protect domains from spoofing and improve inbox placement rates.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
An open-source incident response case management tool that provides visualization, threat intelligence lookups, and security framework mapping in a unified workspace.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.
An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.
An open-source application firewall that monitors and controls network traffic with custom filtering rules and real-time visibility into application connections.
A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.
A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
