Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
A customized Kali Linux distribution for ICS/SCADA pentesting professionals
A customized Kali Linux distribution for ICS/SCADA pentesting professionals
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
A tool for validating and repairing Yara rules
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
A reconnaissance tool that analyzes expired domains for categorization, reputation, and Archive.org history to identify candidates suitable for phishing and C2 operations.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
Protect against Prototype Pollution vulnerabilities in your application by freezing JavaScript objects.
A System for Abuse- and Incident Handling with log file analysis capabilities.
A System for Abuse- and Incident Handling with log file analysis capabilities.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
A Yara scanner for IMAP feeds and saved streams, extracting attachments and scanning them with chosen Yara rule files.
A Yara scanner for IMAP feeds and saved streams, extracting attachments and scanning them with chosen Yara rule files.
replayproxy allows you to 're-live' a HTTP session captured in a .pcap file, parsing HTTP streams, caching them, and starting a HTTP proxy to reply to requests with matching responses.
replayproxy allows you to 're-live' a HTTP session captured in a .pcap file, parsing HTTP streams, caching them, and starting a HTTP proxy to reply to requests with matching responses.
A framework for creating XNU based rootkits for OS X and iOS security research
A framework for creating XNU based rootkits for OS X and iOS security research
Argus-SAF is a static analysis framework for security vetting Android applications.
Argus-SAF is a static analysis framework for security vetting Android applications.
HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.
HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.
A comprehensive guide to incident response and computer forensics, covering the entire lifecycle of incident response and remediation.
A comprehensive guide to incident response and computer forensics, covering the entire lifecycle of incident response and remediation.
A low-interaction SSH honeypot tool for recording authentication attempts.
A low-interaction SSH honeypot tool for recording authentication attempts.
A comprehensive .NET post-exploitation library designed for advanced security testing.
A comprehensive .NET post-exploitation library designed for advanced security testing.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
A low-interaction honeypot to detect and analyze attempts to exploit the CVE-2017-10271 vulnerability in Oracle WebLogic Server
