Free Cybersecurity Tools

A read-only FUSE driver that enables Linux systems to mount and access Apple File System (APFS) volumes, including encrypted and fusion drives.

OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.

A tool for SSH server auditing with comprehensive analysis capabilities.

Domain registration and web hosting services with free features and 24/7 customer support

ZeusCloud is an open source cloud security platform that discovers AWS assets, identifies attack paths, and provides remediation guidance with customizable compliance controls.

A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.

Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.

3GL is a high-level programming language with a focus on ASM for 6502.

yarAnalyzer creates statistics on a yara rule set and files in a sample directory, generating tables and CSV files, including an inventory feature.

ClamAV is an open-source antivirus engine that detects trojans, viruses, malware, and other malicious threats.

A list of Windows privilege escalation techniques, categorized and explained in detail.

HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.

AWS Web Application Firewall (WAF) for protecting web applications from common exploits.

Non-profit organization supporting the advancement of open source software.

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.

A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.

Browse a library of EQL analytics now natively integrated in Elasticsearch.

A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.

A curated list of important security news, helping readers stay up-to-date with the latest developments in cybersecurity.

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for Linux, XML or JSONL/NDJSON Logs.

A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.

Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.

A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.

A local privilege escalation vulnerability in the Linux kernel known for its catchy name and potential damages.