Security and PKI

  • aikido.dev — All-in-one appsec platform covering SCA, SAST, CSPM, DAST, Secrets, IaC, Malware, Container scanning, EOL,… Free plan includes two users, scanning of 10 repos, 1 cloud, 2 containers & 1 domain.
  • alienvault.com — Uncovers compromised systems in your network
  • Altcha.org - A Spam Filter for websites and APIs powered by natural language processing and machine learning. Free plan includes 200 requests a day per domain.
  • atomist.com — A quicker and more convenient way to automate various development tasks. Now in beta.
  • cloudsploit.com — Amazon Web Services (AWS) security and compliance auditing and monitoring
  • Public Cloud Threat Intelligence — High confidence Indicator of Compromise(IOC) targeting public cloud infrastructure, A portion is available on github (https://github.com/unknownhad/AWSAttacks). Full list is available via API
  • CodeNotary.io — Open Source platform with indelible proof to notarize code, files, directories, or container
  • crypteron.com — Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications
  • CyberChef — A simple, intuitive web app for analyzing and decoding/encoding data without dealing with complex tools or programming languages. Like a Swiss army knife of cryptography & encryption. All features are free to use, with no limit. Open source if you wish to self-host.
  • DAS — Styra DAS Free, Full lifecycle policy management to create, deploy and manage Open Policy Agent(OPA) authorization
  • Datree — Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
  • Dependabot Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules, and GitHub Actions.
  • DJ Checkup — Scan your Django site for security flaws with this free, automated checkup tool. Forked from the Pony Checkup site.
  • Doppler — Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for five users with basic access controls.
  • Dotenv — Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates.
  • GitGuardian — Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files – Free for individuals and teams of 25 developers or less.
  • Have I been pwned? — REST API for fetching the information on the breaches.
  • hostedscan.com — Online vulnerability scanner for web applications, servers, and networks. Ten free scans per month.
  • Infisical — Open source platform that lets you manage developer secrets across your team and infrastructure: everywhere from local development to staging/production 3rd-party services. Free for up to 5 developers.
  • Internet.nl — Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE
  • keychest.net - SSL expiry management and cert purchase with an integrated CT database
  • letsencrypt.org — Free SSL Certificate Authority with certs trusted by all major browsers
  • meterian.io - Monitor Java, Javascript, .NET, Scala, Ruby, and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source.
  • Mozilla Observatory — Find and fix security vulnerabilities in your site.
  • opswat.com — Security Monitoring of computers, devices, applications, configurations, Free 25 users and 30 days history users.
  • openapi.security - Free tool to quickly check the security of any OpenAPI / Swagger-based API. You don’t need to sign up.
  • pixee.ai - Automated Product Security Engineer as a free GitHub bot that submits PRs to your Java code base to automatically resolve vulnerabilities. Other languages coming soon!
  • pyup.io — Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source.
  • qualys.com — Find web app vulnerabilities, audit for OWASP Risks
  • report-uri.io — CSP and HPKP violation reporting
  • ringcaptcha.com — Tools to use the phone number as id, available for free
  • seclookup.com - Seclookup APIs can enrich domain threat indicators in SIEM, provide comprehensive information on domain names, and improve threat detection & response. Get 50K lookups free here.
  • snyk.io — Can find and fix known security vulnerabilities in your open-source dependencies. Unlimited tests and remediation for open-source projects. Limited to 200 tests/month for your private projects.
  • ssllabs.com — Intense analysis of the configuration of any SSL web server
  • SOOS - Free, unlimited SCA scans for open-source projects. Detect and fix security threats before release. Protect your projects with a simple and effective solution.
  • StackHawk Automate application scanning throughout your pipeline to find and fix security bugs before they hit production. Unlimited scans and environments for a single app.
  • Sucuri SiteCheck - Free website security check and malware scanner
  • Protectumus - Free website security check, site antivirus, and server firewall (WAF) for PHP. Email notifications for registered users in the free tier.
  • TestTLS.com - Test an SSL/TLS service for secure server configuration, certificates, chains, etc. Not limited to HTTPS.
  • threatconnect.com — Threat intelligence: It is designed for individual researchers, analysts, and organizations starting to learn about cyber threat intelligence. Free up to 3 Users
  • tinfoilsecurity.com — Automated vulnerability scanning. The free plan allows weekly XSS scans
  • Ubiq Security — Encrypt and decrypt data with three lines of code and automatic key management. Free for one application and up to 1,000,000 encryptions per month.
  • Virgil Security — Tools and services for implementing end-to-end encryption, database protection, IoT security, and more in your digital solution. Free for applications with up to 250 users.
  • Vulert - Vulert continuously monitors your open-source dependencies for new vulnerabilities, recommends fixes, without requiring installation or access to your codebase. Free for open-source projects.
  • Escape GraphQL Quickscan - One-click security scan of your GraphQL endpoints. Free, no login required.
  • HasMySecretLeaked - Search across 20 million exposed secrets in public GitHub repositories, gists, issues,and comments for Free

Security and PKI

  • aikido.dev — All-in-one appsec platform covering SCA, SAST, CSPM, DAST, Secrets, IaC, Malware, Container scanning, EOL,… Free plan includes two users, scanning of 10 repos, 1 cloud, 2 containers & 1 domain.
  • alienvault.com — Uncovers compromised systems in your network
  • Altcha.org - A Spam Filter for websites and APIs powered by natural language processing and machine learning. Free plan includes 200 requests a day per domain.
  • atomist.com — A quicker and more convenient way to automate various development tasks. Now in beta.
  • cloudsploit.com — Amazon Web Services (AWS) security and compliance auditing and monitoring
  • Public Cloud Threat Intelligence — High confidence Indicator of Compromise(IOC) targeting public cloud infrastructure, A portion is available on github (https://github.com/unknownhad/AWSAttacks). Full list is available via API
  • CodeNotary.io — Open Source platform with indelible proof to notarize code, files, directories, or container
  • crypteron.com — Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications
  • CyberChef — A simple, intuitive web app for analyzing and decoding/encoding data without dealing with complex tools or programming languages. Like a Swiss army knife of cryptography & encryption. All features are free to use, with no limit. Open source if you wish to self-host.
  • DAS — Styra DAS Free, Full lifecycle policy management to create, deploy and manage Open Policy Agent(OPA) authorization
  • Datree — Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
  • Dependabot Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules, and GitHub Actions.
  • DJ Checkup — Scan your Django site for security flaws with this free, automated checkup tool. Forked from the Pony Checkup site.
  • Doppler — Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for five users with basic access controls.
  • Dotenv — Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates.
  • GitGuardian — Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files – Free for individuals and teams of 25 developers or less.
  • Have I been pwned? — REST API for fetching the information on the breaches.
  • hostedscan.com — Online vulnerability scanner for web applications, servers, and networks. Ten free scans per month.
  • Infisical — Open source platform that lets you manage developer secrets across your team and infrastructure: everywhere from local development to staging/production 3rd-party services. Free for up to 5 developers.
  • Internet.nl — Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE
  • keychest.net - SSL expiry management and cert purchase with an integrated CT database
  • letsencrypt.org — Free SSL Certificate Authority with certs trusted by all major browsers
  • meterian.io - Monitor Java, Javascript, .NET, Scala, Ruby, and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source.
  • Mozilla Observatory — Find and fix security vulnerabilities in your site.
  • opswat.com — Security Monitoring of computers, devices, applications, configurations, Free 25 users and 30 days history users.
  • openapi.security - Free tool to quickly check the security of any OpenAPI / Swagger-based API. You don’t need to sign up.
  • pixee.ai - Automated Product Security Engineer as a free GitHub bot that submits PRs to your Java code base to automatically resolve vulnerabilities. Other languages coming soon!
  • pyup.io — Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source.
  • qualys.com — Find web app vulnerabilities, audit for OWASP Risks
  • report-uri.io — CSP and HPKP violation reporting
  • ringcaptcha.com — Tools to use the phone number as id, available for free
  • seclookup.com - Seclookup APIs can enrich domain threat indicators in SIEM, provide comprehensive information on domain names, and improve threat detection & response. Get 50K lookups free here.
  • snyk.io — Can find and fix known security vulnerabilities in your open-source dependencies. Unlimited tests and remediation for open-source projects. Limited to 200 tests/month for your private projects.
  • ssllabs.com — Intense analysis of the configuration of any SSL web server
  • SOOS - Free, unlimited SCA scans for open-source projects. Detect and fix security threats before release. Protect your projects with a simple and effective solution.
  • StackHawk Automate application scanning throughout your pipeline to find and fix security bugs before they hit production. Unlimited scans and environments for a single app.
  • Sucuri SiteCheck - Free website security check and malware scanner
  • Protectumus - Free website security check, site antivirus, and server firewall (WAF) for PHP. Email notifications for registered users in the free tier.
  • TestTLS.com - Test an SSL/TLS service for secure server configuration, certificates, chains, etc. Not limited to HTTPS.
  • threatconnect.com — Threat intelligence: It is designed for individual researchers, analysts, and organizations starting to learn about cyber threat intelligence. Free up to 3 Users
  • tinfoilsecurity.com — Automated vulnerability scanning. The free plan allows weekly XSS scans
  • Ubiq Security — Encrypt and decrypt data with three lines of code and automatic key management. Free for one application and up to 1,000,000 encryptions per month.
  • Virgil Security — Tools and services for implementing end-to-end encryption, database protection, IoT security, and more in your digital solution. Free for applications with up to 250 users.
  • Vulert - Vulert continuously monitors your open-source dependencies for new vulnerabilities, recommends fixes, without requiring installation or access to your codebase. Free for open-source projects.
  • Escape GraphQL Quickscan - One-click security scan of your GraphQL endpoints. Free, no login required.
  • HasMySecretLeaked - Search across 20 million exposed secrets in public GitHub repositories, gists, issues,and comments for Free