Free Cybersecurity Tools

A wireless network detector, sniffer, and intrusion detection system

A guide to brute forcing DVWA on the high security level with anti-CSRF tokens

Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.

SOPS is an encrypted file editor that supports multiple formats and integrates with various key management services including AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

Public access to Indicators of Compromise (IoCs) and other data for readers of Security Scorecard's technical blog posts and reports.

A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.

A community-driven GRC solution that is simple, affordable, and open-source.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

A non-profit organization focused on improving the security of software through resources and training.

Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.

A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.

Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.

A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.

An observation camera honeypot for proof-of-concept purposes

In-depth analysis of real-world attacks and threat tactics

A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.

Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.

A simple SSH honeypot written in Golang with a Persian-inspired name.

A comprehensive cheatsheet for XSS filter evasion techniques.

A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.

A tool for extracting files from network traffic based on file signatures with support for various file formats and scalable search algorithm.

A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.

CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.

ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.