Open Source
Explore 251 curated cybersecurity tools, with 14,858 visitors searching for solutions
FEATURED
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
NodeSecure is a cybersecurity project that provides security monitoring and analysis capabilities specifically designed for Node.js applications.
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
A Burp Suite plugin that extracts keywords from HTTP responses using regex patterns and tests for reflected XSS vulnerabilities within the target scope.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
Standardized contribution guidelines for maintaining quality cybersecurity tool repositories and community-curated lists.
Standardized contribution guidelines for maintaining quality cybersecurity tool repositories and community-curated lists.
MIDAS (Mac Intrusion Detection Analysis System) - archived and no longer supported.
MIDAS (Mac Intrusion Detection Analysis System) - archived and no longer supported.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
An open source repository of plugins for Rapid7 InsightConnect that enables security orchestration and automation through integrations with various security tools and services.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
A community-driven repository of pre-built security analytics queries and rules for monitoring and detecting threats in Google Cloud environments across various log sources and activity types.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
A library for accessing and parsing Windows NT Registry File (REGF) format files, designed for digital forensics and registry analysis applications.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
A developer added malicious code to a popular open-source package, wiping files on computers in Russia and Belarus as a protest.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
GCTI's open-source detection signatures for malware and threat detection
GCTI's open-source detection signatures for malware and threat detection
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.
Donate to your favorite open-source projects and charities using PayPal
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Repokid automatically removes unused service permissions from AWS IAM role inline policies using Access Advisor data to implement least privilege access.
Repokid automatically removes unused service permissions from AWS IAM role inline policies using Access Advisor data to implement least privilege access.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.
A lightweight CTF platform inspired by motherfuckingwebsite.com that provides simple hosting capabilities for cybersecurity competitions with equal-point scoring and minimal setup requirements.
A lightweight CTF platform inspired by motherfuckingwebsite.com that provides simple hosting capabilities for cybersecurity competitions with equal-point scoring and minimal setup requirements.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.
