Free Security Tools¶
A curated list of free and open-source tools for incident response, forensics, malware analysis, and security hardening.
Ransomware Decryption¶
No More Ransom Project¶
The first place to check if you've been hit by ransomware.
- Website: nomoreransom.org
- Crypto Sheriff: nomoreransom.org/crypto-sheriff.php - Identify ransomware
- Decryption Tools: 170+ free decryptors
- Partners: Europol, Kaspersky, McAfee, and 180+ organizations
ID Ransomware¶
- Website: id-ransomware.malwarehunterteam.com
- Upload ransom note or encrypted file to identify variant
- Tells you if decryption is possible
Emsisoft Decryptors¶
- Website: emsisoft.com/ransomware-decryption
- Free decryptors for many ransomware families
Kaspersky No Ransom¶
- Website: noransom.kaspersky.com
- Additional decryption tools
Malware Analysis¶
Online Sandboxes¶
| Tool | URL | Features |
|---|---|---|
| VirusTotal | virustotal.com | 70+ AV engines, URL/file/hash lookup |
| Hybrid Analysis | hybrid-analysis.com | Free sandbox, detailed reports |
| Any.Run | any.run | Interactive sandbox, watch malware execute |
| Joe Sandbox | joesandbox.com | Deep analysis, free community edition |
| Triage | tria.ge | Hatching sandbox, malware config extraction |
Threat Intelligence¶
| Tool | URL | Purpose |
|---|---|---|
| MalwareBazaar | bazaar.abuse.ch | Malware sample database |
| URLhaus | urlhaus.abuse.ch | Malicious URL database |
| ThreatFox | threatfox.abuse.ch | IOC database |
| AbuseIPDB | abuseipdb.com | Malicious IP reputation |
| AlienVault OTX | otx.alienvault.com | Open threat exchange |
Local Analysis Tools¶
| Tool | URL | Purpose |
|---|---|---|
| PEStudio | winitor.com/pestudio | Windows PE file analysis |
| CFF Explorer | ntcore.com/exsuite.php | PE editor and viewer |
| Detect It Easy | github.com/horsicq/Detect-It-Easy | File type detection |
| YARA | virustotal.github.io/yara | Pattern matching for malware |
Digital Forensics¶
Memory Acquisition¶
| Tool | URL | Platform |
|---|---|---|
| WinPmem | github.com/Velocidex/WinPmem | Windows |
| FTK Imager | exterro.com/ftk-imager | Windows |
| LiME | github.com/504ensicsLabs/LiME | Linux |
Memory Analysis¶
| Tool | URL | Purpose |
|---|---|---|
| Volatility 3 | volatilityfoundation.org | Memory forensics framework |
| MemProcFS | github.com/ufrisk/MemProcFS | Memory as filesystem |
Disk Imaging & Analysis¶
| Tool | URL | Purpose |
|---|---|---|
| FTK Imager | exterro.com/ftk-imager | Forensic imaging |
| Guymager | guymager.sourceforge.io | Linux forensic imager |
| Autopsy | autopsy.com | Digital forensics platform |
| Sleuth Kit | sleuthkit.org | Forensic toolkit (CLI) |
Triage Collection¶
| Tool | URL | Purpose |
|---|---|---|
| KAPE | kroll.com/kape | Fast Windows artifact collection |
| Velociraptor | github.com/Velocidex/velociraptor | Remote forensics, endpoint monitoring |
| CyLR | github.com/orlikoski/CyLR | Cross-platform live response collection |
Log Analysis¶
| Tool | URL | Purpose |
|---|---|---|
| Chainsaw | github.com/WithSecureLabs/chainsaw | Windows event log analysis |
| Hayabusa | github.com/Yamato-Security/hayabusa | Windows event log threat hunting |
| Zircolite | github.com/wagga40/Zircolite | SIGMA-based log analysis |
| Plaso/Log2Timeline | plaso.readthedocs.io | Super timeline creation |
Network Analysis¶
| Tool | URL | Purpose |
|---|---|---|
| Wireshark | wireshark.org | Packet capture and analysis |
| NetworkMiner | netresec.com/networkminer | Network forensics |
| Zeek (formerly Bro) | zeek.org | Network security monitoring |
| Suricata | suricata.io | Network IDS/IPS |
Antivirus & Malware Removal¶
Scanners¶
| Tool | URL | Type |
|---|---|---|
| Malwarebytes | malwarebytes.com | Free scanner |
| ESET Online Scanner | eset.com/online-scanner | No install required |
| Kaspersky Virus Removal Tool | kaspersky.com/downloads | Standalone scanner |
| Microsoft Safety Scanner | microsoft.com/security/scanner | Microsoft's removal tool |
Bootable Rescue Disks¶
| Tool | URL | Vendor |
|---|---|---|
| Kaspersky Rescue Disk | support.kaspersky.com/krd18 | Kaspersky |
| ESET SysRescue | eset.com/sysrescue | ESET |
| Bitdefender Rescue CD | bitdefender.com | Bitdefender |
Credential & Breach Checking¶
| Tool | URL | Purpose |
|---|---|---|
| Have I Been Pwned | haveibeenpwned.com | Check if your email is in breaches |
| Firefox Monitor | monitor.firefox.com | Breach monitoring |
| Pwned Passwords | haveibeenpwned.com/Passwords | Check if password is compromised |
Email Analysis¶
| Tool | URL | Purpose |
|---|---|---|
| MXToolbox Header Analyzer | mxtoolbox.com/EmailHeaders.aspx | Analyze email headers |
| Google Admin Toolbox | toolbox.googleapps.com/apps/messageheader | Header analysis |
| URLScan.io | urlscan.io | Analyze URLs safely |
| CheckPhish | checkphish.ai | Phishing URL detection |
URL & Domain Analysis¶
| Tool | URL | Purpose |
|---|---|---|
| VirusTotal | virustotal.com | URL reputation |
| URLScan.io | urlscan.io | Website analysis |
| Whois Lookup | whois.domaintools.com | Domain registration info |
| SecurityTrails | securitytrails.com | DNS history |
Password Managers¶
| Tool | URL | Notes |
|---|---|---|
| Bitwarden | bitwarden.com | Free, open source |
| KeePassXC | keepassxc.org | Free, offline, open source |
| 1Password | 1password.com | Free for journalists' families |
DDoS Protection (Free)¶
| Service | URL | Who Can Use |
|---|---|---|
| Cloudflare Free | cloudflare.com | Anyone |
| Project Galileo | cloudflare.com/galileo | At-risk organizations |
| Project Shield | projectshield.withgoogle.com | News, journalists, elections |
| Deflect | deflect.ca | Civil society, media |
Security Guides & Training¶
| Resource | URL | Topic |
|---|---|---|
| EFF SSD | ssd.eff.org | Surveillance Self-Defense |
| Security in a Box | securityinabox.org | Digital security for HRDs |
| Digital First Aid Kit | digitalfirstaid.org | Emergency response |
| SANS Reading Room | sans.org/reading-room | Technical papers |
| CISA Resources | cisa.gov/resources-tools | US government guidance |
All tools listed are free or have free tiers. Some may have commercial versions with additional features.
Last updated: 2026-01