35 open-source security tools to power your red team, SOC, and cloud security

This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security.

Autorize: Burp Suite extension for automatic authorization enforcement detection

Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems.

BadDNS: Open-source tool checks for subdomain takeovers

BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types.

Beelzebub: Open-source honeypot framework

Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot.

BloodyAD: Open-source Active Directory privilege escalation framework

BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments.

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework

BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable.

Cerbos: Open-source, scalable authorization solution

Cerbos is an open-source solution designed to simplify and modernize access control for cloud-native, microservice-based applications.

Commix: Open-source OS command injection exploitation tool

Commix is an open-source penetration testing tool designed to automate the detection and exploitation of command injection vulnerabilities, streamlining security assessments for researchers and ethical hackers.

Dalfox: Open-source XSS scanner

DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier.

Dependency-Check: Open-source SCA tool

Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies.

ExtensionHound: Open-source tool for Chrome extension DNS forensics

Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions.

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic

fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats.

Finders Keypers: Open-source AWS KMS key usage finder

Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys.

Fix Inventory: Open-source cloud asset inventory tool

Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. It was built from the ground up for cloud-native environments and provides broad support for over 300 cloud services, including AWS, Google Cloud Platform, Azure, DigitalOcean, Hetzner, Kubernetes, and GitHub.

GoSearch: Open-source OSINT tool for uncovering digital footprints

GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms.

Hanko: Open-source authentication and user management

Hanko is an open-source, API-first authentication solution purpose-built for the passwordless era.

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms

Hawk Eye is an open-source security tool that helps find sensitive data before it leaks. It runs from the command line and checks many types of storage for PII and secrets: passwords, API keys, and personal information.

Hetty: Open-source HTTP toolkit for security research

Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro.

IntelMQ: Open-source tool for collecting and processing security feeds

IntelMQ is an open-source solution designed to help IT security teams (including CERTs, CSIRTs, SOCs, and abuse departments) streamline the collection and processing of security feeds using a message queuing protocol.

Kunai: Open-source threat hunting tool for Linux

Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments.

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks

LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a wide spectrum of AI agent security risks including jailbreaking and indirect prompt injection, goal hijacking, and insecure code outputs.

Malwoverview: First response tool for threat hunting

Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes.

MDEAutomator: Open-source endpoint management, incident response in MDE

Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier.

Misconfig Mapper: Open-source tool to uncover security misconfigurations

Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks in widely used third-party software and services.

NetBird: Open-source network security

NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single platform to build secure private networks for your organization or home.

OpenNHP: Cryptography-driven zero trust protocol

OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data.

Orbit: Open-source Nuclei security scanning and automation platform

Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation.

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment

OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It offers a controlled and extensible framework for running these tests.

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static code analysis tools.

SysReptor: Open-source penetration testing reporting platform

SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports.

Tirreno: Open-source fraud prevention platform

Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products, digital communities, mobile apps, intranets, and e-commerce websites.

Vet: Open-source software supply chain security tool

Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages.

Villain: Open-source framework for managing and enhancing reverse shells

Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells.

Vuls: Open-source agentless vulnerability scanner

Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure.

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs

Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in AI systems, Kubernetes environments, and APIs before attackers can exploit them.

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection

YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of account and bucket settings that can make a S3 bucket effectively public.

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!