Don’t let these open-source cybersecurity tools slip under your radar
This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network.
Am I Isolated: Open-source container security benchmark
Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation.
Argus: Open-source information gathering toolkit
Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations.
Aranya: Open-source toolkit to accelerate secure by design concepts
By leveraging the Aranya toolkit, developers can embed secure by design concepts into their products, enabling high-assurance message delivery, secure data exchange, and access control between applications, machines, and sensors without requiring additional security tools.
AxoSyslog: Open-source scalable security data processor
AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team.
Certainly: Open-source offensive security toolkit
Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios.
Chainsaw: Open-source tool for hunting through Windows forensic artefacts
Chainsaw is an open-source first-response tool for quickly detecting threats in Windows forensic artefacts, including Event Logs and the MFT file. It enables fast keyword searches through event logs and identifies threats using built-in Sigma detection and custom detection rules.
Contextal Platform: Open-source threat detection and intelligence
Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced features such as contextual threat analysis, custom detection scenarios through the ContexQL language, and AI-powered data processing—all operating locally to ensure data privacy.
CrowdSec: Open-source security solution offering crowdsourced protection
Crowdsec is an open-source solution that offers crowdsourced protection against malicious IPs.
Cyberbro: Open-source tool extracts IoCs and checks their reputation
Cyberbro is an open-source application that extracts IoCs from garbage input and checks their reputation using multiple services.
DockerSpy: Search for images on Docker Hub, extract sensitive information
DockerSpy scans Docker Hub for images and retrieves sensitive information, including authentication secrets, private keys, and other confidential data.
EchoStrike: Generate undetectable reverse shells, perform process injection
EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems.
Evilginx: Open-source man-in-the-middle attack framework
Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards.
Fleet: Open-source platform for IT and security teams
Fleet provides a single platform to secure and maintain all computing devices over the air. It offers a centralized solution, from mobile device management (MDM) to patching and verifying systems. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML configurations.
FuzzyAI: Open-source tool for automated LLM fuzzing
FuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and harmful output generation.
GhostStrike: Open-source tool for ethical hacking
GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments.
Kata Containers: Open-source container runtime, building lightweight VMs
Kata Containers is an open-source project dedicated to creating a secure container runtime that combines the performance and simplicity of containers with the enhanced isolation of lightweight virtual machines. By leveraging hardware virtualization technology, it adds an extra layer of defense to ensure stronger workload isolation.
Keycloak: Open-source identity and access management
Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, and SAML.
Neosync: Open-source data anonymization, synthetic data orchestration
Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging.
NetAlertX: Open-source Wi-Fi intruder detector
NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access.
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!
MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection.
MSSqlPwner: Open-source tool for pentesting MSSQL servers
MSSqlPwner is an open-source pentesting tool tailored to interact with and exploit MSSQL servers. Built on Impacket, it enables users to authenticate with databases using various credentials, including clear-text passwords, NTLM hashes, and Kerberos tickets.
OpenPaX: Open-source kernel patch that mitigates memory safety errors
OpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch.
Osmedeus: Open-source workflow engine for offensive security
Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists.
Powerpipe: Open-source dashboards for DevOps
Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring.
reconFTW: Open-source reconnaissance automation
reconFTW is an open-source tool that simplifies and automates the reconnaissance process, delivering subdomain enumeration, vulnerability assessment, and gathering intelligence about a target.
Rspamd: Open-source spam filtering system
Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists.
SafeLine: Open-source web application firewall (WAF)
SafeLine is an open-source and self-hosted WAF that protects websites from cyber attacks.
Sara: Open-source RouterOS security inspector
Sara is an open-source tool designed to analyze RouterOS configurations and identify security vulnerabilities on MikroTik hardware.
SCCMSecrets: Open-source SCCM policies exploitation tool
SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction.
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps
ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps.
Suricata: Open-source network analysis and threat detection
Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine.
Tosint: Open-source Telegram OSINT tool
Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources.
Trapster Community: Open-source, low-interaction honeypot
Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities.
Vanir: Open-source security patch validation for Android
Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the security of the Android ecosystem.
Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception.
Whispr: Open-source multi-vault secret injection tool
Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information.
YARA: Open-source tool for malware research
YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader.
Must read:
- GitHub CISO on security strategy and collaborating with the open-source community
- 33 open-source cybersecurity solutions you didn’t know you needed
- 20 free cybersecurity tools you might have missed