Open Source

NoSQLMap is an open source Python tool that automates NoSQL injection attacks and exploits configuration weaknesses in NoSQL databases to disclose or clone data.

A Windows-based workflow automation and case management application that integrates with CrowdStrike Falcon APIs to streamline security operations and incident response processes.

A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.

Open-source security automation platform for automating security alerts and building AI-assisted workflows.

A content repository for Cortex XSOAR that provides playbooks, automation scripts, and templates for security operations automation and orchestration.

A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.

A framework for creating standardized cybersecurity event schemas in JSON format that enables interoperability across security tools and platforms.

Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.

An automated script that configures Active Directory domains using customizable XML configuration files.

RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.

Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.

A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.

Cross-platform HTTP honeypot that traps bots with infinite data streams

WeirdAAL is an open-source framework that provides tools and libraries for simulating attacks and testing security vulnerabilities in AWS environments.

A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.

w3af is an open source web application security scanner that identifies over 200 types of vulnerabilities including XSS, SQL injection, and OS commanding in web applications.

Unfetter is a reference implementation framework that collects events from client machines and performs CAR analytics using an ELK stack with Apache Spark to detect potential adversary activity.

Shuffle Automation is an accessible automation platform that provides workflow automation capabilities for security operations with both self-hosted and cloud deployment options.

CrowdSec is a collaborative behavior detection engine that analyzes system logs to identify and block malicious activities using community-shared threat intelligence.

Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.

A discontinued disk imaging utility originally developed by Intel that used block map files for efficient disk image copying operations.

An open source cloud-native security data lake platform for AWS that normalizes security logs into structured data with Detection-as-Code capabilities and vendor-neutral storage using open standards.

A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.

A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.