Free & Open Source Security Tools
Discover community-driven and free security solutions. Complement your enterprise stack with zero-cost tools.
Browse 2,685 free & open source security tools tools
FEATURED
OPEN SOURCE
A categorized collection of bug bounty write-ups that documents real-world vulnerability discoveries and exploitation techniques across various security flaw types.
A categorized collection of bug bounty write-ups that documents real-world vulnerability discoveries and exploitation techniques across various security flaw types.
ZAP is an open-source web application security scanner that helps identify vulnerabilities through automated scanning and manual testing capabilities.
ZAP is an open-source web application security scanner that helps identify vulnerabilities through automated scanning and manual testing capabilities.
Lint lockfiles for improved security and trust policies.
Lint lockfiles for improved security and trust policies.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A low-interaction SSH honeypot written in C that simulates SSH services to capture and log unauthorized access attempts.
A low-interaction SSH honeypot written in C that simulates SSH services to capture and log unauthorized access attempts.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
Security Monkey monitors AWS, GCP, and OpenStack environments for policy changes and insecure configurations, providing historical tracking and alerting capabilities through a centralized interface.
Security Monkey monitors AWS, GCP, and OpenStack environments for policy changes and insecure configurations, providing historical tracking and alerting capabilities through a centralized interface.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
Personal website of Collin R. Mulliner with a focus on security research and mobile platforms.
Personal website of Collin R. Mulliner with a focus on security research and mobile platforms.
A tool for enumerating X-Forwarded-For headers in HTTP requests
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
Centrally Manage Cloud Firewall Rules with AWS Firewall Manager
Centrally Manage Cloud Firewall Rules with AWS Firewall Manager
A featured networking utility for reading and writing data across network connections with advanced capabilities.
A featured networking utility for reading and writing data across network connections with advanced capabilities.
A comprehensive repository providing guidance and remediation strategies for hardware and firmware security vulnerabilities including side-channel attacks, microcode issues, and UEFI hardening.
A comprehensive repository providing guidance and remediation strategies for hardware and firmware security vulnerabilities including side-channel attacks, microcode issues, and UEFI hardening.
A repository of public applications for the Shuffle security orchestration platform that enables automated security workflows and integrations.
A repository of public applications for the Shuffle security orchestration platform that enables automated security workflows and integrations.
Firejail is a Linux sandbox program that isolates untrusted applications using kernel namespaces, seccomp-bpf, and capabilities to reduce security breach risks.
Firejail is a Linux sandbox program that isolates untrusted applications using kernel namespaces, seccomp-bpf, and capabilities to reduce security breach risks.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
