Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.
Libnids is an implementation of an E-component of Network Intrusion Detection System that emulates the IP stack of Linux 2.0.x and offers IP defragmentation, TCP stream assembly, and TCP port scan detection.
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
Patch-level verification tool for bundler to check for vulnerable gems and insecure sources.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
Dissect is a digital forensics & incident response framework that simplifies the analysis of forensic artefacts from various disk and file formats.
Hashcat is a fast and advanced password recovery utility that supports various attack modes and hashing algorithms, and is open-source and community-driven.
Hashcat is a fast and advanced password recovery utility that supports various attack modes and hashing algorithms, and is open-source and community-driven.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.
Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.
Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying Exif, IPTC, XMP, and ICC metadata in image files.
CSRF crumb generation and validation tool for hapi framework.
A Python-based tool for detecting XSS vulnerabilities
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A dynamic multi-cloud infrastructure framework that enables rapid deployment of disposable instances pre-loaded with security tools for distributed offensive and defensive security operations.
A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.
A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.
A set of tools for securing JavaScript projects against software supply chain attacks.
A set of tools for securing JavaScript projects against software supply chain attacks.
Python module for fast packet parsing with TCP/IP protocol definitions.
Python module for fast packet parsing with TCP/IP protocol definitions.
Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.
Dufflebag searches through public AWS EBS snapshots to identify accidentally exposed secrets and sensitive information.
An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.
An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A collection of automation workflows for the Shuffle security orchestration platform that covers common cybersecurity use-cases and can be customized for organizational needs.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
A Python-based engine for automatic creation of timelines in digital forensic analysis
A Python-based engine for automatic creation of timelines in digital forensic analysis
A collection of YARA rules for research and hunting purposes.
