Free Cybersecurity Tools

A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.

SANS Blog provides extensive cybersecurity training and certifications tailored to a wide range of IT security areas and skill levels.

A CLI tool for bulk deletion and inspection of AWS resources to clean up testing accounts and prevent unnecessary charges.

An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.

A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.

A multiarch honeypot platform supporting 20+ honeypots and offering visualization options and security tools.

A wrapper around jNetPcap for packet capturing with Clojure, available for Linux and Windows.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Statistical renaming, Type inference, and Deobfuscation tool for JavaScript code.

An open-source network security monitoring tool.

A project for demonstrating AWS attack techniques with a focus on ethical hacking practices.

An open source platform for secure remote access management with granular access control and fast speeds.

A comprehensive web application security testing solution that offers built-in vulnerability assessment and management, as well as integration options with popular software development tools.

A comprehensive SQL injection cheat sheet covering various database management systems and techniques.

Forensic imaging program with full hash authentication and various acquisition options.

PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.

Sample detection rules and dashboards for Google Security Operations

Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.

Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.

Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.

Create a vulnerable active directory for testing various Active Directory attacks.

A collection of scripts and guidance for generating proof-of-concept Amazon GuardDuty findings to help users understand and test AWS security detection capabilities.

An SDN honeypot tool for detecting and analyzing malicious activities in Software-Defined Networking environments.

An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.