reNgine: Open-source automated reconnaissance framework for web applications
reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process. Developing reNgine …
Tracecat: Open-source SOAR
Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- …
Prompt Fuzzer: Open-source tool for strengthening GenAI apps
Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Prompt Fuzzer features …
LSA Whisperer: Open-source tools for interacting with authentication packages
LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the …
Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity
Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise …
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and …
Damn Vulnerable RESTaurant: Open-source API service designed for learning
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. …
5 free red teaming resources to get you started
Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your organization. Tactics may …
Zarf: Open-source continuous software delivery on disconnected networks
Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is …
Graylog: Open-source log management
Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, …
EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)
EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the …
XZ Utils backdoor: Detection tools, scripts, rules
As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? …
Featured news
Resources
Don't miss
- AI hallucinations and their risk to cybersecurity operations
- Why EU encryption policy needs technical and civil society input
- Hanko: Open-source authentication and user management
- Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)