Free Cybersecurity Tools
Find the right solution for your security needs without any cost.
Explore 2630 curated cybersecurity tools, with 16,024+ visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
FREE
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A powerful tool for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A list of services and how to claim (sub)domains with dangling DNS records.
A list of services and how to claim (sub)domains with dangling DNS records.
A Python library for automating time-based blind SQL injection attacks
A security toolkit for Amazon S3 that provides bucket scanning, policy validation, ACL management, and encryption features to identify and remediate S3 security vulnerabilities.
A security toolkit for Amazon S3 that provides bucket scanning, policy validation, ACL management, and encryption features to identify and remediate S3 security vulnerabilities.
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
BlackWidow is a Python-based web application scanner that combines OSINT gathering with automated fuzzing to identify OWASP vulnerabilities in target websites.
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.
A tool for embedding XXE/XML exploits into different filetypes
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.
A tool for enumerating and analyzing Amazon S3 buckets associated with specific targets to identify potential security misconfigurations.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A GitHub repository for fuzzing and testing file formats
A tool for bruteforcing subdomains of a given domain
A tool for bruteforcing subdomains of a given domain
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
DOMdig is a DOM XSS scanner that uses static analysis, dynamic analysis, and fuzz testing to detect and exploit Cross-Site Scripting vulnerabilities in Single Page Applications.
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
A Burp Suite extension that passively scans JavaScript files to discover endpoint links and potential attack surfaces in web applications.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.
A command-line tool that scans textual data and Git history to identify and locate secrets, API keys, passwords, and other sensitive information.
Maintaining account persistence via XSS and Oauth
A toolkit for testing, tweaking and cracking JSON Web Tokens
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.
Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.
A tool for performing subdomain enumeration using Censys API
A tool for performing subdomain enumeration using Censys API
