aikido.dev — All-in-one appsec platform covering SCA, SAST, CSPM, DAST, Secrets, IaC, Malware, Container scanning, EOL,... Free plan includes two users, scanning of 10 repos, 1 cloud, 2 containers & 1 domain.
alienvault.com — Uncovers compromised systems in your network
Altcha.org - A Spam Filter for websites and APIs powered by natural language processing and machine learning. Free plan includes 200 requests a day per domain.
atomist.com — A quicker and more convenient way to automate various development tasks. Now in beta.
cloudsploit.com — Amazon Web Services (AWS) security and compliance auditing and monitoring
CodeNotary.io — Open Source platform with indelible proof to notarize code, files, directories, or container
crypteron.com — Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications
CyberChef — A simple, intuitive web app for analyzing and decoding/encoding data without dealing with complex tools or programming languages. Like a Swiss army knife of cryptography & encryption. All features are free to use, with no limit. Open source if you wish to self-host.
DAS — Styra DAS Free, Full lifecycle policy management to create, deploy and manage Open Policy Agent(OPA) authorization
Datree — Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
Dependabot Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules, and GitHub Actions.
DJ Checkup — Scan your Django site for security flaws with this free, automated checkup tool. Forked from the Pony Checkup site.
Doppler — Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for five users with basic access controls.
Dotenv — Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates.
GitGuardian — Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files – Free for individuals and teams of 25 developers or less.
Have I been pwned? — REST API for fetching the information on the breaches.
hostedscan.com — Online vulnerability scanner for web applications, servers, and networks. Ten free scans per month.
Infisical — Open source platform that lets you manage developer secrets across your team and infrastructure: everywhere from local development to staging/production 3rd-party services. Free for up to 5 developers.
Internet.nl — Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE
keychest.net - SSL expiry management and cert purchase with an integrated CT database
letsencrypt.org — Free SSL Certificate Authority with certs trusted by all major browsers
meterian.io - Monitor Java, Javascript, .NET, Scala, Ruby, and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source.
opswat.com — Security Monitoring of computers, devices, applications, configurations, Free 25 users and 30 days history users.
openapi.security - Free tool to quickly check the security of any OpenAPI / Swagger-based API. You don't need to sign up.
pixee.ai - Automated Product Security Engineer as a free GitHub bot that submits PRs to your Java code base to automatically resolve vulnerabilities. Other languages coming soon!
pyup.io — Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source.
qualys.com — Find web app vulnerabilities, audit for OWASP Risks
ringcaptcha.com — Tools to use the phone number as id, available for free
seclookup.com - Seclookup APIs can enrich domain threat indicators in SIEM, provide comprehensive information on domain names, and improve threat detection & response. Get 50K lookups free here.
snyk.io — Can find and fix known security vulnerabilities in your open-source dependencies. Unlimited tests and remediation for open-source projects. Limited to 200 tests/month for your private projects.
ssllabs.com — Intense analysis of the configuration of any SSL web server
SOOS - Free, unlimited SCA scans for open-source projects. Detect and fix security threats before release. Protect your projects with a simple and effective solution.
StackHawk Automate application scanning throughout your pipeline to find and fix security bugs before they hit production. Unlimited scans and environments for a single app.
Sucuri SiteCheck - Free website security check and malware scanner
Protectumus - Free website security check, site antivirus, and server firewall (WAF) for PHP. Email notifications for registered users in the free tier.
TestTLS.com - Test an SSL/TLS service for secure server configuration, certificates, chains, etc. Not limited to HTTPS.
threatconnect.com — Threat intelligence: It is designed for individual researchers, analysts, and organizations starting to learn about cyber threat intelligence. Free up to 3 Users
tinfoilsecurity.com — Automated vulnerability scanning. The free plan allows weekly XSS scans
Ubiq Security — Encrypt and decrypt data with three lines of code and automatic key management. Free for one application and up to 1,000,000 encryptions per month.
Virgil Security — Tools and services for implementing end-to-end encryption, database protection, IoT security, and more in your digital solution. Free for applications with up to 250 users.
Vulert - Vulert continuously monitors your open-source dependencies for new vulnerabilities, recommends fixes, without requiring installation or access to your codebase. Free for open-source projects.
Escape GraphQL Quickscan - One-click security scan of your GraphQL endpoints. Free, no login required.
HasMySecretLeaked - Search across 20 million exposed secrets in public GitHub repositories, gists, issues,and comments for Free
Project Gatekeeper - An All-in-One SSL Toolkit Offering various features like Private Key & CSR Generator, SSL Certificate Decoder, Certificate Matcher and Order SSL Certificate. We offer the users to generate Free SSL Certificates from Let's Encrypt, Google Trust and BuyPass using CNAME Records rather than TXT Records.