CISA’s 150+ List of Free Services and Tools
CISA has a MASSIVE list of free services and tools you can and should take advantage of.
Free Tools
CISA KEVC: Known Exploited Vulnerabilities Catalog
The Known Exploited Vulnerabilities Catalog (KEVC) is a publicly available catalog of common vulnerabilities and exposures (CVEs) that have been actively exploited by cyber attackers. It is maintained by the…
Last Pass – How secure is your password?
Website: https://lastpass.com/howsecure.php This tool is similar to the other password checkers I have listed, such as How Secure is my Password? and Password Monster. This one is fine and gets…
EICAR anti-malware test file
Website: https://www.eicar.org/?page_id=3950 The EICAR anti-malware test file is a harmless file that is used to test the effectiveness of anti-malware software. It was created by the European Institute for Computer…
GitLab’s Open Source IR Playbooks
Website: https://gitlab.com/syntax-ir/playbooks/-/tree/main GitLab open sourced their playbooks for Incident Response as a way to give back to the community. It gives us procedural documentation, flowcharts, and activities you can adopt,…
CVE List/Search
Website: http:///cve.mitre.org This is the list of common vulnerabilities and exposures (CVE) that everyone knows and loves. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities…
CWE: Common Weakness Enumeration
Website: http://cwe.mitre.org CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for…
CAPEC: Common Attack Pattern Enumeration and Classification
Website: https://capec.mitre.org/index.html CAPEC is the way an attacker can exploit a CVE or generally target a CWE. From the site:The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a…
SANS Whereis IP Address Lookup
Website: https://isc.sans.edu/tools/whereis.html Plug one or more IP addresses into this tool and it will tell you the country and ISP associated with the IPs. This lookup is hosted by SANS,…
DNSlytics – Domain Investigations
Website: https://dnslytics.com Find out everything about a domain name, IP address or provider. Discover relations between them and see historical data. Use it for your digital investigation, fraud prevention or…