Free & Open Source Security Tools

Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.

Fake protocol server simulator supporting 50+ network protocols for deception

A tool for generating permutations, alterations and mutations of subdomains and resolving them

SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.

A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.

A modified version of Cuckoo Sandbox with enhanced features and capabilities.

Open-source tool for monitoring macOS hosts with detailed system activity insights.

Pac-resolver, a popular NPM package with 3 million weekly downloads, has a severe remote code execution flaw.

A free, open-source file data recovery software that can recover lost files from hard disks, CD-ROMs, and digital camera memory.

An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.

Margarita Shotgun is a Python tool that enables remote memory acquisition from target systems through command line interface, supporting Linux distributions and other operating systems via Docker containers.

GPG Sync is a tool designed to keep OpenPGP public keys up-to-date within an organization by offloading the complexity of key management to a single trusted person.

A reverse engineering tool that extracts and organizes Samsung ODIN3 protocol messages from USB packet captures into human-readable files.

Node library for calling Google Play APIs with Nexus device behavior.

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.

Pacu is an open-source AWS exploitation framework designed for offensive security testing against cloud environments through modular attack capabilities.

UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.

Donate to your favorite open-source projects and charities using PayPal

A comprehensive guide providing step-by-step instructions for hardening GNU/Linux systems using industry standards like CIS, STIG, NIST, and PCI-DSS.

NAXSI is a third-party nginx module that prevents XSS and SQL injection attacks by filtering HTTP traffic based on predefined security rules.

SWFTools is a collection of utilities for working with Adobe Flash files, including tools for converting PDFs, images, audio, and video files to SWF format.

This tutorial describes how to set up two-factor authentication for an SSH server by integrating Google Authenticator with OpenSSH.

A Microsoft Word template library for implementing industrial information security management systems with documentation for policy, risk management, business continuity, and incident handling.