8,962 tools
A tool for securely backing up and versioning production secrets or shared passwords
A tool for securely backing up and versioning production secrets or shared passwords
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
PinCTF is a Python wrapper tool that uses Intel's Pin framework to instrument binaries and count instructions for reverse engineering analysis.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A low interaction Python honeypot designed to mimic various services and ports to attract attackers and log access attempts.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
An extended traceroute tool for CSIRT operators with advanced features.
An extended traceroute tool for CSIRT operators with advanced features.
Normalize, index, enrich, and visualize network capture data using Potiron.
Normalize, index, enrich, and visualize network capture data using Potiron.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
A Python-based forensic tool for extracting and analyzing browser artifacts from Firefox, Iceweasel, and Seamonkey browsers on Unix and Windows systems.
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
Python 3 tool for parsing Yara rules with ongoing development.
Python 3 tool for parsing Yara rules with ongoing development.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
Collection of Kubernetes manifests creating pods with elevated privileges for security testing.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
A combination of honeypot, monitoring tool, and alerting system for detecting insecure configurations.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
A collection of vulnerable ARM binaries designed for educational exploit development and vulnerability research practice across different architectures and exploitation techniques.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.