README.md

Please see the contribution guidelines for details on how to contribute to this list.

Requirements

• ✔️ 🎓 Functionally useful to a hobbyist, researcher or student.
• ✔️ 🔅 Feature limitations allowed if it remains functionally usable.
• ✔️ ⏳ No time-based limitations. Such as 14 day trial.
• ✔️ Usage is free.
• ✔️ Commercial use limitations are allowed.
• ✔️ 🌐 Products can be Cloud or On-Prem.

Table of Contents

• Business Email Compromise
• Case Management
• DevSecOps
• Documentation
• Firewall
• Notification
• Pentesting
• SIEM
• SOAR
• Secret Management
• Security Training
• Threat Feeds
• Threat Hunting
• Threat Modeling
• Vulnerability Management
• XDR

Business Email Compromise

Enterprise Business Email Compromise (BEC) tools.

• Easy DMARC - Reporting for DMARC, SPF, DKIM, BIMI, MTA-STS and TLS-RPT BIMI.

  Limits

  • 10,000 Emails
  • 1 Domain
  • 14 Days Data History
  • 1 Invited User

Case Management

CE of Enterprise Case Management tools for SOCs and IR.

• Atlassian Jira - Popular issue tracking and project management tool.

  Limits

  • User limit: The free plan is limited to 10 users.
  • Storage limit: The free plan has a 2GB storage limit.
  • Email notifications: The free plan can send a maximum of 100 emails per day.
  • Audit logs: The free plan does not have access to audit logs.
  • Support: The free plan only offers community support.

• TheHive - Popular Security Incident Response and Case Management Platform.

  Limits

  • User limit: The free plan is limited to 2 users.
  • Tenant limit: The free plan is limited to 1 tenant.
  • Deployment: The free plan is limited to 1 node (no clustering).
  • Cortex: The free plan is limited to 1 Cortex instance integration.
  • MISP: The free plan is limited to 1 MISP instance integration.
  • Support: The free plan only offers community support.

DevSecOps

Community Editions of DevOps and DevSecOps tools.

• GitLab Cloud - Web platform for Git versioning and code collaboration.

  Limits

  • 5GB storage
  • 10GB transfer per month
  • 400 compute minutes per month
  • 5 users per top-level group

• Oak9 - Automated security for cloud native applications.

  Limits

  • 1 application / project
  • 3 users
  • 1 free security report
  • Limited integrations
  • Community support via Slack

• Snyk - Dev-first security tool for open source vulnerabilities.

  Limits

  • Open Source: 200 tests/mo
  • Code: 100 tests/mo
  • IaC: 300 tests/mo
  • Container: 100 tests/mo

• SonarQube - Code quality and security analysis tool.

  Limits

  • Community supported plugins

Documentation

CE of Enterprise Documentation tools.

• Atlassian Confluence Free - Popular documentation and collaboration tool.

  Limits

  • Free vs Paid: https://www.atlassian.com/software/confluence/pricing
  • 10 user limit.
  • One site
  • No audit logs or advances security features
  • 2 GB file storage
  • Community support

Firewall

Free

• Burp Suite CE - Popular web application security testing tool.

  Limits

  • Endian CE vs EE: https://www.endian.com/community/comparison/
  • No Vendor Support
  • No Application control
  • No Advanced content feeds
  • Simple anti-spam engine
  • No VPN Remote user auth
  • No Event reporting

Notification

Notification tools for SOCs and IR teams.

• PagerDuty - Popular incident response and alerting tool.

  Limits

  • Users: 5
  • Escalation Schema: 1

• Slack - Popular messaging and collaboration tool with automation.

  Limits

  • 90 day history
  • 10 integrations
  • 1:1 huddles
  • 1:1 messages with individuals outside of organization

Pentesting

Popular Enterprise Pentesting tools.

• AzureHound CE - Go binary that collects data from Entra ID (formerly known as AzureAD) and AzureRM via the Microsoft Graph and Azure REST APIs.

• BloodHound CE - The most popular bug bounty platform.

  Limits

  • [BloodHound CE vs EE](https://bloodhoundenterprise.io/blog/2021/05/11/bloodhound-enterprise-vs-bloodhound-open-source/)

• Burp Suite CE - Popular web application security testing tool.

  Limits

  • HTTP(s) / WebSockets proxy and history
  • Essential tools - Repeater, Decoder, Sequencer, and Comparer.

• HackerOne CE - The most popular bug bounty platform.

  Limits

  • Free to eligible open source projects

• SharpHound CE - Official data collector for BloodHound CE. It is written in C# and uses native Windows API functions and LDAP namespace functions to collect data from domain controllers and domain-joined Windows systems.

SIEM

Community Editions of Security Information and Event Management (SIEM) tools.

• Cribl - Log management and data pipeline tool.

  Limits

  • Daily ingestion up to 1 TB/day.
  • Maximum 10 Worker Processes, and 100 Edge Nodes.
  • Maximum 1 Worker Group and 1 Fleet.
  • Requires sending of anonymized telemetry metadata to Cribl.

• Elasticsearch - Distributed, RESTful search and analytics engine.

  Limits

  • You may not provide the products to others as a managed service
  • You may not circumvent the license key functionality or remove/obscure features protected by license keys
  • You may not remove or obscure any licensing, copyright, or other notices

• QRadar CE - Community Edition is a fully-featured free version of IBM QRadar.

  Limits

  • 50 events per second
  • 5000 network flows per minute

• Search Guard for Elasticsearch CE - Monitor access to data stored in Elasticsearch, including Kibana, Logstash and Beats

  Limits

  • Basic alerting with Email, Slack and Webhooks
  • Basic, PKI and proxy auth
  • Basic access control monitoring
  • Full encryption support
  • Full compatibility

• Splunk - One of the most popular data analysis platforms used for SIEM.

  Limits

  • 500 MB/day
  • 1 user

SOAR

Community Editions of Security Orchestration, Automation and Response (SOAR) tools.

• Splunk SOAR - Splunk's SOAR solution, formerly Phantom.

  Limits

  • 100 actions per day

• Tines - Tines security automation platform.

• XSOAR - Palo Alto's SOAR Solution, formerly Demisto.

  Limits

  • 166 daily automation commands
  • Rolling 30-day incident history
  • 5 active feeds with 100 indicators per feed
  • Native threat intelligence not included
  • Incident closure report
  • Slack DFIR community
  • Single tenant

Secret Management

Enterprise Secret Management tools.

• Bitwarden Free - Individual password management.

  Limits

  • Unlimited passwords
  • Unlimited devices
  • Share vault items with one other user

• CipherTrust CE - Key management and transparent encryption and tokenization.

  Limits

  • Key Management with REST APIs
  • Data protection REST APIs
  • Data Protection Gateway (DPG)
  • Transparent Encryption for Kubernetes Environments (CTE-K8s)

• Hashi Corp Vault Secrets - SaaS based, centralized secrets lifecycle management for developers.

  Limits

  • 25 secrets
  • 25 applications
  • 5 versions per secrets
  • 5 Secret Sync integrations
  • 10,000 API operations
  • Community support

Security Training

Enterprise Security Training platforms

• Veracode Security Labs Community Edition - Lightweight, always free, preview of Enterprise Edition for developers.

  Limits

  • Dozens of Labs
  • Select topics
  • No leaderboards, SSO, assignments or compliance reporting

Threat Feeds

Threat feeds are generally out of scope for this list but a few CE versions of common Enterprise Threat Feeds have been included.

• Anomali STAXX - Free STIX / TAXXII feed client.

  Limits

  • Unlimited feeds

Threat Hunting

Enterprise Threat Hunting tools.

• Active Countermeasures - AC-Hunter has a majority of the functionality (with some limitations)

  Limits

  • All threat hunting modules included
  • 1 sensor
  • 10 Datasets
  • 50 Safelist entries
  • Community support via Discord

• Uncoder - Detection engineering and threat hunting IDE

  Limits

  • Up to 2 premium Sigma rules per month
  • Data field mapping customization
  • 72-hour wait time on content code access
  • Unlimited Filters
  • 1 Data Plane

Threat Modeling

Enterprise Threat Modeling tools.

• ThreatModeler - Attack surface visualization and threat modeling.

  Socials

  • Twitter: https://twitter.com/threatmodeler
  • LinkedIn: https://www.linkedin.com/company/threatmodelersoftware/
  • YouTube: https://www.youtube.com/user/ThreatModeler

• Tidal Cyber - Threat informed defense based on MITRE

  Limits

  • Advanced adversary behavior search
  • Tidal’s product registry
  • Knowledge base labels
  • Custom technique sets and labels

Vulnerability Management

Enterprise Vulnerability Management tools.

• Qualys Community Edition - Vulnerability management and threat prioritization.

  Limits

  • One virtual scanner appliance
  • Unlimited vulnerability scanning for up to 16 internal assets and 3 external assets
  • Unlimited vulnerability scanning for one application URL

• ThreatMapper - Open source scanner for cloud vulnerabilities, malware, compliance misconfigurations.

  Limits

  • As-is support
  • May not sell, distribute, rent, lease or lend the software
  • May not use the software for commercial software hosting services

XDR

Free XDR solutions.

• Wazuh - Lightweight, always free, preview of Enterprise Edition for developers.

  Limits

  • Free and open source.
  • Vendor support is paid.
  Resources

  • GitHub: https://github.com/wazuh

License

This list and associated code are under the MIT License. See LICENSE for details.

The assets in /logos are trademarks of their respective companies and are under their terms of use.