Graph-based investigation platform. Community Edition is free with limited transforms; full transforms in paid tiers.
OSINT Threat Intelligence
Automated OSINT scanner — 200+ modules pivoting from a single starting point (domain, IP, person).
Username enumeration across 400+ social networks. The canonical username-pivot CLI.
Email + subdomain + name harvesting from public sources (search engines, PGP key servers, LinkedIn, etc).
OSINT Pentest / Red Team Modular framework for web-based recon, modeled after Metasploit. Extensible via marketplace modules.
Search engine for internet-exposed devices and services. Free tier limited; query credits sold per query.
OSINT Network Security Vulnerability Mgmt
Internet-wide scan data (hosts + certificates + leaked configs). Free tier limited; paid for higher quotas.
OSINT Network Security
Internet attack-surface intelligence — exposed services, leaks, ICS/SCADA detection.
OSINT Network Security
Chinese-origin alternative to Shodan. Strong coverage of APAC infrastructure; useful for cross-checking.
OSINT Network Security
Search across breach dumps, paste sites, dark-web mirrors, leaked git repos. Free tier shows preview only.
OSINT Threat Intelligence
Browser-based username search across 580+ sites. The data file is also consumed by other OSINT tools.
Memory forensics framework. The de facto tool for extracting processes, network connections, and injected code from RAM dumps.
DFIR / IR Malware Analysis Disk-image forensics GUI built on The Sleuth Kit. Timeline analysis, keyword search, deleted-file recovery.
CLI library underpinning Autopsy. Filesystem-level forensics for NTFS / FAT / ExFAT / Ext / HFS+.
Super-timeline generator — extracts timestamps from 200+ artifacts and produces a single CSV/JSON timeline.
Kroll's triage collector — runs on a target host, extracts forensic artifacts in under 10 minutes. Free for non-commercial use.
DFIR / IR
Endpoint visibility and DFIR-at-scale. Custom VQL queries against fleets of agents — collect, hunt, respond.
DFIR / IR Detection Engineering Treat the OS as a SQL database. Query running processes, listening sockets, kernel modules, etc.
DFIR / IR Detection Engineering Open-source SIRP (Security Incident Response Platform). Case management + observable enrichment via Cortex.
DFIR / IR Threat Intelligence Observable analyzer + responder engine. ~100 analyzers (VirusTotal, abuse.ch, MISP, etc) callable from TheHive.
DFIR / IR Threat Intelligence Threat-intelligence sharing platform. Standard format for IOC exchange between teams; integrates with most SIEMs.
Threat Intelligence DFIR / IR Google's remote-live-forensics framework. Hunt for IOCs across thousands of endpoints from a central console.
Commercial DFIR suite — disk + mobile + cloud + memory in one workflow. Paid; widely used by LE.
DFIR / IR
STIX-2.1-native threat-intelligence platform. Knowledge-graph relationships, connectors for 100+ sources.
Adversary tactics + techniques knowledge base. The shared vocabulary for describing attacker behaviour.
Threat Intelligence Detection Engineering
Layer the ATT&CK matrix with your detection coverage, actor tradecraft, or threat assessment.
Threat Intelligence Detection Engineering URLhaus / MalwareBazaar / ThreatFox — free IOC feeds. Free API key on signup.
Threat Intelligence
Crowdsourced threat-intel pulses. Free API; integrates everywhere.
Threat Intelligence
Google Cloud / Mandiant TI platform. APT tracking, TTPs, finished intel reports. Enterprise-grade.
Threat Intelligence
AI-driven threat-intel platform. Wide source coverage, expensive.
Threat Intelligence
Crowdsourced IP-reputation engine. Open-source agent + community blocklist; paid SaaS for premium feeds.
Threat Intelligence Network Security Identifies internet-background-noise scanners vs targeted activity. Free community tier (limited queries).
Threat Intelligence Network Security
Threat-intel platform with Lucene-searchable IOC sweeps, fingerprint pivoting via MD5/SHA1/SHA256/SSDEEP hashes, and a Community API for sandbox + screenshot + infrastructure-graph lookups.
Threat Intelligence OSINT
Cloud-based malware sandbox with screenshot capture and infrastructure graph. Free via Webamon Community API (sign-up).
Malware Analysis Threat Intelligence
NVIDIA's LLM vulnerability scanner. Probes for prompt injection, jailbreaks, data leakage, toxic outputs.
Microsoft's Python Risk Identification Tool for generative AI. Automated red-teaming framework.
LLM eval + red-teaming. Configurable test suites for prompt injection, jailbreaks, harmful content.
Validation library for LLM outputs. Composable validators (PII detection, toxicity, schema compliance).
NVIDIA's programmable guardrails layer for LLM apps. Define dialogue + safety rails in Colang DSL.
Hosted LLM-firewall API — prompt-injection + jailbreak + PII detection. Free tier limited; paid for production.
AI / LLM Security
Reference list of the top LLM-application risks (prompt injection, training-data poisoning, etc). Required reading.
AI / LLM Security
Linux Foundation AI library for evaluating ML model robustness against adversarial examples.
ATT&CK-style tactics + techniques for adversarial attacks on AI/ML systems.
AI / LLM Security Threat Intelligence
Multi-engine AV scanner + sandbox + relationship graph. Free tier limited (4/min); enterprise tier deep.
Malware Analysis Threat Intelligence
Interactive malware sandbox. Free tier requires public submissions; paid tier private + advanced features.
Malware Analysis
Deep behavioural analysis sandbox (Windows/Linux/macOS/Android/iOS). Cloud Basic is free with public reports.
Malware Analysis
CrowdStrike Falcon Sandbox — free public submissions, API for vetted researchers.
Malware Analysis
Sample sharing platform from abuse.ch. Free hash + sample download for vetted researchers.
Malware Analysis Threat Intelligence
Mandiant's capability detector for executables. Tells you what a binary CAN do without running it.
Pattern-matching language for malware classification. The lingua franca of malware research.
Malware Analysis Detection Engineering NSA-released reverse-engineering framework. Free IDA Pro alternative — disassembler + decompiler + scripting.
CLI reverse-engineering framework. Steep learning curve; powerful for scripted analysis. iaito GUI also available.
Industry-standard interactive disassembler. Hex-Rays decompiler is the gold standard. Expensive.
Malware Analysis
Linux distribution for malware analysis. Hundreds of pre-installed tools + curated workflows.
Malware Analysis
Mandiant's Windows VM provisioner for malware analysis + reverse engineering.
Static PE file analyzer. Highlights anomalies, imports, sections, indicators. Free for non-commercial use.
Malware Analysis
PE/ELF/Mach-O packer + compiler detector. Plugin-based; modern alternative to PEiD.
NIST National Vulnerability Database. Authoritative source for CVE metadata + CVSS scores. Free API.
Vulnerability Mgmt
Known Exploited Vulnerabilities catalog. The "patch this first" list — every entry has confirmed exploitation.
Vulnerability Mgmt Threat Intelligence
Exploit Prediction Scoring System — probability that a CVE will be exploited in the next 30 days. Free API.
Vulnerability Mgmt
Google's open-source vulnerability database. Excellent for SBOM and dependency-graph queries.
Vulnerability Mgmt AppSec / Web GitHub-curated advisories for npm, PyPI, Maven, NuGet, Composer, RubyGems, Cargo, Pub. Free API.
Vulnerability Mgmt AppSec / Web
Offensive Security exploit archive. PoCs, shellcodes, exploit techniques — historical + current.
Vulnerability Mgmt Pentest / Red Team
Independent KEV catalog — earlier exploitation signals than CISA, broader source set. Free API tier.
Vulnerability Mgmt Threat Intelligence
Template-based vulnerability scanner. ~9000 community templates; the modern web-vuln scanner.
Vulnerability Mgmt AppSec / Web Industry-standard vulnerability scanner. Paid (Pro/Expert/Manager); free Essentials limited to 16 hosts.
Vulnerability Mgmt
Cloud-native vuln management platform. Enterprise-tier; competes with Tenable + Rapid7.
Vulnerability Mgmt
Secret scanning for git repos. ~150 default rules; pre-commit + CI-friendly. The standard.
Data Security / DLP AppSec / Web Secret scanner with hundreds of detectors and live verification (calls the API to confirm a secret is valid).
Data Security / DLP AppSec / Web Yelp's pre-commit-friendly secret scanner. Pluggable detectors with baseline-management for false positives.
Data Security / DLP AppSec / Web Curated regex pattern database (~1600) for secret detection. Foundation for custom DLP scanners.
Hosted secret-detection across git, Slack, Jira. Free tier limited; paid for org-scale + remediation.
Data Security / DLP
AI-driven DLP across SaaS apps (Slack, Jira, GitHub, Confluence, M365). Strong PII/PHI detection.
Data Security / DLP
Enterprise data governance + DLP across M365 / Azure / on-prem. Bundled with E5 licensing.
Data Security / DLP
Encrypts secrets at rest with KMS / GPG / age. Diff-friendly format; works in git workflows.
Data Security / DLP Secrets & IAM Generic SIEM-agnostic signature format. Convert one rule to Splunk/Sentinel/Elastic/QRadar. SigmaHQ ruleset = thousands of rules.
Modern Sigma rule converter. Replaces the legacy sigmac. Plugins for each backend.
Red Canary library of small, portable test scripts mapped to ATT&CK. Validate detections atomically.
Detection Engineering Pentest / Red Team MITRE adversary-emulation platform. Automated red-team campaigns mapped to ATT&CK.
Detection Engineering Pentest / Red Team CNCF runtime-security engine. eBPF + custom rule language for container + Kubernetes threat detection.
Detection Engineering Cloud Security Open Sigma ruleset — thousands of rules across Windows, Linux, cloud, network. Curated by the community.
Elastic Security detection rules. TOML format with full ATT&CK mapping; ~1000 rules.
Splunk Enterprise Security Content Update. SPL + ATT&CK mapping; updated continuously.
Microsoft Sentinel KQL detection rules. The largest open-source KQL detection collection.
Detection Engineering Cloud Security Curated KQL query library for Sentinel + Defender XDR. 100+ queries covering identity attacks, NTLM abuse, LDAP recon, lateral movement, and shadow IT.
SecOps cloud — EDR + log + automation primitives, pay-per-event. Free for small workloads.
Detection Engineering DFIR / IR
Detection-as-code SIEM (Python rules, YAML data models). Cloud-native; commercial.
Detection Engineering
Asset + relationship security graph + queryable detection. JupiterOne; community tier exists.
Detection Engineering Cloud Security
Email + DNS diagnostics. Free quick-checks (DMARC, SPF, MX, blacklists); paid monitoring.
Email Security OSINT
DMARC report aggregator + email-auth wizard. Free tier for small domains.
Email Security
Established DMARC analytics platform. Free community tier; paid for larger domains.
Email Security
Send a test email, get a deliverability + auth + content score. Free 3 tests/day.
Email Security
Enterprise email gateway + threat protection. Industry leader in BEC + impostor protection.
Email Security
Cloud email security gateway. Strong archiving + continuity story.
Email Security
AI-driven BEC + account-takeover detection. API-based (no MX change). Strong analyst feedback.
Email Security
Defense-in-depth for already-delivered email. Re-authenticate before exposing PII; sweep retroactively.
Email Security Data Security / DLP
Email-address reputation lookup — breach hits, social presence, sender history. Free API.
Email Security OSINT
The packet capture + analysis tool. Indispensable for any network forensics work.
Network Security DFIR / IR Network analysis framework (formerly Bro). Generates rich connection logs + protocol metadata.
Network Security Detection Engineering High-performance IDS/IPS + NSM. Compatible with Snort rules + ET ruleset.
Network Security Detection Engineering The original signature-based IDS. Snort 3 is the actively maintained version; massive rule ecosystem.
Network Security Detection Engineering
Network scanner. Service detection + scriptable via NSE. Foundational.
Network Security Pentest / Red Team Internet-scale port scanner. Scans the entire internet in minutes; pair with Nmap for service detection.
Network Security Pentest / Red Team ProjectDiscovery's fast port scanner. Pipes cleanly into nuclei/httpx for chained recon.
Network Security AppSec / Web Real Intelligence Threat Analytics — beaconing detection on Zeek logs. Active Countermeasures.
Network Security Detection Engineering Multi-cloud CSPM (AWS/Azure/GCP/K8s). 400+ checks against CIS, NIST, GDPR, etc. Open-source CLI + paid SaaS.
NCC Group multi-cloud auditing tool. AWS / Azure / GCP / OCI / AliCloud. Static HTML report.
IaC + image + secrets scanning. Terraform / CloudFormation / Helm / K8s / Dockerfile / GHA.
Cloud Security AppSec / Web Aqua all-in-one vuln + IaC + secret + license + SBOM scanner. The reference container scanner.
Cloud Security AppSec / Web Vulnerability Mgmt Aqua tool that runs the CIS Kubernetes Benchmark against a cluster. Quick hardening audit.
Hunts for security weaknesses in Kubernetes clusters. Active + passive modes.
Cloud Security Pentest / Red Team AWS exploitation framework — privilege escalation, persistence, exfiltration. Rhino Security.
Cloud Security Pentest / Red Team Granular cloud-attack technique simulator. Test your detections against real cloud TTPs.
Cloud Security Detection Engineering Pentest / Red Team Cloud security platform — agentless CSPM/CWPP/CIEM. Acquired by Google for $32B in 2024.
Cloud Security
Web app proxy + scanner. Community Edition is free (no scanner); Professional is the bug-bounty standard.
AppSec / Web Pentest / Red Team
Modern web pentesting suite — Burp alternative, Rust-based. Free tier capable; Pro paid.
AppSec / Web Pentest / Red Team
OWASP's free web app scanner. Solid for CI integration; weaker than Burp for manual workflows.
Automated SQL injection + database takeover. The reference tool for confirming + exploiting SQLi.
AppSec / Web Pentest / Red Team Fast web fuzzer (Go). Replaces dirb / wfuzz / dirsearch for most workflows.
AppSec / Web Pentest / Red Team In-depth attack-surface mapping + asset discovery. The thorough subdomain enumerator.
ProjectDiscovery's passive subdomain enumerator. Fast, scriptable, pipes into the rest of the PD ecosystem.
Fast HTTP toolkit + probe. Tech-stack fingerprinting, status checks, screenshots.
Lightweight static analysis with a rule registry that reads like grep but understands syntax. OSS engine + paid SaaS.
GitHub's variant analysis engine. Free for OSS + GitHub-Native; query language is the differentiator.
AppSec / Web
Developer-first SCA + SAST + IaC + container scanning. Free tier generous; paid for org-wide.
AppSec / Web Vulnerability Mgmt
The reference secrets manager. OSS Community Edition + Enterprise (BSL licensed).
Open-source secrets platform. Pleasant UI, modern git integration; SaaS or self-hosted.
Modern file encryption tool. Designed as a simpler PGP replacement; pairs with SOPS.
Secrets & IAM Data Security / DLP The reference open-source IAM. SAML + OIDC + federation, customizable themes, Red Hat SSO upstream.
Identity-aware access proxy for SSH / K8s / DB / desktop. OSS Community + paid Enterprise.
WireGuard-based zero-config VPN. Free for up to 100 devices; identity-first networking.
Secrets & IAM Network Security
The exploitation framework. Thousands of modules, post-exploitation, listeners. Rapid7 maintains.
Commercial adversary-emulation C2 framework. Industry standard for red teams; widely abused by criminals too.
Pentest / Red Team
Open-source cross-platform C2. Cobalt Strike alternative. Bishop Fox.
Modern post-exploitation C2. Cross-platform implant + customizable evasion.
Multiplayer C2 framework with pluggable agents. Strong for long-engagement red teams.
AD + Azure attack-path graph. Community Edition (free) + Enterprise. The reference AD recon tool.
Python network-protocol library + offensive scripts (psexec, secretsdump, ntlmrelayx, etc).
Adversary-emulation platform — same project as listed under Detection Engineering, complementary use cases.
Pentest / Red Team Detection Engineering Akamai/Guardicore continuous breach + attack simulation. Auto-spreads through your network safely.
Comprehensive OSINT platform — username search (50+ platforms), geolocation, email/domain recon, metadata extraction, dark-web link checker, crypto wallet tracking, and steganography tools. REST API available.
OSINT
Curated directory of OSINT tools with community collections, featured tools, and new-tool discovery. Covers the full spectrum of open-source intelligence gathering.
OSINT
Curated OSINT and cybersecurity tools directory — categorized tools for reconnaissance, social media investigation, and digital forensics investigations.
OSINT
All-in-one website analysis — DNS, SSL/TLS, security headers, WHOIS, tech stack detection, performance audit, and security misconfiguration scanning from a single URL.
AppSec / Web Network Security
Interactive security tools suite — domain/DNS auditor, host checker, clickjacking PoC generator, GitHub leaks scanner, cloud IAM auditor (PEASS), and AI security chatbot.
Pentest / Red Team AppSec / Web
Google-backed open-source vulnerability database — ecosystem-agnostic schema covering PyPI, npm, Go, Maven, Rust, and more. REST API and deterministic query by commit hash.
Vulnerability Mgmt
Aggregated threat intelligence from 500+ public blacklists. Searchable IP/domain database with categorized blocklist downloads (malware, spam, phishing, crypto, DGA, bad reputation).
Threat Intelligence
Threat intelligence platform — cross-reference IOCs, track threat actor campaigns, and browse curated OSINT tools. Community-driven threat data aggregation.
Threat Intelligence
Interactive Sigma rule browser — search and filter detection rules with live SIEM conversion previews for Splunk, Elasticsearch, QRadar, Microsoft Sentinel, and more.
Detection Engineering
Open-source IP blocklist with live statistics and downloadable feeds. Covers malicious IPs across multiple threat categories. REST API for automated ingestion.
Threat Intelligence Network Security Interactive threat intelligence mindmap — visual navigation of TTPs, threat actors, campaigns, and detection strategies aligned with the MITRE ATT&CK framework.
Threat Intelligence
Comprehensive insider threat framework — indicators, detection methods, mitigation playbooks, and real-world case studies across insider personas and attack vectors.
DFIR / IR Detection Engineering
OSINT and threat intelligence search platform — unified queries across multiple data sources for indicator lookups, threat actor profiling, and infrastructure discovery.
OSINT Threat Intelligence
Curated catalog of cybersecurity tools — penetration testing, forensics, OSINT, red teaming, and blue team operations. Categorized with search and filtering.
OSINT Pentest / Red Team
Security research publications — attack surface management insights, vulnerability disclosures, APT tracking, and adversary infrastructure analysis.
Threat Intelligence Vulnerability Mgmt
AI-powered cybersecurity defense — automated threat detection, AI-driven incident response orchestration, and continuous security posture management.
AI / LLM Security
Interactive application security training — hands-on labs covering OWASP Top 10, API security testing, secure coding practices, and vulnerability remediation.
AppSec / Web
Curated AI/ML security resource hub — academic papers, offensive/defensive tools, CTF challenges, and frameworks for adversarial ML and LLM red teaming.
AI / LLM Security
Interactive visual mapping of the OWASP AI security landscape — explore AI-specific threats, vulnerabilities, and controls across the ML development lifecycle.
AI / LLM Security
Threat intelligence dashboard — live IOC feeds, campaign tracking, and real-time security event monitoring from Mjolnir Security.
Threat Intelligence
AI-powered security assistant — threat intelligence queries, security automation workflows, and chatbot-driven incident response guidance.
AI / LLM Security