Free, open source cybersecurity tools have become indispensable for protecting individuals, organizations, and critical infrastructure from cyber threats. These tools are created through collaborative and transparent efforts, making them affordable and accessible alternatives to proprietary software. Here, you'll find a curated list of free cybersecurity tools you should consider.Authelia: Open Source Authentication and Authorization Server Authelia is an open source authentication and authorization server that provides 2FA and SSO for applications through a web portal. It works with a reverse proxy to allow, deny, or redirect requests. BLint: Open source tool for checking the security properties of executable files
BLint is a binary linter designed to evaluate the security properties and capabilities of executables, operating using LIEF. Starting with version 2, BLint can also generate a Software Bill of Materials (SBOM) for compatible binaries.
Cloud Active Defense: Open Source Cloud Protection
Cloud Active Defense is an open source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being immediately detected, or avoid the decoy and reduce its effectiveness.
Cloud Console Cartographer: Open source tool helps security teams transcribe log activity
Cloud Console Cartographer is an open source tool that maps noisy log activity into highly consolidated, concise events to help security practitioners cut through the noise and understand console behavior in their environments.
Damn Vulnerable RESTaurant: An open source API service designed for learning
Damn Vulnerable RESTaurant is an open source project that allows developers to learn to identify and fix security vulnerabilities in their code through interactive games.
Drozer: Open Source Android Security Assessment Framework
Drozer is an open source security testing framework for Android whose main purpose is to make the life of mobile application security testers easier.
EJBCA: Open Source Public Key Infrastructure (PKI), Certificate Authority (CA)
EJBCA is an open source PKI and CA software. It can handle almost everything, and some people have called it the "kitchen sink" of PKI.
CryptoNote: Open Source Text Editor
CryptoNotepad is an open source text editor that ensures your files are saved and loaded with AES-256 encryption. It is a simple and easy-to-use tool with no ads, no internet connection, and no unnecessary features.
Fail2Ban: Ban hosts that cause multiple authentication errors Fail2Ban is an open source tool that monitors log files (for example) /var/log/auth.log and blocks IP addresses that have repeated login failures. It does this by updating the system firewall rules to deny new connections from these IP addresses for a configurable amount of time.
Grafana: Open Source Data Visualization Platform Grafana is an open source solution for querying, visualizing, alerting, and exploring metrics, logs, and traces, no matter where they are stored.
Graylog: Open Source Log Management Graylog is an open source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to questions about security, applications, and IT infrastructure.
LSA Whisperer: Open source tools for interacting with authentication packages LSA Whisperer consists of open source tools designed to interact with authentication packages through its unique messaging protocol. Currently supports cloudap, kerberos, msv1_0, negotiate, pku2u, schannel packages, and the AzureAD plugin for cloudap. Partial or unstable support is provided for livessp, negoexts, and security package manager.
Mantis: An open source framework for automated asset discovery, reconnaissance, and scanning
Mantis is an open source command line framework that automates asset discovery, reconnaissance, and scanning. You enter a top-level domain and it identifies related assets such as subdomains and certificates.
OWASP dep-scan is an open source security and risk assessment tool that leverages information about vulnerabilities, advisories, and license restrictions of project dependencies. It supports local repositories and container images as input sources, suitable for integration with ASPM/VM platforms and use in CI environments.
Pktstat: Open Source Ethernet Interface Traffic Monitor
Pktstat is an open source tool that is a drop-in replacement for the ncurses-based Pktstat. On Linux it uses AF_PACKET, while on other platforms it uses generic PCAP live line capture.
OWASP dep-scan: Open Source Security and Risk Audit Tool OWASP dep-scan is an open source security and risk assessment tool that leverages information about vulnerabilities, advisories, and license restrictions of project dependencies. It supports local repositories and container images as input sources, suitable for integration with ASPM/VM platforms and use in CI environments.
Pktstat: Open Source Ethernet Interface Traffic Monitor Pktstat is an open source tool that is a drop-in replacement for the ncurses-based Pktstat. On Linux it uses AF_PACKET, while on other platforms it uses generic PCAP live line capture. Prompt Fuzzer: Open Source Tool for Enhancing GenAI Applications Prompt Fuzzer is an open source tool that can assess the security of a GenAI application's system prompts against dynamic LLM-based threats.
Protobom: Open Source Software Supply Chain Tools
Protobom is an open source software supply chain tool that enables all organizations, including system administrators and the software development community, to read and generate software bill of materials (SBOM), file data, and convert this data into standard industry SBOM formats.
RansomLord: Open Source Anti-Ransomware Exploit Tool
RansomLord is an open source tool that automates the creation of PE files for pre-encryption exploits of ransomware.
reNgine: The Ultimate Web Reconnaissance and Vulnerability Scanner
reNgine is an open source automated reconnaissance framework for web applications, focusing on a highly configurable and simplified reconnaissance process.
Tracecat: Open Source SOAR
Tracecat is an open source automation platform for security teams. The developers believe that security automation should be accessible to everyone, especially small and medium-sized teams with insufficient staff. #安全 #加密市场反弹 #美联储何时降息? #BTC走势分析 #美国以太坊现货ETF开始交易 $USDC