Security Operations & Risk

Multi-engine malware scanner and threat intelligence platform for files, URLs, IPs, and domains

A malware triage tool that quickly tells analysts what an executable is capable of doing and where those behaviors appear.

A modular enrichment engine that lets TheHive analysts analyze observables in place instead of pivoting across dozens of external CTI tools.

An enrichment and response engine that lets TheHive analysts analyze observables and trigger actions without leaving the case workflow.

A continuously updated phishing and scam domain feed that helps defenders block fraud infrastructure through DNS, hosts files, or API lookups.

The fastest way to confirm whether an email address appears in known data breaches — free, accurate, and maintained by a single researcher who vets every dataset.

A high-speed HTTP probing tool that turns raw host lists into triaged, fingerprinted web targets ready for investigation.

An open source threat intelligence platform built for structured IOC management, community sharing, and fast operational distribution.

The RTL-SDR alternative with tighter frequency accuracy and a complete antenna bundle — better value than the V4 if you don't need shortwave.

Fast passive subdomain enumeration that gives pentesters a clean starting point for external recon.

Map an organization's full external attack surface — ASNs, domains, subdomains, and infrastructure relationships — through 50+ integrated data sources and a persistent graph database.

A structured open skill library that gives AI agents concrete cybersecurity workflows mapped to ATT&CK, D3FEND, ATLAS, and NIST frameworks.

A live C2 infrastructure feed that helps defenders hunt, block, and correlate active command-and-control servers by framework type.

Passive certificate transparency searches uncover subdomains and related infrastructure before you ever touch the target.

889,000+ pre-built Google dorks with an AI dork builder for instant recon

A blue-team-first security directory that helps SOC and CTI teams find relevant feeds, rule sources, and detection references without wading through offensive tooling.

Paste a URL and get DNS records, SSL details, security headers, tech stack, WHOIS, and 100+ more domain intelligence checks in a single browser view — in under thirty seconds.

Technology intelligence — find what any website is built with and who else uses it

Orchestrate IOC enrichment across 100+ threat intelligence sources through a single API — with automated multi-hop correlation and direct output to MISP, OpenCTI, or DFIR-IRIS.

Professional-grade RF bug detector covering 10 MHz to 6 GHz with digital and analog signal detection — the standard for corporate and professional sweep work.

Website security platform used by investigators to analyze site integrity, malware, and CDN infrastructure

Real-time social media monitoring and brand intelligence for OSINT investigators

Internet-wide scanner with certificate transparency coverage no other tool matches.

A paste-and-submit IOC triage tool that extracts indicators from messy text and checks their reputation across multiple CTI services.

Find exposed cloud storage faster by searching indexed public S3 buckets and blob containers tied to real targets.

Infostealer intelligence platform exposing compromised credentials from malware-infected machines worldwide

Internet-wide scanner for exposed services and data leaks, with a focus on misconfigured databases and sensitive data exposure

A fast 403 bypass automation tool that turns forbidden content discovery results into systematically tested access-control edge cases.

An open source monitoring tool that helps defenders catch brand lookalike domains before phishing campaigns go live.

A group-centric ransomware reference that helps defenders translate gang attribution into concrete tools, hunt leads, and detection priorities.

A full-scope domain recon framework that chains proven CLI tools into one repeatable workflow for broad attack surface discovery.

Sub-1 GHz wireless transceiver for 433/868 MHz IoT, key fob, and industrial protocol analysis — the dedicated tool for the RF bands that run smart devices.

A purpose-built ADS-B receiver with integrated filter and LNA — better 1090 MHz decode performance out of the box than any generic RTL-SDR dongle.

A fast Go web crawler that plugs cleanly into recon pipelines to uncover endpoints, JavaScript URLs, and exposed secrets at scale.

A focused incident response tracking app that helps teams manage systems, artifacts, tasks, and timelines without relying on spreadsheets.

A Kali-native bash automation wrapper that speeds up standard recon, scanning, and payload generation without forcing you into a heavyweight framework.

Turn your Nmap and Masscan output into a persistent, queryable network intelligence database with Shodan-style query capabilities against your own infrastructure.

Three-in-one RF bug detector, GPS tracker finder, and hidden camera lens detector — the best all-in-one counter-surveillance device for investigators and travelers.

A rule-driven OSINT hunting engine that automates recurring infrastructure queries and alerts only on what is newly discovered.

A practical reference directory for finding, comparing, and operationalizing free IOC feeds across MISP, SIEM, and enrichment pipelines.

Community-driven threat intelligence platform with enriched IOC data and free analyst-grade lookups

A centralized exploit search engine that helps analysts check public exploit availability across multiple sources in one place.

A single-binary Active Directory graph tool that helps operators find ACL-driven escalation paths without standing up a separate graph database.

IP and domain scanner that scores addresses by malicious activity and maps CVEs to exposed service banners.

A fast passive subdomain enumerator that adds built-in monitoring, history, and alerting for newly exposed assets.

Internet scanning platform with 8 billion+ indexed IP addresses for attack surface and infrastructure analysis

Endpoint protection and threat detection for small OSINT teams and security firms

Passively harvest emails, subdomains, and hostnames from public sources before you touch a single target system.

Delegate the multi-day work of data broker opt-outs to a service that repeats the process quarterly — so re-populated listings get caught, not just the first pass.

A zero-configuration ASN and network scope discovery tool that helps hunters map organizational IP space without API setup.

A browser extension that turns highlighted indicators into instant OSINT and threat intelligence lookups without breaking analyst flow.

Certified secure disk wiping for investigators who need to sanitize devices before disposal or reuse

Fraud detection and digital identity verification using OSINT-based enrichment

Internet noise classifier that separates mass-scanning background traffic from targeted activity so you can stop chasing ghosts in your SIEM.

Cyber defense search engine indexing internet-wide scan data, threat intelligence feeds, and passive DNS

Identity theft protection and dark web monitoring from Nord Security

Counter-surveillance and tactical equipment retailer carrying RF detectors, GPS tracker detectors, hidden camera finders, TSCM gear, and related hardware from multiple manufacturers.