Free Cybersecurity Tools
Find the right solution for your security needs without any cost.Explore 2631 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A tool that recovers passwords from pixelized screenshots
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases
A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities
A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities
A tool to identify publicly accessible S3 objects
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A better version of my xssfinder tool that scans for different types of XSS on a list of URLs.
A cross-platform web fuzzer written in Nim
A tool for testing subdomain takeover possibilities at a mass scale.
A subdomain enumeration tool for bug hunting and pentesting
A multi-tool for subdomain enumeration
A code scanning tool that detects and prevents secrets like API keys and credentials from being committed to source code repositories.
A code scanning tool that detects and prevents secrets like API keys and credentials from being committed to source code repositories.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A subdomain scan tool that helps you find subdomains of a given domain.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.
HTTP parameter discovery suite
A Burp extension to detect alias traversal via NGINX misconfiguration at scale.
A Burp extension to detect alias traversal via NGINX misconfiguration at scale.
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A fast and flexible web fuzzer for identifying vulnerabilities in web applications
A collection of Android security related resources