Security Research
Explore 92 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A free online service that scans the dark web for exposed credentials and sensitive data associated with specific domains or email addresses.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
A newsletter service that tracks and reports weekly changes in detection engineering rules and updates across multiple GitHub repositories.
A fast and simple recursive content discovery tool
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
A simple XSS scanner tool for identifying Cross-Site Scripting vulnerabilities
Automate the exploitation of XXE vulnerabilities
A tool for enumerating subdomains of a given domain
A list of services and how to claim (sub)domains with dangling DNS records.
A list of services and how to claim (sub)domains with dangling DNS records.
A Python library for automating time-based blind SQL injection attacks
Automatic tool for DNS rebinding-based SSRF attacks
A toolkit for testing, tweaking and cracking JSON Web Tokens
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
A powerful tool for finding and exploiting subdomain takeover vulnerabilities
A tool for detecting and taking over subdomains with dead DNS records
A tool for detecting and taking over subdomains with dead DNS records
A fast domain resolver and subdomain bruteforcing tool
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
A front-end JavaScript toolkit for creating DNS rebinding attacks
A front-end JavaScript toolkit for creating DNS rebinding attacks
A tool that recovers passwords from pixelized screenshots
A subdomain enumeration tool for bug hunting and pentesting
HTTP parameter discovery suite
A tool to bypass Content Security Policy (CSP) restrictions
A command-line tool for parsing, creating, and manipulating JWT tokens
A tool to dump a Git repository from a website
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.
A tool to discover new target domains using Content Security Policy
A subdomain enumeration tool for penetration testers and security researchers.
A subdomain enumeration tool for penetration testers and security researchers.
HoneyFS is an LLM-powered honeypot tool that generates realistic fake file systems using GPT-3.5 to deceive attackers and enhance security analysis.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool that finds more information about a given URL or domain by querying multiple data sources.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A tool for enumerating and attacking GitHub Actions pipelines
A fuzzer for detecting open redirect vulnerabilities
The Web's Largest Community Tracking Online Fraud & Abuse
GridPot is a honeypot framework that combines GridLAB-D, Conpot, and libiec61850 to simulate industrial control systems and detect attacks on power grid infrastructure.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
CapTipper is a python tool to analyze, explore, and revive HTTP malicious traffic.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A powerful tool for detecting and identifying malware using a rule-based system.
A powerful tool for detecting and identifying malware using a rule-based system.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A tool for identifying and analyzing Java serialized objects in network traffic
A tool for identifying and analyzing Java serialized objects in network traffic
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of YARA rules for public use, built from intelligence profiles and file work.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
A collection of security research tools from Google's Project Zero team for testing and analyzing iPhone messaging systems including SMS, iMessage, and IMAP protocols.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.
A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.
A HackerOne-managed bug bounty program dedicated to identifying and fixing security vulnerabilities in the Node.js ecosystem.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
The CVE Program catalogs publicly disclosed cybersecurity vulnerabilities.
A .Net wrapper library for the native Yara library with interoperability and portability features.
A .Net wrapper library for the native Yara library with interoperability and portability features.
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
A repository providing hourly-updated data dumps of bug bounty platform scopes from major platforms like HackerOne, Bugcrowd, and Intigriti for security researchers.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
npm-zoo is a curated database of known malicious NPM packages that helps developers and security researchers identify and avoid potentially harmful dependencies in their projects.
A collection of public YARA signatures for various malware families.
A collection of public YARA signatures for various malware families.
A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.
FingerprintX is a standalone utility for service discovery on open ports.
FingerprintX is a standalone utility for service discovery on open ports.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
A scalable python framework for security research and development teams.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A comprehensive list of IP addresses for cybersecurity purposes, including threat intelligence, incident response, and security research.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development.
Medium interaction SSH Honeypot with multiple virtual hosts and sandboxed filesystems.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A low-interaction honeypot for detecting and analyzing potential attacks on Android devices via ADB over TCP/IP
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
A framework for creating XNU based rootkits for OS X and iOS security research
A comprehensive .NET post-exploitation library designed for advanced security testing.
A comprehensive .NET post-exploitation library designed for advanced security testing.
Automatic tool for pentesting XSS attacks against different applications
Automatic tool for pentesting XSS attacks against different applications
A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.
A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.
Open source security auditing tool to search and dump system configuration.
Open source security auditing tool to search and dump system configuration.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A repository providing centralized access to presentation slides from major cybersecurity conferences including Black Hat, Offensivecon, and REcon events.
A repository providing centralized access to presentation slides from major cybersecurity conferences including Black Hat, Offensivecon, and REcon events.
A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.
A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
A comprehensive repository documenting security vulnerabilities in regular expressions used by Web Application Firewalls, including bypass examples and SAST tools for vulnerability identification.
A comprehensive repository documenting security vulnerabilities in regular expressions used by Web Application Firewalls, including bypass examples and SAST tools for vulnerability identification.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
A Java bytecode assembler and disassembler toolkit that converts classfiles to human-readable format and provides decompilation capabilities for reverse engineering Java applications.
An open-source Python software for creating honeypots and honeynets securely.
An open-source Python software for creating honeypots and honeynets securely.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
An industrial control system testing tool that enables security researchers to enumerate SCADA controllers, read register values, and modify register data across different testing modes.
An observation camera honeypot for proof-of-concept purposes
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
cowrie2neo parses Cowrie honeypot logs and imports the data into Neo4j databases for graph-based analysis and visualization of honeypot interactions.
secrepo.com is a curated repository providing access to various cybersecurity datasets including Snort logs, LANL datasets, and other security research data for analysis and testing purposes.
Personal website of Collin R. Mulliner with a focus on security research and mobile platforms.
Personal website of Collin R. Mulliner with a focus on security research and mobile platforms.
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
Cortex is a tool for analyzing observables at scale and automating threat intelligence, digital forensics, and incident response.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.
A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.