A curated collection of free or freemium web-based penetration testing, threat intelligence, OSINT, and vulnerability analysis tools. These tools assist security professionals and enthusiasts in discovering, assessing, and managing vulnerabilities and threats online, without the need for local installations. Contributions are welcome!
- Network Security
- Web Application Security
- Vulnerability Scanners
- Reconnaissance and Information Gathering
- Malware Scanning and Threat Intelligence
- Data Breach Monitoring and Dark Web Search
- Code Search and Intelligence
- Cloud Storage Security
- Threat Intelligence and Research Tools
- Browser Extensions
- Nmmapper.com - Perform online Nmap network security scans effortlessly.
- HostedScan - Cloud-based vulnerability scanning for network and web apps.
- Pentest-Tools.com - Network testing, including open ports, subdomains, and basic vulnerability scans.
- Iplocation.net - Domain and Email security tools.
- Shodan - Search engine for internet-connected devices and identifying vulnerabilities.
- Censys - Search and discover internet-exposed devices and infrastructure vulnerabilities.
- BinaryEdge - Continuous monitoring and discovery of exposed assets and vulnerabilities online.
- ZoomEye - Cyberspace search engine that collects data on internet-connected devices and web apps.
- FOFA - Internet asset search engine for identifying and monitoring network infrastructure and IoT devices.
- Nikto.online - Online version of Nikto, a web server vulnerability scanner.
- Checksite.ai - Detects potential SEO and security issues on websites.
- Web-check.xyz - Analyze and identify web server vulnerabilities.
- Acunetix - Freemium web vulnerability scanner with DeepScan technology.
- SSL Labs - In-depth SSL/TLS security testing for web servers.
- PhishTank - Online service for checking and reporting phishing websites.
- OpenPhish - Automated phishing threat intelligence platform.
- Urlvoid.com - Scan URLs for malware, blacklists, and reputation issues.
- W3af - Open-source web vulnerability scanner focusing on SQL injections, XSS, and more.
- Intruder.io - Automated vulnerability scanning and penetration testing with a free plan.
- SecurityHeaders.com - Quickly scan websites to check for security header implementation.
- BeEF - Browser exploitation tool for testing client-side vulnerabilities.
- CVE Details - A detailed vulnerability database tracking CVEs for various software.
- Exploit-DB - Archive of public exploits and vulnerable software.
- NVD - The National Vulnerability Database for tracking CVEs and scoring vulnerabilities.
- VulDB - Vulnerability database with information on exploits, weaknesses, and vulnerability trends.
- DocGuard - Analyze and scan documents for embedded malware.
- CloudflareRadar - Insights into internet traffic patterns and security trends.
- Wappalyzer - Discover the technologies used by websites.
- OSINT Framework - A collection of open-source intelligence (OSINT) tools for reconnaissance tasks.
- Censys - Discover and track internet-exposed devices and vulnerabilities.
- Shodan - Search engine for identifying vulnerabilities in internet-connected devices.
- Grep.app - Search through public GitHub repositories for specific code or keywords.
- Searchcode - Source code search engine for finding specific code in open repositories.
- PublicWWW - Source code search engine focused on web technologies and embedded tracking codes.
- GrayHatWarfare - Publicly available Amazon S3 buckets indexed for exploration.
- OpenBuckets - Search for exposed cloud storage buckets across various platforms.
- DNSTwist - Domain permutation and typosquatting detection tool.
- Virustotal.com - Scan files and URLs for viruses using multiple antivirus engines.
- Urlvoid.com - Check if URLs are flagged for malware or associated with malicious activity.
- Hybrid Analysis - Free malware analysis service for detecting malicious files.
- Any.run - Interactive malware analysis sandbox for dynamic threat analysis.
- Urlscan.io - Scan and analyze URLs for security issues, malware, and phishing attempts.
- Koodous - Collaborative platform for Android malware analysis and threat intelligence.
- OTX - Threat intelligence sharing platform to track malicious activity.
- IBM X-Force - Threat intelligence research and analysis platform by IBM.
- MISP - Open-source threat intelligence sharing platform for security teams.
- Intezer - Malware detection and code analysis platform based on genetic code similarities.
- HaveIBeenPwned - Check if your email or phone number has been compromised in data breaches.
- Dehashed - Search engine for leaked databases and stolen credentials.
- Hudson Rock - Look up if a specific email address or domain was compromised in global Infostealer malware attacks.
- WeLeakInfo - Search across various data breaches for exposed personal information.
- BreachDirectory - Lookup if credentials have been compromised in data breaches.
- Intelx - Dark web and data breach search engine.
- Ahmia - Search engine for Tor hidden services and the dark web.
- The Hidden Wiki - A directory for dark web services and information.
- SOCRadar Labs - Free threat intelligence tools and research resources.
- ChatGPT IOC Analyzer - AI-powered tool to analyze and categorize indicators of compromise.
- ChatGPT NVD CVE Research Assistant - A research assistant for CVE analysis and reporting.
- ChatGPT Vulnerability Prioritizer - AI-based tool for prioritizing vulnerabilities based on risk.
- ChatGPT Cyber Sentinel - AI tool for real-time threat monitoring and reporting.
- ChatGPT Pentest Reporter - AI tool that assists in writing detailed security reports.
- GrayHatWarfare - Index of publicly accessible Amazon S3 buckets.
- OpenBuckets - Search for open cloud storage buckets across major platforms.
- Cyberduck - Open-source cloud storage browser supporting a variety of cloud platforms.
- OWASP Penetration Testing Kit - A browser-based extension providing penetration testing tools for web application security testing based on OWASP standards.
- HackTools - A browser extension offering various tools for pentesting including XSS, SQLi, reverse shells, and more, all accessible within your browser's developer tools.
- Free or Freemium: All tools listed here are either free or come with robust free plans. No temporary trials!
- Web-Based: These tools are online, meaning you can access them directly from your browser without installation.
- Diverse Capabilities: From network testing to malware detection, this list covers multiple areas of penetration testing and security research.
Got a tool to add? Feel free to submit a PR! Ensure it fits the category and is free or freemium.
penetration testing tools, free pentest tools, web-based pentest tools, vulnerability scanners, free vulnerability scanning, online security tools, network security testing, web application security, free vulnerability assessment, free security scanners, OSINT tools, cybersecurity tools, open-source pentest tools, network vulnerability scanning, automated penetration testing, online threat intelligence, web security testing, cloud-based vulnerability scanners, online malware scanners, website vulnerability scanners, SSL security testing, open-source vulnerability scanners, reconnaissance tools, free OSINT frameworks, free pentesting platforms, SQL injection scanners, XSS vulnerability scanners, web server vulnerability scanning, browser exploitation tools, free cyber intelligence tools, cybersecurity assessment tools, web vulnerability scanning tools, free network security tools, free online security tools, information gathering tools, free pentesting software, website malware detection, open-source vulnerability tools, network penetration testing, ethical hacking tools, free threat detection tools, continuous vulnerability monitoring, web app security tools, online hacking tools, website penetration testing, web application vulnerability scanners, malware detection tools, network intrusion detection tools, cyber vulnerability assessment.