Tools

Infisical is the open-source platform for secrets, certificates, and privileged access management.

Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

The authentication glue you need.

All in one IP Toolbox. Easy to check what's your IPs, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, MTR test, check website availability and more.

Open-source file upload security for Node.js. Scan files before storage to detect malware, MIME spoofing, and risky archives.

Fully-featured, zero trust, full mesh overlay network. Includes a 2FA support out of the box, clients for all major desktop/mobile OS'es.

Find, verify, and analyze leaked credentials

The easiest, and most secure way to access and protect all of your infrastructure.

Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

Honeypot framework designed to provide a highly secure environment for detecting and analyzing cyber attacks.

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

Industry-leading high-performance, AI and semantic technology web application firewall and API security gateway (fork of nginx).

Single Sign-On for Your Self-Hosted Universe

Open-source AWS security scanner with attack chain detection, breach cost estimation, and copy-paste remediation (CLI + Terraform). 47 checks, 16 attack chain rules. First free standalone AWS security MCP server.

Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.

Kanidm: A simple, secure, and fast identity management platform

Open-source security reports — no paywalls, just actionable insights.

SSH bastion server with access control, session recording, and optional TPM-backed key protection. `EUPL-1.2` `Go/Docker`

Whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

Splunk Security Content

Distributed, secure messenger with audio and video chat capabilities.

Open-source and next-generation Web Application Firewall (WAF)

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

UNIX-like reverse engineering framework and command-line toolset

Centralized network visibility and continuous asset discovery. Monitor devices, detect change, and stay aware across distributed networks.

A vulnerability scanner for container images and filesystems

Malicious traffic detection system

Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.

The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.

OpenBao is a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs.

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

♂ Collect a dossier on a person by username from 3000+ sites

Independent, privacy-first, self-hostable PoW CAPTCHA service made in EU

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.

Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

Arkime is an open source, large scale, full packet capturing, indexing, and database system.

Credential isolation proxy for AI agents. Injects secrets at the network boundary with domain restrictions, agent authentication, and audit logging. No SDK required — works as a transparent HTTP proxy or MCP server.

Security-focused Linux distribution with 140+ pre-installed forensic and offensive security tools, custom hardened kernel, and integrated incident response workflows.