Security Assessment
Explore 50 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A vendor risk management platform that automates assessment, continuously monitors attack surfaces, and correlates security data to verify third-party vendor security postures.
A vendor risk management platform that automates assessment, continuously monitors attack surfaces, and correlates security data to verify third-party vendor security postures.
A compliance management platform that simplifies CMMC Level 1 certification for defense contractors through guided workflows, policy templates, and evidence management tools.
A compliance management platform that simplifies CMMC Level 1 certification for defense contractors through guided workflows, policy templates, and evidence management tools.
A cloud-based risk management platform that enables healthcare organizations to assess, manage, and share cybersecurity and third-party risk data across a collaborative network of providers and vendors.
A cloud-based risk management platform that enables healthcare organizations to assess, manage, and share cybersecurity and third-party risk data across a collaborative network of providers and vendors.
A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.
A free online tool that tests email server security by evaluating server configurations, DNS security settings, encryption, blacklist status, and potential compromise indicators.
PlexTrac is a centralized platform for penetration test reporting and threat exposure management that helps security teams streamline assessment workflows, prioritize remediation, and track security posture improvements.
PlexTrac is a centralized platform for penetration test reporting and threat exposure management that helps security teams streamline assessment workflows, prioritize remediation, and track security posture improvements.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
A cybersecurity consulting service that provides security assessments, strategy development, and implementation guidance to organizations.
A cybersecurity consulting service that provides security assessments, strategy development, and implementation guidance to organizations.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
Panorays is a third-party cyber risk management platform that combines external attack surface monitoring with automated security questionnaires to assess, remediate, and continuously monitor vendor security postures.
Panorays is a third-party cyber risk management platform that combines external attack surface monitoring with automated security questionnaires to assess, remediate, and continuously monitor vendor security postures.
A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.
A pentest management platform that automates reporting workflows, provides client collaboration tools, and streamlines the entire penetration testing lifecycle from scoping to remediation.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
An attack surface management platform that discovers, maps, and monitors an organization's external digital assets to identify vulnerabilities and security weaknesses before they can be exploited.
An attack surface management platform that discovers, maps, and monitors an organization's external digital assets to identify vulnerabilities and security weaknesses before they can be exploited.
A vulnerability management platform that centralizes security assessment workflows, integrates multiple security tools, and provides collaboration features for security teams.
A vulnerability management platform that centralizes security assessment workflows, integrates multiple security tools, and provides collaboration features for security teams.
A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.
A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
A continuous threat exposure management platform that provides automated vulnerability scanning for internet-facing assets with varying service tiers for different organizational needs.
A continuous threat exposure management platform that provides automated vulnerability scanning for internet-facing assets with varying service tiers for different organizational needs.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A mapping tool that correlates MITRE ATT&CK techniques with atomic tests and detection rules to analyze security detection coverage.
A security awareness platform that combines phishing simulations with employee training to reduce organizational risk from email-based attacks.
A security awareness platform that combines phishing simulations with employee training to reduce organizational risk from email-based attacks.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.
A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.
An open source framework for security assessments of iOS apps, now decommissioned in favor of Objection.
An open source framework for security assessments of iOS apps, now decommissioned in favor of Objection.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud.
Multi-cloud OSINT tool for enumerating public resources in AWS, Azure, and Google Cloud.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
A Live CD and Live USB for penetration testing and security assessment
A Live CD and Live USB for penetration testing and security assessment
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming activities.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable security reporting solution for penetration testers and red teamers.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable reporting solution for offensive security assessments.
SharpPrinter enables efficient discovery of network printers for security and management purposes.
SharpPrinter enables efficient discovery of network printers for security and management purposes.
SharpShares efficiently enumerates and maps network shares and resolves names within a domain.
SharpShares efficiently enumerates and maps network shares and resolves names within a domain.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
The Hacker News is a leading cybersecurity news platform providing updates, insights, and information to professionals and enthusiasts in the field.
The Hacker News is a leading cybersecurity news platform providing updates, insights, and information to professionals and enthusiasts in the field.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
Exploit that launches a process on the host from within a Docker container run with the --privileged flag by abusing the Linux cgroup v1 “notification on release” feature.
A reference cheat sheet documenting vulnerabilities in SSL/TLS protocol versions and cipher suites for security assessment purposes.
A reference cheat sheet documenting vulnerabilities in SSL/TLS protocol versions and cipher suites for security assessment purposes.
A repository providing guidance on mitigating hardware and firmware security vulnerabilities including side-channel attacks, UEFI hardening, and microcode vulnerabilities.
A repository providing guidance on mitigating hardware and firmware security vulnerabilities including side-channel attacks, UEFI hardening, and microcode vulnerabilities.
AWS IAM Security Assessment tool for identifying violations of least privilege and generating risk-prioritized reports.
AWS IAM Security Assessment tool for identifying violations of least privilege and generating risk-prioritized reports.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
A red team planning framework document that guides exercise preparation with emphasis on blue team value, stakeholder engagement, and avoiding negative motivational approaches.
A red team planning framework document that guides exercise preparation with emphasis on blue team value, stakeholder engagement, and avoiding negative motivational approaches.
DNSDumpster is a domain research tool for discovering and analyzing DNS records to map an organization's attack surface.
DNSDumpster is a domain research tool for discovering and analyzing DNS records to map an organization's attack surface.