Free Cybersecurity Tools

Unified repository for Microsoft Sentinel and Microsoft 365 Defender containing security content, detections, queries, playbooks, and resources to secure environments and hunt for threats.

EvilClippy is a cross-platform tool that creates malicious MS Office documents with hidden VBA macros and evasion techniques for penetration testing and red team operations.

RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.

A simple Docker-based honeypot to detect port scanning

CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.

kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.

A honeypot system that simulates RDP services on port 3389, automatically assigns virtual machines to incoming connections, and captures comprehensive forensic data including packet captures and disk images.

CINSscore.com provides Threat Intelligence database with accurate IP scores and collective defense through community and Sentinel IPS unit sourced data.

A tool that reveals invisible links within JavaScript files

pcapfex is a forensic tool that extracts files from packet capture data by analyzing network traffic and identifying embedded file content.

Andrew Case's personal page for research, software projects, and speaking events

A standard for conducting penetration tests, covering seven main sections from planning to reporting.

Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.

Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.

DVTA is a Vulnerable Thick Client Application with various security vulnerabilities.

Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.

Security tips for setting up an Apache HTTP Server to prevent security issues.

INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.

Maltego transform pack for analyzing and graphing Honeypots using MySQL data.

Dispatch helps manage security incidents by integrating with existing tools and automating incident response tasks.

IBM QRadar is a SIEM solution for real-time threat detection.

A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.

Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.