Identify and remediate 80% of AD risk in 20% of the time. Comprehensive Active Directory security assessment tool that generates detailed reports on vulnerabilities and misconfigurations.

Discover Indicators of Exposure (IoEs) and Indicators of Compromise (IoCs) in hybrid AD environments. Free community tool for AD security posture assessment.

Find attack paths leading into Tier 0 perimeter in hybrid identity environments. Visualize privilege escalation paths and identify misconfigurations in AD tiering models.

Find and fix common misconfigurations in Active Directory Certificate Services. PowerShell tool that identifies vulnerable certificate templates and ESC attack vectors.

Active Directory database forensics and password auditing. PowerShell module for offline ntds.dit analysis, password hash extraction, and credential auditing.

Uses ADeleg to find insecure trustee and resource delegations. Identifies dangerous Kerberos delegation settings that could enable lateral movement attacks.

Audit script to inventory, analyze, and report excessive share privileges. Discovers overly permissive network shares that could expose sensitive data.

Find and fix common misconfigurations in AD-Integrated DNS. Identifies DNS zones with insecure dynamic updates and other DNS security issues.

Gather information about Group Policies and fix issues. PowerShell module for comprehensive GPO analysis, cleanup, and security assessment.

Extract and combine various artifacts from AD environment. Generates comprehensive Excel reports covering users, groups, GPOs, and security configurations.

BloodHound report generator for AD security analysis. Creates actionable reports from BloodHound data to prioritize remediation efforts.

AD ACL permission scanner and reporter. Identifies excessive permissions on AD objects that could be exploited for privilege escalation.

LLM vulnerability scanner that probes large language models for various weaknesses including prompt injection, jailbreaks, and data leakage vulnerabilities.

Test AI systems for prompt injection and extraction vulnerabilities. Automated testing framework for identifying weaknesses in AI-powered applications.

Framework for testing prompt injection attacks against LLM applications. Includes various attack payloads and testing methodologies.

Security assessment tool for AWS, Azure, GCP, and Kubernetes. Performs hundreds of security checks against cloud best practices and compliance frameworks like CIS, NIST, and PCI-DSS.

Automation to assess M365 tenant against CISA baselines. CISA's official tool for evaluating Microsoft 365 security configurations against SCuBA guidance.

PowerShell-based test automation framework for Microsoft 365 security configuration monitoring. Continuous compliance monitoring with customizable test cases.

Multi-cloud security auditing tool for AWS, Azure, GCP, and more. Generates comprehensive HTML reports with findings organized by service and severity.

Universal SQL interface for cloud APIs - query cloud resources with SQL. Supports hundreds of plugins for AWS, Azure, GCP, and SaaS applications.

Analyze AWS environments for security and compliance. Creates network diagrams and identifies public exposure, unused resources, and misconfigurations.

AWS security scanning and monitoring. Cloud security posture management with support for multiple cloud providers and compliance frameworks.

Cloud-native runtime security for containers and Kubernetes (CNCF). Detects anomalous activity in containers using system call monitoring and customizable rules.

Kubernetes policy engine for security and automation. Define policies as Kubernetes resources to validate, mutate, and generate configurations.

Kubernetes security posture management and compliance. Scans clusters against NSA/CISA hardening guidelines and generates remediation recommendations.

Checks Kubernetes deployment against CIS Kubernetes Benchmark. Automated compliance checking for master and worker node configurations.

Policy controller for Kubernetes using Open Policy Agent. Enforce organizational policies as admission controller webhooks.

Kubernetes configuration validation and best practices. Identifies deployment configurations that deviate from security best practices.

Main Sigma rule repository for SIEM detection. Generic signature format for log events that can be converted to various SIEM query languages.

Automated YARA rule standardization and quality assurance. Validates and normalizes YARA rules for consistent detection capabilities.

Sysmon configuration file template with high-quality event tracing. Widely-used baseline configuration for Windows endpoint monitoring.

Check and harden Windows configuration. PowerShell script that audits Windows against CIS benchmarks and applies hardening settings.

Endpoint visibility and collection tool for digital forensics. Advanced artifact collection and hunting across thousands of endpoints using VQL queries.

Security auditing tool for Unix/Linux systems. Performs in-depth security scans covering system hardening, compliance, and vulnerability detection.

Open source host-based intrusion detection system. Monitors file integrity, log analysis, rootkit detection, and real-time alerting.

Audit AppLocker policy XML for weak/misconfigured settings. Identifies bypass opportunities and overly permissive application whitelisting rules.

Find misconfigured and dangerous logon scripts. Identifies scripts with weak permissions or containing sensitive information.

Advanced Intrusion Detection Environment - file integrity checker. Creates database of file attributes for detecting unauthorized changes.

PowerShell module to hunt persistence mechanisms in Windows. Detects common and obscure persistence techniques used by attackers.

Collaborative forensic timeline analysis. Open-source tool for creating and analyzing timelines from various forensic artifacts and log sources.

Logging Made Easy - centralized log collection and threat detection. CISA's free solution for Windows event log collection and basic threat hunting.

Pattern matching tool for malware research. Create rules to identify and classify malware samples based on textual and binary patterns.

American Fuzzy Lop plus plus - improved fuzzing tool. Fork of AFL with many improvements including custom mutators, persistent mode, and QEMU support.

Continuous fuzzing for open source software. Google's infrastructure for running fuzzers 24/7 against critical open source projects.

Security oriented software fuzzer with evolutionary feedback. Supports hardware-based instrumentation and software-based coverage feedback.

Unsupervised coverage-guided kernel fuzzer. Automatically generates programs to test kernel syscall interfaces for bugs and vulnerabilities.

In-process, coverage-guided, evolutionary fuzzing engine. LLVM-based fuzzer ideal for testing libraries and code units with minimal setup.

Reveal hidden relationships across identity and access management systems. Graph-based tool for mapping AD attack paths and identifying privilege escalation routes.

Community Edition of BloodHound with enhanced features. Includes improved UI, API access, and extended query capabilities for enterprise environments.

Framework to interact with Azure AD for offensive and defensive security. Enumerate and analyze Azure AD configurations, permissions, and attack paths.

Static analysis for Terraform, CloudFormation, Kubernetes, and more. Scans infrastructure as code for misconfigurations, secrets, and compliance violations.

Security scanner for Terraform code. Fast static analysis specifically designed for finding security issues in Terraform configurations.

Static code analyzer for infrastructure as code. Detects compliance and security violations across Terraform, Kubernetes, and cloud configs.

Keeping Infrastructure as Code Secure - find security vulnerabilities. Supports Terraform, Kubernetes, Docker, CloudFormation, and more.

Cloud cost estimates for Terraform in pull requests. Shows cost impact of infrastructure changes before deployment to prevent budget surprises.

Infrastructure as Code tool. Define and provision cloud infrastructure using declarative configuration files with state management and drift detection.

Agentless automation tool for configuration management. Define infrastructure state using YAML playbooks and execute over SSH without agents.

LLMNR, NBT-NS and MDNS poisoner with rogue authentication servers. Essential tool for capturing NTLMv2 hashes during internal penetration tests.

Powerful network analysis framework for security monitoring. Generates detailed logs of network activity for threat hunting and incident response.

High performance Network IDS, IPS and security monitoring. Multi-threaded engine with support for protocol detection and file extraction.

Swiss army knife for pentesting networks (formerly CrackMapExec). Automates credential testing, command execution, and lateral movement across networks.

Crowdsourced protection against malicious IPs. Analyzes logs to detect attacks and shares threat intelligence with the community for collective defense.

High-speed web-based traffic analysis and flow collection. Real-time network monitoring with deep packet inspection and flow analysis.

Large scale packet capture, indexing, and database system (formerly Moloch). Full packet capture with powerful search and session reconstruction.

Penetration testing framework. World's most used penetration testing software with extensive exploit database, payloads, and auxiliary modules.

Privilege Escalation Awesome Scripts Suite with colors. Comprehensive enumeration scripts for Windows and Linux privilege escalation vectors.

Modern adversary emulation and red team framework. Cross-platform implant framework with encrypted C2, staging, and evasion capabilities.

Web application fuzzer. Brute force web application parameters, directories, and form fields with customizable payloads and filters.

Framework for social engineering attacks. Includes phishing, credential harvesting, and payload delivery for security awareness testing.

Reverse proxy for phishing campaigns. Automated MFA bypass through real-time session hijacking and credential interception.

Undetectable process injection techniques using Windows Thread Pools. Novel injection methods that bypass common detection mechanisms.

Bypasses AMSI and PowerShell CLM for reverse shells. Evades Windows security controls to execute malicious PowerShell during assessments.

TrustedSec Attack Platform for reliable droppers. Red team infrastructure for payload delivery and persistent access establishment.

PHP unserialize() payload generator. Library of gadget chains for exploiting PHP deserialization vulnerabilities.

Classic PHP reverse shell. Reliable reverse shell script for gaining command execution through web vulnerabilities.

Automatic SQL injection and database takeover tool. Detects and exploits SQL injection flaws with support for multiple database backends.

Collection of multiple types of lists used during security assessments. Usernames, passwords, URLs, sensitive data patterns, and fuzzing payloads.

Hunt down social media accounts by username across social networks. Checks hundreds of sites for matching usernames during investigations.

Offensive Google framework for OSINT. Extract information from Google accounts including photos, maps reviews, and YouTube activity.

API, CLI, and Web App for analyzing person's profile in 1000+ social media sites. Comprehensive social media reconnaissance tool.

Advanced Twitter scraping & OSINT tool (no API required). Scrape tweets, followers, and user data without authentication limits.

People tracker on the Internet - OSINT analysis tool. Track and gather information about targets through phishing pages.

Open source threat intelligence and sharing platform. Share, store, and correlate Indicators of Compromise across organizations.

Scalable security incident response platform. Case management for SOC teams with Cortex integration for automated analysis.

Open cyber threat intelligence platform. Structured threat intelligence management with STIX2 support and relationship mapping.

Fast and customizable vulnerability scanner. Template-based scanning engine with thousands of community-contributed detection templates.

In-depth attack surface mapping and asset discovery. Comprehensive subdomain enumeration using multiple data sources and techniques.

Fast passive subdomain enumeration tool. Discovers subdomains using passive sources without touching target infrastructure.

Next-generation crawling and spidering framework. Fast web crawler with JavaScript rendering and automatic form filling.

Find secrets in git repos with high entropy detection. Scans commit history for API keys, passwords, and other sensitive data leaks.

Fast secret scanner for git repos, files, and directories. Supports custom rules and integrates with CI/CD pipelines for pre-commit scanning.

AWS secret prevention tool for git. Pre-commit hooks that prevent committing AWS credentials and other secrets to repositories.

Comprehensive security scanner for containers and IaC. Scans container images, filesystems, git repos, and Kubernetes manifests for vulnerabilities.

Intelligent component analysis platform for supply chain security. Continuous SBOM analysis with vulnerability tracking across projects.

Vulnerability scanner for container images and filesystems. Fast scanning with support for multiple vulnerability databases and SBOM input.

Lightweight static analysis for finding bugs and enforcing code standards. Pattern-based code scanning with extensive rule library.

Vulnerability scanner for dependencies using OSV database. Google's open-source vulnerability database scanner for package ecosystems.

Scanner detecting JavaScript libraries with known vulnerabilities, generates SBOM. CLI and browser extension for identifying outdated JS dependencies.

Security linter for Python code. Static analysis tool that finds common security issues in Python applications.

Full-featured vulnerability scanner and manager. Network vulnerability scanning with extensive plugin library and reporting.