GitHub HTML Monthly Trending

trycua/cua

Open-source infrastructure for Computer-Use Agents. Sandboxes, SDKs, and benchmarks to train and evaluate AI agents that can control full desktops (macOS, Linux, Windows).

Build, benchmark, and deploy agents that use computers

Choose Your Path

Cua Driver - Background computer-use on macOS

Drive any native macOS app in the background — agents click, type, and verify without stealing the cursor, focus, or Space, even on non-AX surfaces like Chromium web content and canvas-based tools (Blender, Figma, DAWs, game engines). Use with the CLI or MCP server for Claude Code, Cursor, and custom clients. Every session records as a replayable trajectory.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/trycua/cua/main/libs/cua-driver/scripts/install.sh)"

Full tool reference, architecture notes, and the Claude Code skill ship with the package: libs/cua-driver/README.md.

Cua - Agent-Ready Sandboxes for Any OS

Build agents that see screens, click buttons, and complete tasks autonomously. One API for any VM or container image — cloud or local.

pip install cua

# Requires Python 3.11 or later
from cua import Sandbox, Image

# Same API regardless of OS or runtime
async with Sandbox.ephemeral(Image.linux()) as sb:   # or .macos() .windows() .android()
    result = await sb.shell.run("echo hello")
    screenshot = await sb.screenshot()
    await sb.mouse.click(100, 200)
    await sb.keyboard.type("Hello from Cua!")
    await sb.mobile.gesture((100, 500), (100, 200))  # multi-touch gestures

	Linux container	Linux VM	macOS	Windows	Android	BYOI (.qcow2, .iso)
Cloud (cua.ai)	✅	✅	✅	✅	✅	🔜 soon
Local (QEMU)	✅	✅	✅	✅	✅	✅

Get Started | Examples | API Reference

CuaBot - Co-op computer-use for any agent

cuabot gives any coding agent a seamless sandbox for computer-use. Individual windows appear natively on your desktop with H.265, shared clipboard, and audio.

npx cuabot                 # Setup onboarding

# Run any agent in a sandbox
cuabot claude              # Claude Code
cuabot openclaw            # OpenClaw in the sandbox

# Run any GUI workflow in a sandbox
cuabot chromium
cuabot --screenshot
cuabot --type "hello"
cuabot --click <x> <y> [button]

Built-in support for agent-browser and agent-device (iOS, Android) out of the box.

Get Started | Installation | First spotted at ClawCon

Cua-Bench - Benchmarks & RL Environments

Evaluate computer-use agents on OSWorld, ScreenSpot, Windows Arena, and custom tasks. Export trajectories for training.

# Install and create base image
cd cua-bench
uv tool install -e . && cb image create linux-docker

# Run benchmark with agent
cb run dataset datasets/cua-bench-basic --agent cua-agent --max-parallel 4

Get Started | Partner With Us | Registry | CLI Reference

Lume - macOS Virtualization

Create and manage macOS/Linux VMs with near-native performance on Apple Silicon using Apple's Virtualization.Framework.

# Install Lume
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/trycua/cua/main/libs/lume/scripts/install.sh)"

# Pull & start a macOS VM
lume run macos-sequoia-vanilla:latest

Get Started | FAQ | CLI Reference

Packages

Package	Description
cuabot	Multi-agent computer-use sandbox CLI
cua-agent	AI agent framework for computer-use tasks
cua-sandbox	SDK for creating and controlling sandboxes
cua-computer-server	Driver for UI interactions and code execution in sandboxes
cua-bench	Benchmarks and RL environments for computer-use
lume	macOS/Linux VM management on Apple Silicon
lumier	Docker-compatible interface for Lume VMs

Resources

Documentation — Guides, examples, and API reference
Blog — Tutorials, updates, and research
Discord — Community support and discussions
GitHub Issues — Bug reports and feature requests

Contributing

We welcome contributions! See our Contributing Guidelines for details.

License

MIT License — see LICENSE for details.

Third-party components have their own licenses:

Kasm (MIT)
OmniParser (CC-BY-4.0)
Optional cua-agent[omni] includes ultralytics (AGPL-3.0)

Trademarks

Apple, macOS, Ubuntu, Canonical, and Microsoft are trademarks of their respective owners. This project is not affiliated with or endorsed by these companies.

Thank you to all our GitHub Sponsors!

tractorjuice/arc-kit

Enterprise Architecture Governance & Vendor Procurement Toolkit

ArcKit - Enterprise Architecture Governance Toolkit

Build better enterprise architecture through structured governance, vendor procurement, and design review workflows.

ArcKit is a toolkit for enterprise architects that transforms architecture governance from scattered documents into a systematic, AI-assisted workflow for:

🏛️ Establishing and enforcing architecture principles
👥 Analyzing stakeholder drivers, goals, and outcomes
🛡️ Risk management (HM Treasury Orange Book)
💼 Business case justification (HM Treasury Green Book SOBC)
📋 Creating comprehensive requirements documents
🗄️ Data modeling with ERD, GDPR compliance, and data governance
🔬 Technology research with build vs buy analysis (web search powered)
☁️ Azure-specific research using Microsoft Learn MCP for authoritative documentation
🗺️ Strategic planning with Wardley Mapping
📊 Generating visual architecture diagrams (Mermaid)
🤝 Managing vendor RFP and selection processes
✅ Conducting formal design reviews (HLD/DLD)
🔧 ServiceNow service management design
🔗 Maintaining requirements traceability
📎 Citation traceability for external documents (inline [DOC-CN] markers with source quotes)

📖 The ArcKit Book

A comprehensive book-length guide to ArcKit — covering every subsystem (commands, agents, hooks, skills, MCP servers, multi-AI distribution, templates, autoresearch) — now lives in its own repository: tractorjuice/arckit-book.

Star History

Quick Start

Installation

Claude Code (premier experience) — install the ArcKit plugin (requires v2.1.139+):

First, make sure Claude Code is on the latest version:

claude install latest

Then in Claude Code:

/plugin marketplace add tractorjuice/arc-kit

Then install from the Discover tab.

Tip: lighter marketplace clone. The command above clones the full arc-kit monorepo (~100 MB) because it hosts five other AI-assistant distributions, 147 vendored Wardley maps, and research docs you don't need. To fetch just the plugin's directories, add the marketplace via the CLI with --sparse:
claude plugin marketplace add tractorjuice/arc-kit --sparse .claude-plugin arckit-claude
This uses git sparse-checkout to limit the clone to .claude-plugin/ (the marketplace catalog) and arckit-claude/ (the plugin itself). Works with Claude Code's documented marketplace sparse flag. Claude Code is the primary development platform for ArcKit and provides the most complete experience: all 70 official commands (plus 46 community-contributed), 10 autonomous research agents, 5 automation hooks (session init, project context injection, filename enforcement, output validation, impact scan), bundled MCP servers (AWS Knowledge, Microsoft Learn, Google Developer Knowledge, govreposcrape), and automatic updates via the marketplace. See Why Claude Code? below.

Why v2.1.139? Claude Code v2.1.139 added the hook args: string[] exec form — ArcKit's 16 registered hooks now use this form so the harness execs node <path> directly instead of parsing a shell-quoted command string. This eliminates a whole class of quoting / metacharacter bugs in the ${CLAUDE_PLUGIN_ROOT}-substituted paths. The same release also fixed subagents not discovering project / user / plugin skills (affects ArcKit's 13 agents) and made /mcp reconnect pick up .mcp.json edits without a restart. Builds on v2.1.136 (fix: env vars from SessionStart hooks going stale — relevant to the inject-arckit-context pattern; fix: MCP servers from .mcp.json disappearing after /clear), v2.1.133 (subagent skill discovery fix, hooks receive effort.level), and v2.1.129 (plugin manifest's monitors/themes moved under a top-level experimental block — ArcKit's stale-artifact-scan background monitor which warns when projects/ artefacts are past their Next Review Date or stuck in DRAFT for 14+ days is declared via that key and will not load on older clients; ENABLE_PROMPT_CACHING_1H regression fix). Carries forward the v2.1.121 unlocks: MCP alwaysLoad eager-loads AWS Knowledge and Microsoft Learn tools at session start (skips a discovery round-trip on /arckit:aws-research and /arckit:azure-research), and PostToolUse hookSpecificOutput.updatedToolOutput so provenance-stamp and manifest hooks surface their effects to the model in-band; the v2.1.118–119 release-flow unlocks: claude plugin tag --dry-run validates plugin/marketplace version agreement, and the session-telemetry hook records duration_ms on every tool call; the v2.1.117 unlocks: Opus 4.7 /context correctly sized to 1M instead of 200K (long research sessions no longer autocompact early) and agent frontmatter mcpServers loading for --agent sessions; the v2.1.111+ unlocks: Opus 4.7 xhigh effort tier, Auto mode without --enable-auto-mode, read-only bash glob patterns without permission prompts; and the v2.1.97 fixes: claude plugin update correctly detects new commits for git-based plugins (critical for ArcKit distribution), MCP HTTP/SSE memory leak fix (~50 MB/hr, affects ArcKit's 5 bundled servers), proper 429 exponential backoff (benefits 10 research agents), Stop/SubagentStop hooks no longer fail on long sessions (affects session-learner), and subagent working directory leak fix.

Gemini CLI — install the ArcKit extension:

gemini extensions install https://github.com/tractorjuice/arckit-gemini

Zero-config: all 70 official commands (plus 46 community-contributed overlays), templates, scripts, and bundled MCP servers (AWS Knowledge, Microsoft Learn). Updates via gemini extensions update arckit.

GitHub Copilot (VS Code) — install the ArcKit CLI and scaffold prompt files:

# Install with pip
pip install git+https://github.com/tractorjuice/arc-kit.git

# Scaffold a project with Copilot prompt files
arckit init my-project --ai copilot

Creates .github/prompts/arckit-*.prompt.md (80 prompt files), .github/agents/arckit-*.agent.md (10 custom agents), and .github/copilot-instructions.md (repo-wide context). Invoke commands in Copilot Chat as /arckit-requirements, /arckit-stakeholders, etc.

Codex CLI — install the ArcKit CLI:

# Install with pip
pip install git+https://github.com/tractorjuice/arc-kit.git

# Or with uv
uv tool install arckit-cli --from git+https://github.com/tractorjuice/arc-kit.git

# Or run without installing
uvx --from git+https://github.com/tractorjuice/arc-kit.git arckit init my-project

Latest Release: v4.21.0

Platform Support

Platform	Claude Code Plugin	Gemini CLI Extension	GitHub Copilot	Codex / OpenCode CLI
macOS	Full support	Full support	Full support	Full support
Linux	Full support	Full support	Full support	Full support
Windows (WSL2)	Full support	Full support	Full support	Full support
Windows (native)	Full support	Full support	Full support	Partial

Windows users: The Claude Code plugin, Gemini CLI extension, and GitHub Copilot prompt files work natively on all platforms. For Codex CLI / OpenCode CLI on native Windows (without WSL), some commands containing inline bash snippets may require Git Bash or WSL2. We recommend WSL2 for the best experience.

Initialize a Project

Claude Code: No initialization needed — the plugin provides everything.

GitHub Copilot (VS Code):

# Create a new architecture governance project
arckit init payment-modernization --ai copilot

# Or initialize in current directory
arckit init . --ai copilot

OpenCode CLI:

# Create a new architecture governance project
arckit init payment-modernization --ai opencode

# Or initialize in current directory
arckit init . --ai opencode

Codex CLI:

# Create a new architecture governance project
arckit init payment-modernization --ai codex

# Minimal install (skip docs and guides)
arckit init payment-modernization --ai codex --minimal

# Or initialize in current directory
arckit init . --ai codex

Start Using ArcKit

# GitHub Copilot (VS Code)
cd payment-modernization && code .
# In Copilot Chat, use ArcKit commands:
/arckit-principles Create principles for a financial services company
/arckit-requirements Build a payment processing system...

# Codex CLI
cd payment-modernization
codex
# Inside your AI assistant, use ArcKit commands:
/arckit.principles Create principles for a financial services company
/arckit.requirements Build a payment processing system...
/arckit.sow Generate RFP for vendor selection

Upgrading

Claude Code plugin: Updates are automatic via the marketplace — no action needed.

Gemini CLI extension: Updates via gemini extensions update arckit.

GitHub Copilot: Re-run arckit init --here --ai copilot to update prompt files, agents, and instructions.

Codex CLI:

# Step 1: Upgrade the CLI tool
pip install --upgrade git+https://github.com/tractorjuice/arc-kit.git
# Or with uv:
uv tool upgrade arckit-cli --from git+https://github.com/tractorjuice/arc-kit.git

# Step 2: Update your existing project (re-run init in place)
cd /path/to/your-existing-project
arckit init --here --ai codex

This updates commands, templates, scripts, and agents while preserving your project data (projects/) and custom templates (.arckit/templates-custom/).

If upgrading from v0.x, you may also need to migrate legacy filenames — see the upgrading guide for full details.

Explore Example Outputs

Public demonstration repositories showcase complete ArcKit deliverables:

NHS Appointment Booking — arckit-test-project-v7-nhs-appointment: Digital health platform with NHS Spine integration and GDPR safeguards.
M365 GCC-H Migration — arckit-test-project-v1-m365: Government cloud migration with compliance mapping and change management.
HMRC Tax Assistant — arckit-test-project-v2-hmrc-chatbot: Conversational AI service covering PII protection and bilingual support.
Windows 11 Deployment — arckit-test-project-v3-windows11: Enterprise OS rollout with policy migration and security baselines.
Patent Application System — arckit-test-project-v6-patent-system: Intellectual property workflow automation using GOV.UK Pay and Notify.
ONS Data Platform — arckit-test-project-v8-ons-data-platform: Official statistics analytics environment with Five Safes governance.
Cabinet Office GenAI Platform — arckit-test-project-v9-cabinet-office-genai: Cross-government GenAI platform with responsible AI guardrails.
UK Government Training Marketplace — arckit-test-project-v10-training-marketplace: AI training procurement platform with multi-sided marketplace design.
National Highways Data Architecture — arckit-test-project-v11-national-highways-data: Strategic road network data platform modernization.
Scottish Courts GenAI — arckit-test-project-v14-scottish-courts: Scottish Courts and Tribunals Service GenAI strategy with comprehensive MLOps and FinOps.
Doctors Appointment System — arckit-test-project-v16-doctors-appointment: Online appointment booking system with NHS integration.
UK Fuel Price Transparency — arckit-test-project-v17-fuel-prices: UK Government fuel price transparency service with real-time pricing data.
Smart Meter Consumer App — arckit-test-project-v18-smart-meter: UK Smart Meter data consumer mobile app with DCC/SMIP integration.
UK Government API Aggregator — arckit-test-project-v19-gov-api-aggregator: Unified access to 240+ UK Government APIs across 34+ departments.

Why ArcKit?

Problem: Architecture Governance is Broken

Traditional enterprise architecture suffers from:

❌ Scattered documents across tools (Word, Confluence, PowerPoint)
❌ Inconsistent governance enforcement
❌ Manual vendor evaluation with bias
❌ Lost traceability between requirements and design
❌ Stale documentation that doesn't match reality

Solution: Structured, AI-Assisted Governance

ArcKit provides:

✅ Template-Driven Quality: Comprehensive templates ensure nothing is forgotten
✅ Systematic Workflows: Clear processes from requirements → procurement → design review
✅ AI Assistance: Let AI handle document generation, you focus on decisions
✅ Enforced Traceability: Automatic gap detection and coverage analysis
✅ Version Control: Git-based workflow for all architecture artifacts

UK Government Compliance

ArcKit includes dedicated commands for UK public sector delivery:

/arckit.tcop — Assess all 13 Technology Code of Practice points across delivery phases.
/arckit.ai-playbook — Produce responsible AI assessments aligned to the UK Government AI Playbook and ATRS.
/arckit.secure — Generate Secure by Design artefacts covering NCSC CAF, Cyber Essentials, and UK GDPR controls.
/arckit.mod-secure — Map MOD Secure by Design requirements (JSP 440, IAMM, clearance pathways).
/arckit.jsp-936 — Deliver JSP 936 AI assurance packs for defence AI systems.

See the demo repositories for end-to-end examples, especially arckit-test-project-v7-nhs-appointment (civilian services) and arckit-test-project-v9-cabinet-office-genai (AI governance).

EU, French & Austrian Regulatory Compliance (Community)

⚠️ Community-contributed. EU and French commands are domain-maintained by @thomas-jardinet; Austrian commands are a seed contribution inviting an Austrian domain maintainer. The 21 commands below cover EU regulations (GDPR, NIS2, AI Act, DORA, CRA, DSA, Data Act), French government standards (SecNumCloud, ANSSI, EBIOS, CNIL, DINUM, etc.), and Austrian government standards (DSG, NISG 2024, BVergG 2018). They are not part of the officially-maintained baseline — output should be reviewed by qualified DPO / CISO / Vergabejurist / legal counsel before reliance, and citations may lag current source text. Each command surfaces with a [COMMUNITY] prefix in /help listings and renders a warning banner before generating.

EU regulations (member-state-neutral baselines, applicable across EU/EEA):

/arckit.eu-rgpd — GDPR (EU 2016/679) compliance assessment — legal basis, data subject rights, transfers, DPIA screening, breach notification
/arckit.eu-nis2 — NIS2 Directive — operators of essential / important entities, Article 21 measures, incident reporting timelines
/arckit.eu-ai-act — EU AI Act (Regulation 2024/1689) — risk classification (prohibited / high-risk / GPAI), conformity routes
/arckit.eu-dora — Digital Operational Resilience Act (EU 2022/2554) — financial sector ICT risk, TLPT, third-party register
/arckit.eu-cra — Cyber Resilience Act (Regulation 2024/2847) — products with digital elements, SBOM, VDP, CE marking
/arckit.eu-dsa — Digital Services Act (Regulation 2022/2065) — intermediaries, platforms, VLOPs, ARCOM
/arckit.eu-data-act — Data Act (Regulation 2023/2854) — connected products, B2B FRAND, cloud switching, Article 27

French government (apply on top of the EU baseline for French deployments):

/arckit.fr-secnumcloud — SecNumCloud 3.2 qualification (sovereign cloud, OIV/OSE, extraterritorial risk)
/arckit.fr-dinum — DINUM standards: RGI, RGAA, RGESN, RGS, doctrine cloud de l'État, FranceConnect, DSFR
/arckit.fr-marche-public — French public procurement (code de la commande publique, UGAP, sovereignty clauses)
/arckit.fr-rgpd — CNIL-specific GDPR layer (cookies Délibération 2020-091, HDS, age 15, DPO registration)
/arckit.fr-ebios — EBIOS Risk Manager — 5-workshop study (VM/ER/SR/CO/SS/SO/MS IDs, MITRE ATT&CK, homologation)
/arckit.fr-anssi — ANSSI Guide d'hygiène informatique (42 measures) + cloud security recommendations
/arckit.fr-anssi-carto — ANSSI SI cartography across business / application / system / network levels
/arckit.fr-dr — Diffusion Restreinte handling under II 901 / SGDSN / ANSSI
/arckit.fr-algorithme-public — Public algorithm transparency notice (Article L311-3-1 CRPA, Loi République Numérique)
/arckit.fr-pssi — Information System Security Policy (PSSI) per ANSSI / RGS
/arckit.fr-code-reuse — Public code reuse assessment (code.gouv.fr, SILL, EUPL) — build-vs-reuse decision matrix

Austrian government (apply on top of the EU baseline for Austrian deployments — seed contribution pending a domain maintainer):

/arckit.at-dsgvo — Austrian DSG layer on GDPR (§§12–13 image processing, ELGA/GTelG health, §96a ArbVG employee monitoring, age 14 consent, DSB enforcement)
/arckit.at-nisg — Austrian NISG 2024 (NIS2 transposition) — Essential/Important designation, GovCERT reporting, KSÖ, AT sectoral authorities
/arckit.at-bvergg — Bundesvergabegesetz 2018 procurement — Oberschwellen/Unterschwellen, ANKÖ publication, Bestbieterprinzip, BVwG review

These layer cleanly on the existing baseline — fr-rgpd / at-dsgvo extend eu-rgpd, fr-pssi / at-nisg reference eu-nis2, and fr-secnumcloud integrates with arckit.research and arckit.evaluate for procurement workflows. Austrian commands carry extra [NEEDS VERIFICATION] markers reflecting their seed status — a future domain maintainer is expected to tighten the citations.

Canada Federal Overlay (12 commands)

Federal Canadian regulatory baseline as a [COMMUNITY] overlay — covering FITAA (Bill C-70 2024), federal privacy and access (Privacy Act, ATI Act), Treasury Board Directive on Automated Decision-Making, Charter rights design review, ITSG-33 + Standard on Security Categorization, Security of Information Act handling, GC Cloud sovereign residency, GC Digital Standards conformance, Official Languages Act, federal procurement (PSPC + PSAB), and First Nations OCAP® data sovereignty.

Command	Type code	Purpose
`/arckit:ca-fitaa`	`FITAA`	Foreign Influence Transparency and Accountability Act compliance assessment
`/arckit:ca-pia`	`PIA`	Privacy Impact Assessment per Privacy Act + TBS Directive on PIA
`/arckit:ca-atip`	`ATIP`	Access to Information / Privacy Act reconciliation and severance design
`/arckit:ca-aia`	`AIA`	Algorithmic Impact Assessment per TBS Directive on Automated Decision-Making (Levels I–IV)
`/arckit:ca-charter`	`CHRT`	Charter rights design review (s.2 / s.7 / s.8 / s.15) with Oakes proportionality
`/arckit:ca-itsg-33`	`ITSG`	ITSG-33 Statement of Applicability + Standard on Security Categorization
`/arckit:ca-soia`	`SOIA`	Security of Information Act handling plan for SECRET / TOP SECRET systems
`/arckit:ca-cloud-residency`	`CACR`	GC Cloud sovereign residency assessment with CLOUD-Act analysis
`/arckit:ca-gc-digital-standards`	`DIGSTD`	Government of Canada Digital Standards conformance scorecard
`/arckit:ca-ola`	`OLA`	Official Languages Act review (Parts IV / V / VI)
`/arckit:ca-pspc`	`PROC`	Federal procurement strategy (PSPC Supply Manual + PSAB 5%)
`/arckit:ca-ocap`	`OCAP`	First Nations OCAP® sovereignty assessment with FNIGC pre-engagement gate

Help wanted: looking for a Canadian federal enterprise architect to co-maintain this overlay. Open an issue or DM @tractorjuice.

UAE Federal Overlay (Community-contributed)

⚠️ Community-contributed overlay. The 12 commands below cover UAE federal regulatory and digital-government instruments and ship as a community-contributed overlay (not part of the officially-maintained baseline of 68). They are anchored on the UAE Cabinet decree of 23 April 2026 mandating that 50% of federal services run on agentic AI by April 2028, and on the federal data, identity, AI governance, and procurement frameworks the decree references. The overlay is currently solo-maintained by @tractorjuice; a UAE domain co-maintainer is being recruited before the overlay can be re-evaluated for official-baseline promotion. Six citations are flagged [NEEDS VERIFICATION] pending Executive Regulations and authority confirmations — see docs/guides/uae-overlay-maintenance.md. Output should be reviewed by qualified UAE federal compliance counsel before reliance.

Set governance_framework: UAE Federal and classification_scheme: UAE Smart Data in plugin userConfig to switch the Document Control header into UAE Smart Data classification rendering across every artefact.

Federal data and security:

/arckit.uae-classification — UAE Smart Data Classification Register (Open / Shared / Confidential / Secret / Top Secret) with handling rules and declassification schedule
/arckit.uae-pdpl — Federal Decree-Law No. 45 of 2021 (PDPL) compliance assessment — DPIA, lawful-basis register, data-subject-rights procedure, cross-border transfer log
/arckit.uae-ias — UAE Cybersecurity Council Information Assurance Standard v2 — Statement of Applicability against 188 controls (60 management M1–M6, 128 technical T1–T9), priority-tiered P1–P4
/arckit.uae-cloud-residency — National Cloud Security Policy v2 sovereign cloud assessment — per-classification residency, approved CSPs (Core42 / G42, Microsoft UAE North/Central, TDRA FedNet, e& Sovereign Launchpad on AWS), shared-responsibility matrix, exit/portability plan

Federal identity:

/arckit.uae-uaepass — UAE Pass integration design (OIDC/OAuth flow, claim mapping, Basic vs Verified profile selection, Service Provider onboarding, e-signature audit trail)

Cabinet instruments:

/arckit.uae-zero-bureaucracy — Service Catalogue review under the UAE Code for Government Services and Zero Bureaucracy programme
/arckit.uae-digital-records — Digital Records Plan under the UAE Government Services Digital Records Policy (source-of-truth register per service, retention schedule, official-source designation)
/arckit.uae-data-sharing — Data Sharing Agreement under the UAE Government Services Data Sharing Policy ("collect once, use securely") with PDPL lawful basis per share
/arckit.uae-priorities-alignment — National Priorities Alignment Statement under the UAE Federal Government Guide — reuse-vs-build, capability-reuse register (UAE Pass, FedNet), strategy alignment to NIS 2031 / AI 2031 / We the UAE 2031

AI governance:

/arckit.uae-ai-charter — UAE Charter for the Development and Use of AI compliance assessment (12 principles)
/arckit.uae-ai-autonomy-tier — Three-tier AI autonomy posture (Tier 1 internal-productivity, Tier 2 investor-facing-with-approval, Tier 3 regulated/financial) with per-tier guard-rails, approval gates, audit obligations, tier-promotion criteria

Procurement:

/arckit.uae-procurement — Federal procurement strategy under Federal Decree-Law No. 11 of 2023 — ITT/RFP packs against MoF Digital Procurement Platform templates, In-Country Value (ICV) plan, evaluation report structure, contract register

The commands chain together in a canonical order from principles → uae-classification → uae-pdpl → uae-ias → uae-cloud-residency → uae-uaepass → uae-zero-bureaucracy → uae-digital-records → uae-data-sharing → uae-ai-charter → uae-ai-autonomy-tier → uae-priorities-alignment → uae-procurement → sobc → wardley → framework. The reference implementation is the arckit-test-project-v20-uae-moi-ipad test repo. Full guide: docs/guides/uae-overlay.md.

The ArcKit Workflow

ArcKit guides you through the enterprise architecture lifecycle:

Phase 0: Project Planning

/arckit.plan → Create project plan with timeline, phases, and gates

Visualize your entire project delivery:

GDS Agile Delivery phases (Discovery → Alpha → Beta → Live)
Mermaid Gantt chart with timeline, dependencies, and milestones
Workflow diagram showing gates and decision points
Tailored timeline based on project complexity
Integration of all ArcKit commands into schedule
Gate approval criteria for governance

Phase 1: Establish Governance

/arckit.principles → Create enterprise architecture principles

Define your organisation's architecture standards:

Cloud strategy (AWS/Azure/GCP)
Security frameworks (Zero Trust, compliance)
Technology standards
FinOps and cost governance

Phase 2: Stakeholder Analysis

/arckit.stakeholders → Analyze stakeholder drivers, goals, and outcomes

Do this BEFORE business case to understand who cares about the project and why:

Identify all stakeholders (internal and external)
Document underlying drivers (strategic, operational, financial, compliance, risk, personal)
Map drivers to SMART goals
Map goals to measurable outcomes
Create Stakeholder → Driver → Goal → Outcome traceability
Identify conflicts and synergies
Define engagement and communication strategies

Phase 3: Risk Assessment

/arckit.risk → Create comprehensive risk register (Orange Book)

Do this BEFORE business case to identify and assess risks systematically:

Follow HM Treasury Orange Book 2023 framework
Identify risks across 6 categories (Strategic, Operational, Financial, Compliance, Reputational, Technology)
Assess inherent risk (before controls) and residual risk (after controls)
Apply 4Ts response framework (Tolerate, Treat, Transfer, Terminate)
Link every risk to stakeholder from RACI matrix
Monitor risk appetite compliance
Feed into SOBC Management Case Part E

Phase 4: Business Case Justification

/arckit.sobc → Create Strategic Outline Business Case (SOBC)

Do this BEFORE requirements to justify investment and secure approval:

Use HM Treasury Green Book 5-case model (Strategic, Economic, Commercial, Financial, Management)
Analyze strategic options (Do Nothing, Minimal, Balanced, Comprehensive)
Map benefits to stakeholder goals (complete traceability)
Provide high-level cost estimates (Rough Order of Magnitude)
Economic appraisal (ROI range, payback period)
Procurement and funding strategy
Governance and risk management (uses risk register)
Enable go/no-go decision BEFORE detailed requirements work

Phase 5: Define Requirements

/arckit.requirements → Document comprehensive requirements

Create detailed requirements informed by stakeholder goals (if SOBC approved):

Business requirements with rationale
Functional requirements with acceptance criteria
Non-functional requirements (performance, security, scalability, compliance)
Integration requirements (upstream/downstream systems)
Data requirements (DR-xxx)
Success criteria and KPIs

Phase 5.3: Platform Strategy Design (Optional - for Multi-Sided Platforms)

/arckit.platform-design → Design multi-sided platform strategy using Platform Design Toolkit

Use this phase when designing ecosystem-based platforms (Government as a Platform, marketplaces, data platforms):

Ecosystem Canvas: Map supply side, demand side, supporting entities with relationship diagrams
Entity-Role Portraits: Deep dive into 3-5 key entities (context, pressures, goals, gains)
Motivations Matrix: Identify synergies and conflicts across entities with mitigation strategies
Transactions Board: Design 10-20 transactions with cost reduction analysis (search, information, negotiation, coordination, enforcement)
Learning Engine Canvas: 5+ services that help participants improve (data, feedback loops, network effects)
Platform Experience Canvas: Journey maps with business model and unit economics
MVP Canvas: Liquidity bootstrapping strategy to solve chicken-and-egg problem
Platform Design Canvas: Synthesize all 8 canvases into cohesive platform strategy
UK Government Context: Aligns with Government as a Platform (GaaP), TCoP Point 8 (share/reuse), Digital Marketplace

Use Cases: NHS appointment booking, local authority data marketplaces, training procurement platforms, citizen services portals

Phase 5.5: Data Modeling

/arckit.data-model → Create comprehensive data model with ERD

Create data model based on Data Requirements (DR-xxx):

Visual Entity-Relationship Diagram (ERD) using Mermaid
Detailed entity catalog with attributes, types, validation rules
PII identification and GDPR/DPA 2018 compliance
Data governance matrix (business owners, stewards, custodians)
CRUD matrix showing component access patterns
Data integration mapping (upstream sources, downstream consumers)
Data quality framework with measurable metrics
Requirements traceability (DR-xxx → Entity → Attribute)

Phase 5.7: Data Protection Impact Assessment

/arckit.dpia → Generate DPIA for UK GDPR Article 35 compliance

MANDATORY for high-risk processing - assess privacy risks before technology selection:

ICO 9-criteria automated screening (sensitive data, large scale, vulnerable subjects, AI/ML, etc.)
Auto-populated from data model (entities, PII, special category data, lawful basis)
Risk assessment focused on impact on individuals (privacy harm, discrimination)
Data subject rights implementation checklist (SAR, deletion, portability)
Children's data assessment (age verification, parental consent)
AI/ML algorithmic processing assessment (bias, explainability, human oversight)
ICO prior consultation flagging for high residual risks
International transfer safeguards (SCCs, BCRs, adequacy decisions)
Bidirectional links to risk register (DPIA-xxx risk IDs)
Links mitigations to Secure by Design security controls

Phase 5.8: Data Source Discovery

/arckit.datascout → Discover external data sources

Discover and evaluate external data sources to fulfil project data requirements:

Data needs extraction from DR/FR/INT/NFR requirements
UK Government open data portals (data.gov.uk, ONS, NHS Digital, Companies House, OS Data Hub)
Commercial API providers and data marketplaces
Free/freemium APIs and open source datasets
Weighted evaluation scoring (Requirements Fit, Data Quality, License & Cost, API Quality, Compliance, Reliability)
Gap analysis for unmet data needs
Data model impact assessment (new entities, attributes, sync strategy)
Requirements traceability (every DR-xxx mapped to a source or flagged as gap)
TCoP Point 10 compliance (Make Better Use of Data)

Phase 6: Technology Research

/arckit.research → Research technology, services, and products

Research available solutions to meet requirements with build vs buy analysis:

Dynamic category detection from requirements (authentication, payments, databases, etc.)
Commercial SaaS options with pricing, reviews, and ratings (WebSearch)
Open source alternatives with GitHub stats and community maturity
UK Government GOV.UK platforms (One Login, Pay, Notify, Forms)
Digital Marketplace suppliers (G-Cloud, DOS)
Total Cost of Ownership (TCO) comparison (3-year)
Build vs Buy vs Adopt recommendations
Vendor shortlisting for deeper evaluation
Integration with Wardley mapping (evolution positioning)
Feeds into SOBC Economic Case (cost data, options analysis)

Phase 6.5: Grants & Funding Research

/arckit.grants → Research UK government grants, charitable funding, and accelerator programmes

Identify and evaluate funding opportunities with eligibility scoring:

UK Innovate UK grants and R&D funding (e.g. Smart Grants, KTP, SBRI)
UK Research and Innovation (UKRI) funding calls
Charitable foundations and philanthropic funding (e.g. National Lottery Heritage Fund, Wellcome Trust)
Accelerator and incubator programmes (e.g. DCMS, DSIT-backed cohorts)
EU Horizon Europe successor funding open to UK entities
Eligibility scoring matrix against project requirements and stakeholder profile
Application timeline, deadlines, and award values
Strategic fit assessment (alignment with project goals and public sector context)
Outputs a structured GRNT funding opportunity register

Phase 7: Strategic Planning with Wardley Mapping

/arckit.wardley → Create strategic Wardley Maps

Visualize strategic positioning with:

Component evolution analysis (Genesis → Custom → Product → Commodity)
Build vs Buy decision framework
Vendor comparison and procurement strategy
UK Government Digital Marketplace mapping
Evolution predictions and strategic gameplay

Phase 7.5: Strategic Roadmap

/arckit.roadmap → Create multi-year architecture roadmap

Create strategic roadmap for multi-year transformation programs:

Multi-year timeline: 3-5 year roadmap with Mermaid Gantt chart aligned to financial years (FY 2024/25, etc.)
Strategic themes: Cloud migration, data modernization, security & compliance, DevOps transformation
Capability evolution: Maturity progression from L1 (Initial) to L5 (Optimized) over time
Investment planning: CAPEX/OPEX budget by financial year, ROI projections, benefits realization
Governance framework: ARB monthly, Programme Board monthly, Steering Committee quarterly
Service Standard gates: Alpha/Beta/Live assessment milestones (UK Government)
Dependencies: Mermaid flowchart showing initiative sequencing and critical path
Success metrics: Cloud adoption %, technical debt reduction, deployment frequency, time to market
Traceability: Links roadmap themes to stakeholder drivers, architecture principles, requirements
UK Government specifics: Spending Review alignment, TCoP compliance timeline, NCSC CAF progression

Use this when: You have a multi-year transformation program with multiple initiatives running in parallel. Roadmaps are strategic (multi-year, multi-initiative, executive communication) vs project plans which are tactical (single initiative, detailed tasks, team execution).

Roadmap feeds into: /arckit.plan for detailed phase execution, /arckit.sobc for investment business case, /arckit.backlog for prioritized user stories, /arckit.strategy for executive-level synthesis.

Phase 7.6: Architecture Strategy Synthesis

/arckit.strategy → Synthesise strategic artifacts into executive-level Architecture Strategy

Create a comprehensive Architecture Strategy document that synthesises multiple strategic artifacts into a single coherent narrative:

Strategic vision: 2-3 paragraphs articulating the transformation vision and success definition
Strategic drivers: Summarised from stakeholder analysis with external drivers (regulatory, market, technology)
Guiding principles: Key principles with strategic implications, compliance summary
Current state assessment: Technology landscape, capability maturity baseline (L1-L5), technical debt, SWOT
Target state vision: Future architecture, capability maturity targets, architecture vision diagram
Technology evolution: Build vs buy decisions, technology radar (Adopt/Trial/Assess/Hold) from Wardley maps
Strategic themes: 3-5 investment themes with objectives, initiatives, success criteria, principles alignment
Delivery roadmap summary: Timeline, phases, milestones from roadmap artifact
Investment summary: CAPEX/OPEX, NPV, IRR, payback period, benefits realisation from SOBC
Strategic risks: Top risks with heat map, assumptions, constraints from risk register
Success metrics: KPIs with baselines and year-over-year targets
Governance model: Forums, decision rights, review cadence
Traceability: Driver → Goal → Outcome → Theme → Principle → KPI chain

Use this when: You have multiple strategic artifacts (principles, stakeholders, wardley, roadmap, sobc) and need to create a single executive-level document that synthesises them into a coherent strategy. Ideal for Strategy Board presentations, executive briefings, or stakeholder communication.

Unique requirement: This is the only ArcKit command with TWO mandatory inputs (principles AND stakeholders). Strategy cannot be created without understanding both the decision framework and the stakeholder drivers.

Strategy feeds into: /arckit.requirements for detailed requirements, /arckit.roadmap for expanded timeline, /arckit.plan for project delivery.

Phase 7.7: Architecture Decision Records

/arckit.adr → Document architectural decisions

Create Architecture Decision Records (ADRs) following MADR v4.0 format enhanced with UK Government requirements:

Decision metadata: Sequential numbering (ADR-001, ADR-002), status (Proposed/Accepted/Superseded), escalation level (Team/Cross-team/Department/Cross-government)
Stakeholder RACI: Deciders (accountable), Consulted (SMEs, two-way), Informed (one-way communication)
Context and problem statement: Why this decision is needed, business/technical/regulatory drivers
Decision drivers: Technical forces (performance, security, scalability), business forces (cost, time), compliance forces (GDS Service Standard, TCoP, NCSC, UK GDPR)
Options analysis: Minimum 2-3 options plus "Do Nothing" baseline, each with pros/cons, cost (CAPEX/OPEX/TCO), GDS Service Standard impact, Wardley evolution stage
Y-Statement: Structured justification - "In the context of X, facing Y, we decided for Z to achieve A, accepting B"
Consequences: Positive (benefits, capabilities), Negative (trade-offs, technical debt), Neutral (training, infrastructure), Risks and mitigations
Validation: How implementation will be verified (design reviews, code reviews, testing, monitoring)
Traceability: Links to requirements, principles, stakeholders, research, Wardley maps, diagrams, risk register
UK Government specifics: Escalation levels (Team → Cross-team → Department → Cross-government), governance forums (ARB, TDA, Programme Board), Service Standard/TCoP compliance documentation

Use this when: Making significant architectural decisions that affect system structure, quality attributes, or behavior - technology choices (databases, frameworks, cloud services), integration patterns, security approaches, deployment strategies, data management.

ADR feeds into: /arckit.diagram (architecture diagrams reflect decisions), /arckit.hld-review and /arckit.dld-review (reviews verify decisions implemented), /arckit.traceability (decisions are key traceability artifacts).

Phase 8: Vendor Procurement (if needed)

/arckit.sow → Generate Statement of Work (RFP)

Create RFP-ready documents with:

Scope of work and deliverables
Technical requirements
Vendor qualifications
Evaluation criteria
Contract terms

/arckit.dos → Digital Outcomes and Specialists (DOS) procurement 🇬🇧

For UK public sector organizations needing custom development:

Generate DOS-compliant procurement documentation
Extract requirements from project artifacts (BR/FR/NFR/INT/DR)
Essential vs desirable skills from requirements
Success criteria (technology-agnostic)
Evaluation framework (40% Technical, 30% Team, 20% Quality, 10% Value)
Audit-ready documentation for Digital Marketplace

/arckit.gcloud-search → G-Cloud service search with live marketplace search 🇬🇧

For UK public sector organizations needing off-the-shelf cloud services:

Generate G-Cloud requirements document
Live Digital Marketplace search using WebSearch
Find actual services with suppliers, prices, features, links
Service comparison table with recommendations
Shortlist top 3-5 matching services
Links to Digital Marketplace guidance (gov.uk)

/arckit.gcloud-clarify → G-Cloud service validation and gap analysis 🇬🇧

Validate G-Cloud services and generate supplier clarification questions:

Systematic gap analysis (MUST/SHOULD requirements vs service descriptions)
Detect gaps: ✅ Confirmed, ⚠️ Ambiguous, ❌ Not mentioned
Generate prioritised questions (🔴 Critical / 🟠 High / 🔵 Medium / 🟢 Low)
Risk assessment matrix for each service
Email templates for supplier engagement
Evidence requirements specification
Next steps checklist

/arckit.evaluate → Create vendor evaluation framework

Set up systematic scoring:

Technical evaluation criteria (100 points)
Cost evaluation methodology
Reference check templates
Decision matrix

/arckit.evaluate (compare mode) → Compare vendor proposals

Side-by-side analysis of:

Technical approaches
Cost breakdowns
Risk assessments
Value propositions

Phase 9: Design Review

/arckit.hld-review → Review High-Level Design

Validate designs against:

Architecture principles compliance
Requirements coverage
Security and compliance
Scalability and resilience
Operational readiness

/arckit.dld-review → Review Detailed Design

Implementation-ready validation:

Component specifications
API contracts (OpenAPI)
Database schemas
Security implementation
Test strategy

Phase 10: Sprint Planning

/arckit.backlog → Generate prioritised product backlog

Transform requirements into sprint-ready user stories:

Convert requirements (BR/FR/NFR/INT/DR) to GDS-format user stories
Multi-factor prioritization (MoSCoW + risk + value + dependencies)
Organise into sprint plan with capacity balancing
Generate traceability matrix (requirements → stories → sprints)
Export to Jira/Azure DevOps (CSV) or custom tools (JSON)
Time savings: 75%+ (4-6 weeks → 3-5 days)

When to run: After HLD approval, before Sprint 1 (Alpha → Beta transition)

Phase 10.5: Backlog Export

/arckit.trello → Export product backlog to Trello

Push your backlog directly to Trello for sprint execution:

Create Trello board with sprint-based lists (Product Backlog + per-sprint + In Progress + Done)
Cards with priority labels, story points, and acceptance criteria checklists
Colour-coded labels by MoSCoW priority and requirement type
Rate-limit-aware Trello API integration
Requires TRELLO_API_KEY and TRELLO_TOKEN environment variables

When to run: After /arckit.backlog generates the product backlog (requires JSON export)

Phase 11: ServiceNow Service Management Design

/arckit.servicenow → Generate ServiceNow service design

Bridge architecture to operations:

CMDB design (derived from architecture diagrams)
SLA definitions (derived from NFRs)
Incident management design
Change management plan
Monitoring and alerting plan
Service transition plan

Phase 12: Traceability

/arckit.traceability → Generate traceability matrix

Ensure complete coverage:

Requirements → Design mapping
Design → Test mapping
Gap analysis and orphan detection
Change impact tracking

Phase 13: Quality Assurance

/arckit.analyze → Comprehensive governance quality analysis

Periodically assess governance quality across all artifacts:

Architecture principles compliance
Requirements coverage and traceability
Stakeholder alignment verification
Risk management completeness
Design review quality
Documentation completeness and quality
Gap identification and recommendations

When to use: Run periodically (before milestones, design reviews, or procurement decisions) to identify gaps and ensure governance standards are maintained.

Phase 14: Compliance Assessment (UK Government)

For UK Government and public sector projects:

/arckit.service-assessment → GDS Service Standard assessment preparation

Prepare for mandatory GDS Service Standard assessments:

Analyze evidence against all 14 Service Standard points
Identify gaps for alpha, beta, or live assessments
Generate RAG (Red/Amber/Green) ratings and overall readiness score
Provide actionable recommendations with priorities and timelines
Include assessment day preparation guidance
Map ArcKit artifacts to Service Standard evidence requirements

Run at end of Discovery (for alpha prep), mid-Beta (for beta prep), or before Live to ensure readiness.

/arckit.tcop → Technology Code of Practice assessment

Assess compliance with all 13 TCoP points:

Point 1: Define user needs
Point 2: Make things accessible
Point 3: Be open and use open source
Point 4: Make use of open standards
Point 5: Use cloud first
Point 6: Make things secure
Point 7: Make privacy integral
Point 8: Share, reuse and collaborate
Point 9: Integrate and adapt technology
Point 10: Make better use of data
Point 11: Define your purchasing strategy
Point 12: Meet the Digital Spend Controls
Point 13: Define your responsible AI use

/arckit.secure → UK Government Secure by Design assessment

Security compliance assessment:

NCSC Cloud Security Principles
NCSC Cyber Assessment Framework (CAF)
Cyber Essentials / Cyber Essentials Plus
UK GDPR and DPA 2018 compliance
Security architecture review
Threat modeling

/arckit.ai-playbook → UK Government AI Playbook compliance (for AI systems)

Responsible AI assessment:

AI ethics principles
Transparency and explainability
Fairness and bias mitigation
Data governance for AI
Human oversight mechanisms
Impact assessment

/arckit.atrs → Algorithmic Transparency Recording Standard

Generate ATRS record for algorithmic decision-making:

Algorithm details and logic
Purpose and use case
Data sources and data quality
Performance metrics and monitoring
Impact assessment and mitigation

For MOD Projects:

/arckit.mod-secure → MOD Secure by Design assessment

MOD-specific security compliance:

JSP 440 (Defence Project & Programme Management)
Information Assurance Maturity Model (IAMM)
MOD Security clearances and vetting
STRAP classification handling
Security Operating Procedures (SyOPs)
Supplier attestation requirements

/arckit.jsp-936 → MOD JSP 936 AI Assurance Documentation

For defence projects using AI/ML systems:

JSP 936 (Dependable Artificial Intelligence in Defence)
5 Ethical Principles (Human-Centricity, Responsibility, Understanding, Bias & Harm Mitigation, Reliability)
5 Risk Classification Levels (Critical to Minor)
8 AI Lifecycle Phases (Planning to Quality Assurance)
Approval pathways (2PUS/Ministerial → Defence-Level → TLB-Level)
RAISOs and Ethics Manager governance
Human-AI teaming strategy and continuous monitoring

Phase 14.5: Compliance Assessment (EU and French Government)

ArcKit includes commands for EU regulatory compliance and French public sector governance. These commands are applicable to organisations operating in the EU or under French jurisdiction — whether public sector or private.

EU Regulations

/arckit.eu-rgpd → GDPR compliance assessment (Regulation 2016/679)

Assess personal data processing obligations:

Legal basis determination (consent, contract, legitimate interest, legal obligation)
Data subject rights implementation (access, erasure, portability, objection)
CNIL registration and DPO obligations (France)
Cross-border transfer safeguards (SCCs, BCRs, adequacy decisions)
Integration with DPIA (/arckit.dpia) for high-risk processing

/arckit.eu-ai-act → EU AI Act compliance (Regulation 2024/1689)

Assess AI system obligations under the EU's risk-based AI framework:

Risk classification (unacceptable / high-risk / limited-risk / minimal)
High-risk system obligations: conformity assessment, CE marking, EUDB registration
GPAI model obligations for providers of general-purpose AI
Human oversight, transparency, and fundamental rights impact assessment
Prohibited practices (social scoring, real-time biometric surveillance)

/arckit.eu-nis2 → NIS2 Directive compliance (Directive 2022/2555)

Assess cybersecurity obligations for essential and important entities:

Sector classification (Annex I Essential vs Annex II Important)
OIV/OSE designation under French transposition (LPM/LCEN)
Governance, risk management, and incident reporting obligations
Supply chain security and vulnerability disclosure
ANSSI notification timeline (24h → 72h → 30-day final report)

/arckit.eu-dora → DORA compliance (Regulation 2022/2554) for financial entities

Digital Operational Resilience Act obligations for banks, insurers, and investment firms:

ICT risk management framework (5 pillars)
Major ICT-related incident classification and reporting (4h → 72h → monthly final)
TLPT (Threat-Led Penetration Testing) requirements for significant institutions
Third-party ICT provider management and critical provider designation
Contractual requirements for ICT service agreements

/arckit.eu-cra → Cyber Resilience Act compliance (Regulation 2024/2847)

Mandatory cybersecurity requirements for products with digital elements (hardware + software):

Product classification (Default / Important Class I / Critical Class II)
12 Annex I Part I security-by-design requirements
SBOM in SPDX or CycloneDX format (mandatory)
Vulnerability Disclosure Policy and 24h ENISA reporting
Conformity assessment route (internal control vs notified body)
Full application deadline: 11 December 2027

/arckit.eu-dsa → EU Digital Services Act compliance (Regulation 2022/2065)

Tiered obligations for online intermediary services:

Provider classification (mere conduit / hosting / platform / VLOP / VLOSE)
VLOP/VLOSE designation threshold: 45M monthly active EU users
Content moderation, recommender system transparency, advertising obligations
ARCOM as French Digital Services Coordinator (DSC)
Systemic risk assessment and independent audit for VLOPs

/arckit.eu-data-act → EU Data Act compliance (Regulation 2023/2854)

Data sharing obligations for connected products and cloud providers:

Role determination: manufacturer / data holder / DAPS / public sector body
User data access rights (Chapter II) and B2B sharing (Chapter III)
Cloud switching obligations (Chapter VI) — egress fee elimination by September 2027
International data transfer restrictions (Article 27)
Application date: 12 September 2025

French Public Sector Governance

/arckit.fr-rgpd → French GDPR compliance with CNIL-specific requirements

Extends EU GDPR with French context:

CNIL enforcement priorities and sector-specific guidelines
French DPO registration and CNIL prior consultation obligations
Biometric data processing under French law (CNIL authorisation required)

/arckit.fr-ebios → EBIOS Risk Manager methodology (ANSSI 2018)

French standard risk analysis for IS homologation:

5-workshop structure (Framework, Risk Sources, Strategic Scenarios, Operational Scenarios, Risk Treatment)
OIV/OSE/public sector IS homologation evidence
Attack path modelling and feared events
Integration with PSSI and SecNumCloud qualification

/arckit.fr-anssi → ANSSI 42 Cybersecurity Hygiene Measures assessment

Assess compliance with ANSSI's foundational hygiene guide:

7 themes: administration, authentication, updates, monitoring, backups, network, workstations
Cloud security recommendations (ANSSI cloud qualification matrix)
Gap analysis with prioritised remediation (P1–P3)
Integration with EBIOS and PSSI

/arckit.fr-anssi-carto → ANSSI SI Cartography (4-level IS mapping)

Generate structured IS cartography following ANSSI's 4-level methodology:

Level 1: Business processes and core missions
Level 2: Application and data mapping
Level 3: Server, database, and system inventory
Level 4: Network topology, firewall rules, interconnections
Attack surface summary and sensitive flow identification

/arckit.fr-secnumcloud → SecNumCloud qualification assessment

Assess cloud provider and customer obligations under ANSSI's SecNumCloud referential:

Visa vs qualification distinction (only full qualification satisfies OIV/ministerial use)
IS homologation prerequisites for SecNumCloud deployment
SecNumCloud-compatible architecture requirements
Procurement clauses for public-cloud contracts

/arckit.fr-dinum → DINUM digital doctrine assessment

Assess compliance with French digital government doctrine:

RGI (Référentiel Général d'Interopérabilité) — interoperability standards
RGAA (Référentiel Général d'Amélioration de l'Accessibilité) — accessibility
Doctrine cloud (cloud native, cloud first, SecNumCloud for sensitive data)
SILL (Socle Interministériel de Logiciels Libres) — recommended open source stack

/arckit.fr-marche-public → French public procurement (Code de la Commande Publique)

Generate procurement documentation compliant with French public contract law:

Marché public thresholds and procedures (below/above EU thresholds)
CCAP, CCTP, RC documentation templates
ANSSI-qualified provider requirements (PASSI, PRIS, PDIS)
Achat public durable obligations (environmental and social clauses)

/arckit.fr-pssi → PSSI (Politique de Sécurité des Systèmes d'Information)

Generate IS security policy for French public sector entities:

9-section structure approved by the Highest Authority (AA)
7 security domains (network, workstations, applications, IS management, physical, personnel, continuity)
RSSI, DPO, DSI, and FSSI roles
Review cycle and integration with EBIOS and homologation

/arckit.fr-dr → Diffusion Restreinte (DR) handling compliance

Assess document and IS handling requirements under the DR administrative classification:

II 901/SGDSN rules for DR document lifecycle
Electronic storage, transmission, and physical handling obligations
IS homologation for DR-processing systems
Scope explicitly bounded: DR only — IGI 1300 (Confidentiel Défense and above) is out of scope

/arckit.fr-algorithme-public → French Public Algorithm Transparency Notice

Generate mandatory transparency notice under CRPA Art. L311-3-1:

Scope determination: which automated decisions are covered
Plain-language description per algorithm, parameters, and weights
Human oversight mechanisms and appeal rights
GDPR Art. 22 intersection (automated individual decisions)
EU AI Act flagging for ML-based systems
More legally binding than the UK ATRS equivalent

/arckit.fr-code-reuse → French Public Code Reuse Assessment (Circulaire 2021-1524)

Assess code reuse obligations before building or procuring:

code.gouv.fr search (French public code catalogue)
SILL (Socle Interministériel de Logiciels Libres) — ministerially recommended open source
EU public code alternatives (Joinup, European Commission repositories)
Licence compatibility matrix (EUPL-1.2 recommended for public code publication)
Decision matrix: reuse / fork / SILL adoption / procure / build
Circulaire 2021 publication obligation: modified public code must be released back

Phase 15: Project Story & Reporting

/arckit.story → Generate comprehensive project story

Create narrative historical record with complete timeline analysis:

Timeline Analysis: 4 visualization types (Gantt chart, linear flowchart, detailed table, phase duration pie chart)
Timeline Metrics: Project duration, velocity, phase analysis, critical path identification
Complete Timeline: All events from git log or file modification dates with days-from-start
8 Narrative Chapters: Foundation → Business Case → Requirements → Research → Procurement → Design → Delivery → Compliance
Traceability Demonstration: End-to-end chains with Mermaid diagrams showing stakeholder → goals → requirements → stories → sprints
Governance Achievements: Showcase compliance (TCoP, Service Standard, NCSC CAF), risk management, decision rationale
Strategic Context: Wardley Map insights, build vs buy decisions, vendor selection rationale
Lessons Learned: Pacing analysis, timeline deviations, recommendations for future projects
Comprehensive Appendices: Artifact register, chronological activity log, DSM, command reference, glossary

When to use: At project milestones or completion to create shareable story for stakeholders, leadership, or portfolio reporting. Perfect for demonstrating systematic governance and ArcKit workflow value.

/arckit.presentation → Generate MARP slide deck from project artifacts

Create presentation slides from existing architecture artifacts:

MARP Format: Markdown-based slides with --- separators — exports to PDF, PPTX, or HTML
Focus Modes: Executive (board-level), Technical (architecture detail), Stakeholder (benefits-focused), Procurement (RFP briefings)
Artifact-Driven: Reads all available project artifacts and extracts key content into slides
Mermaid Diagrams: Gantt charts, C4 diagrams, pie charts, and quadrant charts embedded natively
Configurable: Choose slide count (6-8, 10-12, 15-20) and MARP theme (default, gaia, uncover)
Doc type code: PRES

When to use: Before governance boards, stakeholder briefings, gate reviews, or quarterly portfolio presentations. Run after creating most project artifacts for the richest slide deck.

Phase 16: Documentation Publishing

/arckit.pages → Generate documentation site

Publish all project documentation as an interactive website:

Static Site Generation: Generates docs/index.html and docs/manifest.json — deployable to any static host (GitHub Pages, Netlify, Vercel, S3, etc.)
Mermaid Diagram Rendering: All architecture diagrams render inline with mermaid.js
Project Navigation: Sidebar with collapsible project tree, document categories, and version badges — documents with multiple versions show an inline dropdown selector
GOV.UK Styling: Professional government design system styling
Document Index: Manifest.json provides programmatic access to all artifacts
LLM Discovery: Generates docs/llms.txt (llmstxt.org format) so LLM agents and crawlers can index every artifact, guide, and project. Hand-curated docs/llms.txt files (without the ArcKit generation marker) are preserved on re-runs

When to use: When you want to share project documentation with stakeholders via a professional web interface, or to create a portfolio view of all architecture artifacts.

Supported AI Assistants

Assistant	Support	Notes
Claude Code	✅ Premier	Primary platform. Plugin with agents, hooks, MCP servers, and auto-updates
Gemini CLI	✅ Full	Extension with commands, MCP servers, and auto-updates
GitHub Copilot	✅ Core	VS Code prompt files, custom agents, and repo-wide instructions (`arckit init --ai copilot`)
OpenAI Codex CLI	✅ Core	CLI with commands and templates. ChatGPT Plus/Pro/Enterprise (Setup Guide)
OpenCode CLI	✅ Core	CLI with commands and templates

Platform Support: ArcKit is developed and tested on Linux. Windows has limited support — hooks (session init, project context, filename validation, MCP auto-allow) require bash and jq which are not available on stock Windows. For the best experience on Windows, use a devcontainer or WSL2.

Why Claude Code?

Claude Code is the primary development platform for ArcKit and provides capabilities not available in other formats:

Feature	Claude Code	Gemini CLI	Copilot	Codex / OpenCode
70 cross-AI slash commands (plus 46 community-contributed)	✅	✅	✅	✅
`/arckit:build` parallel build harness (Claude-only — depends on parallel `Agent` dispatch)	✅	—	—	—
Templates & scripts	✅	✅	✅	✅
Bundled MCP servers (AWS, Azure, GCP, DataCommons, govreposcrape)	✅	✅ (3 servers)	—	Manual setup
Autonomous research agents (10 agents for research, datascout, cloud research, gov code discovery, grants, framework)	✅	—	✅ (10 agents)	—
SessionStart hook (auto-detect version + projects)	✅	—	—	—
UserPromptSubmit hook (project context injection on every prompt)	✅	—	—	—
PreToolUse hook (ARC filename auto-correction)	✅	—	—	—
PermissionRequest hook (auto-allow MCP documentation tools)	✅	—	—	—
Per-command Stop hooks (output validation, e.g. Wardley Map math checks)	✅	—	—	—
Wardley Mapping skill (with Pinecone MCP book corpus)	✅	—	—	—
Mermaid Syntax Reference skill (23 diagram types + config)	✅	✅	—	✅
Automatic marketplace updates	✅	✅	Manual reinstall	Manual reinstall
Zero-config installation	✅	✅	`arckit init` required	`arckit init` required

Agents run research-heavy commands (market research, data source discovery, cloud service evaluation) in isolated context windows, keeping the main conversation clean and enabling dozens of WebSearch/WebFetch/MCP calls without context bloat.

Hooks provide automated governance: filenames are auto-corrected to ArcKit conventions, project context is injected into every prompt so commands know what artifacts exist, MCP tools are auto-approved, and generated outputs like Wardley Maps are validated for mathematical consistency before being finalized.

Gemini CLI provides a strong experience with all commands and MCP servers but lacks agent delegation and hooks. GitHub Copilot provides all 70 official commands (plus 46 community-contributed overlays) as prompt files and 10 custom agents but lacks hooks and MCP servers. Codex CLI and OpenCode CLI provide core command functionality but require manual setup and arckit init scaffolding.

Why Commands, Not Skills

Claude Code automatically exposes ArcKit commands as skills (they appear in the skills list and can be matched by natural language). ArcKit intentionally uses slash commands rather than standalone skills because:

Deliberate invocation required — Every command generates a heavyweight governance document (requirements spec, risk register, DPIA, etc.). Auto-triggering from conversational intent would waste significant time and tokens.
Dependency ordering — Commands follow a deliberate sequence (principles → stakeholders → requirements → data-model → etc.). Skills that auto-trigger could run out of order.
User input via $ARGUMENTS — Most commands accept context from the user (project name, scope, constraints). The command system handles this with $ARGUMENTS substitution.
Best of both worlds — Since Claude Code exposes commands as skills automatically, users get explicit /arckit.requirements invocation AND natural language matching when Claude recognises intent — no restructuring needed.

Using with GitHub Copilot

For GitHub Copilot users in VS Code, ArcKit commands are delivered as prompt files and custom agents:

# Install and create project (3 steps, zero config)
pip install git+https://github.com/tractorjuice/arc-kit.git
arckit init my-project --ai copilot
cd my-project && code .

# Then use ArcKit commands in Copilot Chat
/arckit-principles Create principles for financial services
/arckit-stakeholders Analyze stakeholders for cloud migration
/arckit-requirements Create comprehensive requirements

This creates .github/prompts/arckit-*.prompt.md (67 prompt files), .github/agents/arckit-*.agent.md (9 custom agents), and .github/copilot-instructions.md (repo-wide context).

Using with Codex CLI

For OpenAI Codex CLI users, ArcKit commands are delivered as skills and auto-discovered:

# Install and create project (3 steps, zero config)
pip install git+https://github.com/tractorjuice/arc-kit.git
arckit init my-project --ai codex
cd my-project && codex

# Then use ArcKit skills
$arckit-principles Create principles for financial services
$arckit-stakeholders Analyze stakeholders for cloud migration
$arckit-requirements Create comprehensive requirements

See .codex/README.md for full Codex CLI setup and usage.

Project Structure

ArcKit creates this structure:

payment-modernization/
├── .arckit/
│   ├── scripts/
│   │   └── bash/                          # Automation scripts
│   ├── templates/                         # Default templates (refreshed by arckit init)
│   └── templates-custom/                  # Your customizations (preserved across updates)
├── projects/
│   ├── 000-global/
│   │   └── ARC-000-PRIN-v1.0.md          # Global principles
│   └── 001-payment-gateway/
│       ├── ARC-001-STKE-v1.0.md           # Stakeholder analysis
│       ├── ARC-001-RISK-v1.0.md           # Risk register (Orange Book)
│       ├── ARC-001-SOBC-v1.0.md           # Strategic Outline Business Case
│       ├── ARC-001-REQ-v1.0.md            # Comprehensive requirements
│       ├── ARC-001-DATA-v1.0.md           # Data model with ERD, GDPR compliance
│       ├── wardley-maps/                   # Strategic Wardley Maps
│       │   ├── ARC-001-WARD-001-v1.0.md   # Current architecture positioning
│       │   ├── ARC-001-WARD-002-v1.0.md   # Target architecture vision
│       │   ├── ARC-001-WARD-003-v1.0.md   # Gap analysis
│       │   └── ARC-001-WARD-004-v1.0.md   # Build vs buy decisions
│       ├── ARC-001-SOW-v1.0.md            # Statement of Work (RFP)
│       ├── ARC-001-EVAL-v1.0.md           # Vendor evaluation framework
│       ├── vendors/
│       │   ├── acme-corp/
│       │   │   ├── proposal.pdf
│       │   │   ├── scoring.md
│       │   │   ├── hld-v1.md
│       │   │   └── reviews/
│       │   │       └── hld-v1-review.md
│       │   ├── beta-systems/
│       │   │   └── ...
│       │   └── comparison.md
│       ├── ARC-001-SNOW-v1.0.md           # Service management design
│       ├── ARC-001-TRAC-v1.0.md           # Traceability matrix
│       └── final/
│           ├── selected-vendor.md
│           ├── approved-hld.md
│           └── dld/
├── .agents/skills/                        # Codex CLI skills (auto-discovered)
├── .codex/
│   ├── agents/                            # Agent configs
│   └── config.toml                        # MCP servers + agent roles
├── .github/
│   ├── prompts/arckit-*.prompt.md         # GitHub Copilot prompt files (70 official + community overlays)
│   ├── agents/arckit-*.agent.md           # GitHub Copilot custom agents (10 agents)
│   └── copilot-instructions.md            # Repo-wide Copilot context
└── .opencode/commands/                    # OpenCode CLI commands

Template Customization

Customize ArcKit templates without modifying defaults:

# Inside your AI assistant
/arckit.customize requirements   # Copy requirements template for editing
/arckit.customize all            # Copy all templates
/arckit.customize list           # See available templates

How it works:

Default templates live in .arckit/templates/ (refreshed by arckit init)
Your customizations go in .arckit/templates-custom/ (preserved across updates)
Commands automatically check for custom templates first, falling back to defaults

Common customizations:

Add organization-specific document control fields
Include mandatory compliance sections (ISO 27001, PCI-DSS)
Add department-specific approval workflows
Customize UK Government classification banners

Complete Command Reference

All 67 ArcKit commands with maturity status and example outputs from public test repositories (43 public test repos across v0–v48).

Status Legend

Status	Description
🟢 Live	Production-ready, extensively tested
🔵 Beta	Feature-complete, actively refined
🟠 Alpha	Working, limited testing
🟣 Experimental	New in v0.11.x, early adopters

Example Repositories

Code	Repository	Description
v1	arckit-test-project-v1-m365	Microsoft 365 GCC-H Migration
v2	arckit-test-project-v2-hmrc-chatbot	HMRC Tax Assistant Chatbot
v3	arckit-test-project-v3-windows11	Windows 11 Enterprise Deployment
v6	arckit-test-project-v6-patent-system	IPO Patent Application System
v7	arckit-test-project-v7-nhs-appointment	NHS Appointment Booking
v8	arckit-test-project-v8-ons-data-platform	ONS Data Platform Modernisation
v9	arckit-test-project-v9-cabinet-office-genai	Cabinet Office GenAI Platform
v10	arckit-test-project-v10-training-marketplace	UK Government Training Marketplace
v11	arckit-test-project-v11-national-highways-data	National Highways Data Architecture
v14	arckit-test-project-v14-scottish-courts	Scottish Courts GenAI Strategy
v16	arckit-test-project-v16-doctors-appointment	Doctors Online Appointment System
v17	arckit-test-project-v17-fuel-prices	UK Government Fuel Price Transparency Service
v18	arckit-test-project-v18-smart-meter	UK Smart Meter Data Consumer App
v19	arckit-test-project-v19-gov-api-aggregator	UK Government API Aggregator
v21	arckit-test-project-v21-criminal-courts	Independent Review of the Criminal Courts — Tech & AI
v22	arckit-test-project-v22-genai-playbook	UK Government GenAI Playbook
v23	arckit-test-project-v23-ccs-procurement-ai	CCS AI Procurement Intelligence Platform
v24	arckit-test-project-v24-cabinet-office-ai	Cabinet Office Cross-Government AI Governance
v25	arckit-test-project-v25-dbt-trade-ai	DBT International Trade AI Analytics
v26	arckit-test-project-v26-dfe-education-ai	DfE AI in Education Governance & Standards
v27	arckit-test-project-v27-defra-environment-ai	DEFRA Environmental AI & Ecological Data
v28	arckit-test-project-v28-desnz-energy-ai	DESNZ Energy Grid AI & Net Zero Modelling
v29	arckit-test-project-v29-dhsc-health-ai	DHSC Health & Social Care AI Governance
v30	arckit-test-project-v30-dluhc-planning-ai	DLUHC Planning & Housing Data Intelligence
v31	arckit-test-project-v31-dsit-responsible-ai	DSIT Responsible AI & Innovation Standards
v32	arckit-test-project-v32-dft-transport-ai	DfT Transport Network AI & Journey Intelligence
v33	arckit-test-project-v33-dwp-benefits-ai	DWP Benefits Processing AI & Employment Intelligence
v34	arckit-test-project-v34-fcdo-diplomatic-ai	FCDO Diplomatic Intelligence & Consular AI
v35	arckit-test-project-v35-gld-legal-ai	GLD Legal AI & Litigation Intelligence
v36	arckit-test-project-v36-hmlr-land-ai	HMLR Land Registration AI & Property Intelligence
v37	arckit-test-project-v37-hmrc-tax-ai	HMRC Tax Compliance AI & Revenue Intelligence
v38	arckit-test-project-v38-hmt-fiscal-ai	HMT Fiscal Modelling AI & Economic Intelligence
v39	arckit-test-project-v39-home-office-borders-ai	Home Office Borders, Immigration & Security AI
v40	arckit-test-project-v40-mod-defence-ai	MoD Defence AI Strategy & Operational Assurance
v41	arckit-test-project-v41-moj-justice-ai	MoJ Justice System AI & Court Innovation
v42	arckit-test-project-v42-no10-ds-policy-ai	No.10 Data Science Policy Intelligence Platform
v43	arckit-test-project-v43-iai-gov-ai-products	i.AI Government AI Products & Delivery
v44	arckit-test-project-v44-australian-gov	Australian Government — Architecture Governance (non-UK PoC)
v45	arckit-test-project-v45-nsi-rainbow	NS&I Digital Modernisation Programme (Project Rainbow)
v46	arckit-test-project-v46-gds-local	GDS Local
v46	arckit-test-project-v46-sdg	ArcKit SDG Mono-Repo (17 UN SDGs, 78 UK Gov projects)
v47	arckit-test-project-v47-dft-transforming-city-regions	DfT Transforming City Regions funding system
v48	arckit-test-project-v48-arckit-as-a-service	ArcKit as a Service for UK Government

Foundation

Command	Description	Examples	Status
`/arckit.init`	Initialize ArcKit project structure with numbered project directories and global artifacts	—	🟢 Live
`/arckit.start`	Get oriented with ArcKit — check project status, explore available commands, and choose your next step	—	🟢 Live
`/arckit.plan`	Create project plan with timeline, phases, gates, and Mermaid diagrams	v3/001 v3/002 v3/004 v3/005 v8 v9 v10 v11 v14 v17 v18	🟢 Live
`/arckit.principles`	Create or update enterprise architecture principles	v1 v2 v3 v6 v8 v9 v10 v11 v7 v14 v16 v17 v18 v19	🟢 Live

Strategic Context

Command	Description	Examples	Status
`/arckit.stakeholders`	Analyze stakeholder drivers, goals, and measurable outcomes	v1 v2 v3/001 v3/002 v3/003 v3/004 v3/005 v3/006 v3/007 v6 v8 v9 v10 v11 v14 v16 v17 v18 v19	🟢 Live
`/arckit.risk`	Create comprehensive risk register following HM Treasury Orange Book principles	v3/001 v3/002 v3/003 v3/004 v3/005 v3/006 v3/007 v8 v9 v11 v14 v16 v17 v18	🟢 Live
`/arckit.sobc`	Create Strategic Outline Business Case (SOBC) using UK Government Green Book 5-case model	v3/001 v3/002 v3/003 v3/004 v3/005 v3/007 v8 v9	🟢 Live

Requirements & Data

Command	Description	Examples	Status
`/arckit.requirements`	Create comprehensive business and technical requirements	v1 v2 v3/001 v3/002 v3/003 v3/004 v3/005 v3/006 v3/007 v6 v8 v9 v10 v11 v7 v14 v16 v17 v18 v19	🟢 Live
`/arckit.data-model`	Create comprehensive data model with entity relationships, GDPR compliance, and data governance	v3/001 v3/002 v8 v9 v10 v11 v14 v16 v17 v18	🟢 Live
`/arckit.data-mesh-contract`	Create federated data product contracts for mesh architectures with SLAs, governance, and interoperability guarantees	—	🟠 Alpha
`/arckit.dpia`	Generate Data Protection Impact Assessment (DPIA) for UK GDPR Article 35 compliance	v3 v8 v9 v14 v16 v17 v18	🔵 Beta

Research & Strategy

Command	Description	Examples	Status
`/arckit.platform-design`	Create platform strategy using Platform Design Toolkit (8 canvases for multi-sided ecosystems)	v8 v10	🟣 Experimental
`/arckit.research`	Research technology, services, and products to meet requirements with build vs buy analysis	v3/001 v3/002 v14 v17 v18	🔵 Beta
`/arckit.grants`	Research UK government grants, charitable funding, and accelerator programmes with eligibility scoring	—	🟣 Experimental
`/arckit.wardley`	Create strategic Wardley Maps for architecture decisions and build vs buy analysis	v3 v6 v11 v14	🟣 Experimental
`/arckit.wardley.value-chain`	Decompose user needs into value chains for Wardley Mapping	—	🟣 Experimental
`/arckit.wardley.doctrine`	Assess organizational doctrine maturity (4 phases, 40+ principles)	—	🟣 Experimental
`/arckit.wardley.gameplay`	Analyze strategic plays from 60+ gameplay patterns	—	🟣 Experimental
`/arckit.wardley.climate`	Assess 32 climatic patterns affecting mapped components	—	🟣 Experimental
`/arckit.strategy`	Synthesise strategic artifacts into executive-level Architecture Strategy document	—	🔵 Beta
`/arckit.roadmap`	Create strategic architecture roadmap with multi-year timeline, capability evolution, and governance	v3	🔵 Beta
`/arckit.framework`	Transform architecture artifacts into a structured, reusable framework with principles, patterns, and implementation guidance	—	🔵 Beta
`/arckit.adr`	Document architectural decisions with options analysis and traceability	v3/001 v3/002 v3/003 v3/004 v3/005 v3/007 v14	🔵 Beta

Cloud Research (MCP)

These commands use Model Context Protocol (MCP) servers to access authoritative cloud provider documentation in real-time. The Claude Code plugin bundles both MCP servers automatically. Gemini and Codex users need to install them separately.

Command	Description	Examples	Status
`/arckit.azure-research`	Research Azure services and architecture patterns using Microsoft Learn MCP	v3/001 v3/002 v14 v17 v18 v19	🟣 Experimental
`/arckit.aws-research`	Research AWS services and architecture patterns using AWS Knowledge MCP	v14 v17 v18 v19	🟣 Experimental
`/arckit.gcp-research`	Research Google Cloud services and architecture patterns using Google Developer Knowledge MCP	—	🟣 Experimental

Data Source Discovery

Command	Description	Examples	Status
`/arckit.datascout`	Discover external data sources (APIs, datasets, open data portals) to fulfil project requirements	v17 v18 v19	🟣 Experimental

Note: The Google Developer Knowledge MCP requires an API key (GOOGLE_API_KEY environment variable). See the GCP Research guide for setup instructions.

Government Code Discovery

These commands use the govreposcrape MCP server to search 24,500+ UK government repositories. The Claude Code plugin bundles the MCP server automatically. No API key required.

Command	Description	Examples	Status
`/arckit.gov-code-search`	Search 24,500+ UK government repositories using natural language	—	🟣 Experimental
`/arckit.gov-landscape`	Map the UK government code landscape for a domain	—	🟣 Experimental
`/arckit.gov-reuse`	Discover reusable UK government code before building from scratch	—	🟣 Experimental

Procurement

Command	Description	Examples	Status
`/arckit.sow`	Generate Statement of Work (SOW) / RFP document for vendor procurement	v1 v2 v3/001 v3/002 v3/003 v6	🟢 Live
`/arckit.dos`	Generate Digital Outcomes and Specialists (DOS) procurement documentation for UK Digital Marketplace	—	🟣 Experimental
`/arckit.gcloud-search`	Find G-Cloud services on UK Digital Marketplace with live search and comparison	v3 v14	🟣 Experimental
`/arckit.gcloud-clarify`	Analyze G-Cloud service gaps and generate supplier clarification questions	—	🟣 Experimental
`/arckit.evaluate`	Create vendor evaluation framework and score vendor proposals	v1 v2 v3/001 v3/002 v3/003 v3/005 v6	🟢 Live
`/arckit.score`	Score vendor proposals with structured storage, side-by-side comparison, sensitivity analysis, and audit trail	—	🔵 Beta

Design & Architecture

Command	Description	Examples	Status
`/arckit.diagram`	Generate architecture diagrams using Mermaid for visual documentation	v1 v3/001 v3/005 v3/007 v10 v14 v17 v19	🟢 Live
`/arckit.hld-review`	Review High-Level Design (HLD) against architecture principles and requirements	v3 v14	🔵 Beta
`/arckit.dld-review`	Review Detailed Design (DLD) for implementation readiness	—	🔵 Beta

Operations

Command	Description	Examples	Status
`/arckit.backlog`	Generate prioritised product backlog from ArcKit artifacts - convert requirements to user stories, organise into sprints	v3/001 v3/002 v3/003 v3/004 v9 v14 v17 v19	🔵 Beta
`/arckit.trello`	Export product backlog to Trello - create board, lists, cards with labels and checklists from backlog JSON	—	🟣 Experimental
`/arckit.servicenow`	Create comprehensive ServiceNow service design with CMDB, SLAs, incident management, and change control	v3	🔵 Beta
`/arckit.devops`	Create DevOps strategy with CI/CD pipelines, IaC, container orchestration, and developer experience	v14	🟣 Experimental
`/arckit.mlops`	Create MLOps strategy with model lifecycle, training pipelines, serving, monitoring, and governance	v14	🟣 Experimental
`/arckit.finops`	Create FinOps strategy with cloud cost management, optimization, governance, and forecasting	v14	🟣 Experimental
`/arckit.operationalize`	Create operational readiness pack with support model, runbooks, DR/BCP, on-call, and handover documentation	v14	🟣 Experimental
`/arckit.traceability`	Generate requirements traceability matrix from requirements to design to tests	v1 v2 v3/001 v3/002 v3/003 v6 v9 v14	🟢 Live

Quality & Governance

Command	Description	Examples	Status
`/arckit.analyze`	Perform comprehensive governance quality analysis across architecture artifacts	v6 v9 v11 v14	🔵 Beta
`/arckit.principles-compliance`	Assess compliance with architecture principles and generate scorecard with evidence, gaps, and recommendations	v3 v14	🟢 Live
`/arckit.story`	Generate comprehensive project story with timeline analysis, traceability, and governance achievements	v3 v8 v9 v14	🟢 Live
`/arckit.presentation`	Generate MARP slide deck from project artifacts for governance boards and stakeholder briefings	—	🔵 Beta
`/arckit.conformance`	Assess architecture conformance — ADR decision implementation, cross-decision consistency, architecture drift, technical debt, and custom constraint rules	—	🔵 Beta
`/arckit.health`	Scan projects for stale research, forgotten ADRs, unresolved review conditions, orphaned requirements, missing traceability, and version drift	—	🔵 Beta
`/arckit.impact`	Analyse blast radius of changes — reverse dependency tracing	—	🟣 Experimental
`/arckit.search`	Search across all project artifacts by keyword, document type, or requirement ID	—	🔵 Beta
`/arckit.navigator`	Project-level GPS — show coverage against the essential ArcKit baseline, surface DRAFT/stale/orphan artifacts, and recommend the next slash command to run	—	🟢 Live
`/arckit.graph-report`	Governance metrics dashboard — coverage by category, cross-reference density, compliance readiness, and project comparison across all working projects	—	🟢 Live
`/arckit.customize`	Copy templates to `.arckit/templates-custom/` for customization (preserved across updates)	—	🟢 Live
`/arckit.maturity-model`	Generate capability maturity model with current-state assessment, target-state definition, and improvement roadmap	—	🔵 Beta
`/arckit.template-builder`	Create new document templates through interactive interview — generates community-origin templates, guides, and optional shareable bundles	—	🟠 Alpha

UK Government

Command	Description	Examples	Status
`/arckit.service-assessment`	Prepare for GDS Service Standard assessment - analyze evidence against 14 points, identify gaps, generate readiness report	v16	🔵 Beta
`/arckit.tcop`	Generate a Technology Code of Practice (TCoP) review document for a UK Government technology project	v6 v8 v9 v11 v14	🔵 Beta
`/arckit.secure`	Generate a Secure by Design assessment for UK Government projects (civilian departments)	v8 v9 v11 v14 v16 v17 v18 v19	🔵 Beta
`/arckit.ai-playbook`	Assess UK Government AI Playbook compliance for responsible AI deployment	v9 v14	🟠 Alpha
`/arckit.atrs`	Generate Algorithmic Transparency Recording Standard (ATRS) record for AI/algorithmic tools	v2 v9 v14	🟠 Alpha

UK MOD

Command	Description	Examples	Status
`/arckit.mod-secure`	Generate a MOD Secure by Design assessment for UK Ministry of Defence projects using CAAT and continuous assurance	v3/001 v3/006	🟣 Experimental
`/arckit.jsp-936`	Generate MOD JSP 936 AI assurance documentation for defence AI/ML systems	—	🟣 Experimental

Documentation & Publishing

Command	Description	Examples	Status
`/arckit.glossary`	Generate comprehensive project glossary with terms, definitions, acronyms, and cross-references	—	🔵 Beta
`/arckit.pages`	Generate documentation site with Mermaid diagram support	v1 v2 v3 v6 v7 v8 v9 v10 v11 v14 v16 v17 v18 v19	🟠 Alpha

Wardley Mapping for Strategic Architecture

ArcKit uses Wardley Maps to expose the strategic position of every component before you commit to a solution. The /arckit.wardley command produces ready-to-visualise maps that:

Trace user needs through the supporting value chain so gaps and duplicated effort are obvious.
Plot evolution from Genesis → Commodity to reveal when to build, buy, reuse, or retire capabilities.
Feed procurement, vendor evaluation, and design reviews with shared situational awareness.

Maps are emitted in the Open Wardley Map format — paste them straight into https://create.wardleymaps.ai for a visual view. Full example outputs live in the public demos such as arckit-test-project-v3-windows11 (enterprise OS rollout strategy) and arckit-test-project-v14-scottish-courts (GenAI platform strategy).

Architecture Diagrams with Mermaid

ArcKit generates visual architecture diagrams using Mermaid for clear technical communication.

What are Architecture Diagrams?

Architecture diagrams visualize system structure, interactions, and deployment for:

Technical Communication: Share architecture with stakeholders
Design Documentation: Document current and future state
Vendor Evaluation: Compare vendor technical approaches
UK Government Compliance: Visualize Cloud First, GOV.UK services, PII handling

Diagram Types

ArcKit supports 6 essential diagram types based on the C4 Model and enterprise architecture best practices:

Diagram Type	Level	Purpose	When to Use
C4 Context	Level 1	System in context with users and external systems	After requirements, to show system boundaries
C4 Container	Level 2	Technical containers and technology choices	After HLD, for vendor review
C4 Component	Level 3	Internal components within a container	After DLD, for implementation
Deployment	Infrastructure	Cloud resources and network topology	Cloud First compliance, cost estimation
Sequence	Interaction	API flows and request/response patterns	Integration requirements, API design
Data Flow	Data	How data moves, PII handling, GDPR compliance	UK GDPR, DPIA requirements

Use /arckit.diagram directly, or supply an explicit type such as context, container, sequence, or dataflow. Outputs bundle component inventories with Wardley evolution tags, built-in GOV.UK compliance scaffolding (Notify, Pay, Design System), Cloud First network patterns, GDPR annotations, and traceability back to requirements and tests. For full examples, browse the diagram folders in arckit-test-project-v3-windows11 and arckit-test-project-v14-scottish-courts.

ServiceNow Service Management Design

ArcKit turns architecture artefacts into an operations-ready ServiceNow pack. The /arckit.servicenow command builds:

CMDB hierarchies, SLAs, and change risk straight from requirements, diagrams, and Wardley Maps.
ITIL-aligned runbooks covering incident, change, monitoring, and transition activities.
UK government extras such as GDS Service Standard, Technology Code of Practice, and GOV.UK Pay/Notify dependencies when relevant.

For full outputs, explore the public demos (for example arckit-test-project-v3-windows11) where the generated ServiceNow design files and checklists are published end-to-end.

Documentation

Key references live in docs/ and top-level guides:

Quick tour: docs/index.html mirrors the public landing page.
Lifecycle visuals: WORKFLOW-DIAGRAMS.md and DEPENDENCY-MATRIX.md cover command flow and relationships.
Core guides: docs/guides/principles.md, docs/guides/requirements.md, docs/guides/procurement.md, docs/guides/design-review.md.
Traceability: docs/guides/traceability.md documents end-to-end coverage patterns.
DDaT Role Guides: docs/guides/roles/ — 18 guides mapping ArcKit commands to UK Government DDaT Capability Framework roles (Enterprise Architect, Solution Architect, Product Manager, etc.).

Comparison to Other Tools

Feature	ArcKit	Sparx EA	Ardoq	LeanIX	Confluence
AI-Assisted	✅	❌	❌	❌	❌
Wardley Mapping	✅	❌	⚠️ Limited	❌	❌
Version Control	✅ Git	❌	❌	❌	⚠️ Limited
Vendor RFP	✅	❌	❌	❌	⚠️ Manual
Design Review Gates	✅	⚠️ Manual	❌	❌	⚠️ Manual
Traceability	✅ Automated	⚠️ Manual	✅	⚠️ Limited	❌
Cost	Free	$$$$	$$$$	$$$$	$$
Learning Curve	Low	High	Medium	Medium	Low

Requirements

Python 3.11+
Git (optional but recommended)
AI Coding Agent: Claude Code v2.1.139+ (via plugin), Gemini CLI (via extension), OpenCode CLI (via CLI), or OpenAI Codex CLI (via CLI)
uv for package management: Install uv

Installation from Source

# Clone the repository
git clone https://github.com/tractorjuice/arc-kit.git
cd arc-kit

# Install in development mode
pip install -e .

# Run the CLI
arckit init my-project

Documentation

Full guidance lives in docs/ and the static site.

Quick tour: docs/index.html (mirrors the public landing page).
Core guides: docs/guides/principles.md, docs/guides/requirements.md, docs/guides/procurement.md, docs/guides/design-review.md.
Reference packs: WORKFLOW-DIAGRAMS.md and DEPENDENCY-MATRIX.md cover lifecycle visualisations and the 67×67 command matrix.
Traceability: docs/guides/traceability.md documents end-to-end requirements coverage.

Relationship to Spec Kit

ArcKit is inspired by Spec Kit but targets a different audience:

	Spec Kit	ArcKit
Audience	Product Managers, Developers	Enterprise Architects, Procurement
Focus	Feature development (0→1 code generation)	Architecture governance & vendor management
Workflow	Spec → Plan → Tasks → Code	Requirements → RFP → Design Review → Traceability
Output	Working code	Architecture documentation & governance

Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

Areas we need help:

Integration with enterprise tools (Jira, Azure DevOps)
Additional AI agent support
Template improvements based on real-world usage
Documentation and examples
ServiceNow API integration for automated CI creation

Tips

Continuous Governance Monitoring

Use the /loop command to run health checks on a recurring interval during long architecture sessions:

/loop 30m /arckit.health SEVERITY=HIGH

This runs /arckit.health every 30 minutes, surfacing stale research, forgotten ADRs, and unresolved review conditions as they appear.

Troubleshooting

Token Limit Error

If you see: API Error: Claude's response exceeded the 32000 output token maximum

The Problem: ArcKit generates large documents that can exceed Claude's 32K token output limit.

⚠️ IMPORTANT: Your Claude subscription plan determines the maximum tokens:

🔴 Free/Pro plans: 32K max (cannot be increased)
✅ Team/Enterprise plans: Can increase to 64K via environment variable

Solutions:

For Team/Enterprise plans - Increase token limit:
```
export CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000
```
For ALL plans (including Free/Pro) - Use Write tool strategy:
```
User: /arckit.requirements but write directly to file using Write tool, show me only a summary
```
This tells Claude to use the Write tool to create the file (doesn't count toward output tokens) and only show you a summary.

Which commands are affected?

🔴 HIGH RISK: /arckit.sobc, /arckit.requirements, /arckit.data-model, /arckit.sow
🟢 MITIGATED (agent): /arckit.research, /arckit.datascout, /arckit.aws-research, /arckit.azure-research, /arckit.gcp-research, /arckit.gov-reuse, /arckit.gov-code-search, /arckit.gov-landscape, /arckit.grants — run as autonomous agents in separate context windows
🟡 MEDIUM RISK: /arckit.risk, /arckit.evaluate, /arckit.principles

See full guide: docs/TOKEN-LIMITS.md

Common Issues

Command not found: Ensure commands are available

# For Codex, check if skills directory exists
ls .agents/skills/arckit-principles/SKILL.md

# For Claude Code, install the ArcKit plugin:
# /plugin marketplace add tractorjuice/arc-kit

# For Gemini CLI, install the ArcKit extension:
# gemini extensions install https://github.com/tractorjuice/arckit-gemini

# For GitHub Copilot, check if prompt files exist
ls .github/prompts/arckit-*.prompt.md

# For OpenCode CLI, check if commands directory exists
ls .opencode/commands/

Template not found: Ensure you've run /arckit.principles first

# Check if templates exist
ls templates/

Project creation fails: Ensure you have an ArcKit repository initialized

# Initialize if needed
arckit init .

Support

Issues: GitHub Issues
Releases: GitHub Releases
Latest Version: v4.21.0

License

MIT License - see LICENSE for details

Acknowledgements

ArcKit is inspired by the methodology and patterns from Spec Kit, adapted for enterprise architecture governance workflows.

Built with ❤️ for enterprise architects who want systematic, AI-assisted governance.

ripienaar/free-for-dev

A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev

free-for.dev

Developers and Open Source authors now have many services offering free tiers, but finding them all takes time to make informed decisions.

This is a list of software (SaaS, PaaS, IaaS, etc.) and other offerings with free developer tiers.

The scope of this particular list is limited to things that infrastructure developers (System Administrator, DevOps Practitioners, etc.) are likely to find useful. We love all the free services out there, but it would be good to keep it on topic. It's a grey line sometimes, so this is opinionated; please don't feel offended if I don't accept your contribution.

This list results from Pull Requests, reviews, ideas, and work done by 1600+ people. You can also help by sending Pull Requests to add more services or remove ones whose offerings have changed or been retired.

NOTE: This list is only for as-a-Service offerings, not for self-hosted software. To be eligible, a service must offer a free tier, not just a free trial. The free tier must be for at least a year if it is time-bucketed. We also consider the free tier from a security perspective, so SSO is fine, but I will not accept services that restrict TLS to paid-only tiers.

Major Cloud Providers

Google Cloud Platform
- App Engine - 28 frontend instance hours per day, nine backend instance hours per day
- Cloud Firestore - 1GB storage, 50,000 reads, 20,000 writes, 20,000 deletes per day
- Compute Engine - 1 non-preemptible e2-micro, 30GB HDD, 5GB snapshot storage (restricted to certain regions), 1 GB network egress from North America to all region destinations (excluding China and Australia) per month
- Cloud Storage - 5GB, 1GB network egress
- Cloud Shell - Web-based Linux shell/primary IDE with 5GB of persistent storage. 60 hours limit per week
- Cloud Pub/Sub - 10GB of messages per month
- Cloud Functions - 2 million invocations per month (includes both background and HTTP invocations)
- Cloud Run - 2 million requests per month, 360,000 GB-seconds memory, 180,000 vCPU-seconds of compute time, 1 GB network egress from North America per month
- Google Kubernetes Engine - No cluster management fee for one zonal cluster. Each user node is charged at standard Compute Engine pricing
- BigQuery - 1 TB of querying per month, 10 GB of storage each month
- Cloud Build - 120 build-minutes per day
- Google Colab - Free Jupyter Notebooks development environment.
- Full, detailed list - https://cloud.google.com/free
Amazon Web Services
- CloudFront - 1TB egress per month and 2M Function invocations per month
- CloudWatch - 10 custom metrics and ten alarms
- CodeBuild - 100min of build time per month
- CodeCommit - 5 active users,50GB storage, and 10000 requests per month
- CodePipeline - 1 active pipeline per month
- DynamoDB - 25GB NoSQL DB
- EC2 - 750 hours per month of t2.micro or t3.micro(12mo). 100GB egress per month
- EBS - 30GB per month of General Purpose (SSD) or Magnetic(12mo)
- Elastic Load Balancing - 750 hours per month(12mo)
- RDS - 750 hours per month of db.t2.micro, db.t3.micro, or db.t4g.micro, 20GB of General Purpose (SSD) storage, 20GB of storage backups(12 mo)
- S3 - 5GB Standard object storage, 20K Get requests and 2K Put requests(12 mo)
- Glacier - 10GB long-term object storage
- Lambda - 1 million requests per month
- SNS - 1 million publishes per month
- SES - 3.000 messages per month (12mo)
- SQS - 1 million messaging queue requests
- Full, detailed list - https://aws.amazon.com/free/
Microsoft Azure
- Virtual Machines - 1 B1S Linux VM, 1 B1S Windows VM (12mo)
- App Service - 10 web, mobile, or API apps (60 CPU minutes/day)
- Functions - 1 million requests per month
- DevTest Labs - Enable fast, easy, and lean dev-test environments
- Active Directory - 500,000 objects
- Active Directory B2C - 50,000 monthly stored users
- Azure DevOps - 5 active users, unlimited private Git repos
- Azure Pipelines - 10 free parallel jobs with unlimited minutes for open source for Linux, macOS, and Windows
- Microsoft IoT Hub - 8,000 messages per day
- Load Balancer - 1 free public load-balanced IP (VIP)
- Notification Hubs - 1 million push notifications
- Bandwidth - 15GB Inbound(12mo) & 5GB egress per month
- Cosmos DB - 25GB storage and 1000 RUs of provisioned throughput
- Static Web Apps - Build, deploy, and host static apps and serverless functions with free SSL, Authentication/Authorization, and custom domains
- Storage - 5GB LRS File or Blob storage (12mo)
- Cognitive Services - AI/ML APIs (Computer Vision, Translator, Face detection, Bots, etc) with free tier including limited transactions
- Cognitive Search - AI-based search and indexation service, free for 10,000 documents
- Azure Kubernetes Service - Managed Kubernetes service, free cluster management
- Event Grid - 100K ops/month
- Full, detailed list - https://azure.microsoft.com/free/
Oracle Cloud
- Compute
  - 2 AMD-based Compute VMs with 1/8 OCPU and 1 GB memory each
  - 4 Arm-based Ampere A1 cores and 24 GB of memory usable as one VM or up to 4 VMs
  - Instances will be reclaimed when deemed idle
- Block Volume - 2 volumes, 200 GB total (used for compute)
- Object Storage - 10 GB
- Load balancer - 1 instance with 10 Mbps
- Databases - 2 DBs, 20 GB each
- Monitoring - 500 million ingestion data points, 1 billion retrieval datapoints
- Bandwidth - 10 TB egress per month, speed limited to 50 Mbps on x64-based VM, 500 Mbps * core count on ARM-based VM
- Public IP - 2 IPv4 for VMs, 1 IPv4 for load balancer
- Notifications - 1 million delivery options per month, 1000 emails sent per month
- Full, detailed list - https://www.oracle.com/cloud/free/
IBM Cloud
- Cloudant database - 1 GB of data storage
- Db2 database - 100MB of data storage
- API Connect - 50,000 API calls per month
- Availability Monitoring - 3 million data points per month
- Log Analysis - 500MB of daily log
- Full, detailed list - https://www.ibm.com/cloud/free/
Cloudflare
- Application Services - Free DNS for an unlimited number of domains, DDoS Protection, CDN along with free SSL, Firewall rules and page rules, WAF, Bot Mitigation, Free Unmetered Rate Limiting - 1 rule per domain, Analytics, Email forwarding
- Zero Trust & SASE - Up to 50 Users, 24 hours of activity logging, three network locations
- Cloudflare Tunnel - You can expose locally running HTTP port over a tunnel to a random subdomain on trycloudflare.com use Quick Tunnels, No account required. More features (TCP tunnel, Load balancing, VPN) in Zero Trust Free Plan.
- Workers - Deploy serverless code for free on Cloudflare's global network-100k daily requests.
- Workers KV - 100k read requests per day, 1000 write requests per day, 1000 delete requests per day, 1000 list requests per day, 1 GB stored data
- R2 - 10 GB per month, 1 million Class A operations per month, 10 million Class B operations per month
- D1 - 5 million rows read per day, 100k rows written per day, 1 GB storage
- Pages - Develop and deploy your web apps on Cloudflare's fast, secure global network. Five hundred monthly builds, 100 custom domains, Integrated SSL, unlimited accessible seats, unlimited preview deployments, and full-stack capability via Cloudflare Workers integration.
- Queues - 1 million operations per month
- TURN - 1TB of free (outgoing) traffic per month.
Zoho - Started as an e-mail provider but now provides a suite of services, some of which have free plans. List of services having free plans :
- Catalyst by Zoho - PaaS/full-stack cloud platform with a generous free tier
- Email Free for 5 users. 5GB/user & 25 MB attachment limit, one domain.
- Zoho Assist - Zoho Assist's forever free plan includes one concurrent remote support license and Access to 5 unattended computer licenses for unlimited duration available for both professional and personnel use.
- Sprints Free for 5 users,5 Projects & 500MB storage.
- Docs - Free for 5 users with 1 GB upload limit & 5GB storage. Zoho Office Suite (Writer, Sheets & Show) comes bundled.
- Projects - Free for 3 users, 2 projects & 10 MB attachment limit. The same plan applies to Bugtracker.
- Connect - Team Collaboration free for 25 users with three groups, three custom apps, 3 Boards, 3 Manuals, and 10 Integrations along with channels, events & forums.
- Meeting - Meetings with upto 3 meeting participants & 10 Webinar attendees.
- Vault - Password Management is accessible for Individuals.
- Showtime - Yet another Meeting software for training for a remote session of up to 5 attendees.
- Notebook - A free alternative to Evernote.
- Wiki - Free for three users with 50 MB storage, unlimited pages, zip backups, RSS & Atom feed, access controls & customizable CSS.
- Subscriptions - Recurring Billing management free for 20 customers/subscriptions & 1 user with all the payment hosting done by Zoho. The last 40 subscription metrics are stored
- Checkout - Product Billing management with 3 pages & up to 50 payments.
- Desk - Customer Support management with three agents, private knowledge base, and email tickets. Integrates with Assist for one remote technician & 5 unattended computers.
- Cliq - Team chat software with 100 GB storage, unlimited users, 100 users per channel & SSO.
- Campaigns - Email Marketing
- Forms - Form Creator
- Sign - Paperless Signatures
- Surveys - Online Surveys
- Bookings - Appointment Scheduling

⬆️ Back to Top

Cloud management solutions

Brainboard - Collaborative solution to visually build and manage cloud infrastructures from end-to-end.
Cloud 66 - Free for personal projects (includes one deployment server, one static site), Cloud 66 gives you everything you need to build, deploy, and grow your applications on any cloud without the headache of the “server stuff.”.
deployment.io - Deployment.io helps developers automate deployments on AWS. On our free tier, a developer (single user) can deploy unlimited static sites, web services, and environments. We provide 10 job executions free per month with previews and auto-deploys included in the free tier.
Pulumi - Modern infrastructure as a code platform that allows you to use familiar programming languages and tools to build, deploy, and manage cloud infrastructure.
scalr.com - Scalr is a Terraform Automation and COllaboration (TACO) product used to better collaboration and automation on infrastructure and configurations managed by Terraform. Full Terraform CLI support, OPA integration, and a hierarchical configuration model. No SSO tax. All features are included. Use up to 50 runs/month for free.

⬆️ Back to Top

Source Code Repos

Bitbucket - Unlimited public and private Git repos for up to 5 users with Pipelines for CI/CD
Codeberg - Unlimited public and private Git repos for free and open-source projects (with unlimited collaborators). Powered by Forgejo. Static website hosting with Codeberg Pages. CI/CD hosting with Codeberg's CI. Translating hosting with Codeberg Translate. Includes Package and Container hosting, Project management, and Issue Tracking
framagit.org - Framagit is the software forge of Framasoft based on the Gitlab software includes CI, Static Pages, Project pages and Issue tracking.
GitGud - Unlimited private and public repositories. Free forever. Powered by GitLab & Sapphire. Includes CI/CD, Static Hosting, Container Registry, Project Management and Issue Tracking.
GitHub - Unlimited public repositories and unlimited private repositories (with unlimited collaborators). Includes CI/CD, Development Environment, Static Hosting, Package and Container hosting, Project management and AI Copilot
gitlab.com - Unlimited public and private Git repos with up to 5 collaborators. Includes CI/CD, Static Hosting, Container Registry, Project Management and Issue Tracking
heptapod.net - Heptapod is a friendly fork of GitLab Community Edition providing support for Mercurial
pijul.com - Unlimited free and open source distributed version control system. Its distinctive feature is based on a sound theory of patches, which makes it easy to learn, use, and distribute. Solves many problems of git/hg/svn/darcs.
projectlocker.com - One free private project (Git and Subversion) with 50 MB of space
RocketGit - Repository Hosting based on Git. Unlimited Public and private repositories.
savannah.gnu.org - Serves as a collaborative software development management system for free Software projects (for GNU Projects)
savannah.nongnu.org - Serves as a collaborative software development management system for free Software projects (for non-GNU projects)

⬆️ Back to Top

APIs, Data, and ML

Abstract API - API suite for various use cases, including IP geolocation, phone number validation, or email validation.
Apify - Web scraping and automation platform to create an API for any website and extract data. Ready-made scrapers, integrated proxies, and custom solutions. Free plan with $5 platform credits included every month.
APITemplate.io - Auto-generate images and PDF documents with a simple API or automation tools like Zapier & Airtable. No CSS/HTML is required. The free plan comes with 50 images/month and three templates.
APIVerve - Get instant access to over 120+ APIs for free, built with quality, consistency, and reliability in mind. The free plan covers up to 50 API Tokens per month. (Possibly taken down, 2025-06-25)
Arize AI - Machine learning observability for model monitoring and root-causing issues such as data quality and performance drift. Free up to two models.
Beeceptor - No-code, cloud-based platform for mocking and debugging multi-protocol APIs (REST, SOAP, gRPC & GraphQL), providing instant servers with rules-based logic, CRUD & stateful mocking, proxying, and CORS management for faster integration and testing. The free plan includes 50 requests per day and provides a public dashboard/endpoint where anyone with the dashboard URL can view submitted requests and responses.
BigDataCloud - Provides fast, accurate, and free (Unlimited or up to 10K-50K/month) APIs for modern web like IP Geolocation, Reverse Geocoding, Networking Insights, Email and Phone Validation, Client Info and more.
Browse AI - Extracting and monitoring data on the web. 1k credits per month for free, equals 1k concurrent requests.
BrowserCat - Headless browser API for automation, scraping, AI agent web access, image/pdf generation, and more. Free plan with 1k requests per month.
Calendarific - Enterprise-grade Public holiday API service for over 200 countries. The free plan includes 500 calls per month.
Canopy - GraphQL API for Amazon.com product, search, and category data. The free plan includes 100 calls per month.
CarAPI.dev - Comprehensive automotive data API with VIN decoding, stolen vehicle checks, vehicle valuation, inspection data, and more. Free tier includes 100 requests/month across all 9 endpoints.
CatchDoms - Aggregator of expired and dropping domain listings from 16 marketplaces, with SEO enrichment (backlinks, Trust Flow, Wayback history) and a quality score. Free plan: 10 unlocked listings, 5 favorites, 3 saved searches. 7-day Pro trial on signup includes full REST API and MCP server access.
Cloudmersive - Utility API platform with full access to expansive API Library including Document Conversion, Virus Scanning, and more with 600 calls/month, North America AZ only, 2.5MB maximum file size.
Colaboratory - Free web-based Python notebook environment with Nvidia Tesla K80 GPU.
CometML - The MLOps platform for experiment tracking, model production management, model registry, and complete data lineage, covering your workflow from training to production. Free for individuals and academics.
Commerce Layer - Composable commerce API that can build, place, and manage orders from any front end. The developer plan allows 100 orders per month and up to 1,000 SKUs for free.
Composio - Integration platform for AI Agents and LLMs. Integrate over 200+ tools across the agentic internet.
Conversion Tools - Online File Converter for documents, images, video, audio, and eBooks. REST API is available. Libraries for Node.js, PHP, Python. Support files up to 50 GB (for paid plans). The free tier is limited by file size (20MB) and number of conversions (30/Day, 300/Month).
Country-State-City Microservice API - API and Microservice to provides a wide range of information including countries, regions, provinces, cities, postal codes, and much more. The free tier includes up to 100 requests per day.
Coupler - Data integration tool that syncs between apps. It can create live dashboards and reports, transform and manipulate values, and collect and back up insights. The free plan is limited to one user, data connection, data source, and data destination. Also requires manual data refresh.
CraftMyPDF - Auto-Generate PDF documents from reusable templates with a drop-and-drop editor and a simple API. The free plan comes with 100 PDFs/month and three templates.
Cube - Cube helps data engineers and application developers access data from modern data stores, organize it into consistent definitions, and deliver it to every application. The fastest way to use Cube is with Cube Cloud, which has a free tier limited to 1,000 queries per day.
CurlHub - Proxy service for inspecting and debugging API calls. The free plan includes 10,000 requests per month.
CurrencyScoop - Realtime currency data API for fintech apps. The free plan includes 5,000 calls per month.
CustomJS - HTML to PDF or PDF to PNG/Text & PDF merging/extraction/merging APIs. Free tier has 600 calls a month.
Data Fetcher - Connect Airtable to any application or API with no code. Postman-like interface for running API requests in Airtable. Pre-built integrations with dozens of apps. The free plan includes 100 runs per month.
Data Miner - A browser extension (Google Chrome, MS Edge) for data extraction from web pages CSV or Excel. The free plan gives you 500 pages/month.
Dataimporter.io - Tool for connecting, cleaning, and importing data into Salesforce. Free Plan includes up to 20,000 records per month.
Datalore - Python notebooks by Jetbrains. Includes 10 GB of storage and 120 hours of runtime each month.
DB Designer - Cloud-based Database schema design and modeling tool with a free starter plan of 2 Database models and ten tables per model.
DB-IP - Free IP geolocation API with 1k request per IP per day.lite database under the CC-BY 4.0 License is free too.
DeepAR - Augmented reality face filters for any platform with one SDK. The free plan provides up to 10 monthly active users (MAU) and tracks up to 4 faces
Deepnote - A new data science notebook. Jupyter is compatible with real-time collaboration and running in the cloud. The free tier includes unlimited personal projects, unlimited basic machines with 5GB RAM and 2vCPU, and teams with up to 3 editors.
Compare JSON - An online tool for comparing differences between two JSON data structures, helping you quickly locate the differences in JSON data.
Disease.sh - A free API providing accurate data for building the Covid-19 related useful Apps.
Doczilla - SaaS API empowering the generation of screenshots or PDFs directly from HTML/CSS/JS code. The free plan allows 250 documents month.
Doppio - Managed API to generate and privately store PDFs and Screenshots using top rendering technology. The free plan allows 400 PDFs and Screenshots per month.
drawDB - Free and open-source online database diagram editor with no signup required.
DynamicDocs - Generate PDF documents with JSON to PDF API based on LaTeX templates. The free plan allows 50 API calls per month and access to a library of templates.
Earnings Feed - Real-time SEC filings, insider trades, and institutional holdings API. Free tier includes 15 requests per minute.
Export SDK - PDF generator API with drag-and-drop template editor that provides an SDK and no-code integrations. The free plan has 250 monthly pages, unlimited users, and three templates.
ExtendsClass - Free web-based HTTP client to send HTTP requests.
Financial Data - Stock market and financial data API. Free plan allows 300 requests per day.
FormatJSONOnline.com - A free, browser-based tool to format, validate,compare and minify JSON data instantly.
FraudLabs Pro - Screen an order transaction for credit card payment fraud. This REST API will detect all possible fraud traits based on the input parameters of an order. The Free Micro plan has 500 transactions per month.
FreeIPAPI - Free, Fast and Reliable IP Geolocation API for commercial and non-commercial users available in JSON
Geolocated.io - IP Geolocation API with multi-continent servers, offering a free plan with 2,000 requests per day.
Hex - a collaborative data platform for notebooks, data apps, and knowledge libraries. Free community tier with up to five projects.
Hook0 - Hook0 is an open-source Webhooks-as-a-service (WaaS) that makes it easy for online products to provide webhooks. Dispatch up to 100 events/day with seven days of history retention for free.
Hoppscotch - A free, fast, and beautiful API request builder.
HS Ping - A multi-country HS (Harmonized System) and HTS (Harmonized Tariff System) code lookup API, with a free plan offering 100 lookups/day.
huggingface.co - Build, train, and deploy NLP models for Pytorch, TensorFlow, and JAX. Free up to 30k input characters/mo.
Insomnia - Open-source API client for designing and testing APIs, it supports REST and GraphQL
Invantive Cloud - Access over 70 (cloud)platforms such as Exact Online, Twinfield, ActiveCampaign or Visma using Invantive SQL or OData4 (typically Power BI or Power Query). Includes data replication and exchange. Free plan for developers and implementation consultants. Free for specific platforms with limitations in data volumes.
IP Geolocation API by ipwho.org - 2,000 free requests per day. Fast, enterprise grade API at non-enterprise prices. Trusted by developers, corporate, government and education clients. Servers in 12+ regions.
IP Geolocation API - IP Geolocation API from Abstract - Allows 1,000 free requests.
IP Geolocation - IP Geolocation API - Forever free plan for developers with a 1,000 requests per day limit.
ip-api - IP Geolocation API, Free for non-commercial use, no API key required, limited to 45 req/minute from the same IP address for the free plan.
IP.City - 100 Free IP geolocation requests per day
IP2Location.io - Freemium, fast, and reliable IP geolocation API. Get data like city, coordinates, ISP, ASN, AS data and more. The free plan includes 50k credits per month. IP2Location.io also offers 500 free WHOIS and hosted domain lookups per month. See domain registration details and find domains hosted on a specific IP. Upgrade to a paid plan for more features.
ip2geo.dev - IP geolocation API to convert IP addresses into location data including city, country, timezone, ASN, and currency. The free plan includes 1,000 requests per month.
ipaddress.sh - Simple service to get a public IP address in different formats.
ipapi.is - A reliable IP Address API from Developers for Developers with the best Hosting Detection capabilities that exist. The free plan offers 1000 lookups without signup.
ipapi - IP Address Location API by Kloudend, Inc - A reliable geolocation API built on AWS, trusted by Fortune 500. The free tier offers 30k lookups/month (1k/day) without signup.
ipbase.com - IP Geolocation API - Forever free plan that spans 150 monthly requests.
IPinfo - Fast, accurate, and free (up to 50k/month) IP address data API. Offers APIs with details on geolocation, companies, carriers, IP ranges, domains, abuse contacts, and more. All paid APIs can be trialed for free.
IPLocate - IP Geolocation API, free up to 1,000 requests/day. Includes proxy/VPN/hosting detection, ASN data, IP to Company, and more. IPLocate also offers free downloadable IP to Country and IP to ASN databases in CSV or GeoIP-compatible MMDB formats.
IPTrace - An embarrassingly simple API that provides your business with reliable and helpful IP geolocation data with 50,000 free lookups per month.
JSON IP - Returns the Public IP address of the client it is requested from. No registration is required for the free tier. Using CORS, data can be requested using client-side JS directly from the browser. Useful for services monitoring change in client and server IPs. Unlimited Requests.
JSON to Table - Convert JSON into an interactive table for quick viewing, editing, and sharing online.
JSON2Video - A video editing API to automate video marketing and social media videos, programmatically or with no code.
JSONGrid - Free tool to Visualize, Edit, Filter complex JSON data into beautiful tabular Grid. Save and Share JSON data over link link.
JSONing - Create a fake REST API from a JSON object, and customize HTTP status codes, headers, and response bodies.
JSONSwiss - JSONSwiss is a powerful online JSON viewer, editor, and validator. Format, visualize, search, and manipulate JSON data with AI-powered repair, tree view, table view, code generation in 12+ programming languages, convert json to csv, xml, yaml, properties and more.
KillBait API - KillBait API allows users to submit URLs for content evaluation, detecting potential clickbait and categorizing articles. The API is designed for moderate publishing frequency, with limits of 1 submission per hour and 10 per day. Media partners can request higher limits.
Kreya - Free gRPC GUI client to call and test gRPC APIs. Can import gRPC APIs via server reflection.
LoginLlama - A login security API to detect fraudulent and suspicious logins and notify your customers. Free for 1,000 logins per month.
Market Data API - Provides real-time and historical financial data for stocks, options, mutual funds, and more. The Free Forever API tier allows for 100 daily API requests at no charge.
Maxim AI - Simulate, evaluate, and observe your AI agents. Maxim is an end-to-end evaluation and observability platform, helping teams ship their AI agents reliably and >5x faster. Free forever for indie developers and small teams (3 seats).
microlink.io - It turns any website into data such as metatags normalization, beauty link previews, scraping capabilities, or screenshots as a service. 50 requests per day, every day free.
Mintlify - Modern standard for API documentation. Beautiful and easy-to-maintain UI components, in-app search, and interactive playground. Free for 1 editor.
MockAPI - MockAPI is a simple tool that lets you quickly mock up APIs, generate custom data, and perform operations using a RESTful interface. MockAPI is meant to be a prototyping/testing/learning tool. One project/2 resources per project for free.
Mockerito - Free mock REST API service providing realistic data across 9 domains (e-commerce, finance, healthcare, education, recruitment, social media, stock markets, weather, and aviation). No mandatory signup, no API keys, unlimited requests. Perfect for frontend prototyping, API testing, learning and teaching web development.
Mockfly - Mockfly is a trusted development tool for API mocking and feature flag management. Quickly generate and control mock APIs with an intuitive interface. The free tier offers 500 requests per day.
Mocko.dev - Proxy your API, choose which endpoints to mock in the cloud and inspect traffic, for free. Speed up your development and integration tests.
Multi-Exit IP Address Checker - A free and simple tool to check your exit IP address across multiple nodes and understand how your IP appears to different global regions and services. Useful for testing rule-based DNS splitting tools such as Control D.
News API - Search news on the web with code, and get JSON results. Developers get 100 queries free each day. Articles have a 24 hour delay.
numlookupapi.com - Free phone number validation API - 100 free requests / month.
OCR.Space - An OCR API parses image and pdf files that return the text results in JSON format. 25,000 requests per month are free and a 1MB file size limit.
OpenAPI3 Designer - Visually create Open API 3 definitions for free.
Parseur - 20 free pages/month: Extract data from PDFs, emails. AI powered. Full API access.
PDF-API.io - PDF Automation API, visual template editor or HTML to PDF, dynamic data integration, and PDF rendering with an API. The free plan comes with one template, 100 PDFs/month.
PDFBolt - Developer-focused PDF generation API designed with privacy in mind. It offers Stripe-inspired documentation and includes 500 free PDF conversions per month.
pdfEndpoint.com - Effortlessly convert HTML or URLs to PDF with a simple API. One hundred conversions per month for free.
Pixela - Free daystream database service. All operations are performed by API. Visualization with heat maps and line graphs is also possible.
Posthook - Schedule webhooks to fire at a future time with automatic retries, delivery tracking, and failure alerting. Free plan includes 1,000 webhooks per month.
Postman - Simplify workflows and create better APIs - faster - with Postman, a collaboration platform for API development. Use the Postman App for free forever. Postman cloud features are also free forever with certain limits.
PrefectCloud - A complete platform for dataflow automation. Free plan includes 5 deployed workflows and 500 minutes of serverless compute credits per month.
Preset Cloud - A hosted Apache Superset service. Forever free for teams of up to 5 users, featuring unlimited dashboards and charts, a no-code chart builder, and a collaborative SQL editor.
ProxySentry - IP API that detects residential proxies and VPNs. ProxySentry.io offers a free tier with 10k requests per month on rapidapi.com.
Reducto - Turn any unstructured documents (PDF, XLSX, JPG, PPTX, etc.) into structured JSON data. Parse, extract data, and edit PDF forms. Free tier with 15k free credits and pay-as-you-go.
Rendi - FFmpeg API - A REST API for FFmpeg, run FFmpeg online without handling the infrastructure. Free tier with monthly processing quota and 4 vCPUs available.
RequestBin.com - Create a free endpoint to which you can send HTTP requests. Any HTTP requests sent to that endpoint will be recorded with the associated payload and headers so you can observe recommendations from webhooks and other services.
ROBOHASH - Web service to generate unique and cool images from any text.
Scraper's Proxy - Simple HTTP proxy API for scraping. Scrape anonymously without having to worry about restrictions, blocks, or captchas. First 100 successful scrapes per month free including javascript rendering (more available if you contact support).
ScrapingAnt - Headless Chrome scraping API and free checked proxies service. Javascript rendering, premium rotating proxies, CAPTCHAs avoiding. Free 10,000 API credits.
SerpApi - Real-time search engine scraping API. Returns structured JSON results for Google, YouTube, Bing, Baidu, Walmart, and many other machines. The free plan includes 100 successful API calls per month.
Sheetson - Instantly turn any Google Sheets into a RESTful API. Free plan available, including 1,000 free rows per sheet.
SikkerAPI - Free IP Reputation & Threat Intelligence, powered by a globally distributed high interaction honeypot network and community reported abuse incidents. 1,000 free IP lookups, TAXII indicators & reports per day, pull 5,000 fresh IPs from our blacklists daily and monitor your own CIDR ranges (/16) free free.
Simplescraper - Trigger your webhook after each operation. The free plan includes 100 cloud scrape credits.
Geekflare API - Geekflare API lets you scrape websites into Markdown, take screenshots, perform TLS scans and DNS lookups, test load times, and more. The free plan offers 500 API credits per month (e.g., 500 DNS lookups, 250 web scrapes, or 100 screenshots). See credit mapping.
SmartParse - SmartParse is a data migration and CSV to API platform that offers time- and cost-saving developer tools. The Free tier includes 300 Processing Units per month, Browser uploads, Data quarantining, Circuit breakers, and Job Alerts.
Sofodata - Create secure RESTful APIs from CSV files. Upload a CSV file and instantly access the data via its API allowing faster application development. The free plan includes 2 APIs and 2,500 API calls per month. You don't need a credit card.
Sqlable - A collection of free online SQL tools, including an SQL formatter and validator, SQL regex tester, fake data generator, and interactive database playgrounds.
Supportivekoala - Allows you to autogenerate images by your input via templates. The free plan allows you to create up to 50 images per month.
Svix - Webhooks as a Service. Send up to 50,000 messages/month for free.
Tavily AI - API for online search and rapid insights and comprehensive research, with the capability of organization of research results. 1000 request/month for the Free tier with No credit card required.
TemplateFox - PDF generation API with a visual template editor, dynamic data merging, and SDKs for 7 languages. Free plan includes 60 PDFs/month and 3 templates.
The IP API - IP Geolocation API with 1000 free requests / day. Provides information about the location of an IP address, including country, city, region, and more.
TinyMCE - rich text editing API. Core features are free for unlimited usage.
Tomorrow.io Weather API - Offers free plan of weather API. Provides accurate and up-to-date weather forecasting with global coverage, historical data and weather monitoring solutions.
Treblle - Treblle helps teams build, ship, and govern APIs. With advanced API log aggregation, observability, docs, and debugging. You get all features for free, but there is a limit of up to 250k requests per month on the free tier.
Trophy - API infrastructure for building gamification features like achievements, streaks, points and leaderboards in web and mobile apps. Free for 100 monthly active users.
UniRateAPI - Real-time exchange rates for 590+ currencies and crypto. Unlimited API calls on the free plan, perfect for developers and finance apps.
vatcheckapi.com - Simple and free VAT number validation API. 150 free validations per month.
WeatherXu - Global weather data including current conditions, hourly and daily forecasts, and weather alerts via our API. Integrating AI models and ML systems to analyze and combine multiple weather models to deliver improved forecast accuracy. Free tier includes 10,000 API calls/month.
WebScraping.AI - Simple Web Scraping API with built-in parsing, Chrome rendering, and proxies. Two thousand free API calls per month.
Weights & Biases - The developer-first MLOps platform. Build better models faster with experiment tracking, dataset versioning, and model management. Free tier for personal projects only, with 100 GB of storage included.
What Is My IP - A free service to check your public IPv4 and IPv6 address and related request data through an API with different output formats for automation, scripts, and network troubleshooting.
What The Diff - AI-powered code review assistant. The free plan has a limit of 25,000 monthly tokens (~10 PRs).
wolfram.com - Built-in knowledge-based algorithms in the cloud.
wrapapi.com - Turn any website into a parameterized API. 30k API calls per month.
Zenscrape - Web scraping API with headless browsers, residentials IPs, and straightforward pricing. One thousand free API calls/month and extra credits for students and non-profits.
Zipcodebase - Free Zip Code API, access to Worldwide Postal Code Data. 5,000 free requests/month.
Zipcodestack - Free Zip Code API and Postal Code Validation. Ten thousand free requests/month.
Zuplo - Free API Management platform to design, build, and deploy APIs to the Edge. Add API Key authentication, rate limiting, developer documentation and Monetization to any API in minutes. OpenAPI-native and fully-programmable with web standard apis & Typescript. The free plan offers up to 10 projects, unlimited production edge environments, 1M monthly requests, and 10GB egress.
Metashot — Open Graph (OG) social preview image generation API. Generate dynamic 1200×630 images for Twitter, LinkedIn and Facebook via URL params, edge-cached on Cloudflare Workers. Free tier: 1,000 renders/month. Paid plans from $12/month.

⬆️ Back to Top

Artifact Repos

Gemfury - Private and public artifact repos for Maven, PyPi, NPM, Go Module, Nuget, APT, and RPM repositories. Free for public projects.
jitpack.io - Maven repository for JVM and Android projects on GitHub, free for public projects.
paperspace - Build & scale AI models, Develop, train, and deploy AI applications, free plan: public projects, 5Gb storage, basic instances.
RepoFlow - RepoFlow Simplifies package management with support for npm, PyPI, Docker, Go, Helm, and more. Try it for free with 10GB storage, 10GB bandwidth, 100 packages, and unlimited users in the cloud, or self-hosted for personal use only.
RepoForge - Private cloud-hosted repository for Python, Debian, NPM packages and Docker registries. Free plan for open source/public projects.
repsy.io - 1 GB Free private/public Maven Repository.

⬆️ Back to Top

Tools for Teams and Collaboration

3Cols - A free cloud-based code snippet manager for personal and collaborative code.
BookmarkOS.com - Free all-on-one bookmark manager, tab manager, and task manager in a customizable online desktop with folder collaboration.
Braid - Chat app designed for teams. Free for public access group, unlimited users, history, and integrations. also, it provides a self-hostable open-source version.
Calendly - Calendly is the tool for connecting and scheduling meetings. The free plan provides 1 Calendar connection per user and Unlimited sessions. Desktop and Mobile apps are also offered.
cally.com - Find the perfect time and date for a meeting. Simple to use, works great for small and large groups.
cDox - Private document editor hosted in Canada. Write, format, collaborate, and publish documents with clean public links. Data is never used for AI training. Free plan includes 50 MB storage, up to 3 public links, and export to PDF, Word, and Markdown.
Chanty.com - Chanty is another alternative to Slack. It has a free forever plan for small teams (up to 10) with unlimited public and private conversations, searchable history, unlimited 1:1 audio calls, unlimited voice messages, ten integrations, and 20 GB storage per team.
DevToolLab - Online developer tools offering free access to all basic tools, with the ability to auto save one entry per tool, standard processing speed, and community support.
Discord - Chat with public/private rooms. Markdown text, voice, video, and screen sharing capabilities. Free for unlimited users.
Dubble - Free Step-by-Step Guide creator. Take screenshots, document processes and colloborate with your team. Also supports async screen recording.
Duckly - Talk and collaborate in real time with your team. Pair programming with IDE, terminal sharing, voice, video, and screen sharing. Free for small teams.
element.io - A decentralized and open-source communication tool built on Matrix. Group chats, direct messaging, encrypted file transfers, voice and video chats, and easy integration with other services.
evernote.com - Tool for organizing information. Share your notes and work together with others
Fibery - Connected workspace platform. Free for single users, up to 2 GB disk space.
Fibo - A free online realtime scrum poker tool for agile teams that lets unlimited members estimate story points for faster planning.
Fizzy - Kanban-based platform for project management and issue tracking. Create public boards, set up webhooks, use card stamping, and track unlimited users - free for up to 1000 items.
flat.social - Interactive customizable spaces for team meetings & happy hours socials. Unlimited meetings, free up to 8 concurrent users.
flock.com - A faster way for your team to communicate. Free Unlimited Messages, Channels, Users, Apps & Integrations
GitBook - Platform for capturing and documenting technical knowledge - from product docs to internal knowledge bases and APIs. Free plan for individual developers.
GitDailies - Daily reports of your team's Commit and Pull Request activity on GitHub. Includes Push visualizer, peer recognition system, and custom alert builder. The free tier has unlimited users, three repos, and 3 alert configs.
gitter.im - Chat, for GitHub. Unlimited public and private rooms, free for teams of up to 25
gokanban.io - Syntax-based, no registration Kanban Board for fast use. Free with no limitations.
Hackmd.io - Real time collaboration & writing tool for markdown format docs/files. Like Google Docs but for markdown files. Free unlimited number of "notes", but the number of collaborators (invitee) for private notes & template will be limited.
HeySpace - Task management tool with chat, calendar, timeline and video calls. Free for up to 5 users.
Huly - All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion) - unlimited users, 10GB storage per workspace, 10GB video(audio) traffic.
Keybase - Keybase is a FOSS alternative to Slack; it keeps everyone's chats and files safe, from families to communities to companies.
Linkinize - Bookmark manager for teams with tagging, multi-workspaces, and collaboration. Free plan includes 4 workspaces and 10 team members.
Lockitbot - Reserve and lock shared resources within Slack like Rooms, Dev environments , servers etc. Free for upto 2 resources
meet.jit.si - One-click video conversations, and screen sharing, for free
Miro - Scalable, secure, cross-device, and enterprise-ready collaboration whiteboard for distributed teams. With a freemium plan.
Notion - Notion is a note-taking and collaboration application with markdown support that integrates tasks, wikis, and databases. The company describes the app as an all-in-one workspace for note-taking, project management and task management. In addition to cross-platform apps, it can be accessed via most web browsers.
Nuclino - A lightweight and collaborative wiki for all your team's knowledge, docs, and notes. Free plan with all essential features, up to 50 items, and 5GB storage.
OnlineInterview.io - Free code interview platform with embedded video chat, drawing board, and online code editor where you can compile and run your code on the browser. You can create a remote interview room with just one click.
paste.sh - This is a JavaScript and the Crypto based simple paste site.
Pastefy - Beautiful and simple Pastebin with optional Client-Encryption, Multitab-Pastes, an API, a highlighted Editor and more.
Pendulums - Pendulums is a free time tracking tool that helps you manage your time in a better manner with an easy-to-use interface and valuable statistics.
Proton Pass - Password manager with built-in email aliases, 2FA authenticator, sharing and passkeys. Available on web, browser extension, and mobile app and desktop.
Pullflow - Pullflow offers an AI-enhanced platform for code review collaboration across GitHub, Slack, and VS Code.
Pumble - Free team chat app. Unlimited users and message history, free forever.
Quidlo Timesheets - A simple timesheet and time tracking app for teams. The free plan has time tracking and generating reports features for up to 10 users.
Raindrop.io - Private and secure bookmarking app for macOS, Windows, Android, iOS, and Web. Free Unlimited Bookmarks and Collaboration.
Revolt.chat - An OpenSource alternative forDiscord, that respects your privacy. It also have most proprietary features from discord for free. Revolt is a all in one application that is secure and fast, while being 100% free. every features are free. They also have (official & unofficial) plugins support unlike most main-stream chatting applications.
Rocket.Chat - Open-source communication platform with Omnichannel features, Matrix Federation, Bridge with others apps, Unlimited messaging, and Full messaging history.
ruttl.com - The best all-in-one feedback tool to collect digital feedback and review websites, PDFs, and images.
Screen Sharing via Browser - Free screen sharing tool, share your screen with collabrators right from your browser, no download or registration needed. For free.
seafile.com - Private or cloud storage, file sharing, sync, discussions. The cloud version has just 1 GB
SiteDots - Share feedback for website projects directly on your website, no emulation, canvas or workarounds. Completely functional free tier.
Slab - A modern knowledge management service for teams. Free for up to 10 users.
slack.com - Free for unlimited users with some feature limitations
StatusPile - A status page of status pages. Could you track the status pages of your upstream providers?
Stickies - Visual collaboration app used for brainstorming, content curation, and notes. Free for up to 3 Walls, unlimited users, and 1 GB storage.
MeetBackdrops - Free HD virtual backgrounds for video calls on Zoom, Microsoft Teams, and Google Meet. 1,000+ studio-designed environments with no signup required.
talky.io - Free group video chat. Anonymous. Peer‑to‑peer. No plugins, signup, or payment required
Teamcamp - All-in-one project management application for software development companies.
Teamhood - Free Project, Task, and Issue-tracking software. Supports Kanban with Swimlanes and full Scrum implementation. Has integrated time tracking. Free for five users and three project portfolios.
Teamplify - improve team development processes with Team Analytics and Smart Daily Standup. Includes full-featured Time Off management for remote-first teams. Free for small groups of up to 5 users.
Telegram - Telegram is for everyone who wants fast, reliable messaging and calls. Business users and small teams may like the large groups, usernames, desktop apps, and powerful file-sharing options.
Tencent RTC - Tencent Real-Time Communication (TRTC) offers solutions for group audio/video calls.10,000 free minutes/month for the first year.
TimeCamp - Free time tracking software for unlimited users. Easily integrates with PM tools like Jira, Trello, Asana, etc.
tldraw.com - Free open-source white-boarding and diagramming tool with intelligent arrows, snapping, sticky notes, and SVG export features. Multiplayer mode for collaborative editing. Free official VS Code extension available as well.
transfernow - simplest, fastest and safest interface to transfer and share files. Send photos, videos and other large files without a manditory subscription.
Tugboat - Preview every pull request, automated and on-demand. Free for all, complimentary Nano tier for non-profits.
twist.com - An asynchronous-friendly team communication app where conversations stay organized and on-topic. Free and Unlimited plans are available. Discounts are provided for eligible teams.
userforge.com - Interconnected online personas, user stories and context mapping. Helps keep design and dev in sync free for up to 3 personas and two collaborators.
Visual Debug - A Visual feedback tool for better client-dev communication
Webex - Video meetings with a free plan offering 40 minutes per meeting with 100 attendees.
Webvizio - Website feedback tool, website review software, and bug reporting tool for streamlining web development collaboration on tasks directly on live websites and web apps, images, PDFs, and design files.
whereby.com - One-click video conversations, for free (formerly known as appear.in)
windmill.dev - Windmill is an open-source developer platform to quickly build production-grade multi-step automation and internal apps from minimal Python and Typescript scripts. As a free user, you can create and be a member of at most three non-premium workspaces.
wistia.com - Video hosting with viewer analytics, HD video delivery, and marketing tools to help understand your visitors, 25 videos, and Wistia branded player
wormhol.org - Straightforward file sharing service. Share unlimited files up to 5GB with as many peers as you want.
Wormhole - Share files up to 5GB with end-to-end encryption for up to 24hours. For files larger than 5 GB, it uses peer-to-peer transfer to send your files directly.
zoom.us - Secure Video and Web conferencing add-ons available. The free plan is limited to 40 minutes.
Zulip - Real-time chat with a unique email-like threading model. The free plan includes 10,000 messages of search history and File storage up to 5 GB. also, it provides a self-hostable open-source version.
RightFeature - Easily collect feedback from your customers, turn customer feedback into your product roadmap. Collect, prioritize, and ship features that actually matter to your users.

⬆️ Back to Top

CMS

Contentful - Headless CMS. Content management and delivery APIs in the cloud. Comes with one free Community space that includes five users, 25K records, 48 Content Types, 2 locales.
Cosmic - Headless CMS and API toolkit. Free personal plans for developers.
Crystallize - Headless PIM with ecommerce support. Built-in GraphQL API. The free version includes unlimited users, 1000 catalog items, 5 GB/month bandwidth, and 25k/month API calls.
DatoCMS - Offers free tier for small projects. DatoCMS is a GraphQL-based CMS. On the lower tier, you have 100k/month calls.
Hygraph - Offers free tier for small projects. GraphQL first API. Move away from legacy solutions to the GraphQL native Headless CMS - and deliver omnichannel content API first.
Prismic - Headless CMS. Content management interface with fully hosted and scalable API. The Community Plan provides unlimited API calls, documents, custom types, assets, and locales to one user. Everything that you need for your next project. Bigger free plans are available for Open Content/Open Source projects.
Sanity.io - Platform for structured content with an open-source editing environment and a real-time hosted data store. Unlimited projects. Unlimited admin users, three non-admin users, two datasets, 500K API CDN requests, 10GB bandwidth, and 5GB assets included for free per project.
Solo - Free AI website creator from Mozilla, create a beautiful website for your business from a few simple inputs. Free custom domain, no credit card needed.
Squidex - Offers free tier for small projects. API / GraphQL first. Open source and based on event sourcing (versing every change automatically).
Storyblok - A Headless CMS for developers and marketers that works with all modern frameworks. The Community (free) tier offers Management API, Visual Editor, ten sources, Custom Field Types, Internationalization (unlimited languages/locales), Asset Manager (up to 2500 assets), Image Optimizing Service, Search Query, Webhook + 250GB Traffic/month included.
TinaCMS - Replacing Forestry.io. Open source Git-backed headless CMS that supports Markdown, MDX, and JSON. The basic offer is free with two users available.
WPJack - Set up WordPress on any cloud in less than 5 minutes! The free tier includes 1 server, 2 sites, free SSL certificates, and unlimited cron jobs. No time limits or expirations-your website, your way.

⬆️ Back to Top

Code Generation

Appinvento - A free no-code app builder. It provides complete access to the automatically generated backend source code and allows for unlimited APIs and routes. The free plan includes three projects and five tables.
DhiWise - Converts Figma designs into dynamic Flutter and React applications. Its code generation technology is designed to optimize workflows for building production-ready mobile and web experiences.
Karbon Sites - An AI-powered site builder and editor that generates production-ready frontend code from text prompts, sketches, or resumes. Features include native Android (APK) export and a free tier with 5 generations per month (unlimited via custom Gemini API key).
Metalama - A C#-specific tool that generates boilerplate code on the fly during compilation to keep source code clean. It is free for open-source projects; its commercial-friendly free tier includes up to three aspects.
Supermaven - A high-speed AI code completion plugin for VS Code, JetBrains, and Neovim. The free tier provides unlimited inline completions with a focus on ultra-low latency.
v0.dev - Created by Vercel, v0 generates copy-and-paste friendly React code using shadcn/ui and Tailwind CSS. It uses a credit system, providing 1,200 starting credits and 200 free credits monthly.

⬆️ Back to Top

Code Quality

beanstalkapp.com - A complete workflow to write, review, and deploy code), a free account for one user, and one repository with 100 MB of storage
codacy.com - Automated code reviews for PHP, Python, Ruby, Java, JavaScript, Scala, CSS, and CoffeeScript, free for unlimited public and private repositories
Codeac.io - Automated Infrastructure as Code review tool for DevOps integrates with GitHub, Bitbucket, and GitLab (even self-hosted). In addition to standard languages, it also analyzes Ansible, Terraform, CloudFormation, Kubernetes, and more. (open-source free)
codecov.io - Code coverage tool (SaaS), free for Open Source and one free private repo
CodeFactor - Automated Code Review for Git. The free version includes unlimited users, public repositories, and one private repo.
coderabbit.ai - AI-powered code review tool that integrates with GitHub/GitLab. Free tier includes 200 files/hour, 3 reviews per hour, and 50 conversations/hour. Free forever for open source projects.
CodSpeed - Automate performance tracking in your CI pipelines. Catch performance regressions before deployment, thanks to precise and consistent metrics. Free forever for Open Source projects.
coveralls.io - Display test coverage reports, free for Open Source
deepscan.io - Advanced static analysis for automatically finding runtime errors in JavaScript code, free for Open Source
DeepSource - DeepSource continuously analyzes source code changes, finding and fixing issues categorized under security, performance, anti-patterns, bug-risks, documentation, and style. Native integration with GitHub, GitLab, and Bitbucket.
DiffText - Instantly find the differences between two blocks of code. Completely free to use.
eversql.com - EverSQL - The #1 platform for database optimization. Gain critical insights into your database and SQL queries automatically.
gerrithub.io - Gerrit code review for GitHub repositories for free
goreportcard.com - Code Quality for Go projects, free for Open Source
gtmetrix.com - Reports and thorough recommendations to optimize websites
holistic.dev - The #1 static code analyzer for Postgresql optimization. Performance, security, and architect database issues automatic detection service
houndci.com - Comments on GitHub commits about code quality, free for Open Source
reviewable.io - Code review for GitHub repositories, free for public or personal repos.
scan.coverity.com - Static code analysis for Java, C/C++, C# and JavaScript, free for Open Source
scrutinizer-ci.com - Continuous inspection platform, free for Open Source
semanticdiff.com - Programming language aware diff for GitHub pull requests and commits, free for public repositories
shields.io - Quality metadata badges for open source projects
sonarcloud.io - Automated source code analysis for Java, JavaScript, C/C++, C#, VB.NET, PHP, Objective-C, Swift, Python, Groovy and even more languages, free for Open Source

⬆️ Back to Top

Code Search and Browsing

CodeKeep - Google Keep for Code Snippets. Organize, Discover, and share code snippets, featuring a powerful code screenshot tool with preset templates and a linking feature.
libraries.io - Search and dependency update notifications for 32 different package managers, free for open source
Namae - Search various websites like GitHub, Gitlab, Heroku, Netlify, and many more for the availability of your project name.
tickgit.com - Surfaces TODO comments (and other markers) to identify areas of code worth returning to for improvement.

⬆️ Back to Top

CI and CD

appcircle.io - An enterprise-grade mobile DevOps platform that automates the build, test, and publish store of mobile apps for faster, efficient release cycle. Free for 30 minutes max build time per build, 20 monthly builds and 1 concurrent build.
appveyor.com - CD service for Windows, free for Open Source
bitrise.io - A CI/CD for mobile apps, native or hybrid. With 200 free builds/month 10 min build time and two team members. OSS projects get 45 min build time, +1 concurrency and unlimited team size.
buddy.works - A CI/CD with five free projects and one concurrent run (120 executions/month)
Buildkite - CI Pipelines free for 3 users and 5k job minutes/month. Test Analytics free developer tier includes 100k test executions/month, with more free inclusions for open-source projects.
bytebase.com - Database CI/CD and DevOps. Free under 20 users and ten database instances
CircleCI - Comprehensive free plan with all features included in a hosted CI/CD service for GitHub, GitLab, and BitBucket repositories. Multiple resource classes, Docker, Windows, Mac OS, ARM executors, local runners, test splitting, Docker Layer Caching, and other advanced CI/CD features. Free for up to 6000 minutes/month execution time, unlimited collaborators, 30 parallel jobs in private projects, and up to 80,000 free build minutes for Open Source projects.
cirrus-ci.org - Free for public GitHub repositories
cirun.io - Free for public GitHub repositories
codemagic.io - Free 500 build minutes/month
deployhq.com - 1 project with ten daily deployments (30 build minutes/month)
LocalOps - Deploy your app on AWS/GCP/Azure in under 30 minutes. Setup standardised app environments on any cloud, which come with in-built continuous deployment automation and advanced observability. The free plan allows 1 user and 1 app environment.
Make - The workflow automation tool lets you connect apps and automate workflows using UI. It supports many apps and the most popular APIs. Free for public GitHub repositories, and free tier with 100 Mb, 1000 Operations, and 15 minutes of minimum interval.
Mergify - workflow automation and merge queue for GitHub - Free for public GitHub repositories
Nx Cloud - Nx Cloud speeds up your monorepos on CI with features such as remote caching, distribution of tasks across machines and even automated splitting of your e2e test runs. It comes with a free plan for up to 30 contributors with generous 150k credits included.
RunMyJob - Run GitHub Actions and GitLab CI pipelines smarter with real-time scaling Spike Instances. Free tier includes 400 vCPU-minutes, 800 GB-minutes, and 10 concurrent jobs with high-performance runners (12 vCPU and 32 GB RAM per job).
Shipfox - Run your GitHub actions 2x faster, 3.000 build minutes free each month.
Spacelift - Management platform for Infrastructure as Code. Free plan features: IaC collaboration, Terraform module registry, ChatOps integration, Continuous resource compliance with Open Policy Agent, SSO with SAML 2.0, and access to public worker pools: up to 200 minutes/month
Squash Labs - creates a VM for each branch and makes your app available from a unique URL, Unlimited public & private repos, Up to 2 GB VM Sizes.
Terramate - Terramate is an orchestration and management platform for Infrastructure as Code (IaC) tools such as Terraform, OpenTofu, and Terragrunt. Free up to 2 users including all features.
Terrateam - GitOps-first Terraform automation with pull request-driven workflows, project isolation via self-hosted runners, and layered runs for ordered operations. Free for up to 3 users.

⬆️ Back to Top

Testing

Appetize - Test your Android & iOS apps on this Cloud Based Android Phone / Tablets emulator and iPhone/iPad simulators directly in your browser. The free tier includes two concurrent session with 30 minutes of usage per month. No limit on app size.
Argos - Open Source visual testing for developers. Unlimitedprojects, with 5,000 screenshots per month. Free for open-source projects.
Bencher - A continuous benchmarking tool suite to catch CI performance regressions. Free for all public projects.
BugBug - Lightweight test automation tool for web applications. It is easy to learn and doesn't require coding. You can run unlimited tests on your own computer for free. You also get cloud monitoring and CI/CD integration for an additional monthly fee.
checkbot.io - Browser extension that tests if your website follows 50+ SEO, speed and security best practices. Free tier for smaller websites.
- CheckAPI - API health monitoring with Silent Failure Detection — validates response body via JSON Path assertions and regex, not just HTTP status codes. Free plan includes 10 monitors, 5-minute intervals, all 5 alert channels (Email, Slack, Telegram, Discord, Webhook), and is free for commercial use with no time limit.
Checkly - Code-first synthetic monitoring for modern DevOps. Monitor your APIs and apps at a fraction of the price of legacy providers. Powered by a Monitoring as Code workflow and Playwright. Generous free tier for devs.
CORS-Tester - A free tool for developers and API testers to check if an API is CORS-enabled for a given domain and identify gaps. Get actionable insights.
cypress.io - Fast, easy and reliable testing for anything that runs in a browser. Cypress Test Runner is always free and open-source with no restrictions and limitations. Cypress Dashboard is free for open-source projects for up to 5 users.
everystep-automation.com - Records and replays all steps made in a web browser and creates scripts, free with fewer options
gridlastic.com - Selenium Grid testing with a free plan of up to 4 simultaneous selenium nodes/10 grid starts/4,000 test minutes/month
katalon.com - Provides a testing platform that can help teams of all sizes at different levels of testing maturity, including Katalon Studio, TestOps (+ Visual Testing free), TestCloud, and Katalon Recorder.
Keploy - Keploy is a functional testing toolkit for developers. Recording API calls generates E2E tests for APIs (KTests) and mocks or stubs(KMocks). It is free for Open Source projects.
loadmill.com - Automatically create API and load tests by analyzing network traffic. Simulate up to 50 concurrent users for up to 60 minutes for free monthly.
lost-pixel.com - holistic visual regression testing for your Storybook, Ladle, Histoire stories and Web Apps. Unlimited team members, totally free for open-source, 7,000 snapshots/month.
pagegym.com - Load behvariour and page speed analysis and optimization tool. The free plan provides 10 tests per day, 5 experiments per week, and 15 GB of maximum ingested data per month.
percy.io - Add visual testing to any web app, static site, style guide, or component library. Unlimited team members, Demo app, and unlimited projects, 5,000 snapshots/month.
qase.io - Test management system for Dev and QA teams. Manage test cases, compose test runs, perform tests, track defects, and measure impact. The free tier includes all core features, with 500MB available for attachments and up to 3 users.
Repeato - No-code mobile app test automation tool built on top of computer vision and AI. Works for native apps, flutter, react-native, web, ionic, and many more app frameworks. The free plan is limited to 10 tests for iOS and 10 for Android, but includes most of the features of the paid plans, including unlimited test runs.
Requestly - Open-source Chrome Extension to Intercept, Redirect and Mock HTTP Requests. Featuring Debugger, Mock Server, API Client and Session Recording. Redirect URLs, Modify HTTP Headers, Mock APIs, Inject custom JS, Modify GraphQL Requests, Generate Mock API Endpoints, Record session with Network & Console Logs. Create upto 10 rules in Free Tier. Free for open-source.
seotest.me - Free on-page SEO website tester. 10 free website crawls per day. Useful SEO learning resources and recommendations on how to improve the on-page SEO results for any website regardless of technology.
snippets.uilicious.com - It's like CodePen but for cross-browser testing. UI-licious lets you write tests like user stories and offers a free platform - UI-licious Snippets - that allows you to run unlimited tests on Chrome with no sign-up required for up to 3 minutes per test run. Found a bug? You can copy the unique URL to your test to show your devs exactly how to reproduce the bug.
SSR (Server-side Rendering) Checker - Check SSR (server-side rendering) for any URL by visually comparing the server rendered version of the page with the regular version.
testingbot.com - Selenium Browser and Device Testing, free for Open Source
Testspace.com - A Dashboard for publishing automated test results and a Framework for implementing manual tests as code using GitHub. The service is free for Open Source and accounts for 450 monthly results.
tesults.com - Test results reporting and test case management. Integrates with popular test frameworks. Open Source software developers, individuals, educators, and small teams getting started can request discounted and free offerings beyond basic free projects.
UseWebhook.com - Capture and inspect webhooks from your browser. Forward to localhost, or replay from history. Free to use.
Vaadin - Build scalable UIs in Java or TypeScript, and use the integrated tooling, components, and design system to iterate faster, design better, and simplify the development process. Unlimited Projects with five years of free maintenance.
webhook-test.com - Debug and inspect webhooks and HTTP requests with a unique URL during integration. Completely free, you can create unlimited URLs and receive recommendations.
webhook.site - Verify webhooks, outbound HTTP requests, or emails with a custom URL. A temporary URL and email address are always free.
websitepulse.com - Various free network and server tools.
kogiQA - A web UI automation tool that functions without the need for selectors. Every developer gets 500 actions per month for free.

⬆️ Back to Top

Security and PKI

aikido.dev - All-in-one appsec platform covering SCA, SAST, CSPM, DAST, Secrets, IaC, Malware, Container scanning, EOL,... Free plan includes two users, scanning of 10 repos, 1 cloud, 2 containers & 1 domain.
CertKit - Manage SSL Certificate issuance, renewal, and monitoring. Search the Certificate Transparency Logs. Free for 3 certificates and 1 user after the beta.
Corgea - Free autonomous security platform that finds, validates and fixes insecure code and packages across +20 languages and frameworks. Free plan includes 1 user and 2 repos.
crypteron.com - Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications
CyberChef - A simple, intuitive web app for analyzing and decoding/encoding data without dealing with complex tools or programming languages. Like a Swiss army knife of cryptography & encryption. All features are free to use, with no limit. Open source if you wish to self-host.
Datree - Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
Dependabot - Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules, and GitHub Actions.
DJ Checkup - Scan your Django site for security flaws with this free, automated checkup tool. Forked from the Pony Checkup site.
Doppler - Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for five users with basic access controls.
Dotenv - Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates.
GitGuardian - Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files - Free for individuals and teams of 25 developers or less.
HasMySecretLeaked - Search across 20 million exposed secrets in public GitHub repositories, gists, issues,and comments for Free
Have I been pwned? - REST API for fetching the information on the breaches.
hostedscan.com - Online vulnerability scanner for web applications, servers, and networks. Ten free scans per month.
Infisical - Open source platform that lets you manage developer secrets across your team and infrastructure: everywhere from local development to staging/production 3rd-party services. Free for up to 5 developers.
Internet.nl - Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE
IntoDNS.ai - DNS and email security analyzer that checks SPF, DKIM, DMARC, DNSSEC, BIMI, MTA-STS, and 40+ blacklists with AI-powered explanations and fix suggestions. 100% free, no signup required.
letsencrypt.org - Free SSL Certificate Authority with certs trusted by all major browsers
meterian.io - Monitor Java, Javascript, .NET, Scala, Ruby, and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source.
Mozilla Observatory - Find and fix security vulnerabilities in your site.
Project Gatekeeper - An All-in-One SSL Toolkit Offering various features like Private Key & CSR Generator, SSL Certificate Decoder, Certificate Matcher and Order SSL Certificate. We offer the users to generate Free SSL Certificates from Let's Encrypt, Google Trust and BuyPass using CNAME Records rather than TXT Records.
Protectumus - Free website security check, site antivirus, and server firewall (WAF) for PHP. Email notifications for registered users in the free tier.
Public Cloud Threat Intelligence - High confidence Indicator of Compromise(IOC) targeting public cloud infrastructure, A portion is available on github (https://github.com/unknownhad/AWSAttacks). Full list is available via API
pyup.io - Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source.
qualys.com - Find web app vulnerabilities, audit for OWASP Risks
SikkerKey - Machine authenticated secrets manager, includes 2 projects, 2 bootstrapped machines, 20 secrets and 7 days audit log retention for free.
Smart Grow Vault - Secure Enterprise-grade platform for managing environment variables and secrets. Free tier includes up to 3 applications and 150 secrets per project.
Socket - Free supply chain security for individual developers, small teams, and open source projects. Includes a free app and firewall CLI tool to protect your code from vulnerable and malicious dependencies. Detects 70+ indicators of supply chain risk.
SOOS - Free, unlimited SCA scans for open-source projects. Detect and fix security threats before release. Protect your projects with a simple and effective solution.
ssllabs.com - Intense analysis of the configuration of any SSL web server
Sucuri SiteCheck - Free website security check and malware scanner
TestTLS.com - Test an SSL/TLS service for secure server configuration, certificates, chains, etc. Not limited to HTTPS.
Virgil Security - Tools and services for implementing end-to-end encryption, database protection, IoT security, and more in your digital solution. Free for applications with up to 250 users.

⬆️ Back to Top

Authentication, Authorization, and User Management

360username - A free tool to search a username across 90+ social platforms to find matching profiles.
Aserto - Fine-grained authorization as a service for applications and APIs. Free up to 1000 MAUs and 100 authorizer instances.
asgardeo.io - Seamless Integration of SSO, MFA, passwordless auth and more. Includes SDKs for frontend and backend apps. Free up to 1000 MAUs and five identity providers.
Auth0 - Hosted SSO. The free plan includes 25,000 MAUs, unlimited Social Connections, a custom domain, and more.
Authgear - Bring Passwordless, OTPs, 2FA, SSO to your apps in minutes. All Front-end included. Free up to 5000 MAUs.
Authress - Authentication login and access control, unlimited identity providers for any project. Facebook, Google, Twitter and more. The first 1000 API calls are free.
Authy - Two-factor authentication (2FA) on multiple devices, with backups. Drop-in replacement for Google Authenticator. Free for up to 100 successful authentications.
Cerbos Hub - A complete authorization management system for authoring, testing, and deploying access policies. Fine-grained authorization and access control, free up to 100 monthly active principals.
Clerk - User management, authentication, 2FA/MFA, prebuilt UI components for sign-in, sign-up, user profiles, and more. Free plan includes unlimited applications, 50,000 MRU limit per app, 3 dashboard seats, and more.
Cloud-IAM - Keycloak Identity and Access Management as a Service. Free up to 100 users and one realm.
Descope - Highly customizable AuthN flows, has both a no-code and API/SDK approach, Free 7,500 active users/month, 50 tenants (up to 5 SAML/SSO tenants).
duo.com - Two-factor authentication (2FA) for website or app. Free for ten users, all authentication methods, unlimited, integrations, hardware tokens.
Kinde - Simple, robust authentication you can integrate with your product in minutes. Everything you need to get started with 7,500 free MAU.
logintc.com - Two-factor authentication (2FA) by push notifications, free for ten users, VPN, Websites, and SSH
Logto - Develop, secure, and manage user identities of your product - for both authentication and authorization. Free for up to 5,000 MAUs with open-source self-hosted option available.
MojoAuth - MojoAuth makes it easy to implement Passwordless authentication on your web, mobile, or any application in minutes.
Okta - User management, authentication and authorization. Free for up to 100 monthly active users.
Ory - AuthN/AuthZ/OAuth2.0/Zero Trust managed security platform. Forever free developer accounts with all security features, unlimited team members, 200 daily active users, and 25k/mo permission checks.
Permit.io - Auhtorization-as-a-service provider platform enabling RBAC, ABAC, and ReBAC for scalable microservices with real-time updates and a no-code policy UI. A 1000 Monthly Active User free tier.
Phase Two - Keycloak Open Source Identity and Access Management. Free realm up to 1000 users, up to 10 SSO connections, leveraging Phase Two's Keycloak enhanced container which includes the Organization extension.
PropelAuth - A Sell to companies of any size immediately with a few lines of code, free up to 200 users and 10k Transactional Emails (with a watermark branding: "Powered by PropelAuth").
Scalekit - Enterprise SSO (SAML, OIDC), SCIM provisioning, and social logins for B2B SaaS. Free tier includes 1 million MAU, 100 organizations, 1 SSO connection, and 1 SCIM connection.
Stack Auth - Open-source authentication that doesn't suck. The most developer-friendly solution, getting you started in just five minutes. Self-hostable for free, or offers a managed SaaS version with 10k free Monthly Active Users.
Stytch - An all-in-one platform that provides APIs and SDKs for authentication and fraud prevention. The free plan includes 10,000 monthly active users, unlimited organizations, 5 SSO or SCIM connections, and 1,000 M2M tokens.
SuperTokens - Open source user authentication that natively integrates into your app - enabling you to get started quickly while controlling the user and developer experience. Free for up to 5000 MAUs.
WorkOS - Free user management and authentication for up to 1 Million MAUs. Support email + password, social auth, Magic Auth, MFA, and more.
ZITADEL Cloud - A turnkey user and access management that works for you and supports multi-tenant (B2B) use cases. Free for up to 25,000 authenticated requests, with all security features (no paywall for OTP, Passwordless, Policies, and so on).

⬆️ Back to Top

Mobile App Distribution and Feedback

Appho.st - Mobile app hosting platform. The free plan includes five apps, 50 monthly downloads, and a maximum file size of 100 MB.
Diawi - Deploy iOS & Android apps directly to devices. Free plan: app uploads, password-protected links, 1-day expiration, ten installations.
GetUpdraft - Distribute mobile apps for testing. The free plan includes one app project, three app versions, 500 MB storage, and 100 app installations per month.
InstallOnAir - Distribute iOS & Android apps over the air. Free plan: unlimited uploads, private links, 2-day expiration for guests, 60 days for registered users.
Loadly - iOS & Android beta apps distribution service offers completely free services with unlimited downloads, high-speed downloads, and unlimited uploads.

⬆️ Back to Top

Management System

bitnami.com - Deploy prepared apps on IaaS. Management of 1 AWS micro instance free
Esper - MDM and MAM for Android Devices with DevOps. One hundred devices free with one user license and 25 MB Application Storage.
jamf.com - Device management for iPads, iPhones, and Macs, three devices free
Miradore - Device Management service. Stay up-to-date with your device fleet and secure unlimited devices for free. The free plan offers basic features.
moss.sh - Help developers deploy and manage their web apps and servers. Free up to 25 git deployments per month
ploi.io - Server management tool to easily manage and deploy your servers & sites. Free for one server.
runcloud.io - Server management focusing mainly on PHP projects. Free for up to 1 server.
serveravatar.com - Manage and monitor PHP-based web servers with automated configurations. Free for one server.
xcloud.host - Server management and deployment platform with a user-friendly interface. Free tier available for one server.

⬆️ Back to Top

Messaging and Streaming

Ably - Realtime messaging service with presence, persistence and guaranteed delivery. The free plan includes 3m messages per month, 100 peak connections, and 100 peak channels.
cloudamqp.com - RabbitMQ as a Service. Little Lemur plan: max 1 million messages/month, max 20 concurrent connections, max 100 queues, max 10,000 queued messages, multiple nodes in different AZ's
courier.com - Single API for push, in-app, email, chat, SMS, and other messaging channels with template management and other features. The free plan includes 10,000 messages/mo.
EMQX Serverless - Scalable and secure serverless MQTT broker you can get in seconds. 1M session minutes/month free forever (no credit card required).
Engage - All-in-one Customer Engagement and Automation Tool (email, push, SMS, product tours, banners and more) for SaaS. Free for up to 1,000 active users per month.
engagespot.co - Multi-channel notification infrastructure for developers with a prebuilt in-app inbox and no-code template editor. Free plan includes 10,000 messages/mo.
HiveMQ - Connect your MQTT devices to the Cloud Native IoT Messaging Broker. Free to connect up to 100 devices (no credit card required) forever.
httpSMS - Send and receive text messages using your Android phone as an SMS Gateway. Free to send and receive up to 200 messages per month.
knock.app - Notifications infrastructure for developers. Send to multiple channels like in-app, email, SMS, Slack, and push with a single API call. The free plan includes 10,000 messages/mo.
Novu.co - The open-source notification infrastructure for developers. Simple components and APIs for managing all communication channels in one place: Email, SMS, Direct, In-App and Push. The free plan includes 30,000 notifications/month with 90 days of retention.
Pingram.io - Communication infrastructure in 5 minutes. Free tier includes: 100 SMS and calls, 3000 Emails, Push, Slack, MS Teams, WhatsApp, and more.
Pocket Alert - Send push notifications to your iOS and Android devices. Effortlessly integrate via API or Webhooks and maintain full control over your alerts. Free plan: 50 messages per day to 1 device and 1 application.
pubnub.com - Swift, Kotlin, and React messaging at 1 million transactions each month. Transactions may contain multiple messages.
pusher.com - Realtime messaging service. Free for up to 100 simultaneous connections and 200,000 messages/day
scaledrone.com - Realtime messaging service. Free for up to 20 simultaneous connections and 100,000 events/day
SMSGate - SMS Gateway for Android™ enables sending and receiving SMS messages through your devices using cloud routing. Completely free cloud service (with recommended notification for usage above 10,000 messages/day to maintain quality for all users).
SuprSend - SuprSend is a notification infrastructure that streamlines your product notifications with an API-first approach. Create and deliver transactional, crons, and engagement notifications on multiple channels with a single notification API. In free plan you get 10,000 notifications per month, including different workflow nodes such as digests, batches, multi-channels, preferences, tenants, broadcasts and more.
synadia.com - NATS.io as a service. Global, AWS, GCP, and Azure. Free forever with 4k msg size, 50 active connections, and 5GB of data per month.
webpushr - Web Push Notifications - Free for upto 10k subscribers, unlimited push notifications, in-browser messaging
vask - Realtime messaging service, Pusher-compatible. Dev tier is limited to local development only and free with 100 concurrent connections, 1,000,000 broadcasts/month, unlimited client events, 32kb message size.

⬆️ Back to Top

Log Management

bugfender.com - Free up to 100k log lines/day with 24 hours retention
log.dog - LogDog is a remote debugging/logging SDK (iOS and Android) with a web ui. Captures all logs, requests and events in real-time and allows to intercept them. Free for up to 100MB of logs every month
logflare.app - Free for up to 12,960,000 entries per app per month, 3 days retention
logtail.com - ClickHouse-based SQL-compatible log management. Free up to 1 GB per month, three days retention.
logzab.com - Audit trail management system. Free 1,000 user activity logs per month, 1-month retention, for up to 5 projects.
ManageEngine Log360 Cloud - Log Management service powered by Manage Engine. Free Plan offers 50 GB storage with 15 days Storage Retention and 7 days search.
openobserve.ai - 200 GB Ingestion/month free, 15 Days Retention
Smart Grow Logs - Centralized log management platform with end-to-end encryption, real-time alerts, and multi-platform SDKs. Free tier includes up to 3.000 logs per day.

⬆️ Back to Top

Translation Management

AutoLocalise.com - Instantly localize without managing translation files. Free for up to 10,000 characters/month, unlimited languages.
crowdin.com - Unlimited projects, unlimited strings, and collaborators for Open Source
Free PO editor - Free for everybody
Lingo.dev - Open-source AI-powered CLI for web & mobile localization. Bring your own LLM, or use 10,000 free words every month via Lingo.dev-managed localization engine.
lingohub.com - Free up to 3 users, always free for Open Source
Localhero.ai - Automatic on-brand translations on every pull request, with glossary and translation memory. Free for 1 project, 250 translation credits/month (~4,000 words).
localazy.com - Free for 1000 source language strings, unlimited languages, unlimited contributors, startup and open source deals
Localit - Fast, developer-friendly localization platform with seamless and free GitHub/GitLab integration, AI-assisted and manual translations, and a generous free plan (includes 2 users, 500 keys, and unlimited projects).
localizely.com - Free for Open Source
Loco - Free up to 2000 translations, Unlimited translators, ten languages/project, 1000 translatable assets/project
POEditor - Free up to 1000 strings
SimpleLocalize - Free up to 100 translation keys, unlimited strings, unlimited languages, startup deals
Texterify - Free for a single user
Tolgee - Free SaaS offering with limited translations, forever-free self-hosted version
transifex.com - Free for Open Source

⬆️ Back to Top

Monitoring

assertible.com - Automated API testing and monitoring. Free plans for teams and individuals.
Better Stack - Uptime monitoring, incident management, on-call scheduling/alerting, and status pages in a single product. The free plan includes ten monitors with 3-minute check frequency and status pages.
bleemeo.com - Free for 3 servers, 5 uptime monitors, unlimited users, unlimited dashboards, unlimited alerting rules.
checklyhq.com - Open source E2E / Synthetic monitoring and deep API monitoring for developers. Free plan with one user and 10k API & network / 1.5k browser check runs.
Core Web Vitals History - Find Core Web Vitals history for a url or a website.
cronitor.io - Performance insights and uptime monitoring for cron jobs, websites, APIs and more. A free tier with five monitors.
datadoghq.com - Free for up to 5 nodes
deadmanssnitch.com - Monitoring for cron jobs. One free snitch (monitor), more if you refer others to sign up
downtimemonkey.com - 60 uptime monitors, 5-minute interval. Email, Slack alerts.
economize.cloud - Economize helps demystify cloud infrastructure costs by organizing cloud resources to optimize and report the same. Free for up to $5,000 spent on Google Cloud Platform every month.
fivenines.io - Linux server monitoring with real‑time dashboards and alerting - free forever for up to 5 monitored servers at 60-seconds interval. No credit card required.
FlareWarden - Uptime, content, dependency, and SSL monitoring with multi-region verification and status pages. Free plan includes 15 monitors, 5-minute checks, and 90 days of history.
Grafana Cloud - Grafana Cloud is a composable observability platform that integrates metrics and logs with Grafana. Free: 3 users, ten dashboards, 100 alerts, metrics storage in Prometheus and Graphite (10,000 series, 14 days retention), logs storage in Loki (50 GB of logs, 14 days retention)
healthchecks.io - Monitor your cron jobs and background tasks. Free for up to 20 checks.
incidenthub.cloud - Cloud and SaaS status page aggregator - 20 monitors and 2 notification channels (Slack and Discord) are free forever.
inspector.dev - A complete Real-Time monitoring dashboard in less than one minute with a free forever tier.
instatus.com - Get a beautiful status page in 10 seconds. Free forever with unlimited subs and unlimited teams.
- isitdownstatus.com – Free public JSON API returning real-time status for 500+ popular services (GitHub, Stripe, AWS, etc.). No auth required, CORS enabled.
linkok.com - Online broken link checker, free for small websites up to 100 pages, completely free for open-source projects.
loader.io - Free load testing tools with limitations
Middleware.io - Middleware observability platform provides complete visibility into your apps & stack, so you can monitor & diagnose issues at scale. They have a free forever plan for Dev community use that allows Log monitoring for up to 1M log events, Infrastructure monitoring & APM for up to 2 hosts.
MonitorMonk - Minimalist uptime monitoring with beautiful status pages. The Forever Free plan offers HTTPS, Keyword, SSL and Response-time monitorming for 10 websites or api-endpoints, and provides 2 dashboards/status pages.
netdata.cloud - Netdata is an open-source tool to collect real-time metrics. It's a growing product and can also be found on GitHub!
newrelic.com - New Relic observability platform built to help engineers create more perfect software. From monoliths to serverless, you can instrument everything and then analyze, troubleshoot, and optimize your entire software stack. The free tier offers 100GB/month of free data ingest, one free full-access user, and unlimited free primary users.
OnlineOrNot.com - OnlineOrNot provides uptime monitoring for websites and APIs, monitoring for cron jobs and scheduled tasks. Also provides status pages. The first five checks with a 3-minute interval are free. The free tier sends alerts via Slack, Discord, and Email.
OntarioNet.ca CN Test - Check if a website is blocked in China by the Great Firewall. It identifies DNS pollution by comparing DNS results and ASN information detected by servers in China versus servers in the United States.
pagecrawl.io - Monitor website changes, free for up to 6 monitors with daily checks.
pagertree.com - Simple interface for alerting and on-call management. Free up to 5 users.
phare.io - Uptime Monitoring free for up to 100,000 events for unlimited projets and unlimited status pages.
pingbreak.com - Modern uptime monitoring service. Check unlimited URLs and get downtime notifications via Discord, Slack, or email.
Pingmeter.com - 5 uptime monitors with 10-minute interval. Monitor SSH, HTTP, HTTPS, and any custom TCP ports.
pingpong.one - Advanced status page platform with monitoring. The free tier includes one public customizable status page with an SSL subdomain. Pro plan is offered to open-source projects and non-profits free of charge.
Pulsetic - 10 monitors, 6 Months of historical Uptime/Logs, unlimited status pages, and custom domains included! For infinite time and unlimited email alerts for free. You don't need a credit card.
robusta.dev - Powerful Kubernetes monitoring based on Prometheus. Bring your own Prometheus or install the all-in-one bundle. The free tier includes up to 20 Kubernetes nodes. Alerts via Slack, Microsoft Teams, Discord, and more. Integrations with PagerDuty, OpsGenie, VictorOps, DataDog, and many other tools.
Servervana - Advanced uptime monitoring with support for large projects and teams. Provides HTTP monitoring, Browser based monitoring, DNS monitoring, domain monitoring, status pages and more. The free tier includes 10 HTTP monitors, 1 DNS monitor and one status page.
Simple Observability - Powerful server monitoring in a unified platform for metrics and logs, with no setup complexity. Free for one server.
sitesure.net - Website and cron monitoring - 2 monitors free
skylight.io - Free for first 100,000 requests (Rails only)
stathat.com - Get started with ten stats for free, no expiration
statuscake.com - Website monitoring, unlimited tests free with limitations
statusgator.com - Status page monitoring, 3 monitors free
supaguard.app - Synthetic monitoring from 20+ global regions. The free tier includes 1,000 browser checks/mo with AI-driven self-healing and automated test generation.
SweetUptime - Server monitoring, uptime monitoring, DNS & domain monitoring. Monitor 10 server, 10 uptime, and 10 domain for free.
syagent.com - Noncommercial free server monitoring service, alerts and metrics.
UptimeObserver.com - Get 20 uptime monitors with 5-minute intervals and a customizable status page-even for commercial use. Enjoy unlimited, real-time notifications via email and Telegram. No credit card needed to get started.
uptimetoolbox.com - Free monitoring for five websites, 3-minute intervals, public statuspage.
Wachete - monitor five pages, checks every 24 hours.
Xitoring.com - Uptime monitoring: 20 free, Linux and Windows Server monitoring: 5 free, Status page: 1 free - Mobile app, multiple notification channel, and much more!

⬆️ Back to Top

Crash and Exception Handling

Axiom - Store up to 0.5 TB of logs with 30-day retention. Includes integrations with platforms like Vercel and advanced data querying with email/Discord notifiers.
Bugsink - Error-tracking with Sentry-SDK compatability. Free for up to 5,000 errors/month, or unlimited use when self-hosted.
bugsnag.com - Free for up to 2,000 errors/month after the initial trial
CatchJS.com - JavaScript error tracking with screenshots and click trails. Free for open-source projects.
elmah.io - Error logging and uptime monitoring for web developers. Free Small Business subscription for open-source projects.
Embrace - Mobile app monitoring. Free for small teams with up to 1 million user sessions per year.
exceptionless - Real-time error, feature, log reporting, and more. Free for 3k events per month/1 user. Open source and easy to self-host for unlimited use.
GlitchTip - Simple, open-source error tracking. Compatible with open-source Sentry SDKs. 1000 events per month for free, or can self-host with no limits
honeybadger.io - Exception, uptime, and cron monitoring. Free for small teams and open-source projects (12,000 errors/month).
Jam - Developer friendly bug reports in one click. Free plan with unlimited jams.
memfault.com - Cloud device observability and debugging platform. 100 devices free for Nordic, NXP, and Laird devices.
rollbar.com - Exception and error monitoring, free plan with 5,000 errors/month, unlimited users, 30 days retention
Semaphr - Free all-in-one kill switch for your mobile apps.
sentry.io - Sentry tracks app exceptions in real-time and has a small free plan. Free for 5k errors per month/ 1 user, unrestricted use if self-hosted
Whitespace - One-click bug reports straight in your browser. Free plan with unlimited recordings for personal use.

⬆️ Back to Top

Search

algolia.com - Hosted search solution with typo-tolerance, relevance, and UI libraries to easily create search experiences. The free "Build" plan includes 1M documents and 10K searches/month. Also offers developer documentation search for free.
bonsai.io - Free 1 GB memory and 1 GB storage
CommandBar - Unified Search Bar as-a-service, web-based UI widget/plugin that allows your users to search contents, navigations, features, etc. within your product, which helps discoverability. Free for up to 1,000 Monthly Active Users, unlimited commands.
searchly.com - Free 2 indices and 20 MB storage

⬆️ Back to Top

Education and Career Development

Cisco Networking Academy, Skills for All - Offers free certification-aligned courses in topics like cybersecurity, networking, and Python.
CloudCertPrep - Free, open-source AWS certification practice exams with 1,050+ questions for CLF-C02. Features timed mock exams, domain practice, spaced repetition, and progress tracking.
DeepLearning.AI Short Courses - Free short courses from industry-leading experts to get hands-on experience with the latest generative AI tools and techniques in an hour or less.
DevNet Academy - Free, self-paced training for the Cisco DevNet Expert / CCIE Automation certification. Covers Python Click and Flask-RESTx.
Django-tutorial.dev - Free online guides for learning Django as their first framework & gives free dofollow backlink to articles written by users.
edX - Offers access to over 4,000 free online courses from 250 leading institutions, including Harvard and MIT, specializing in computer science, engineering, and data science.
Exercism - Free, open-source programming education in over 75 programming languages, with human mentoring. A nonprofit organisation.
Free Professional Resume Templates & Editor - Free platform with lots of Resume templates of Experienced Professionals, ready to clone and edit fully and download, ATS optimized.
FreeCodeCamp - Open-source platform offering free courses and certifications in Data Analysis, Information Security, Web Development, and more.
Full Stack Open - Free university-level course on modern web development with React, Node.js, GraphQL, TypeScript, and more. Fully online and self-paced.
Interactive CV - AI-powered resume builder with real-time editing and ATS optimization. Free tier includes automatic CV conversion to premium templates (Harvard, Europass), PDF export, job tracker with unlimited job posting insights and CV sharing with chat/voice features.
Khan Academy - Free online guides for learning basic and advanced HTML/CSS, JavaScript and SQL.
LabEx - Develop skills in Linux, DevOps, Cybersecurity, Programming, Data Science, and more through interactive labs and real-world projects.
MIT OpenCourseWare - MIT OpenCourseWare is an online publication of materials from over 2,500 MIT courses, freely sharing knowledge with learners and educators around the world. Youtube channel can be found at @mitocw
Reactive Resume - Free, open-source resume builder with dozens of templates. Exports to PDF, DOCX and also provides a publicly shareable link to the resume (opt-in).
Roadmap.sh - Free learning roadmaps covering all aspects of development from Blockchain to UX Design.
The Odin Project - Free, open-source platform with a curriculum focused on JavaScript and Ruby for web development.
W3Schools - Offers free tutorials on web development technologies like HTML, CSS, JavaScript, and more.

⬆️ Back to Top

Email

10minutemail - Free, temporary email for testing.
AhaSend - Transactional email service, free for 1000 emails per month, with unlimited domains, team members, webhooks and message routes in the free plan.
AnonAddy - Open-source anonymous email forwarding, create unlimited email aliases for free
anon.li Alias - Open source, anonymous email alias/forwarding solution with PGP encryption, reply capability, 10 random & 1 custom alias on the free plan with developer API & CLI.
Antideo - 10 API requests per hour for email verification, IP, and phone number validation in the free tier. No Credit Cards are required.
Brevo - 9,000 emails/month, 300 emails/day free
Bump - Free 10 Bump email addresses, one custom domain
Burnermail - Free 5 Burner Email Addresses, 1 Mailbox, 7-day Mailbox History
Buttondown - Newsletter service. Up to 100 subscribers free
Conduit - Turn incoming emails into webhooks to trigger your API from emails. The service is completely free.
Contact.do - Contact form in a link (bitly for contact forms)
debugmail.io - Easy to use testing mail server for developers
dkimvalidator.com - Test if the email's DNS/SPF/DKIM/DMARC settings are correct, free service by roundsphere.com
DNSExit - Up to 2 Email addresses under your domain for free with 100MB of storage space. IMAP, POP3, SMTP, SPF/DKIM support.
EmailGuard - Block disposable emails, catch typos, and validate MX records via a simple API. 100 free requests/month.
EmailJS - This is not an entire email server; this is just an email client that you can use to send emails right from the client without exposing your credentials, the free tier has 200 monthly requests, 2 email templates, Requests up to 50Kb, Limited contacts history.
EmailLabs.io - Send up to 9,000 Emails for free every month, up to 300 emails daily.
EmailQo Email Infrastructure Grader - Free email infrastructure grader that checks SPF, DKIM, DMARC and mail server configuration. Scores any domain out of 100. No signup required.
EmailOctopus - Up to 2,500 subscribers and 10,000 emails per month free
Emailvalidation.io - 100 free email verifications per month
Emitlo - free 12,000 emails/month, Email API and SMTP, SPF/DKIM/DMARC support, No Credit Cards are required.
EtherealMail - Ethereal is a fake SMTP service, mainly aimed at Nodemailer and EmailEngine users (but not limited to). It's an entirely free anti-transactional email service where messages never get delivered.
forwardemail.net - Free email forwarding for custom domains. Create and forward an unlimited amount of email addresses with your domain name (note: You must pay if you use .casa, .cf, .click, .email, .fit, .ga, .gdn, .gq, .lat, .loan, .london, .men, .ml, .pl, .rest, .ru, .tk, .top, .work TLDs due to spam)
Imitate Email - Sandbox Email Server for testing email functionality across build/qa and ci/cd. Free accounts get 15 emails a day forever.
ImprovMX - Free email forwarding.
Inboxes App - Create up to 3 temporary emails a day, then delete them when you're done from within a handy Chrome extension. Perfect for testing signup flows.
inboxkitten.com - Free temporary/disposable email inbox, with up to 3-day email auto-deletes. Open source and can be self-hosted.
KaiMail - Email forwarding for custom domains with ARC/DKIM signing. Free plan includes 1 domain, 1 mailbox, 300 emails/month, and up to 1MB message size. Email receiving webhook also available. Special plans for open-source projects.
mail-tester.com - Test if the email's DNS/SPF/DKIM/DMARC settings are correct, 20 free/month.
Maileroo - SMTP relay and email API for developers. 5,000 emails per month, unlimited domains, free email verification, blacklist monitoring, mail tester and more.
mailcatcher.me - Catches mail and serves it through a web interface.
mailchannels.com - Email API with REST API and SMTP integrations, free for upto 3,000 emails/month.
Mailcheck.ai - Prevent users to sign up with temporary email addresses, 120 requests/hour (~86,400 per month)
Maildroppa - Up to 100 subscribers and unlimited emails as well as automations for free.
MailerLite.com - 1,000 subscribers/month, 12,000 emails/month free
MailerSend.com - Email API, SMTP, 3,000 emails/month free for transactional emails
mailinator.com - Free, public email system where you can use any inbox you want
Mailjet - 6,000 emails/month free (200 emails daily sending limit)
mailsac.com - Free API for temporary email testing, free public email hosting, outbound capture, email-to-slack/websocket/webhook (1,500 monthly API limit)
Mailtrap.io - Email API, SMTP, 3,500 emails/month free for transactional and marketing emails. Email Sandbox - fake SMTP server for development, free plan with one inbox, 100 messages, no team member, two emails/second, no forward rules.
Mutant Mail - Free 10 Email IDs, 1 Domain, 1 Mailbox. Single Mailbox for All Email IDs.
OneSignal - 10,000 emails/month,No Credit Cards are required.
Orbisearch - Free bulk email validator, 100 validations per day, no signup required.
Parsio.io - Free email parser (Forward email, extract the data, send it to your server)
Plunk - 3K emails/month for free
Postmark - 100 emails/month free, unlimited DMARC weekly digests.
Proton Mail - Free secure email account service provider with built-in end-to-end encryption. Free 1GB storage.
Resend - Transactional emails API for developers. 3,000 emails/month, 100 emails/day free, one custom domain.
SendBridge Mail Tester — Free email deliverability test with no signup. Generates a unique inbox address, then analyzes SPF, DKIM, DMARC, Rspamd spam score, 23+ RBL blacklists, reverse DNS, and content quality. Unlimited tests, results in seconds, shareable report pages.
Sender - Up to 15,000 emails/month, up to 2,500 subscribers
Sendpulse - 500 subscribers/month, 15,000 emails/month free
SendStreak - Email framework as a service, that adds templates, automations, history, etc to your own SMTP server (E.g. AWS, Maileroo, Gmail). Free up to 100 emails/day, no time limit.
SimpleLogin - Open source, self-hostable email alias/forwarding solution. Free 10 Aliases, unlimited bandwidth, unlimited reply/send. Free for educational staff (student, researcher, etc.).
Substack - Unlimited free newsletter service. Start paying when you charge for it.
Sweego - European transactional emails API for developers. 100 emails/day free.
temp-mail.io - Free disposable temporary email service with multiple emails at once and forwarding
Temp-Mail.org - Temporary / Disposable Mail Gen Utilizing a range variety of domain. Email Address refreshes everytime, the page is reloaded. It is entirely free and does not include any pricing for their services.
TempMailDetector.com - Verify up to 200 emails a month for free and see if an email is temporary or not.
trashmail.com - Free disposable email addresses with forwarding and automatic address expiration
Tuta - Free secure email account service provider with built-in end-to-end encryption, no ads, no tracking. Free 1GB storage, one calendar (Tuta also have an paid plan.). Tuta is also partially open source, so you can self-host.
Verifalia - Real-time email verification API with mailbox confirmation and disposable email address detector; 25 free email verifications/day.
verimail.io - Bulk and API email verification service. 100 free verifications/month
Waitlio - Waitlist management software for product launches. Create branded waitlist pages, collect and verify email subscribers, manage signups with tags and analytics. Free plan includes 100 subscribers/month, 1 waitlist, and API access.
Wraps - email automation workflows, 5k tracked events and unlimited contacts free.

⬆️ Back to Top

Feature Toggles Management Platforms

Abby - Open-Source feature flags & A/B testing. Configuration as Code & Fully Typed Typescript SDKs. Strong integration with Frameworks such as Next.js & React. Generous free tier and cheap scaling options.
ConfigCat - ConfigCat is a developer-centric feature flag service with unlimited team size, excellent support, and a reasonable price tag. Free plan up to 10 flags, two environments, 1 product, and 5 Million requests per month.
Flagsmith - Release features with confidence; manage feature flags across web, mobile, and server-side applications. Use our hosted API, deploy to your own private cloud, or run on-premise.
GrowthBook - Open source feature flag and A/B testing provider with built-in Bayesian statistical analysis engine. Free for up to 3 users, unlimited feature flags and experiments.
Rollgate - Feature flag management with scheduled releases, instant rollback, and A/B testing. 13 SDKs included. Free plan up to 500K API requests/month, unlimited flags, 3 team members, no credit card required.
Hypertune - Type-safe feature flags, A/B testing, analytics and app configuration, with Git-style version control and synchronous, in-memory, local flag evaluation. Free for up to 5 team members with unlimited feature flags and A/B tests.
Statsig - A robust platform for feature management, A/B testing, analytics, and more. Its generous free plan offers unlimited seats, flags, experiments, and dynamic configurations, supporting up to 1 million events per month.
Toggled.dev - Enterprise-ready, scalable multi-regional feature toggles management platform. Free plan up to 10 flags, two environments, unlimited requests. SDK, analytics dashboard, release calendar, Slack notifications, and all other features are included in the endless free plan.

⬆️ Back to Top

Font

Befonts - Provides several unique fonts for personal or commercial use.
Bunny - Privacy oriented Google Fonts
dafont - The fonts presented on this website are their authors' property and are either freeware, shareware, demo versions, or public domain.
Everything Fonts - Offers multiple tools; @font-face, Units Converter, Font Hinter and Font Submitter.
Font of web - Identify all the fonts used on a website and how they are used.
Font Squirrel - Freeware fonts licensed for commercial work. Hand-selected these typefaces and presented them in an easy-to-use format.
FontGet - Has a variety of fonts available to download and sorted neatly with tags.
fonts.xz.style - free and open source service for delivering font families to websites using CSS.
Fontsensei - Opensourced Google fonts tagged by users. With CJK (Chinese,Japanese, Korean) font tags.
Fontshare - is a free fonts service. It’s a growing collection of professional-grade fonts, 100% free for personal and commercial use.
Google Fonts - Many free fonts are easy and quick to install on a website via a download or a link to Google's CDN.

⬆️ Back to Top

Forms

FabForm - Form backend platform for intelligent developers. The free plan allows 250 form submissions per month. Friendly modern GUI. Integrates with Google Sheets, Airtable, Slack, Email, and others.
Feathery - Powerful, developer-friendly form builder. Build signup & login, user onboarding, payment flows, complex financial applications, and more. The free plan allows up to 250 submissions/month and five active forms.
feedback.fish - Free plan allows collecting 25 total feedback submissions. Easy to integrate with React and Vue components provided.
FluidForms - Form builder and backend with AI-driven logic. Free plan includes 100 responses per month, unlimited forms (including AI-created forms), webhooks, and embedding.
Form.taxi - Endpoint for HTML forms submissions. With notifications, spam blockers, and GDPR-compliant data processing. Free plan for basic usage.
Formcarry.com - HTTP POST Form endpoint, Free plan allows 100 monthly submissions.
Formester.com - Share and embed unique-looking forms on your website-no limits on the number of forms created or features restricted by the plan. Get up to 100 submissions every month for free.
Forminit - Headless form backend for developers. The free plan allows 50 form submissions per month including file uploads, server-side field validation, email notifications, spam protection and Zapier.
FormKeep.com - Unlimited forms with 50 monthly submissions, spam protection, email notification, and a drag-and-drop designer that can export HTML. Additional features include custom field rules, teams, and integrations to Google Sheets, Slack, ActiveCampaign, and Zapier.
formlets.com - Online forms, unlimited single page forms/month, 100 submissions/month, email notifications.
forms.app - Create online forms with powerful features like conditional logic, automatic score calculator, and AI. Collect up to 100 responses with a free plan, embed your forms on a website, or use them with a link.
formspark.io - Form to Email service, free plan allows unlimited forms, 250 submissions per month, support by Customer assistance team.
Formspree.io - Send email using an HTTP POST request. The free tier limits to 50 submissions per form per month.
Formsubmit.co - Easy form endpoints for your HTML forms. Free Forever. No registration is required.
Formware.io - Create fully-responsive and captivating forms in seconds, without knowing how to code, and collect unlimited responses for free!
HeroTofu.com - Forms backend with bot detection and encrypted archive. Forward submissions via UI to email, Slack, or Zapier. Use your own front end. No server code is required. The free plan gives unlimited forms and 100 submissions per month.
HeyForm.net - Drag and drop online form builder. The free tier lets you create unlimited forms and collect unlimited submissions. Comes with pre-built templates, anti-spam, and 100MB file storage.
Kwes.io - Feature rich form endpoint. Works great with static sites. The free plan includes up to 1 website with up to 50 monthly submissions.
Pageclip - The free plan allows one site, one form, and 1,000 monthly submissions.
SimplePDF.eu - Embed a PDF editor on your website and turn any PDF into a fillable form. The free plan allows unlimited PDFs with three submissions per PDF.
smartforms.dev - Powerful and easy form backend for your website, forever free plan allows 50 submissions per month, 250MB file storage, Zapier integration, CSV/JSON export, custom redirect, custom response page, Telegram & Slack bot, single email notifications.
staticforms.xyz - Integrate HTML forms easily without any server-side code for free. After the user submits the form, an email with the form content will be sent to your registered address.
Survicate - Pull feedback from all sources and send follow-up surveys with one tool. Automatically analyze feedback and extract insights with AI. Free email, website, in-product or mobile surveys, AI survey creator, and 25 monthly responses.
Tally.so - 99% of all the features are free. The free tier lets you have: unlimited forms, unlimited submissions, email notifications, form logic, collect payments, file upload, custom thank you page, and many more.
Typeform.com - Include beautifully designed forms on websites. The free plan allows only ten fields per form and 100 monthly responses.
Vidhook - Collect feedback using delightful surveys with high response rates. Free plan includes 1 active survey, 25 responses per survey and customizable templates.
WaiverStevie.com - Electronic Signature platform with a REST API. You can receive notifications with webhooks. Free plan watermarks signed documents but allow unlimited envelopes + signatures.
Web3Forms - Contact forms for Static & JAMStack Websites without writing backend code. The free plan allows Unlimited Forms, Unlimited Domains & 250 Submissions per month.
Wufoo - Quick forms to use on websites. The free plan has a limit of 100 submissions each month.
FormNX - Create unlimited forms get unlimited submissions free of cost. Use professionally created 1000+ form templates or create forms from scratch. Get features like email notifications, form logic, collect payments, file upload, custom thank you page, and many more.

⬆️ Back to Top

Generative AI

Arize AX - AI engineering platform that helps AI eng/PMs, evaluate, and observe AI applications and agents with built-in Alyx agent. Free product inlcudes 25k spans and ingestion volume of 1gb per month.
Audio Enhancer - AI-powered audio enhancer SaaS that removes noise and echo while preserving natural vocal clarity. totally Free: unlimited one-click enhancements, no login required, supports MP3/WAV/FLAC
Braintrust - Evals, prompt playground, and data management for Gen AI. Free plan gives upto 1,000 private eval rows/week.
Clair - Clinical AI Reference. Students have free access to the professional tool suite, which includes Open Search, Clinical Summary, Med Review, Drug Interactions, ICD-10 Codes, and Stewardship. Additionally, a free trial for the professional suite is available.
Comet Opik - Evaluate, test, and ship LLM applications across your dev and production lifecycles. #opensource
Keywords AI - The best LLM monitoring platform. One format to call 200+ LLMs with 2 lines of code. 10,000 free requests every month and $0 for platform features!
Langfuse - Open-source LLM engineering platform that helps teams collaboratively debug, analyze, and iterate on their LLM applications. Free forever plan includes 50k observations per month and all platform features. #opensource
Langtrace - enables developers to trace, evaluate, manage prompts and datasets, and debug issues related to an LLM application’s performance. It creates open telemetry standard traces for any LLM which helps with observability and works with any observability client. Free plan offers 50K traces/month.
LangWatch - A LLMOps platform helping AI teams measure, monitor, and optimize LLM applications for reliability, cost-efficiency, and performance. With a powerful DSPy component, we enable seamless collaboration between engineers and non-technical teams to fine-tune and productionize GenAI products. Free plan includes all platform features, 1k traces/month and 1 workflow DSPy optimizers. #opensource
Lumenfall.ai - AI media gateway providing unified access to leading image generation models via an OpenAI-compatible API. The platform itself is free to use with zero markup and no subscription fee. Inference costs for most models are billed at provider price, but FLUX.1 [schnell] FP8 is offered free forever with unlimited usage for registered users. Built-in failover and provider resilience included.
Maxim - An LLM evaluation and observability platform with agent simulation and prompt playground. Free tier offers 10k monthly logs, access to prompt playground, simulations and evaluations via BYOK.
Mediaworkbench.ai - MediaWorkbench.ai offers 100,000 free words for Azure OpenAI, DeepSeek, and Google Gemini models, enabling users to access powerful tools for code generation, deep research, and image creation.
OpenRouter - Provides various free AI models including DeepSeek R1, V3, Llama, and Moonshot AI. These models excel in natural language processing and are suitable for diverse development needs. Note that while these models are free to use, they are subject to rate limits. Additionally, OpenRouter offers paid models for more advanced requirements, for instance Claude, OpenAI, Grok, Gemini, and Nova.
Othor AI - An AI-native fast, simple, and secure alternative to popular business intelligence solutions like Tableau, Power BI, and Looker. Othor utilizes large language models (LLMs) to deliver custom business intelligence solutions in minutes. The Free Forever plan provides one workspace with five datasource connections for one user, with no limits on analytics. #opensource
Pollinations.AI - easy-to-use, free image generation AI with free API available. No signups or API keys required, and several option for integrating into a website or workflow. #opensource
Portkey - Control panel for Gen AI apps featuring an observability suite & an AI gateway. Send & log up to 10,000 requests for free every month.
ReportGPT - AI Powered Writing Assistant. The entire platform is free as long as you bring your own API key.
Zenable - Instantly auto-fix outputs from tools like Cursor, Windsurf, and Copilot to meet your company's quality and compliance standards using guardrails built with Policy as Code. The free tier includes 100 tools calls per day to the MCP server and 25 free automated pull request reviews per day via the GitHub App.

⬆️ Back to Top

CDN and Protection

bootstrapcdn.com - CDN for bootstrap, bootswatch and fontawesome.io
CacheFly - Up to 5 TB per month of Free CDN traffic, 19 Core PoPs , 1 Domain and Universal SSL.
cdnjs.com - Simple. Fast. Reliable. Content delivery at its finest. cdnjs is a free and open-source CDN service trusted by over 11% of all websites, powered by Cloudflare.
developers.google.com - The Google Hosted Libraries is a content distribution network for the most popular Open Source JavaScript libraries
Gcore - Global content delivery network, 1 TB and 1 million requests per month free and free DNS hosting
jsdelivr.com - A free, fast, and reliable open-source CDN. Supports npm, GitHub, WordPress, Deno, and more.
Microsoft Ajax - The Microsoft Ajax CDN hosts popular third-party JavaScript libraries such as jQuery and enables you to easily add them to your Web application
Namecheap Supersonic - Free DDoS protection
ovh.ie - Free DDoS protection and SSL certificate
PromoProxy - Free cloud Secure Web Gateway. Free plan includes up to 5 users and 1 GB per day.
raw.githack.com - A modern replacement of rawgit.com which simply hosts file using Cloudflare
Skypack - The 100% Native ES Module JavaScript CDN. Free for 1 million requests per domain per month.
statically.io - CDN for Git repos (GitHub, GitLab, Bitbucket), WordPress-related assets, and images
Stellate - Stellate is a blazing-fast, reliable CDN for your GraphQL API and free for two services.
toranproxy.com - Proxy for Packagist and GitHub. Never fail CD. Free for personal use, one developer, no support
UNPKG - CDN for everything on npm
weserv - An image cache & resize service. Manipulate images on the fly with a worldwide cache.

⬆️ Back to Top

PaaS

ampt.dev - Ampt lets teams build, deploy, and scale JavaScript apps on AWS without complicated configs or managing infrastructure. Free Preview plan includes 500 invocations hourly, 2,500 invocations daily and 50,000 invocations monthly. Custom domains are allowed only in the paid plans.
anvil.works - Web app development with nothing but Python. Free tier with unlimited apps and 30-second timeouts.
Apply.build - Build and deploy your GitHub app for free with 0.5 vCPUs / 512 MiB RAM, European servers, automatic firewall, real-time performance metrics. Run Node.js, Python, Go, Java, static sites, microservices, and more.
appwrite - Unlimited projects with no project pausing (supports websockets) and authentication service. 1 Database, 3 Buckets, 5 Functions per project in free tier.
boxd - Persistent Linux VMs accessible through SSH or CLI. Free tier includes 10 VMs at 2 vCPU / 8 GB RAM / 100 GB disk each, with a public HTTPS URL per VM (so no networking fuss) and the ability to fork any running machine. <30ms cold boot, <100ms fork, <1ms suspend/resume, EU-hosted & EU-made, idle VMs sleep to zero.
Clever Cloud - European PaaS with automated deployments, autoscaling, managed databases, and Git-based workflows. Includes €20 free credits at signup, a limited DEV plan with free MySQL and PostgreSQL databases, and free allowances for services like Heptapod and FS Buckets.
Choreo - AI-native internal developer platform as a service. The free tier includes up to 5 components and $100 credits per month.
codenameone.com - Open source, cross-platform, mobile app development toolchain for Java/Kotlin developers. Free for commercial use with an unlimited number of projects
Daestro - Run compute jobs across Cloud Providers & On-Prem. The free tier includes up to 10 concurrent job runs, 2 compute spawns, self-hosted compute, 1 cloud provider, 1 container registry and 1 cron job.
Deno Deploy - Distributed system that runs JavaScript, TypeScript, and WebAssembly at the edge worldwide. The free tier includes 100,000 requests per day and 100 GiB data transfers per month.
domcloud.co - Linux hosting service that provides CI/CD with GitHub, SSH, and MariaDB/Postgres database. The free version has 1 GB storage and 1 GB network/month limit and is limited to a free domain.
encore.dev - Backend framework using static analysis to provide automatic infrastructure, boilerplate-free code, and more. Includes free cloud hosting for hobby projects.
flightcontrol.dev - Deploy web services, databases, and more on your own AWS account with a Git push style workflow. Free tier for users with 1 developer on personal GitHub repos. AWS costs are billed through AWS, but you can use credits and the AWS free tier.
gigalixir.com - Gigalixir provides one free instance that never sleeps and a free-tier PostgreSQL database limited to 2 connections, 10, 000 rows and no backups for Elixir/Phoenix apps.
leapcell - Leapcell is a reliable distributed applications platform, providing everything you need to seamlessly support your rapid growth. The free plan includes 100k service invocations, 10k async tasks and 100k Redis commands.
Northflank - Build and deploy microservices, jobs, and managed databases with a powerful UI, API & CLI. Seamlessly scale containers from version control and external Docker registries. The free tier includes two services, two cron jobs and 1 database.
Ownkube - Free single-node k3s in your own AWS account, run apps, databases, workers with a git push. Use your AWS credits at peak efficiency.
pipedream.com - An integration platform built for developers. Develop any workflow based on any trigger. Workflows are code you can run for free. No server or cloud resources to manage.
pythonanywhere.com - Cloud Python app hosting. Beginner account is free, 1 Python web application at your-username.pythonanywhere.com domain, 512 MB private file storage, one MySQL database
WunderGraph - An open-source platform that allows you to quickly build, ship and manage modern APIs. Built-in CI/CD, GitHub integration, and automatic HTTPS. Up to 3 projects, 1GB egress, 300 minutes of build time per month on the free plan
YepCode - All-in-one platform to connect APIs and services in a serverless environment. It brings all the agility and benefits of NoCode tools but with all the power of using programming languages. The free tier includes 1.000 yeps.

⬆️ Back to Top

BaaS

Activepieces - Build automation flows to connect several apps together in your app's backend. For example, send a Slack message or add a Google Sheet row when an event fires in your app. Free up to 5,000 tasks per month.
back4app.com - Back4App is an easy-to-use, flexible and scalable backend based on Parse Platform.
backendless.com - Mobile and Web Baas, with 1 GB file storage free, push notifications of 50,000/month, and 1000 data objects in the table.
bismuth.cloud - Our AI will boostrap your Python API on our function runtime and hosted storage, build and host for free in our online editor or locally with your favorite tools.
Claw.cloud - A PaaS platform offering $5/month in free credits for users with a GitHub account older than 180 days. Perfect for hosting apps, databases, and more. (Signup Link with free credit).
connectycube.com - Unlimited chat messages, p2p voice & video calls, files attachments and push notifications. Free for apps up to 1000 users.
convex.dev - Reactive backend as a service, hosting your data (documents with relationships & serializable ACID transactions), serverless functions, and WebSockets to stream updates to various clients. Free for small projects - up to 1M records, 5M monthly function calls.
ETLR - Define, version, and deploy automation scripts using YAML. A developer-first alternative to drag-and-drop tools. Can be used for scheduled tasks, AI agents, and infrastructure monitoring. Free tier includes 100 credits/month.
Flutter Flow - Build your Flutter App UI without writing a single line of code. Also has a Firebase integration. The free plan includes full access to UI Builder and Free templates.
getstream.io - Build scalable In-App Chat, Messaging, Video and audio, and Feeds in a few hours instead of weeks
IFTTT - Automate your favorite apps and devices. Free 2 Applets
Integrately - Automate tedious tasks with a single click. Free 100 Tasks, 15 Minute
LeanCloud - Mobile backend. 1GB of data storage, 256MB instance, 3K API requests/day, and 10K pushes/day are free. (API is very similar to Parse Platform)
nhost.io - Serverless backend for web and mobile apps. The free plan includes PostgreSQL, GraphQL (Hasura), Authentication, Storage, and Serverless Functions.
onesignal.com - Unlimited free push notifications. 10,000 email sends per month, with unlimited contacts and access to Auto Warm Up.
paraio.com - Backend service API with flexible authentication, full-text search and caching. Free for one app, 1GB of app data.
pubnub.com - Free push notifications for up to 1 million messages/month and 100 active daily devices
pushbots.com - Push notification service. Free for up to 1.5 million pushes/month
pusher.com - Free, unlimited push notifications for 2000 monthly active users. A single API for iOS and Android devices.
simperium.com - Move data everywhere instantly and automatically, multi-platform, unlimited sending and storage of structured data, max. 2,500 users/month
Supabase - The Open Source Firebase Alternative to build backends. Free Plan offers Authentication, Realtime Database & Object Storage.
tyk.io - API management with authentication, quotas, monitoring and analytics. Free cloud offering
zapier.com - Connect the apps you use to automate tasks. Five zaps every 15 minutes and 100 tasks/month Update Time, five active automations, webhooks.

⬆️ Back to Top

Low-code Platform

appsmith - Low code project to build admin panels, internal tools, and dashboards. Integrates with 15+ databases and any API.
BudiBase - Budibase is an open-source low-code platform for creating internal apps in minutes. Supports PostgreSQL, MySQL, MSSQL, MongoDB, Rest API, Docker, K8s
Clappia - A low-code platform designed for building business process applications with customizable mobile and web apps. Offers a drag-and-drop interface, features like Offline Support, real-time location tracking and integration with various third-party services
lil'bots - write and run scripts online utilizing free built-in APIs like OpenAI, Anthropic, Firecrawl and others. Great for building AI agents / internal tooling and sharing with team. Free-tier includes full access to APIs, AI coding assistant and 10,000 execution credits / month.
manubes - Powerful no-code cloud platform with a focus on industrial production management. Free for one user with 1 million workflow activities a month (also available in german).
Mendix - Rapid Application Development for Enterprises, unlimited accessible sandbox environments supporting total users, 0.5 GB storage and 1 GB RAM per app. Also, Studio and Studio Pro IDEs are allowed in the free tier.
outsystems.com - Enterprise web development PaaS for on-premise or cloud, free "personal environment" offering allows for unlimited code and up to 1 GB database
ReTool - Low-code platform for building internal applications. Retool is highly hackable. If you can write it with JavaScript and an API, you can make it in Retool. The free tier allows up to five users per month, unlimited apps and API connections.
ToolJet - Extensible low-code framework for building business applications. Connect to databases, cloud storages, GraphQL, API endpoints, Airtable, etc., and build apps using drag-and-drop application builder.
UI Bakery - Low-code platform that enables faster building of custom web applications. Supports building UI using drag and drop with a high level of customization through JavaScript, Python, and SQL. Available as both cloud and self-hosted solutions. Free for up to 5 users.

⬆️ Back to Top

Web Hosting

Alwaysdata - 1 GB free web hosting with support for MySQL, PostgreSQL, RabbitMQ, .NET, Deno, Elixir, Go, Java, Lua, Node.js, PHP, Python, Ruby, Rust. Custom web servers, access via FTP, WebDAV and SSH. Mailbox, mailing list and app installer included. No custom domain on free plan.
Awardspace.com - Free web hosting + a free short domain, PHP, MySQL, App Installer, Email Sending & No Ads.
Bubble - Visual programming to build web and mobile apps without code, free with Bubble branding.
dAppling Network - Decentralized web hosting platform for Web3 frontends focusing on increasing uptime and security and providing an additional access point for users.
DigitalOcean - Build and deploy three static sites for free on the App Platform Starter tier.
FreeFlarum - Community-powered free Flarum hosting for up to 250 users (donate to remove the watermark from the footer).
Kinsta Static Site Hosting - Deploy up to 100 static sites for free, custom domains with SSL, 100 GB monthly bandwidth, 260+ Cloudflare CDN locations.
MDB GO - Free hosting for one project with two weeks Container TTL, 500 MB RAM per project, SFTP - 1G disk space.
Neocities - Static, 1 GB free storage with 200 GB Bandwidth.
Netlify - Builds, deploys and hosts static site/app free for 300 credits/month (equals 30 GB bandwidth).
Oaysus - Visual page builder for developer-built React, Vue, or Svelte components. Free tier includes 1 site with unlimited pages, form submissions, and global CDN hosting.
PandaStack - An eco-system for developers includes web hosting in different formats (static web hosting, container based web hosting, wordpress and so many other managed apps available in couple of clicks ). One free web hosting (static or containered) and one free database with 100GB Bandwidth and 300 Build mins/month.
pantheon.io - Drupal and WordPress hosting, automated DevOps, and scalable infrastructure. Free for developers and agencies. No custom domain.
Qoddi - PaaS service similar to Heroku with a developer-centric approach and all-inclusive features. Free tier for static assets, staging, and developer apps.
readthedocs.org - Free documentation hosting with versioning, PDF generation, and more
render.com - Unified cloud to build and run apps and sites with free SSL, a global CDN, private networks, auto-deploys from Git, and completely free plans for web services, databases, and static web pages.
SourceForge - Find, Create, and Publish Open Source software for free
surge.sh - Static web publishing for Front-End developers. Unlimited sites with custom domain support
tilda.cc - One site, 50 pages, 50 MB storage, only the main pre-defined blocks among 170+ available, no fonts, no favicon, and no custom domain
Vercel - Build, deploy, and host web apps with free SSL, global CDN, and unique Preview URLs each time you git push. Perfect for Next.js and other Static Site Generators.
Versoly - SaaS-focused website builder - unlimited websites, 70+ blocks, five templates, custom CSS, favicon, SEO and forms. No custom domain.

⬆️ Back to Top

DNS

1.1.1.1 - Free public DNS Resolver, which is fast and secure (encrypt your DNS query), provided by Cloudflare. Useful to bypass your internet provider's DNS blocking, prevent DNS query spying, and to block adult & malware content. It can also be used via API. Note: Just a DNS resolver, not a DNS hoster.
1984.is - Free DNS service with API and lots of other free DNS features included.
cloudns.net - Free DNS hosting up to 1 domain with 50 records
deSEC - Free DNS hosting with API support, designed with security in mind. Runs on open-source software and is supported by SSE.
dns.he.net - Free DNS hosting service with Dynamic DNS Support
dnspod.com - Free DNS hosting.
duckdns.org - Free DDNS with up to 5 domains on the free tier. With configuration guides for various setups.
Dynv6.com - Free DDNS service with API support and management of a lot of dns record types (like CNAME, MX, SPF, SRV, TXT and others).
freedns.afraid.org - Free DNS hosting. Also, provide free subdomains based on numerous public user contributed domains. Get free subdomains from the "Subdomains" menu after signing up.
Glauca - Free DNS hosting for up to 3 domains and DNSSEC support
Hetzner - Free DNS hosting from Hetzner with API support.
huaweicloud.com - Free DNS hosting by Huawei
LocalCert - Free .localcert.net subdomains compatible with public CAs for use with-in private networks
luadns.com - Free DNS hosting, three domains, all features with reasonable limits
namecheap.com - Free DNS. No limit on the number of domains
nextdns.io - DNS-based firewall, 300K free queries monthly
noip.at - Free DDNS service without registration, tracking, logging or advertising. No limit to domains.
noip - a dynamic DNS service that allows up to 3 hostnames free with confirmation every 30 days
sslip.io - Free DNS service that when queried with a hostname with an embedded IP address returns that IP address.
VolaryDDNS - Free high-performant DDNS with no subscriptions or advertisements
zilore.com - Free DNS hosting for 5 domains.
zoneedit.com - Free DNS hosting with Dynamic DNS Support.
Zonomi - Free DNS hosting service with instant DNS propagation. Free plan: 1 DNS zone (domain name) with up to 10 DNS records.

⬆️ Back to Top

Domain

DigitalPlat - Free subdomains.
isroot.in - Free isroot.in subdomains.
pp.ua - Free pp.ua subdomains.

⬆️ Back to Top

IaaS

4EVERLAND - Compatible with AWS S3 - APIs, interface operations, CLI, and other upload methods, upload and store files from the IPFS and Arweave networks in a safe, convenient, and efficient manner. Registered users can get 6 GB of IPFS storage and 300MB of Arweave storage for free. Any Arweave file uploads smaller than 150 KB are free.
backblaze.com - Backblaze B2 cloud storage. Free 10 GB (Amazon S3-like) object storage for unlimited time
C2 Object Storage - S3 compatibility object storage. 15 GB free storage and 15 GB downloads per month.
filebase.com - S3 Compatible Object Storage Powered by Blockchain. 5 GB free storage for an unlimited duration.
Modal - AI-driven IaaS with generous compute, storage; offers $30 (might be limited to $5 on certain accounts) of free monthly credits

⬆️ Back to Top

Managed Data Services

8base.com - 8base is a full-stack low-code development platform built for JavaScript developers built on top of MySQL and GraphQL and serverless backend-as-a-service. It allows you to start building web applications quickly using a UI app builder and scale quickly, The Free tier includes rows: 2,500, Storage: 500, Serverless computing: 1Gb/h, and client app users: 5.
airtable.com - Looks like a spreadsheet, but it's a relational database unlimited bases, 1,200 rows/base, and 1,000 API requests/month
Aiven - Aiven offers free PostgreSQL, MySQL and Valkey (Redis compatible) plans on its open-source data platform. Single node, 1 CPU, 1GB RAM, and for PostgreSQL and MySQL, 1GB storage. Easy migration to more extensive plans or across clouds.
CockroachDB Cloud - Free tier offers 50 million RUs and 10 GiB of storage (same as 15$ worth) free per month. (What's the Request Units)
codehooks.io - Easy to use JavaScript serverless API/backend and NoSQL database service with functions, Mongdb-ish queries, key/value lookups, a job system, realtime messages, worker queues, a powerful CLI and a web-based data manager. Free plan has 5GB storage and 60/API calls per minute. 2 developers included. No credit-card required.
Couchbase Capella - deploy a forever free tier fully managed database cluster with 1 node and 8GB storage, built for developers to create the next generation of applications across IoT to AI
CrateDB - Distributed Open Source SQL database for real-time analytics. Free Tier CRFREE: One-node with 2 CPUs, 2 GiB of memory, 8 GiB of storage. One cluster per organization, no payment method needed.
filess.io - filess.io is a platform where you can create two databases with up to 10 MB per database of the following DBMS for free: MySQL, MariaDB, MongoDB, and PostgreSQL.
InfluxDB - Timeseries database, free up to 3MB/5 minutes writes, 30MB/5 minutes reads and 10,000 cardinalities series
MemCachier - Managed Memcache service. Free for up to 25MB, 1 Proxy Server, and basic analytics
MongoDB Atlas - free tier gives 512 MB
Neo4j Aura - Managed native Graph DBMS / analytics platform with a Cypher query language and a REST API. Limits on graph size (200k nodes, 400k relationships).
Neon - Managed PostgreSQL, 0.5 GB of storage per project, 100 Projects ,10 branches per project, Unlimited Databases, always-available primary branch ( Auto suspend after 5 minutes), 20 hours of Active time per month (total) for non-primary branch compute.
Nile - A Postgres platform for B2B apps. Unlimited databases, Always available with no shutdown, 1GB of storage (total), 50 million query tokens, autoscaling, unlimited vector embeddings
Prisma Postgres - Super fast hosted Postgres built on unikernels and running on bare metal, 500MB total storage, 5 databases, integrated with Prisma ORM.
Qdrant - Vector Database for embedding data, single node cluster with 0.5 vCPU, 1GB RAM, and 4GB disk.
restdb.io - a fast and straightforward NoSQL cloud database service. With restdb.io you get schema, relations, automatic REST API (with MongoDB-like queries), and an efficient multi-user admin UI for working with data. The free plan allows 3 users, 2500 records, and 1 API request per second.
Rivestack - Managed PostgreSQL with pgvector optimized for AI workloads. The free tier includes 2GB storage, daily snapshots, 14-day point-in-time recovery, and a built-in SQL editor that converts search queries to vector embeddings.
SeaTable - Flexible, Spreadsheet-like Database built by the Seafile team. unlimited tables, 2,000 lines, 1-month versioning, up to 25 team members.
skyvia.com - Cloud Data Platform offers a free tier and all plans are completely free while in beta
StackBy - One tool that combines spreadsheets' flexibility, databases' power, and built-in integrations with your favorite business apps. The free plan includes unlimited users, ten stacks, and a 2GB attachment per stack.
Tinybird - A serverless managed ClickHouse with connection-less data ingest over HTTP and lets you publish SQL queries as managed HTTP APIs. There is no time limit on free-tier, 10GB storage + 1000 API requests per day.
Turso by ChiselStrike - Turso is SQLite Developer Experience in an Edge Database. Turso provides a Free Forever starter plan, 9 GB of total storage, Up to 500 databases, Up to 3 locations, 1 billion row reads per month, and Local development support with SQLite.
Upstash - Serverless Redis with free tier up to 500K monthly commands, 256MB max database size, and 20 concurrent connections

⬆️ Back to Top

Tunneling, WebRTC, Web Socket Servers and Other Routers

btunnel - Expose localhost and local tcp server to the internet. Free plan includes file server, custom http request and response headers, basic auth protection and 1 hour tunnel timeout.
cname.dev - Free and secure dynamic reverse proxy service.
conveyor.cloud - Visual Studio extension to expose IIS Express to the local network or over a tunnel to a public URL.
Expose - Expose local sites via secure tunnels. The free plan includes an EU Server, Random subdomains, and Single users.
Hamachi - LogMeIn Hamachi is a hosted VPN service that lets you securely extend LAN-like networks to distributed teams with a free plan that allows unlimited networks with up to 5 people
Hookdeck - Develop, test, and monitor your webhooks from anywhere. 100K requests and 100K attempts per month with three days retention.
localhost.run - Expose locally running servers over a tunnel to a public URL.
localtunnel - Expose locally running servers over a tunnel to a public URL. Free hosted version, and open source.
LocalXpose - Reverse proxy that enables you to expose your localhost servers to the internet. The free plan has 15 minutes tunnel lifetime.
ngrok.com - Expose locally running servers over a tunnel to a public URL.
Pinggy - Public URLs for localhost with a single command, no downloads required. HTTPS / TCP / TLS tunnels. The free plan has 60 minutes tunnel lifetime.
Radmin VPN - Connect multiple computers together via a VPN-enabling LAN-like network. Unlimited peers. (Hamachi alternative)
serveo - Expose local servers to the internet. No installation, no signup. Free subdomain, no limits.
stun:global.stun.twilio.com:3478?transport=udp - Twilio STUN
stun:stun.l.google.com:19302 - Google STUN
Tailscale - Zero config VPN, using the open-source WireGuard protocol. Installs on MacOS, iOS, Windows, Linux, and Android devices. Free plan for personal use with 100 devices and three users.
webhookrelay.com - Manage, debug, fan-out, and proxy all your webhooks to public or internal (i.e. localhost) destinations. Also, expose servers running in a private network over a tunnel by getting a public HTTP endpoint (https://yoursubdomain.webrelay.io <----> http://localhost:8080).
Xirsys - Unlimited STUN usage + 500 MB monthly TURN bandwidth, capped bandwidth, single geographic region.
ZeroTier - FOSS managed virtual Ethernet as a service. Unlimited end-to-end encrypted networks of 25 clients on the free plan. Clients for desktop/mobile/NA; web interface for configuration of custom routing rules and approval of new client nodes on private networks

⬆️ Back to Top

Issue Tracking and Project Management

acunote.com - Free project management and SCRUM software for up to 5 team members
asana.com - Free for private project with collaborators
Backlog - Everything your team needs to release great projects in one platform. The free plan offers 1 Project with ten users & 100MB of storage.
Basecamp - To-do lists, milestone management, forum-like messaging, file sharing, and time tracking. Up to 3 projects, 20 users, and 1GB of storage space.
bitrix24.com - Intranet and project management tool. The free plan has 5GB for unlimited users.
cacoo.com - Online real-time diagrams: flowchart, UML, network. Free max. 15 users/diagram, 25 sheets
clickup.com - Project management. Free, premium version with cloud storage. Mobile applications and Git integrations are available.
Clockify - Time tracker and timesheet app that lets you track work hours across projects. Unlimited users, free forever.
Cloudcraft - Design a professional architecture diagram in minutes with the Cloudcraft visual designer, optimized for AWS with intelligent components that show live data too. Free plan has unlimited private diagrams for single user.
Confluence - Atlassian's content collaboration tool is used to help teams collaborate and share knowledge efficiently. Free plan for up to 10 users.
Crosswork - Versatile project management platform. Free for up to 3 projects, unlimited users, 1 GB storage.
diagrams.net - Online diagrams stored locally in Google Drive, OneDrive, or Dropbox. Free for all features and storage levels
easyretro.io - Simple and intuitive sprint retrospective tool. The free plan has three public boards and one survey per board per month.
freedcamp.com - tasks, discussions, milestones, time tracking, calendar, files and password manager. Free plan with unlimited projects, users, and file storage.
GForge - Project Management and issue Tracking toolset for complex projects with self-premises and SaaS options. SaaS free plan offers the first five users free & free for Open Source Projects.
gleek.io - Free description-to-diagrams tool for developers. Create informal UML class, object, or entity-relationship diagrams using your keyword.
GraphQL Inspector - GraphQL Inspector outputs a list of changes between two GraphQL schemas. Every difference is precisely explained and marked as breaking, non-breaking, or dangerous.
Helploom - Customer support software that offers a live chat on the free forever plan. Simple, lightweight and beautiful. Setup is a simple copy-paste script. Built by a developer.
Hygger - Project management platform. The free plan offers unlimited users, projects & boards with 100 MB of Storage.
Ilograph - interactive diagrams that allow users to see their infrastructure from multiple perspectives and levels of detail. Charts can be expressed in code. The free tier has unlimited private diagrams with up to 3 viewers.
Jira - Advanced software development project management tool used in many corporate environments. Free plan for up to 10 users.
kan.bn - A powerful, flexible kanban app that helps you organise work, track progress, and deliver results-all in one place. Free plan up to 1 user for unlimited boards, unlimited lists, unlimited cards.
kanbanflow.com - Board-based project management. Free, premium version with more options
kanbantool.com - Kanban board-based project management. The free plan has two boards and two users, without attachments or files.
Kitemaker.co - Collaborate through all phases of the product development process and keep track of work across Slack, Discord, Figma, and Github. Unlimited users, unlimited spaces. Free plan up to 250 work items.
Kiter.app - Let anyone organize their job search and track interviews, opportunities, and connections. Powerful web app and Chrome extension. Completely free.
Kumu.io - Relationship maps with animation, decorations, filters, clustering, spreadsheet imports, etc. The free tier allows unlimited public projects. Graph size unlimited. Free private projects for students. Sandbox mode is available if you prefer not to leave your file publicly online (upload, edit, download, discard).
leiga.com - Leiga is a SaaS product that uses AI to automatically manage your projects, helping your team stay focused and unleash immense potential, ensuring your projects progress as planned. Free for up to 10 users, 20 custom fields, 2GB of storage space, Video Recording with AI limited to 5 mins/video, Automation Runs at 20/user/month.
Linear - Issue tracker with a streamlined interface. Free for unlimited members, up to 10MB file upload size, 250 issues (excluding Archive)
Lucidchart - An online diagram tool with collaboration features. Free plan with three editable documents, 100 professional templates, and basic collaboration features.
MeisterTask - Online task management for teams. Free up to 3 projects and unlimited project members.
MeuScrum - Free online scrum tool with kanban board
nTask - Project management software that enables your teams to collaborate, plan, analyze, and manage everyday tasks. The essential plan is free forever with 100 MB storage and five users/teams. Unlimited workspaces, meetings, assignments, timesheets, and issue tracking.
Plane - Plane is a simple, extensible, open-source project and product management tool. Free for unlimited members, up to 5MB file upload size, 1000 issues.
planitpoker.com - Free online planning poker (estimation tool)
point.poker - Online Planning Poker (consensus-based estimation tool). Free for unlimited users, teams, sessions, rounds, and votes. You don't need to register.
Pulse.red - Free Minimalistic Time Tracker and Timesheet app for projects.
ScrumFast - Scrum board with a very intuitive interface, free up to 5 users.
Sflow - sflow.io is a project management tool built for agile software development, marketing, sales, and customer support, especially for outsourcing and cross-organization collaboration projects. Free plan up to 3 projects and five members.
Shake - In-app bug reporting and feedback tool for mobile apps. Free plan, ten bug reports per app/month.
Shortcut - Project management platform. Free for up to 10 users forever.
taiga.io - Project management platform for startups and agile developers, free for Open Source
taskade.com - Real-time collaborative task lists and team outlines. The free plan has one workspace with unlimited tasks and projects; 1GB file storage; 1-week project history; and five attendees per video meeting.
Teaminal - Standup, retro, and sprint planning tool for remote teams. Free for up to 15 users.
teamwork.com - Project management & Team Chat. Free for five users and two projects. Premium plans are available.
teleretro.com - Simple and fun retrospective tool with icebreakers, gifs and emojis. The free plan includes three retros and unlimited members.
Tenzu - Lightweight project management tool for agile teams. The SaaS relies on free contributions; users can always choose to give 0 and there is no features paywall {more details}
titanapps.io - productivity tools for Jira and monday.com offering structured checklists, templates, and approvals inside issues/tasks. Free plan available for small teams.
todoist.com - Collaborative and individual task management. The free plan has: 5 active projects, five users in the project, file uploading up to 5MB, three filters, and one week of activity history.
Toggl - Provides two free productivity tools. Toggl Track for time management and tracking app with a free plan provides seamless time tracking and reporting designed with freelancers in mind. It has unlimited tracking records, projects, clients, tags, reporting, and more. And Toggl Plan for task planning with a free plan for solo developers with unlimited tasks, milestones, and timelines.
trello.com - Board-based project management. Unlimited Personal Boards, 10 Team Boards.
Tweek - Simple Weekly To-Do Calendar & Task Management.
Wikifactory - Product designing Service with Projects, VCS & Issues. The free plan offers unlimited projects & collaborators and 3GB storage.
Yodiz - Agile development and issue tracking. Free up to 3 users, unlimited projects.
YouTrack - Free hosted YouTrack (InCloud) for FOSS projects and private projects (free for three users). Includes time tracking and agile boards
zenhub.com - The only project management solution inside GitHub. Free for public repos, OSS, and nonprofit organizations
zenkit.com - Project management and collaboration tool. Free for up to 5 members, 5 GB attachments.
Zube - Project management with free plan for 4 Projects & 4 users. GitHub integration is available.

⬆️ Back to Top

Storage and Media Processing

AndroidFileHost - Free file-sharing platform with unlimited speed, bandwidth, file count, download count, etc. It is mainly aimed for Android dev-related files like APK build, custom ROM & modifications, etc. But seems to accept any other files as well.
anon.li Drop - Zero-knowledge E2EE file sharing with client-side AES-256-GCM encryption and zero server-side data access. Free uploads for files up to 5GB with max expiry up to 3 days through the website, CLI or API.
borgbase.com - Simple and secure offsite backup hosting for Borg Backup. 10 GB free backup space and two repositories.
cloudinary.com - Image upload, powerful manipulations, storage, and delivery for sites and apps, with Ruby, Python, Java, PHP, Objective-C, and more libraries. The free tier includes 25 monthly credits. One credit equals 1,000 image transformations, 1 GB of storage, or 1 GB of CDN usage.
degoo.com - AI based cloud storage with free up to 20 GB, three devices, 5 GB referral bonus (90 days account inactivity).
Dropshare - Zero-knowledge file sharing. End-to-end encrypted file sharing with AES-256-GCM encryption, client-side processing, and zero server-side data access. Free uploads for files up to 1GB with no data collection.
embed.ly - Provides APIs for embedding media in a webpage, responsive image scaling, and extracting elements from a webpage. Free for up to 5,000 URLs/month at 15 requests/second
Ente - Ente is an end-to-end encrypted cloud for photos, videos and 2FA secrets. Can also be self-hosted along with a generous forever free-tier of 10GB. For free tier users, only single replica of data is kept.
FileShot.io - Zero-knowledge encrypted file sharing. AES-256-GCM browser-side encryption ensures files are encrypted in-browser before upload. No account required for sender or recipient. Self-hostable (MIT open-source). Free tier includes unlimited uploads with no file size restrictions.
file.io - 2 GB storage of files. A file is auto-deleted after one download. REST API to interact with the storage. Rate limit one request/minute.
freetools.site - Free online tools. Convert or edit documents, images, audio, video, and more.
getpantry.cloud - A simple JSON data storage API perfect for personal projects, hackathons, and mobile apps!
GoFile.io - Free file sharing and storage platform can be used via web-based UI & also API. unlimited file size, bandwidth, download count, etc. But it will be deleted when a file becomes inactive (no download for more than ten days).
gumlet.com - Image and video hosting, processing and streaming via CDN. Provides generous free tier of 250 GB / month for videos and 30 GB / month for images.
icedrive.net - Simple cloud storage service. 10 GB free storage
image-charts.com - Unlimited image chart generation with a watermark
ImageEngine - ImageEngine is an easy to use global image CDN. Sub 60 sec setup. AVIF and JPEGXL support, WordPress-, Magento-, React-, Vue- plugins and more. Claim your free developer account here.
imagekit.io - Image CDN with automatic optimization, real-time transformation, and storage that you can integrate with existing setup in minutes. The free plan includes up to 20GB of bandwidth per month.
ImgBB - ImgBB is an unlimited image hosting service. Drag and drop your image anywhere on the screen. 32 MB / image limit. Receive Direct image links, BBCode and HTML thumbnails after uploading image. Login to see the upload history.
Imgbot - Imgbot is a friendly robot that optimizes your images and saves you time. Optimized images mean smaller file sizes without sacrificing quality. It's free for open source.
imgen - On the fly image generation API (text over background, logo) for opengraph images, free, no watermark, CDN
imgix - Image Caching, management and CDN. Free plan includes 1000 origin images, infinite transformations and 100 GB bandwidth
internxt.com - Internxt Drive is a zero-knowledge file storage service based on absolute privacy and uncompromising security. Sign up and get 10 GB for free, forever!
kraken.io - Image optimization for website performance as a service, free plan up to 1 MB file size
LibreQR - Free QR code generator focused on privacy and no tracking. Free to use with no data collection.
MConverter - Convert files in bulk. Supports many formats, including AVIF and JXL. Extract image frames from videos. Compress PDFs. Free for 15 files per 24h, up to 100 MB each, processed in batches of eight.
nitropack.io - Accelerate your site's speed on autopilot with complete front-end optimization (caching, images and code optimization, CDN). Free for up to 5,000 pageviews/month
npoint.io - JSON store with collaborative schema editing
MantleDB - Anonymous JSON storage for scripts and tiny apps. No signup required; uses Master AID for updates and Read-Only RID for public fetching. Free tier includes 1 bucket (1MB limit) with a 72h inactivity scavenger policy.
otixo.com - Encrypt, share, copy, and move all your cloud storage files from one place. The basic plan provides unlimited file transfer with 250 MB max. file size and allows five encrypted files
packagecloud.io - Hosted Package Repositories for YUM, APT, RubyGem and PyPI. Limited free plans and open-source plans are available via request
pcloud.com - Cloud storage service. Up to 10 GB of free storage
Pinata IPFS - Pinata is the simplest way to upload and manage files on IPFS. Our friendly user interface and IPFS API make Pinata the easiest IPFS pinning service for platforms, creators, and collectors. 1 GB storage free, along with access to API.
plot.ly - Graph and share your data. The free tier includes unlimited public files and ten private files
podio.com - You can use Podio with a team of up to five people and try out the features of the Basic Plan, except user management
Proton Drive - Ultra-secure cloud storage for files and key documents. Free plan offers 5gb of storage space.
QRME.SH - Fast, beautiful bulk QR code generator - no login, no watermark, no ads. Up to 100 URLs per bulk export.
QRtracer - Free QR code generator with built-in scan analytics, bulk generation & brand customisation, focused on reliability without any ads.
QuickChart - Generate embeddable image charts, graphs, and QR codes
redbooth.com - P2P file syncing, free for up to 2 users
resmush.it - reSmush.it is a FREE API that provides image optimization. reSmush.it has been implemented on the most common CMS such as WordPress, Drupal, or Magento. reSmush.it is the most used image optimization API with more than seven billion images already treated, and it is still Free of charge.
sirv.com - Smart Image CDN with on-the-fly image optimization and resizing. The free tier includes 500 MB of storage and 2 GB of bandwidth.
SlingSite - Create all the optimized versions of your images and videos. For Free. In bulk. For each image, you get the following formats: AVIF, WEBP and JPG in the three selected resolutions (desktop, tablet, mobile) For videos, you get: WebM (codec VP9), MP4 (codec HEVC aka H.265) and MP4 (codec AVC aka H.264) plus the cover image with the first frame.
sync.com - End-to-End cloud storage service. 5 GB of free storage
tinypng.com - API to compress and resize PNG and JPEG images, offers 500 compressions for free each month
transloadit.com - Handles file uploads and encoding of video, audio, images, documents. Free for Open source, charities, and students via the GitHub Student Developer Pack. Commercial applications get 2 GB free for test driving
twicpics.com - Responsive images as a service. It provides an image CDN, a media processing API, and a frontend library to automate image optimization. The service is free for up to 3GB of traffic/per month.
uploadcare.com - Uploadcare provides the media pipeline with the ultimate toolkit based on cutting-edge algorithms. All features are available for developers absolutely for free: File Uploading API and UI, Image CDN and Origin Services, Adaptive Delivery, and Smart Compression. The free tier has 3000 uploads, 3 GB traffic, and 3 GB storage.
VaocherApp QR Code Generator - Easily create custom QR codes for gift cards, gift vouchers, and promotions. Support custom styling, color, logo...

⬆️ Back to Top

Design and UI

BoxySVG - A free installable Web app for drawing SVGs and exporting in SVG, PNG, jpeg, and other formats.
Calendar Icons Generator - Generate an entire year's worth of unique icons in a single click, absolutely FREE
Canva - Free online design tool to create visual content.
CodedThemes - Offers a well-crafted admin dashboard & and UI kits designed to simplify and speed up modern web development.
Excalidraw - A free online drawing document web page with free save to local and export support.
figma.com - Online, collaborative design tool for teams; free tier includes unlimited files and viewers with a max of 2 editors and three projects.
Flows - A fully customizable product adoption platform for building onboarding and user engagement experiences. Free for up to 250 monthly tracked users.
landen.co - Generate, edit, and publish beautiful websites and landing pages for your startup. All without code. The free tier allows you to have one website, fully customizable and published on the web.
lensdump.com - Free cloud image hosting.
Logo.dev - Company logo API with 44M+ brands that's as easy as calling a URL. First 10,000 API calls are free.
marvelapp.com - Design, prototyping, and collaboration, free plan limited to one user and project.
Mindmup.com - Unlimited mind maps for free and store them in the cloud. Your mind maps are available everywhere, instantly, from any device.
Mockplus iDoc - Mockplus iDoc is a powerful design collaboration & handoff tool. Free Plan includes three users and five projects with all features available.
Modeldraw.com - Complete diagramming platform with UML, system architecture, flowcharts, mind maps, and Agile workflows. Real-time collaboration with unlimited team members, no credit card required.
photopea.com - A Free, Advanced online design editor with Adobe Photoshop UI supporting PSD, XCF & Sketch formats (Adobe Photoshop, Gimp and Sketch App).
Plasmic - A fast, easy-to-use, robust web design tool and page builder that integrates into your codebase. Build responsive pages or complex components; optionally extend with code; and publish to production sites and apps.
Proto.io - Create fully interactive UI prototypes without coding. The free tier is available when the free trial ends. The free tier includes one user, one project, five prototypes, 100MB of online storage, and a preview of the proto.io app.
Quant Ux - Quant Ux is a prototyping and design tool. - It's completely free and also open source.
Shadcn Studio - Preview your theme changes across different components and layouts.
smartmockups.com - Create product mockups, 200 free mockups.
TeleportHQ - Low-code Front-end Design & Development Platform. TeleportHQ is the collaborative front-end platform to instantly create and publish headless static websites. Three free projects, unlimited collaborators, and free code export.
Unicorn Platform - Effortless landing page builder with hosting. One website for free.
Updrafts.app - WYSIWYG website builder for tailwindcss-based designs. Free for non-commercial usage.
Webflow - WYSIWYG website builder with animations and website hosting. Free for two projects.
Webstudio - Open-source alternative to Webflow. The free plan offers unlimited websites on their domain. Five websites with custom domains. Ten thousand page views/month. 2 GB asset storage.
whimsical.com - Collaborative flowcharts, wireframes, sticky notes and mind maps. Create up to 4 free boards.
Zeplin - Designer and developer collaboration platform. Show designs, assets, and style guides. Free for one project.
WrapPixel - Download High Quality Free and Premium Admin dashboard template created with Angular, React, VueJs, NextJS, and NuxtJS! HTML Themes and UI Kits to create your applications faster!
Themeselection - Selected high quality, modern design, professional and easy-to-use Free Admin Dashboard Template,
AdminMart - High-Quality Free and Premium Admin Dashboard and Website Templates created with Angular, Bootstrap, React, VueJs, NextJS, and NuxtJS!

⬆️ Back to Top

Data Visualization on Maps

Clockwork Micro - Map tools that work like clockwork. Fifty thousand free monthly queries (map tiles, db2vector, elevation).
Foursquare - Location discovery, venue search, and context-aware content from Places API and Pilgrim SDK.
geoapify.com - Vector and raster map tiles, geocoding, places, routing, isolines APIs. Three thousand free requests/day.
geocod.io - Geocoding via API or CSV Upload. Two thousand five hundred free queries/day.
geocodify.com - Geocoding and Geoparsing via API or CSV Upload. 10k free queries/month.
geojs.io - Highly available REST/JSON/JSONP IP Geolocation lookup API.
Geokeo api - Geocoding API with language correction and more. Worldwide coverage. 2,500 free daily queries
graphhopper.com - A free developer package is offered for Routing, Route Optimization, Distance Matrix, Geocoding, and Map Matching.
here - APIs and SDKs for maps and location-aware apps. 250k transactions/month for free.
IP Geolocation - Free DEVELOPER plan available with 30K requests/month.
ipstack - Locate and identify Website Visitors by IP Address
locationiq.com - Geocoding, Maps, and Routing APIs. Five thousand requests/day for free.
mapbox.com - Maps, geospatial services and SDKs for displaying map data.
maps.stamen.com - Free map tiles and tile hosting.
maptiler.com - Vector maps, map services and SDKs for map visualization. Free vector tiles with weekly updates and four map styles.
nominatim.org - OpenStreetMap's free geocoding service, providing global address search functionality and reverse geocoding capabilities.
opencagedata.com - Geocoding API aggregating OpenStreetMap and other open geo sources. Two thousand five hundred free queries/day.
osmnames - Geocoding, search results ranked by the popularity of related Wikipedia page.
positionstack - Free geocoding for global places and coordinates. 25,000 Requests per month for personal use.
stadiamaps.com - Map tiles, routing, navigation, and other geospatial APIs. Two thousand five hundred free map views and API requests/day for non-commercial usage and testing.

⬆️ Back to Top

Package Build System

build.opensuse.org - Package build service for multiple distros (SUSE, EL, Fedora, Debian, etc.).
copr.fedorainfracloud.org - Mock-based RPM build service for Fedora and EL.
help.launchpad.net - Ubuntu and Debian build service.

⬆️ Back to Top

IDE and Code Editing

Android Studio - Android Studio provides the fastest tools for building apps on every type of Android device. Open Source IDE is free for everyone and the best Android app development. Available for Windows, Mac, Linux, and even ChromeOS!
AndroidIDE - An Open Source IDE to develop real, Gradle-based Android applications on Android devices.
Apache Netbeans - Development Environment, Tooling Platform and Application Framework.
apiary.io - Collaborative design API with instant API mock and generated documentation (Free for unlimited API blueprints and unlimited users with one admin account and hosted documentation).
BBEdit - BBEdit is a popular and extensible editor for macOS. Free Mode provides a powerful core feature set and an upgrade path to advanced features.
Binder - Turn a Git repo into a collection of interactive notebooks. It is a free public service.
BlueJ - A free Java Development Environment designed for beginners, used by millions worldwide. Powered by Oracle & simple GUI to help beginners.
Brackets - Brackets is an open-source text editor specifically designed for web development. It is lightweight, easy to use, and highly customizable.
cacher.io - Code snippet organizer with labels and support for 100+ programming languages.
cocalc.com - Collaborative calculation in the cloud. Browser access to full Ubuntu with built-in collaboration and lots of free software for mathematics, science, data science, preinstalled: Python, LaTeX, Jupyter Notebooks, SageMath, scikitlearn, etc.
Code::Blocks - Free Fortran & C/C++ IDE. Open Source and runs on Windows,macOS & Linux.
codiga.io - Coding Assistant that lets you search, define, and reuse code snippets directly in your IDE. Free for individual and small organizations.
Components.studio - Code components in isolation, visualize them in stories, test them, and publish them on npm.
Eclipse Che - Web-based and Kubernetes-Native IDE for Developer Teams with multi-language support. Open Source and community-driven. An online instance hosted by Red Hat is available at workspaces.openshift.com.
ForgeCode - AI-enabled pair programmer for Claude, GPT4 Series, Grok, Deepseek, Gemini and all frontier models. Works natively with your CLI and integrates seamlessly with any IDE. Free tier includes basic AI model access with local processing.
GetVM - Instant free Linux and IDEs chrome sidebar. The free tier includes 5 VMs per day.
JDoodle - Online compiler and editor for more than 60 programming languages with a free plan for REST API code compiling up to 200 credits per day.
jetbrains.com - Productivity tools, IDEs and deploy tools (aka IntelliJ IDEA, PyCharm, etc). Free license for students, teachers, Open Source and user groups.
JSONPlaceholder - Some REST API endpoints that return some fake data in JSON format. The source code is also available if you would like to run the server locally.
Lazarus - Lazarus is a Delphi-compatible cross-platform IDE for Rapid Application Development.
MarsCode - A free AI-powered cloud-based IDE.
micro-jaymock - Tiny API mocking microservice for generating fake JSON data.
mockable.io - Mockable is a simple configurable service to mock out RESTful API or SOAP web services. This online service allows you to quickly define REST API or SOAP endpoints and have them return JSON or XML data.
mockaroo - Mockaroo lets you generate realistic test data in CSV, JSON, SQL, and Excel formats. You can also create mocks for back-end API.
Mocklets - an HTTP-based mock API simulator that helps simulate APIs for faster parallel development and more comprehensive testing, with a lifetime free tier.
OneCompiler - Free online compiler supporting 70+ languages including Java, Python, C++, JavaScript.
OnlineGDB - A free online ide thats supports 40+ languages and is pre installed with tons of libraries; and also has a debugging option, flags, tutorials, and a QNA page!
pterocos - a free opensource browser-based coding environment for front-end developers. write html, css and js with a vs code-grade editor (monaco), live preview, scss/typeScript/babel support, and an ai chat assistant for debugging and suggestions. all projects save to local storage. free forever – no account needed.
Paiza - Develop Web apps in Browser without needing to set up anything. Free Plan offers one server with 24 24-hour lifetime and 4 hours of running time per day with 2 CPU cores, 2 GB RAM, and 1 GB storage.
PHPSandbox - Online development environment for PHP
Replit - A cloud coding environment for various program languages.
RunMat - GPU-accelerated numerical computing IDE in the browser. Write and run MATLAB-syntax .m files with automatic GPU acceleration via WebAssembly and WebGPU. No install, no account, no license fees. Open source runtime with CLI, NPM package, and Jupyter kernel support.
SoloLearn - A cloud programming playground well-suited for running code snippets. Supports various programming languages. No registration is required for running code, but it is necessary when saving code on their platform. Also offers free courses for beginners and intermediate-level coders.
stackblitz.com - Online/Cloud Code IDE to create, edit, & deploy full-stack apps. Support any popular NodeJs-based frontend & backend frameworks. Shortlink to create a new project: https://node.new.
Sublime Text - Sublime Text is a popular, versatile, and highly customizable text editor used for coding and text editing tasks.
Visual Studio Code - Code editor redefined and optimized for building and debugging modern web and cloud applications. Developed by Microsoft.
Visual Studio Community - Fully-featured IDE with thousands of extensions, cross-platform app development (Microsoft extensions available for download for iOS and Android), desktop, web and cloud development, multi-language support (C#, C++, JavaScript, Python, PHP and more).
VSCodium - Community-driven, without telemetry/tracking, and freely-licensed binary distribution of Microsoft’s editor VSCode
wakatime.com - Quantified self-metrics about your coding activity using text editor plugins, limited plan for free.
Wave Terminal - Wave is an open-source, cross-platform terminal for seamless workflows. Render anything inline. Save sessions and history. Powered by open web standards. MacOS and Linux.

⬆️ Back to Top

Analytics, Events and Statistics

amplitude.com - 1 million monthly events, up to 2 apps
AppFit - AppFit is a comprehensive analytics and product management tool designed to facilitate seamless, cross-platform management of analytics and product updates. Free plan includes 10,000 events per month, product journal and weekly insights.
Aptabase - Open Source, Privacy-Friendly, and Simple Analytics for Mobile and Desktop Apps. SDKs for Swift, Kotlin, React Native, Flutter, Electron, and many others. Free for up to 20,000 events per month.
Avo - Simplified analytics release workflow. Single-source-of-truth tracking plan, type-safe analytics tracking library, in-app debuggers, and data observability to catch all data issues before you release. Free for two workspace members and 1 hour data observability lookback.
Beampipe.io - Beampipe is simple, privacy-focussed web analytics. free for up to 5 domains & 10k monthly page views.
Census - Reverse ETL & Operational Analytics Platform. Sync 10 fields from your data warehouse to 60+ SaaS like Salesforce, Zendesk, or Amplitude.
Clicky - Website Analytics Platform. Free Plan for one website with 3000 views analytics.
counter.dev - Web analytics made simple and therefore privacy friendly. Free or pay what you want by donation.
DocBeacon - Secure document sharing with document tracking and engagement Analytics. Free plan supports up to 20 PDF documents (10 MB max), 10 contacts, and 2 shares per document with basic analytics for views downloads, time and engagement.
Dwh.dev - Data Cloud Observability Solution (Snowflake). Free for personal use.
Expensify - Expense reporting, free personal reporting approval workflow
getinsights.io - Privacy-focused, cookie-free analytics, free for up to 3k events/month.
Gizmo Analytics - Simple analytics for people managing lots of sites. Install manually or let Claude/Cursor do it for you. Free for up to 10k events/month.
GoatCounter - GoatCounter is an open-source web analytics platform available as a hosted service (free for non-commercial use) or self-hosted app. It aims to offer easy-to-use and meaningful privacy-friendly web analytics as an alternative to Google Analytics or Matomo. The free tier is for non-commercial use and includes unlimited sites, six months of data retention, and 100k pageviews/month.
Google Analytics - Google Analytics
heap.io - Automatically captures every user action in iOS or web apps. Free for up to 10K monthly sessions.
Hightouch - Hightouch is a Reverse ETL platform that helps you sync customer data from your data warehouse to your CRM, marketing, and support tools. The free tier offers you one destination to sync data to.
Hotjar - Website Analytics and Reports . Free Plan allows 2000 pageviews/day. One hundred snapshots/day (max capacity: 300). Three snapshot heatmaps can be stored for 365 days. Unlimited Team Members. Also in App and standalone surveys, feedback widgets with screenshots. Free tier allows creating 3 surveys & 3 feedback widgets and collecting 20 responses per month.
LogSpot - Full unified web and product analytics platform, including embeddable analytics widgets and automated robots (slack, telegram, and webhooks). Free plan includes 10,000 events per month.
MetricsWave - Privacy-friendly Google Analytics alternative for developers. Free plan allows 1M pageviews per month without credit card required.
Mixpanel - 100,000 monthly tracked users, unlimited data history and seats, US or EU data residency
Moesif - API analytics for REST and GraphQL. (Free up to 500,000 API calls/mo)
PostHog - Full Product Analytics suite free for up to 1m tracked events per month. Also provides unlimited in-App Surveys with 250/month responses.
Repohistory - Beautiful dashboard for tracking GitHub repo traffic history longer than 14 days. Free Plan allows users to monitor traffic for a single repository.
Row Zero - Blazingly fast, connected spreadsheet. Connect directly to data databases, S3, and APIs. Import, analyze, graph, and share millions of rows instantly. Three free (forever) workbooks.
Rybbit - Open-source and cookieless alternative to Google Analytics that is 10x more intuitive. Free plans has 3,000 monthly events.
Seline - Seline is a simple & private website and product analytics. Cookieless, lightweight, independent. Free plan includes 3,000 events per month and provides access to all our features, such as the dashboard, user journeys, funnels, and more.
StatCounter - Website Viewer Analytics. Free plan for analytics of 500 most recent visitors.
Statsig - All-in-one platform spanning across analytics, feature flagging, and A/B testing. Free for up to 1m metered events per month.
TraceLog - AI Analytics for E-commerce. Ask questions in natural language about your analytics, get actionable recommendations and grow your revenue with AI-powered insights. Free for up to 10k events per month.
Trackingplan - Automatically detect digital analytics, marketing data and pixels issues, maintain up-to-date tracking plans, and foster seamless collaboration. Deploy it to your production environment with real traffic or add analytics coverage to your regression tests without writing code.
TrackWith Dicloud - Free lightweight privacy-focused alternative to Google Analytics. Unlimited pageviews, unlimited visitor, unlimited page heatmaps & goal tracking. Free for up to 3 domains and 600 session replay per domain.
Umami - Simple, fast, privacy-focused, open-source alternative to Google Analytics.
usabilityhub.com - Test designs and mockups on real people and track visitors. Free for one user, unlimited tests
Userbird - Google Analytics alternative with heatmaps, session recordings and revenue tracking.

⬆️ Back to Top

Visitor Session Recording

FullStory.com - 1,000 sessions/month with one month data retention and three user seats. More information here.
howuku.com - Track user interaction, engagement, and event. Free for up to 5,000 visits/month
inspectlet.com - 2,500 sessions/month free for one website
LogRocket.com - 1,000 sessions/month with 30-day retention, error tracking, live mode
Microsoft Clarity - Session recording completely free with "no traffic limits", no project limits, and no sampling
mouseflow.com - 500 sessions/month free for one website
OpenReplay.com - Open-source session replay with dev tools for bug reproduction, live session for real-time support, and product analytics suite. One thousand sessions/month with access to all features and 7-day retention.
Reactflow.com - Per site: 1,000 pages views/day, three heatmaps, three widgets, free bug tracking
smartlook.com - free packages for web and mobile apps (1500 sessions/month), three heatmaps, one funnel, 1-month data history
UXtweak.com - Record and watch how visitors use your website or app. Free unlimited time for small projects

⬆️ Back to Top

International Mobile Number Verification API and SDK

numverify - Global phone number validation and lookup JSON API. 100 API requests/month
veriphone - Global phone number verification in a free, fast, reliable JSON API. 1000 requests/month

⬆️ Back to Top

Payment and Billing Integration

Adapty.io - One-stop solution with open-source SDK for mobile in-app subscription integration to iOS, Android, React Native, Flutter, Unity, or web app. Free up to $10k monthly revenue.
CoinMarketCap - Provides cryptocurrency market data including the latest crypto and fiat currency exchange rates. The free tier offers 10K call credits/month.
Currencyapi - Free currency conversion and exchange rate data API. Free 300 requests per month, 10 requests per minute for private use.
CurrencyApi - Live Currency Rates for Physical and Cryptocurrencies, delivered in JSON and XML. The free tier offers 1,250 API requests/month.
CurrencyFreaks - Provides current and historical currency exchange rates. Free DEVELOPER plan available with 1000 requests/month.
currencylayer - Reliable Exchange Rates and Currency Conversion for your Business, 100 API requests/month free.
exchangerate-api.com - An easy-to-use currency conversion JSON API. The free tier updates once per day with a limit of 1,500 requests/month.
FraudLabsPRO - Help merchants to prevent payment fraud and chargebacks. Free Micro Plan available with 500 queries/month.
FxRatesAPI - Provides real-time and historical exchange rates. The free tier requires attribution.
Moesif API Monetization - Generate revenue from APIs via usage-based billing. Connect to Stripe, Chargebee, etc. The free tier offers 30,000 events/month.
ParityVend - Automatically adjust pricing based on visitor location to expand your business globally and reach new markets (purchasing power parity). The free plan includes 7,500 API requests/month.
Qonversion - All-in-one cross-platform subscription management platform offering analytics, A/B testing, Apple Search Ads, remote configs, and growth tools for optimizing in-app purchases and monetization. Compatible with iOS, Android, React Native, Flutter, Unity, Cordova, Stripe, and web. Free up to $10k in monthly tracked revenue.
RevenueCat - Hosted backend for in-app purchases and subscriptions (iOS and Android). Free up to $2.5k/mo in tracked revenue.
vatlayer - Instant VAT number validation and EU VAT rates API, free 100 API requests/month

⬆️ Back to Top

Docker Related

Container Registry Service - Harbor based Container Management Solution. The free tier offers 1 GB of storage for private repositories.
Docker Hub - One free private repository and unlimited public repositories to build and store Docker images
Play with Docker - A simple, interactive, fun playground to learn Docker.
quay.io - Build and store container images with unlimited free public repositories
ttl.sh - Anonymous & ephemeral Docker image registry

⬆️ Back to Top

Dev Blogging Sites

AyeDot - Share your ideas, knowledge, and stories with the world for Free in the form of Modern multimedia short-format Miniblogs.
BearBlog - Minimalist, Markdown-powered blog and website builder.
Dev.to - Where programmers share ideas and help each other grow.
Hashnode - Hassle-free Blogging Software for Developers!.
Medium - Get more thoughtful about what matters to you.
JustBlogged - Free blogging platform with custom domain support, and fast global performance.

⬆️ Back to Top

Commenting Platforms

GraphComment - GraphComment is a comments platform that helps you build an active community from the website’s audience.
IntenseDebate - A feature-rich comment system for WordPress, Tumblr, Blogger, and many other website platforms.
Remarkbox - Open source hosted comments platform, pay what you can for "One moderator on a few domains with complete control over behavior & appearance"
Utterances - A lightweight comments widget built on GitHub issues. Use GitHub issues for blog comments, wiki pages, and more!

⬆️ Back to Top

Screenshot APIs

ApiFlash - A screenshot API based on Aws Lambda and Chrome. Handles full page, captures timing, and viewport dimensions.
microlink.io - It turns any website into data such as metatags normalization, beauty link previews, scraping capabilities, or screenshots as a service. 250 requests/day every day free.
PhantomJsCloud - Browser automation and page rendering. Free Tier offers up to 500 pages/day. Free Tier since 2017.
screenshotbase.com - 300 free screenshots / month. Take screenshots from any url. Fast, free & scalable.
screenshotlayer.com - Capture highly customizable snapshots of any website. Free 100 snapshots/month
screenshotmachine.com - Capture 100 snapshots/month, png, gif and jpg, including full-length captures, not only home page
Screenshot Scout - Screenshot API for developers. Clean, production-ready screenshots from any URL in one request. Free plan includes 200 screenshots per month, forever.
SnapAPI - Screenshot, video recording, PDF generation, and web data extraction API. Free plan includes 200 screenshots/month.
thumbnail.ws - API for generating thumbnails of websites. Free 1,000 requests/month.

⬆️ Back to Top

Flutter Related and Building IOS Apps without Mac

CodeMagic - Codemagic is a fully hosted and managed CI/CD for mobile apps. You can build, test, and deploy with a GUI-based CI/CD tool. The free tier offers 500 free minutes/month and a Mac Mini instance with 2.3 GHz and 8 GB of RAM.
FlutLab - FlutLab is a modern Flutter online IDE and the best place to create, debug, and build cross-platform projects. Build iOS (Without a Mac) and Android apps with Flutter.
FlutterFlow - FlutterFlow is a browser-based drag-and-drop interface to build mobile app using flutter.

⬆️ Back to Top

Privacy Management

Bearer - Helps implement privacy by design via audits and continuous workflows so that organizations comply with GDPR and other regulations. The free tier is limited to smaller teams and the SaaS version only.
Concord - Full data privacy platform, including consent management, privacy request handling (DSARs), and data mapping. Free tier includes core consent management features and they also provide a more advanced plan for free to verified open source projects.
Cookiefirst - Cookie banners, auditing, and multi-language consent management solution. The free tier offers a one-time scan and a single banner.
Iubenda - Privacy and cookie policies and consent management. The free tier offers limited privacy and cookie policy as well as cookie banners.
Ketch - Consent management and privacy framework tool. The free tier offers most features with a limited visitor count.

⬆️ Back to Top

Miscellaneous

BinShare.net - Create & share code or binaries. Available to share as a beautiful image e.g. for Twitter / Facebook post or as a link e.g. for chats or forums.
Blynk - A SaaS with API to control, build & evaluate IoT devices. Free Developer Plan with 5 devices, Free Cloud & data storage. Mobile Apps are also available.
cron-job.org - Online cronjobs service. Unlimited jobs are free of charge.
Cronhooks - Schedule on-time or recurring webhooks. The free plan allows 5 ad-hoc schedules.
datelist.io - Online booking / appointment scheduling system. Free up to 5 bookings per month, includes 1 calendar
FOSSA - Scalable, end-to-end management for third-party code, license compliance and vulnerabilities.
Hook Relay - Add webhook support to your app without the hassles: done-for-you queueing, retries with backoff, and logging. The free plan has 100 deliveries per day, 14-day retention, and 3 hook endpoints.
Hosting Checker - Check hosting information such as ASN, ISP, location and more for any domain, website or IP address. Also includes multiple hosting and DNS-related tools.
newreleases.io - Receive notifications on email, Slack, Telegram, Discord, and custom webhooks for new releases from GitHub, GitLab, Bitbucket, Python PyPI, Java Maven, Node.js NPM, Node.js Yarn, Ruby Gems, PHP Packagist, .NET NuGet, Rust Cargo and Docker Hub.
PDFMonkey - Manage PDF templates in a dashboard, call the API with dynamic data, and download your PDF. Offers 300 free documents per month.
Pika Code Screenshots - Create beautiful, customizable screenshots from code snippets and VSCode using the extension.
QuickType.io - Quickly auto-generate models/class/type/interface and serializers from JSON, schema, and GraphQL for working with data quickly & safely in any programming language. Convert JSON into gorgeous, typesafe code in any language.
readme.com - Beautiful documentation made easy, free for Open Source.
redirect.pizza - Easily manage redirects with HTTPS support. The free plan includes 10 sources and 100,000 hits per month.
redirection.io - SaaS tool for managing HTTP redirections for businesses, marketing and SEO.
redirs.com — Easy domain redirects with auto-SSL, analytics, and URL path forwarding. Free for basic use (up to 5 domains).
ReqBin - Post HTTP Requests Online. Popular Request Methods include GET, POST, PUT, DELETE, and HEAD. Supports Headers and Token Authentication. Includes a basic login system for saving your requests.
Smartcar API - An API for cars to locate, get fuel tank, battery levels, odometer, unlock/lock doors, etc.
Sunrise and Sunset - Get sunrise and sunset times for a given longitude and latitude.
superfeedr.com - Real-time PubSubHubbub compliant feeds, export, analytics. Free with less customization
SurveyMonkey.com - Create online surveys. Analyze the results online. The free plan allows only 10 questions and 100 responses per survey.
SYNCDATE - Two-way Google Calendar sync. Free tier: 2 accounts, unlimited events.
UUID Generator - Generate UUID v1, UUID v4, UUID v7, GUID, Nil UUIDs, CUID v1/v2, NanoID, and ULID instantly with enterprise-grade
Versionfeeds - Custom RSS feeds for releases of your favorite software. Have the latest versions of your programming languages, libraries, or loved tools in one feed. (The first 3 feeds are free)

⬆️ Back to Top

Remote Desktop Tools

AnyDesk - Free for 3 devices, no limits on the number and duration of sessions
Getscreen.me - Free for 2 devices, no limits on the number and duration of sessions
RemSupp - On-demand support and permanent access to devices (2 sessions/day for free)
RustDesk - Open source virtual/remote desktop infrastructure for everyone!

⬆️ Back to Top

Other Free Resources

get.localhost.direct - A better *.localhost.direct Wildcard public CA signed SSL cert for localhost development with sub-domain support
GitHub Education - Collection of free services for students. Registration required.
Glob tester - A website that allows you to design and test glob patterns. It also provides resources to learn glob patterns.
Killer Coda - Interactive playground in your browser to study Linux, Kubernetes, Containers, Programming, DevOps, Networking
Microsoft 365 Developer Program - Get a free sandbox, tools, and other resources you need to build solutions for the Microsoft 365 platform. The subscription is a 90-day Microsoft 365 E5 Subscription (Windows excluded) which is renewable. It is renewed if you're active in development(measured using telemetry data & algorithms).
MySQL Visual Explain - Easy-to-understand and free MySQL EXPLAIN output visualizer to optimize slow queries.
RedHat for Developers - Free access to Red Hat products including RHEL, OpenShift, CodeReady, etc. exclusively for developers. Individual plan only. Free e-books are also offered for reference.
sandbox.httpsms.com - Send and receive test SMS messages for free.
SimpleBackups.com - Backup automation service for servers and databases (MySQL, PostgreSQL, MongoDB) stored directly into cloud storage providers (AWS, DigitalOcean, and Backblaze). Provides a free plan for 1 backup.
SimpleRestore - Hassle-free MySQL backup restoration. Restore MySQL backups to any remote database without code or a server.
SnapShooter - Backup solution for DigitalOcean, AWS, LightSail, Hetzner, and Exoscale, with support for direct database, file system and application backups to s3 based storage. Provides a free plan with daily backups for one resource.

⬆️ Back to Top

DigitalPlatDev/FreeDomain

DigitalPlat FreeDomain: Free Domain For Everyone

🌐 Welcome to DigitalPlat Domain

Welcome to DigitalPlat FreeDomain, where we believe everyone deserves a digital identity. Whether you're an individual, or an organization, we’re offering free domain names to bring your ideas to life – no strings attached!

With FreeDomain, you’re free to register a unique domain and host it with your favorite DNS provider, like Cloudflare, FreeDNS by Afraid.org, or Hostry. Get online with complete freedom, and keep your wallet happy.

✔️ Why Free Domains?

At DigitalPlat FreeDomain, we’re on a mission to make the web more accessible. We believe that the cost of a domain shouldn’t hold anyone back from creating a website. Our goal is to make the internet an open space where everyone can have their own place online, regardless of budget.

DigitalPlat FreeDomain is independently designed and maintained by Edward Hsing, founder of the DigitalPlat Foundation.

🌍 Available Domain Extensions

.DPDNS.ORG
.US.KG
.QZZ.IO
.XX.KG
.QD.JE

(More extensions coming soon!)

🌍 Ready to Claim Your Free Domain?

Jump in and register your domain by visiting our site:

➡️ DigitalPlat FreeDomain Dashboard

📝 Read our tutorial

🌟 Trusted by Thousands

With over 500,000 domains already registered, DigitalPlat FreeDomain is a trusted choice for individuals and organizations alike. Join our growing community and claim your own free domain today!

❔ FAQ

Check FAQ Page

🤝 Join Our Community!

🆕 Join our official DigitalPlat FreeDomain Discord server today! Be the first to know about the latest updates, get support, and connect with the community. Got questions? Facing challenges? Or just want to share what you're building? Come hang out with us 🚀

⚠️ Security Notice Our previous Telegram account and group were compromised and are no longer under our control. Please do not trust any messages, links, or announcements from Telegram, especially anything related to bonuses, earnings, or external sites. We are no longer using Telegram as an official communication channel.

⏭️ What's next

We might introduce more domain options and free hosting in the future to help as many people as possible!

We can’t wait to see what you build!

🚨 Abuse Reporting

We take domain name abuse seriously and are committed to maintaining a safer and more open internet. Every report is carefully reviewed, and response times may vary from a few hours to several days, depending on the complexity of the case.

Email: abusereport@digitalplat.org

🧠 Story

This started as a small DNS experiment when I was 15, letting a few friends use subdomains.

Over time, it grew into something people actually rely on, and running it turned out to be much harder than building it.

I wrote a bit about how it evolved here:
https://dev.to/edwardhsing/i-bought-a-domain-at-15-now-it-powers-400000-users-7ol

CyberAlbSecOP/Awesome_GPT_Super_Prompting

ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.

⭐⭐⭐⭐⭐ +3000 STARS | THANK YOU! ⭐⭐⭐⭐⭐

What will you find in V.2.0:

ChatGPT Jailbreaks
GPT Assistants Prompt Leaks
GPTs Prompt Injection
LLM Prompt Security
Super Prompts
Prompt Hack
Prompt Security
Ai Prompt Engineering
Adversarial Machine Learning

⚠️ Into "Latest Jailbreaks" folder, just check latest additions for working Jailbreaks. ⚠️
⚠️ If you find your secret prompts here and want it removed, please let me know ASAP. ⚠️

Legend:

🌟: Legendary!
🔥: Hot Stuff

Jailbreak Hall Of Fame:

🏆 | /elder-plinius
🏆 | u/yell0wfever92
🏆 | u/HORSELOCKSPACEPIRATE
🏆 | u/FamilyK1ng
🏆 | u/getoffmylawn0014
🏆 | u/Positive_Average_446

🚨 Jailbreaks

Explore techniques for bypassing restrictions on GPT models.

🌟 | r/ChatGPTJailbreak/ - Reddit community focused on ChatGPT jailbreaks.
🌟 | elder-plinius/L1B3RT45 - A repository for advanced jailbreak strategies.
🔥 | cyberark/FuzzyAI - A powerful tool for automated LLM fuzzing.
🔥 | verazuo/jailbreak_llms - Methods to jailbreak various large language models.
🔥 | rentry.org - Collection of various jailbreak prompts.
catsanzsh/01preview-jailbreaks - A collection of Jailbreaks for o1-preview.
yueliu1999/Awesome-Jailbreak-on-LLMs - A curated list of LLM jailbreak techniques.
0xk1h0/ChatGPT_DAN - Jailbreak prompts designed to activate the "DAN" mode in ChatGPT.
tg12/gpt_jailbreak_status - A tool for monitoring jailbreak status of GPT models.
Cyberlion-Technologies/ChatGPT_DAN - Another implementation of ChatGPT DAN mode prompts.
yes133/ChatGPT-Prompts-Jailbreaks-And-More - Collection of various jailbreak prompts.
THUDM/ChatGLM-6B - Collection of various jailbreak prompts.
GabryB03/ChatGPT-Jailbreaks - Repository with different ChatGPT jailbreak techniques.
jzzjackz/chatgptjailbreaks - A simple repository showcasing jailbreak attempts.
jackhhao/jailbreak-classification - Dataset for classifying jailbreak prompts.
rubend18/ChatGPT-Jailbreak-Prompts - A dataset of jailbreak prompts for ChatGPT.
deadbits/vigil-jailbreak-ada-002 - Vigilant dataset for ADA-002 jailbreak attempts.

🕵️‍♂️ GPT Agents System Prompt Leaks

Find leaked prompts and system information from GPT agents.

🌟 | 0xeb/TheBigPromptLibrary - Extensive library of system prompts for GPT agents.
🔥 | LouisShark/chatgpt_system_prompt - Collection of leaked system prompts for ChatGPT.
gogooing/Awesome-GPTs - A collection of useful GPT prompts.
tjadamlee/GPTs-prompts - Another repository with a variety of GPT prompts.
linexjlin/GPTs - Compilation of various GPT prompts.
B3o/GPTS-Prompt-Collection - A rich collection of GPT prompts.
1003715231/gptstore-prompts - Repository containing a store of GPT prompts.
friuns2/Leaked-GPTs - Leaked GPT system prompts repository.
adamidarrha/TopGptPrompts - Top GPT prompts curated from various sources.
friuns2/BlackFriday-GPTs-Prompts - Special edition leaked GPT prompts.
parmarjh/Leaked-GPTs - More leaked system prompts for GPT models.
lxfater/Awesome-GPTs - Awesome collection of GPT prompts.
Superdev0909/Awesome-AI-GPTs-main - A main repository for awesome GPT prompts.
SuperShinyDev/ChatGPTApplication - Application repository for GPT models with prompts.

🛡️ Prompt Injection

Resources focused on exploiting or defending against prompt injections.

🌟 | AnthenaMatrix - Comprehensive repository on prompt injection techniques.
🔥 | utkusen/promptmap - Tool for mapping and analyzing prompt injections.
🔥 | microsoft/promptbench - Benchmarking tool for prompt injection vulnerabilities.
Cranot/chatbot-injections-exploits - Repository of exploits based on prompt injections in chatbots.
FonduAI/awesome-prompt-injection - Awesome list of resources on prompt injection.
TakSec/Prompt-Injection-Everywhere - Guide to prompt injection in various systems.
yunwei37/prompt-hacker-collections - Collection of prompt hacking methods and exploits.
PromptTrace is a free, hands-on AI security training platform for practicing prompt injection, RAG poisoning, and tool exploitation against real LLMs.
AdverserialAttack-InjectionPrompt - Adversarial attacks through prompt injections.

🔐 Secure Prompting

Repositories dedicated to securing prompts and mitigating vulnerabilities.

🌟 | Valhall-ai/prompt-injection-mitigations - Mitigation strategies for prompt injections.
🔥 | cckuailong/awesome-gpt-security - A curated list of GPT security best practices.
onestardao/WFGY – 16 failure modes for RAG and agent pipelines (incl. prompt-injection patterns) with concrete mitigation checklists.
GPTGeeker/securityGPT - Security-focused prompts for GPT models.
mykeln/GPTect - GPT security protection techniques.
gavin-black-dsu/securePrompts - Repository with secure GPT prompts.
zinccat/PromptSafe - Ensuring safe prompts for GPT models.
BenderScript/PromptGuardian - Guardian scripts for securing GPT prompts.
sinanw/llm-security-prompt-injection - Security-focused prompt injection repository.

🗂️ GPTs Lists

Collections of various GPT resources and lists.

🌟 | EmbraceAGI/Awesome-AI-GPTs - Comprehensive list of AI and GPT resources.
🔥 | Anil-matcha/Awesome-GPT-Store - A store of awesome GPT prompts and resources.
AI/ML API - AI/ML API provides 300+ AI models including Deepseek, Gemini, ChatGPT.
gogooing/Awesome-GPTs - General collection of GPT-related resources.
friuns2/Awesome-GPTs-Big-List - Big list of awesome GPT prompts and tools.
AgentOps-AI/BestGPTs - Compilation of the best GPT resources.
fr0gger/Awesome-GPT-Agents - Focused on GPT agents and their capabilities.
cckuailong/awesome-gpt-security - Security-centric GPT resources.
LiLittleCat/awesome-free-chatgpt/tree - List of free ChatGPT mirror sites, continuously updated.
cheahjs/free-llm-api-resources - A list of free LLM inference resources accessible via API.
sindresorhus/awesome-chatgpt - Awesome list for ChatGPT — an artificial intelligence chatbot developed by OpenAI.

📚 Prompts Libraries

Explore libraries of GPT prompts for various applications.

🌟 | ai-boost/awesome-prompts - A vast library of awesome GPT prompts.
🔥 | B3o/GPTS-Prompt-Collection - Extensive collection of prompts for GPT models.
abilzerian/LLM-Prompt-Library - Library of prompts for large language models.
f/awesome-chatgpt-prompts
yunwei37/prompt-hacker-collections - Collection of hacking-oriented GPT prompts.
alphatrait/100000-ai-prompts-by-contentifyai - Massive collection of AI prompts.
DummyKitty/Cyber-Security-chatGPT-prompt - Security-focused ChatGPT prompt library.
thepromptindex.com - Online index of GPT prompts.
snackprompt.com/ - A snackable collection of GPT prompts.
usethisprompt.io/ - A website to find and share GPT prompts.
promptbase.com/ - Marketplace for buying and selling GPT prompts.
prompts.chat/ - World's First & Most Famous Prompts Directory.

🛠️ Prompt Engineering

Resources to master the craft of prompt engineering.

🌟 | snwfdhmp/awesome-gpt-prompt-engineering - A list of awesome resources on prompt engineering.
🔥 | promptslab/Awesome-Prompt-Engineering - Another excellent list of prompt engineering resources.
NirDiamant/Prompt_Engineering - Comprehensive collection of tutorials and implementations for Prompt Engineering techniques
circlestarzero/HackOpenAISystemPrompts - Hacking OpenAI system prompts.
dair-ai/Prompt-Engineering-Guide - A guide to mastering prompt engineering.
brexhq/prompt-engineering - Comprehensive resource for prompt engineering.
natnew/Awesome-Prompt-Engineering - More resources on awesome prompt engineering.
Agent Shadow Brain - Self-evolving AI coding intelligence with infinite memory (TurboQuant), genetic algorithm self-evolution, predictive bug detection, PageRank knowledge graphs, swarm intelligence, and adversarial defense.
Omni Skills Forge - 50,000+ curated AI agent skills for Claude Code, Cursor, Copilot, Windsurf, Cline. Visual dashboard, one-click install, skill doctor, auto-update.
promptingguide.ai - An online guide to prompt engineering.
promptdev.ai - Platform for developing and sharing prompts.
learnprompting.org - Learn the art of prompting from scratch.
learningprompt.wiki/ - Free Prompt Engineering Online Course.

🔎 Prompt Sources

Communities and forums for discovering and sharing prompts.

🌟 | r/ChatGPTJailbreak/ - Reddit community for ChatGPT jailbreaks.
🔥 | r/ChatGPTPromptGenius/ - Subreddit for sharing and discovering GPT prompts.
r/chatgpt_promptDesign/ - Focused on designing effective ChatGPT prompts.
r/PromptEngineering/ - Subreddit dedicated to prompt engineering discussions.
r/PromptDesign/ - Community for prompt design.
r/GPT_jailbreaks/ - Discussion on GPT jailbreak methods.
r/ChatGptDAN/ - Community for DAN mode and ChatGPT jailbreaks.
r/PromptSharing/ - Share and discover prompts with the community.
r/PromptWizardry/ - Subreddit for creative and advanced prompting.
r/PromptWizards/ - Community for wizards of prompt engineering.
altenens.is/forums/chatgpt-tools - Forum for sharing GPT tools and resources.
onehack.us/prompt - Another platform for discovering GPT prompts.
God Tier Prompts - A community driven leaderboard where the best prompts rise to the top.

⚙️ Ai Automation Tools

Tools to create AI Automations.

make.com - Connect any app, data source, or AI model. Build and manage automations and AI agents – visually, in code, or with a prompt.
patl4588/metercall-launch - The new layer of the internet. 21M APIs. 727 modules. One prompt.

🧠 Cyber-Albsecop GPT Agents

Specialized GPT agents focused on cybersecurity and more.

ALBSECOP | Cyber Security Master - GPT agent for mastering cybersecurity.
VAMPIRE | Ultra Prompt Writer - GPT agent specializing in writing ultra-effective prompts.
ORK | Super Prompt Optimizer - GPT agent for optimizing prompts.
MINOTAUR | Impossible Security Challenge! - A GPT agent offering challenging security tasks.
KEVLAR | Anti-Leak System Prompts - Agent designed to create anti-leak system prompts.

To do for V3.00

Keep the repo updated and hot
Add more personal prompts
Add more external sources
Add instruction on how to use prompts

Star History

Keywords:

ChatGPT Assistant Leak, Jailbreak Prompts, GPT Hacking, GPT Agents Hack, System Prompt Leaks, Prompt Injection, LLM Security, Super Prompts, AI Adversarial Prompting, Prompt Design, Secure AI, Prompt Security, Prompt Development, Prompt Collection, GPT Prompt Library, Secret System Prompts, Creative Prompts, Prompt Crafting, Prompt Engineering, Prompt Vulnerability, GPT prompt jailbreak, GPT4, GPT4o, GPT3o-mini, GPT4o1, GPT3.5 turbo, Gemini 2.0, Copilot, Grok2, Grok3, MistralAI, Deepseek R1, Deepseek, Cloude 3.5, Cloude Sonnet, Mistral, Qwan, LLama, GPT-3 jailbreak, OpenAI GPT-3 jailbreak, GPT-4 jailbreak, GPT-3 bypass, GPT-3 limitations, GPT-3 restrictions, GPT-3 hack, GPT-3 exploit, GPT-3 security, GPT-3 vulnerabilities, GPT-3 unauthorized access, GPT-3 unauthorized use, GPT-3 unauthorized modifications, GPT-3 restrictions bypass, GPT-3 AI jailbreak, OpenAI jailbreak, GPT-3 security breach, GPT-3 unauthorized alterations, GPT-3 model jailbreak, GPT prompt hack, GPT-3 prompt ideas, GPT-4 prompt examples, AI writing prompts, creative writing prompts, generate text prompts, prompt generator tool, artificial intelligence prompts, text generation prompts, machine learning prompts, writing inspiration prompts, GPT prompt list, advanced prompt techniques, AI content prompts, prompt generation tips, text prompt strategies, GPT writing exercises, prompt brainstorming methods, automated prompt generation, prompt hacking, hacking prompts, prompt hacking tool, prompt generator, writing prompts, creative prompts, prompt ideas, prompt writing, writing inspiration, story prompts, prompt app, prompt challenge, daily prompts, prompt list, prompt examples, writing exercises, prompt website, prompt journal, prompt library, custom prompts, prompt engineer, prompt engineering, prompt software engineer, prompt system engineer, prompt network engineer, prompt support engineer, prompt technical engineer, prompt IT engineer, prompt automation engineer, prompt infrastructure engineer, prompt DevOps engineer, prompt software developer, prompt software development, prompt tech engineer, prompt software architecture, prompt engineer job.

htr-tech/zphisher

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

A beginners friendly, Automated phishing tool with 30+ templates.

Disclaimer

Any actions and or activities related to Zphisher is solely your responsibility. The misuse of this toolkit can result in criminal charges brought against the persons in question. The contributors will not be held responsible in the event any criminal charges be brought against any individuals misusing this toolkit to break the law.

This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way.

This Tool is made for educational purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then Get the hell out of here!

It only demonstrates "how phishing works". You shall not misuse the information to gain unauthorized access to someones social media. However you may try out this at your own risk.

Features

Latest and updated login pages.
Beginners friendly
Multiple tunneling options
- Localhost
- Cloudflared
- LocalXpose
Mask URL support
Docker support

Installation

Just, Clone this repository -

git clone --depth=1 https://github.com/htr-tech/zphisher.git

Now go to cloned directory and run zphisher.sh -
```
$ cd zphisher
$ bash zphisher.sh
```
On first launch, It'll install the dependencies and that's it. Zphisher is installed.

Installation (Termux)

You can easily install zphisher in Termux by using tur-repo

$ pkg install tur-repo
$ pkg install zphisher
$ zphisher

A Note :

Termux discourages hacking .. So never discuss anything related to zphisher in any of the termux discussion groups. For more check : wiki

Installation via ".deb" file

Download .deb files from the Latest Release
If you are using termux then download the *_termux.deb

Install the .deb file by executing

apt install <your path to deb file>

$ dpkg -i <your path to deb file>
$ apt install -f

Run on Docker

Docker Image Mirror:

DockerHub :
```
docker pull htrtech/zphisher
```

GHCR :

docker pull ghcr.io/htr-tech/zphisher:latest

By using the wrapper script run-docker.sh

$ curl -LO https://raw.githubusercontent.com/htr-tech/zphisher/master/run-docker.sh
$ bash run-docker.sh

Temporary Container
```
docker run --rm -ti htrtech/zphisher
```
- Remember to mount the auth directory.

Dependencies

Zphisher requires following programs to run properly -

git
curl
php

All the dependencies will be installed automatically when you run Zphisher for the first time.

Tested on

Ubuntu
Debian
Arch
Manjaro
Fedora
Termux

:: Workflow ::

Find Me on:

Thanks to all contributors:

_1RaY-1	_{Aditya Shakya}	_{Ali Milani}	_AmnesiA	_KasRoudra	_{Moises Tapia}
_Mr.Derek	_{Mustakim Ahmed}	_sepp0	_TripleHat	_Yisus7u7

google/fonts

Font files available from Google Fonts, and a public issue tracker for all things Google Fonts

Google Fonts Files

This project mainly contains the binary font files served by Google Fonts (fonts.google.com)

The top-level directories indicate the license of all files found within them. Subdirectories are named according to the family name of the fonts within.

Each family subdirectory contains the .ttf font files served by Google Fonts, plus a METADATA.pb file with metadata for the family (such as information on the project designer(s), genre category, and license - learn more) and a DESCRIPTION.en_us.html with a description of the family in US English.

The /catalog subdirectory contains additional metadata, such as profile texts and portrait/avatar images of font designers, and this is open for contributions and corrections from anyone via GitHub.

The /axisregistry subtree contains metadata for the GF Axis Registry, containing information on variable font axes that can be found in the collection, including experimental axes. As a subtree, no changes should be made directly to this repo, instead please use the upstream, github.com/googlefonts/axisregistry

The /lang subtree contains language support data, and should also not be changed here but instead upstream. github.com/googlefonts/lang

Bug Reports and Improvement Requests

If you find a problem with a font file or have a request for the future development of a font project, please create a new issue in this project's issue tracker.

Contribute Fonts

If you need more context on how to create issues in a GitHub issue tracker, or if you want to contribute a font directly, see CONTRIBUTING

Contributor Code of Conduct

However you choose to contribute, please abide by our code of conduct to keep our community a healthy and welcoming place.

Self Host Fonts Available From Google Fonts

Since all the fonts available here are licensed with permission to redistribute, subject to the license terms, you can self-host using a variety of third-party projects.

One popular service is Fontsource, which offers bundled NPM packages.

Local installation package managers

For Linux, macOS, FreeBSD, or HaikuOS you can also use fnt, to install single fonts. For RPM, DEB based systems, feel free to try the linked URLs for individual fonts. Others can also use the webservice.

Download All Google Fonts

You can download all Google Fonts in a simple ZIP snapshot (over 1GB) from https://github.com/google/fonts/archive/main.zip

Sync With Git

You can also sync the collection with git so that you can update by only fetching what has changed. To learn how to use git, GitHub provides illustrated guides, a youtube channel, and an interactive learning site. Free, open-source git applications are available for Windows and Mac OS X.

License

It is important to always read the license for every font that you use. Each font family directory contains the appropriate license file for the fonts in that directory. The fonts files themselves also contain licensing and authorship metadata.

Most of the fonts in the collection use the SIL Open Font License, v1.1. Some fonts use the Apache 2 license. The Ubuntu fonts use the Ubuntu Font License v1.0.

The SIL Open Font License has an option for copyright holders to include a Reserved Font Name requirement, and this option is used with some of the fonts. If you modify those fonts, please take care of this important detail.

Source Files

Source files for each family are often available from the designer, or from github.com/googlefonts

These fonts are usually the result of collaborative projects, where you are invited to discuss issues with the designers and even contribute to their ongoing development.

When customizing or remixing fonts, please do contact the designers to understand what they might need in order to include your improvements.

Most of all: Enjoy the fonts!

– The Google Fonts team

Sushegaad/Claude-Skills-Governance-Risk-and-Compliance

Claude Skills for Governance, Risk, & Compliance (GRC): Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, EU AI Act, ISO 42001, ISO 27701, DORA, CSRD, India's DPDPA, CMMC 2.0, NIST AI Risk, SWIFT, Australia's ISM, EU NIS2, and CCPA/CPRA. Benchmark 96% (with skills) vs 82% (without skills).

Claude Skills for Governance, Risk & Compliance (GRC)

Expert-level compliance guidance for ISO 27001, SOC 2, FedRAMP, GDPR, HIPAA, NIST CSF, PCI DSS, TSA Cybersecurity, ISO 42001 AI Management System, ISO 27701 Privacy Information Management, DORA Digital Operational Resilience, India's Digital Personal Data Protection Act (DPDPA), CMMC 2.0 Cybersecurity Maturity Model Certification, NIST AI Risk Management Framework, SWIFT Customer Security Programme (CSP), Australian Information Security Manual (ISM), EU NIS2 Directive, CCPA/CPRA California Privacy, ITAR (International Traffic in Arms Regulations), Brazil's LGPD (Lei Geral de Proteção de Dados), EU CSRD (Corporate Sustainability Reporting Directive), CIS Controls v8 (CIS Top 18), EAR (Export Administration Regulations), NIST SP 800-53 (Security and Privacy Controls for Federal Systems), EU AI Act (Regulation (EU) 2024/1689), and Section 508 (US Federal ICT Accessibility), and WCAG (Web Content Accessibility Guidelines) — powered by Claude Skills.

Benchmarked across 125 test cases (5 per framework) using the eval framework — each graded against 5 verifiable assertions by independent agents. Skills scored 96% vs a baseline of 82% across 625 total assertions.

What Are Claude Skills?

Claude Skills are installable knowledge packages that extend Claude's capabilities for specific domains. A skill is a .skill file — a bundled archive containing a SKILL.md instruction file and optional reference materials — that you upload to Claude once and use across all your conversations.

Once installed, a skill activates automatically when your conversation touches its topic area. You don't need to invoke it by name or use special commands. Claude simply becomes a deeper expert in that domain for the duration of your session.

Skills are ideal when you need:

Consistent, expert-level responses on a specialized topic
Outputs formatted to professional or regulatory standards (e.g., audit-ready control narratives, policy templates with the right clauses)
Domain knowledge that goes beyond general LLM training — such as knowing which specific NIST 800-53 controls apply to a given scenario, or which GDPR articles govern international data transfers

How skills work under the hood: Each .skill file contains a primary SKILL.md that is loaded into Claude's context when the skill triggers, plus reference files that are loaded on demand for deeper sub-topics. This "progressive disclosure" pattern keeps context usage efficient while making comprehensive knowledge available when needed.

Who Is This For?

These skills are designed for professionals who work on information security, privacy, and regulatory compliance — whether at organizations seeking certification, development teams building compliant systems, or advisors supporting clients.

Security & Compliance Teams use these skills to accelerate gap assessments, generate first-draft policies, map controls, and prepare evidence packages — compressing weeks of reference work into minutes.

Software Developers & Engineers use them to understand what controls their systems must implement, audit code and architecture for compliance issues, and get actionable technical guidance tied to specific regulatory requirements.

Legal, Privacy & GRC Professionals use them to draft regulatory documents (DPAs, BAAs, privacy notices), answer client questions with precise regulatory citations, and stay current on framework requirements.

Healthcare Organizations use the HIPAA skill to assess systems, generate required notices and agreements, and train staff on obligations — without needing a compliance consultant for every question.

Cloud Service Providers pursuing federal government contracts use the FedRAMP skill to navigate the ATO process, write SSP narratives, manage POA&Ms, and prepare for 3PAO assessments.

Startups and SMBs use these skills to understand what a given framework requires of them, scope their compliance programs, and get expert-quality output without a large in-house team.

The Skills

1. ISO 27001

File: ISO 27001 - Claude Skill/iso27001.skill

The ISO 27001 skill turns Claude into an expert ISO 27001 Lead Auditor and ISMS implementation consultant. It covers both ISO 27001:2013 (114 controls, 14 domains) and ISO 27001:2022 (93 controls, 4 themes), defaulting to the current 2022 version.

What it does:

Runs structured gap analyses against mandatory clauses (4–10) and all Annex A controls
Generates complete, audit-ready policy documents with document control blocks, scope statements, and clause-to-control mappings
Provides step-by-step control implementation guidance for any Annex A control
Builds risk registers and risk treatment plans using the likelihood × impact methodology
Creates Statement of Applicability (SoA) templates covering all 93 controls
Guides 2013 → 2022 transition, explaining the 11 new controls and mapping changes

Trigger phrases: ISO 27001, ISMS, Annex A, Statement of Applicability, SoA, gap analysis, risk register, certification readiness, internal audit

2. SOC 2

File: SOC 2 - Claude Skill/soc2.skill

The SOC 2 skill turns Claude into an expert SOC 2 compliance advisor grounded in the AICPA 2017 Trust Services Criteria (TSC) with 2022 Revised Points of Focus. It covers all five TSC: Security (CC1–CC9), Availability (A1), Confidentiality (C1), Processing Integrity (PI1), and Privacy (P1–P8).

What it does:

Conducts gap analyses across in-scope TSC criteria with 🔴/🟡/🟢 status ratings and remediation roadmaps
Drafts all 12 core SOC 2 policies (Information Security, Access Control, Incident Response, Change Management, Risk Assessment, Vendor Management, BCP/DR, and more)
Documents controls in auditor-ready format: Control ID, TSC criterion, type, owner, frequency, evidence, and test procedure
Produces evidence checklists mapped to each criterion, with sampling guidance for Type 1 vs Type 2 audits
Handles vendor risk: tiering, 32-question security questionnaires, SOC 2 report review, CUEC tracking, and contractual requirements
Adapts its tone — plain-language for first-time SOC 2 teams, technical AICPA-coded output for practitioners and auditors

Trigger phrases: SOC 2, Trust Services Criteria, TSC, CC6, Type 1, Type 2, AICPA, audit readiness, control statement, evidence

3. FedRAMP [US]

File: FedRamp - Claude Skill/fedramp.skill

The FedRAMP skill turns Claude into a knowledgeable FedRAMP advisor covering the full authorization lifecycle for Cloud Service Providers (CSPs) under the current NIST SP 800-53 Rev 5 baseline. It is current as of 2025–2026, incorporating the Rev 5 transition, the September 2026 OSCAL mandate, and December 2024 template updates.

What it does:

Conducts readiness and gap assessments using a 75+ item checklist across 14 security domains
Guides authoring of ATO documentation: System Security Plans (SSP), POA&Ms, SAPs, SARs, and all required appendices (A–Q)
Maps NIST 800-53 Rev 5 controls across all 20 control families to specific system implementations
Provides cloud architecture guidance for AWS GovCloud, Azure Government, and Google Cloud Government
Supports Continuous Monitoring (ConMon) obligations: monthly deliverables, POA&M SLA management, deviation requests
Guides the Rev 4 → Rev 5 transition, FIPS 199 impact level scoping, and OSCAL readiness

Trigger phrases: FedRAMP, ATO, SSP, POA&M, 3PAO, NIST 800-53, ConMon, AWS GovCloud, Azure Government, impact level, OSCAL

4. 🇪🇺 GDPR [EU]

File: GDPR - Claude Skill/gdpr-compliance.skill

The GDPR skill turns Claude into an expert GDPR compliance assistant that bridges technical and legal perspectives. It covers the full EU GDPR regulation with notes on UK GDPR (DPA 2018) where the rules differ, and adapts its tone automatically — technical for developers, legally precise for compliance and privacy professionals.

What it does:

Audits code, APIs, database schemas, and architectures for GDPR violations, producing severity-graded findings (🔴/🟡/🟢) mapped to specific GDPR articles
Drafts compliance documents from built-in templates: Privacy Notices (Art. 13/14), Data Processing Agreements (Art. 28), Cookie/Consent Banners, DPIAs (Art. 35), Data Retention Policies, and Data Subject Rights Procedures
Answers compliance questions with authoritative article citations — every response leads with the governing article, then exceptions, then practical implications
Reviews data flows and PII handling across six dimensions (what, why, where, who, how long, how protected) and checks alignment with RoPA requirements
Covers all key GDPR areas: lawful basis, consent, data subject rights (Arts. 15–22), international transfers (Arts. 44–49), breach response (Arts. 32–34), special category data (Arts. 9–10), and penalties (Arts. 77–84)

Trigger phrases: GDPR, data protection, privacy, personal data, DPA, DPIA, lawful basis, data subject rights, consent, RoPA, Schrems II, ICO, EDPB

5. HIPAA [US]

File: HIPAA - Claude Skill/hipaa-compliance.skill

The HIPAA skill turns Claude into a knowledgeable HIPAA compliance advisor covering the Privacy Rule, Security Rule, and Breach Notification Rule (45 CFR Parts 160 and 164, as amended by HITECH). It serves both technical teams building systems that handle ePHI and compliance/legal teams managing organizational obligations.

What it does:

Reviews documents, systems, and architectures for HIPAA compliance, producing structured findings with CFR citations, risk levels (High / Medium / Low), and remediation steps
Generates HIPAA-compliant documents from nine ready-to-use templates: Notice of Privacy Practices (NPP), Business Associate Agreements (BAA), Authorization Forms, Workforce Training Acknowledgments, Security Incident Reports, Risk Analysis Templates, and more — all with inline CFR citations
Advises on technical safeguards for modern cloud environments (AWS, Azure, GCP), FHIR APIs, mobile/BYOD, and DevOps pipelines — covering all 54 Security Rule implementation specifications (Required and Addressable)
Explains HIPAA in plain language for any audience — from developers needing encryption guidance to general staff learning what counts as PHI
Guides breach response using the 4-factor risk assessment, notification timelines, HHS reporting obligations, and scenario-by-scenario guidance

Trigger phrases: HIPAA, PHI, ePHI, covered entity, business associate, BAA, NPP, breach notification, minimum necessary, Privacy Rule, Security Rule

6. NIST CSF

File: NIST Cybersecurity framework - Claude Skill/NIST Cybersecurity.skill

The NIST CSF skill turns Claude into an expert NIST Cybersecurity Framework advisor covering both CSF 2.0 (February 2024) and CSF 1.1 (April 2018), defaulting to the current CSF 2.0. It covers all six functions — Govern, Identify, Protect, Detect, Respond, Recover — including the new Govern function introduced in CSF 2.0.

What it does:

Conducts structured gap assessments across all six CSF 2.0 functions, categories, and subcategories
Builds Organisational Profiles — Current and Target — aligned to business context, risk tolerance, and regulatory obligations
Assesses Implementation Tiers (1–4) across three dimensions and provides targeted advancement guidance
Creates prioritised implementation roadmaps with phased 30/60/90-day and strategic actions
Maps CSF subcategories to NIST SP 800-53, ISO 27001:2022, and CIS Controls v8
Generates policies aligned to CSF functions — governance policy, incident response, data security, access control, and more
Guides CSF 1.1 → CSF 2.0 migration with a detailed subcategory mapping and migration checklist

Trigger phrases: NIST CSF, Cybersecurity Framework, CSF 2.0, Govern function, GV.SC, ID.AM, PR.AA, DE.CM, RS.MA, RC.RP, cybersecurity profile, implementation tiers, CSF gap assessment

7. PCI DSS

File: PCI Compliance - Claude Skill/PCI-Compliance.skill

The PCI DSS skill turns Claude into an expert PCI DSS compliance advisor covering PCI DSS v4.0.1 (June 2024 — current version), including all requirements that became mandatory on March 31, 2025. It covers all 12 requirements, all 8 SAQ types, merchant and service provider levels, and key v4.0 changes from v3.2.1.

What it does:

Scopes the Cardholder Data Environment (CDE) — identifies what's in scope, assesses network segmentation, and recommends scope reduction via tokenisation or P2PE
Selects the correct SAQ type — walks through the decision tree for SAQ A, A-EP, B, B-IP, C, C-VT, P2PE, and D with rationale
Conducts structured gap assessments across all 12 requirements with QSA evidence requirements and common gaps
Provides control implementation guidance for any PCI DSS sub-requirement — what to implement, evidence needed, and common pitfalls
Generates PCI DSS-aligned policies — incident response, access control, cryptography, patch management, data retention, and more
Guides v3.2.1 → v4.0.1 migration including new requirements for MFA expansion, payment page script integrity (Req 6.4.3), phishing protection (Req 5.4.1), and automated log review (Req 10.4.1.1)
Explains Defined vs Customised Approach and when to use Targeted Risk Analysis (TRA)

Trigger phrases: PCI DSS, PCI compliance, cardholder data, CDE, SAQ, ROC, QSA, ASV scan, PAN, tokenisation, P2PE, merchant level, payment page, Req 8.4.2, Req 6.4.3

8. 🚨 TSA Cybersecurity [US]

File: TSA Compliance - Claude Skill/TSA-Compliance.skill

The TSA Cybersecurity skill turns Claude into an expert TSA cybersecurity directive advisor for critical transportation infrastructure. It covers all current TSA Security Directive series — SD Pipeline-2021-01G, SD Pipeline-2021-02F, SD 1580-21-01E (freight rail), and SD 1582-21-01E (transit/passenger rail) — plus the November 2024 NPRM proposing to formalise these directives as permanent federal regulations.

Note on SSI: TSA Security Directives are classified as Sensitive Security Information (SSI) under 49 CFR Part 1520. This skill is built from publicly available summaries, Federal Register notices, and DHS/CISA publications — not the classified full directive text. Covered entities receive the actual directive directly from TSA.

What it does:

Determines applicability — which directive series applies to your organisation (pipeline, freight rail, transit, or bus) and what that means for your compliance obligations
Runs structured gap assessments across the four technical domains: IT/OT network segmentation, access controls (MFA), continuous monitoring, and patch management
Drafts Cyber Risk Management Program (CRMP) documents: Cybersecurity Implementation Plan (CIP/COIP), Incident Response Plan (IRP), Architecture Design Review (ADR), and Cybersecurity Assessment Plan (CAP)
Guides OT/ICS-specific implementation — data diodes, jump servers for legacy HMIs, passive monitoring tools (Claroty, Dragos, Nozomi), OT patch lifecycle with vendor coordination
Explains 24-hour CISA incident reporting obligations: what qualifies, how to report, sample initial report language, and CIRCIA overlap
Advises on annual IRP testing — two objectives minimum, test scenarios, documentation requirements, and after-action review process
Explains the 2024 NPRM impact: NIST CSF 2.0 alignment, CISA CPG baseline, proposed COIP structure, and what changes when the rule is finalised

Trigger phrases: TSA Security Directive, SD Pipeline-2021, SD 1580-21-01, SD 1582-21-01, TSA cybersecurity, Critical Cyber Systems, CCS, Cybersecurity Coordinator, Cybersecurity Implementation Plan, CIP, CRMP, IRP testing, Architecture Design Review, ADR, CAP, CISA 24-hour reporting, OT segmentation TSA, pipeline cybersecurity, rail cybersecurity directive, transit cybersecurity, TSA NPRM 2024

9. ISO 42001 AI Management System

File: ISO 42001 - Claude Skill/ISO-42001.skill

The ISO 42001 skill turns Claude into an expert ISO/IEC 42001:2023 AI Management System (AIMS) advisor — the world's first international standard for AI governance. It serves both AI providers (organisations that develop or deploy AI) and AI users (organisations integrating third-party AI), covering the full certification lifecycle from gap assessment through Stage 2 audit readiness.

What it does:

Conducts structured gap assessments across all mandatory clauses (4–10) and all 38 Annex A controls (domains A.2–A.10) with 🔴/🟡/🟢 status, evidence requirements, and a phased remediation roadmap
Guides the mandatory AI System Impact Assessment (AISIA) step by step — identifying affected populations, assessing impact dimensions (severity, reversibility, breadth, human oversight), classifying impact level (Low/Medium/High), and determining proportionate control requirements
Performs AI risk assessment across all risk categories: model risks (bias, drift, hallucination, adversarial attacks), data risks (quality, poisoning, privacy in training data), operational risks (scope creep, human over-reliance), and supply chain risks (third-party model risk, API dependencies)
Generates a complete Statement of Applicability (SoA) covering all 38 Annex A controls (A.2.2–A.10.4) with applicability decisions, justifications, and implementation status
Drafts all core AIMS policies — AI Policy, AI Risk Management Policy, AI Acceptable Use Policy, Data Governance for AI Policy, AI Incident Management Policy, AI System Lifecycle Policy, and AI Supplier Management Policy — each with document control blocks and clause citations
Produces Stage 1 and Stage 2 audit checklists with RAG status, evidence requirements per clause, and common auditor focus areas
Maps ISO 42001 to the EU AI Act — aligns AISIA to the Fundamental Rights Impact Assessment (FRIA) for high-risk AI systems; maps Annex A controls to EU AI Act technical requirements
Integrates ISO 42001 with ISO 27001 for organisations building a unified ISMS + AIMS

Trigger phrases: ISO 42001, ISO/IEC 42001, AI Management System, AIMS, AISIA, AI System Impact Assessment, responsible AI standard, AI governance standard, Annex A AI controls, AI risk assessment ISO, Statement of Applicability AI, AI policy ISO, AI certification, AI lifecycle controls, AI supplier management ISO, EU AI Act management system, NIST AI RMF ISO mapping, AI bias controls, AI transparency standard, AI incident management ISO

10. ISO 27701 Privacy Information Management

File: ISO 27701 - Claude Skill/iso27701.skill

The ISO 27701 skill turns Claude into an expert ISO/IEC 27701:2025 Privacy Information Management System (PIMS) advisor — covering the full lifecycle from gap assessment through certification. It handles both ISO 27701:2025 (the new standalone edition) and ISO 27701:2019 (the legacy ISO 27001 extension), and covers both PII controllers and PII processors.

What it does:

Conducts structured gap analyses across all mandatory HLS clauses (4–10) and all 78 Annex A controls — 31 for PII controllers (A.1), 18 for PII processors (A.2), and 29 shared security controls (A.3)
Generates complete, audit-ready PIMS policy documents — Privacy Policy, Records of Processing Activities (RoPA), Data Subject Rights Procedure, Privacy by Design Procedure, Data Processing Agreements (DPAs), and more
Builds privacy risk registers focused on harm to PII principals, triggers DPIAs for high-risk processing, and produces risk treatment plans
Creates Statements of Applicability (SoA) scoped to the organization's role (controller, processor, or both) with applicability decisions and justification
Provides control-by-control implementation guidance for every A.1, A.2, and A.3 control — with purpose, implementation steps, audit evidence, and common pitfalls
Guides 2019 → 2025 transitions with a full control mapping table, gap analysis checklist, and recommended timeline to the October 2028 deadline
Maps ISO 27701 to GDPR article by article, plus CCPA/CPRA, LGPD, PIPEDA, PDPA (Singapore/Thailand), and UK GDPR

Trigger phrases: ISO 27701, PIMS, privacy information management, PII controller, PII processor, privacy risk assessment, DPIA, data subject rights, records of processing activities, RoPA, privacy by design, data processing agreement, DPA, GDPR alignment ISO 27701, ISO 27701:2025, ISO 27701:2019, 27701 transition, standalone PIMS, Annex A controller controls, Annex A processor controls

11. DORA [EU] — Digital Operational Resilience

File: DORA - Claude Skill/dora.skill

The DORA skill turns Claude into an expert advisor on Regulation (EU) 2022/2554 (the Digital Operational Resilience Act) — the anchoring ICT regulation for EU financial entities since 17 January 2025. It encodes all 64 DORA articles, all 12 adopted RTS/ITS, and provides precise article-level guidance for every compliance workflow. It explicitly separates DORA from NIS2, legacy EBA ICT guidelines, and ISO 27001 — a common source of conflation in general LLM responses.

What it does:

Conducts structured DORA gap analyses across all four pillars: ICT risk management framework (Chapter II, Art. 5–16), incident management (Chapter III, Art. 17–23), resilience testing / TLPT (Chapter IV, Art. 24–27), and ICT third-party risk (Chapter V, Art. 28–44)
Guides ICT-related incident classification against Art. 18 criteria and the materiality thresholds in CDR (EU) 2024/1772, with a full decision tree for major vs. non-major
Builds three-stage incident reporting procedures per Art. 19 and CDR (EU) 2025/301 — initial (4h), intermediate (72h), final (1 month) — including content requirements at each stage
Reviews and drafts contractual provisions per Art. 30(2)(a)–(i), flagging the common audit-rights gap with hyperscale cloud providers
Builds or validates the Register of Information with all mandatory fields per CIR (EU) 2024/2956
Assesses ICT concentration risk per Art. 28(6) and Art. 29 — including multi-function reliance on a single cloud provider
Scopes TLPT programmes per Art. 26 and CDR (EU) 2025/1190, covering threat intelligence phase, red team test, mutual recognition, and tester qualification requirements
Drafts ICT risk management framework documentation per Art. 6–14 and CDR (EU) 2024/1774
Precisely distinguishes Chapter II (proactive ICT risk governance) from Chapter III (reactive incident management) — a common compliance confusion point
References all 12 adopted RTS/ITS by exact regulation number (CDR/CIR) with article-level mapping

Trigger phrases: DORA, Regulation (EU) 2022/2554, digital operational resilience, ICT risk management framework, DORA gap analysis, Art. 6 DORA, Art. 17 ICT incident, Art. 18 classification, Art. 19 incident reporting, Art. 26 TLPT, Art. 28 third-party risk, Art. 30 contractual provisions, Register of Information, CIR 2024/2956, CDR 2024/1772, CDR 2024/1773, CDR 2024/1774, CDR 2025/301, CDR 2025/1190, TLPT financial entities, ICT concentration risk, critical ICT TPSP, DORA vs NIS2, EBA ICT guidelines DORA, DORA incident classification, DORA reporting timelines, Chapter II DORA, Chapter III DORA

12. 🇮🇳 DPDPA [India] — Digital Personal Data Protection Act

File: DPDPA - Claude Skill/dpdpa.skill

The DPDPA skill turns Claude into an expert advisor on India's Digital Personal Data Protection Act, 2023 and the finalized DPDP Rules, 2025 (notified 13 November 2025, effective 13 May 2027). It covers all 44 sections of the Act and all 23 Rules, with precise section-level citations, GDPR-alignment mapping, and guidance calibrated for both Indian companies and global organizations with Indian data subjects.

What it does:

Conducts structured DPDPA gap analyses covering notice and consent (Sections 5–6 + Rules 3–4), lawful processing (Section 7), Data Fiduciary obligations (Section 8 + Rules 6–9), children's data (Section 9 + Rules 10–12), and SDF obligations (Section 10 + Rule 13)
Distinguishes DPDPA from GDPR across 8 key dimensions — scope (digital-only vs. all personal data), lawful bases (no legitimate interests in DPDPA), consent standard (unconditional + no bundling), cross-border transfers (blacklist vs. whitelist), erasure right (narrower in DPDPA), DPO requirements (SDFs only; India-resident), children's threshold (18 years vs. 16), and enforcement model (single Board vs. multi-DPA)
Guides notice design per Rule 3 — standalone format, plain language, multi-language obligations (Eighth Schedule), and legacy data notice requirements for pre-commencement data
Advises on the two lawful bases only — Consent (Section 6) and the nine Certain Legitimate Uses (Section 7) — and identifies GDPR processing activities that require fresh consent under DPDPA
Guides breach notification per Section 8(6) and Rule 6 — 72-hour Board notification timeline, content requirements, Processor notification obligations, and the difference from GDPR's risk-threshold approach (all breaches notifiable to Board)
Designs children's data compliance programmes — 18-year threshold, Rule 12 parental verification methods (DigiLocker, government tokens, existing verified data, virtual tokens), and absolute prohibitions on tracking/profiling/targeted advertising
Advises Significant Data Fiduciaries (SDFs) on additional obligations — India-resident DPO (Section 10 + Rule 13(2)), annual DPIA (Rule 13(3)), annual independent audit (Rule 13(4)), and data localisation readiness
Guides Data Principal rights fulfilment — access (Section 11), correction/erasure (Section 12), grievance redressal (Section 13 — mandatory exhaustion before Board complaint), and the unique right to nominate (Section 14)
Advises on cross-border transfers — blacklist approach (Section 16), no countries currently notified as restricted (April 2026), and contractual safeguards recommended despite absence of formal restrictions
Advises global organisations on their territorial obligations — India-nexus test (Section 3), GDPR compliance gaps that don't satisfy DPDPA, and GDPR-to-DPDPA migration priorities

Trigger phrases: DPDPA, Digital Personal Data Protection Act, India data protection, Data Fiduciary, Data Principal, Significant Data Fiduciary, SDF, Data Protection Board of India, DPBI, DPDP Rules 2025, Section 5 DPDPA, Section 6 DPDPA, Section 7 DPDPA, Section 8 DPDPA, Section 9 DPDPA, Section 10 DPDPA, Rule 3 DPDP, Rule 6 DPDP breach notification, Rule 12 parental consent, India privacy law, India digital privacy, DPDPA gap analysis, DPDPA vs GDPR, India data law, MeitY data protection, DigiLocker consent, India children data law, DPDPA consent requirements, DPDPA breach notification, India cross-border data transfer

13. CMMC 2.0 [US] — Cybersecurity Maturity Model Certification

File: CMMC - Claude Skill/cmmc.skill

The CMMC 2.0 skill turns Claude into an expert CMMC compliance advisor for US defense contractors navigating the Cybersecurity Maturity Model Certification program. It covers all three CMMC levels — Level 1 (17 FAR 52.204-21 practices), Level 2 (110 NIST SP 800-171 Rev 2 practices), and Level 3 (110+ NIST SP 800-172 requirements) — under the final 32 CFR Part 170 rule (effective December 16, 2024).

What it does:

Determines the correct CMMC level for a given contract based on FCI vs. CUI handling, DFARS clauses present (7012, 7019, 7020, 7021), and program criticality
Conducts structured gap assessments across all 17 CMMC domains — AC, AT, AU, CM, IA, IR, MA, MP, PE, PS, RA, CA, SC, SI — against the full 110-practice set for Level 2
Drafts complete System Security Plans (SSP) covering system boundary definition, CUI data flow diagrams, and control implementation narratives for all 110 practices
Calculates and explains the SPRS score (starting at 110; deductions per unmet practice; range −203 to +110) and prioritises highest-impact gaps (MFA, FIPS cryptography, CUI flow control, audit logging)
Manages the POA&M lifecycle — identifies which practices can remain in a POA&M at certification, drafts remediation milestones, and tracks the 180-day closure deadline
Scopes CUI — identifies which systems, people, and processes are in-scope, recommends enclave strategies to reduce scope, and flags FedRAMP Moderate requirements for cloud services handling CUI
Prepares for C3PAO assessments — explains the four-phase assessment process (documentation review, assessment activities, findings, certification decision), lists required evidence per practice type, and identifies the 7 critical practices that block conditional certification
Explains DFARS clause obligations: 72-hour DIBNET incident reporting (DFARS 252.204-7012), SPRS self-assessment submission, and flow-down requirements to subcontractors under DFARS 252.204-7021

Trigger phrases: CMMC, CMMC 2.0, CMMC Level 2, CUI, Controlled Unclassified Information, NIST 800-171, DFARS 7021, DFARS 252.204-7021, C3PAO, SPRS score, defense contractor, DIB, DoD contractor, FCI, SSP CMMC, POA&M CMMC, gap analysis CMMC, DIBCAC, CUI scoping, 32 CFR Part 170

14. 🤖 NIST AI Risk Management Framework

File: NIST AI RMF - Claude Skill/nist-ai-rmf.skill

The NIST AI RMF skill turns Claude into an expert advisor on the NIST AI Risk Management Framework (AI RMF 1.0), published January 2023 as NIST AI 100-1. It covers all four core functions — GOVERN, MAP, MEASURE, and MANAGE — with their 19 categories and subcategories, the AI RMF Playbook's suggested actions, and deep guidance on evaluating AI systems for trustworthiness.

What it does:

Builds AI organizational profiles — Current Profile (where you are) and Target Profile (where you want to be) across all 19 categories with gap scoring and a prioritised remediation roadmap
Conducts GOVERN gap assessments across all 6 categories (GV-1 to GV-6) — AI risk policies, accountability structures, roles, cross-functional teams, risk tolerance, and regulatory alignment
Guides MAP context-setting for any AI system — intended use documentation, affected stakeholder mapping, risk/benefit analysis, and likelihood/impact characterization
Specifies MEASURE 2.x evaluation actions before deployment — bias/fairness testing (demographic parity, equalized odds, disparate impact), explainability (SHAP, LIME, counterfactuals), adversarial robustness, privacy assessment, and human oversight validation
Builds AI risk registers with per-risk AI RMF category citations (e.g., MAP 5.2, MEASURE 2.2, MANAGE 2.3), trustworthiness property at risk, treatment options, and owners
Provides MANAGE incident response guidance — model failure triggers, containment procedures, stakeholder notification thresholds, and lessons-learned cycles
Maps AI RMF to ISO 42001, EU AI Act, and NIST CSF — showing which AI RMF categories satisfy Art. 9 (EU AI Act risk management system), equivalent ISO 42001 clauses, and how AI RMF extends NIST CSF beyond cybersecurity into societal and ethical AI risk

Trigger phrases: NIST AI RMF, AI RMF, NIST AI 100-1, AI Risk Management Framework, GOVERN function, MAP function, MEASURE function, MANAGE function, AI RMF Playbook, AI risk profile, AI trustworthiness, AI bias assessment, AI explainability, MEASURE 2.2, AI risk register, AI organizational profile, responsible AI framework, AI governance framework, AI incident response, AI RMF gap assessment

15. 🏦 SWIFT Customer Security Programme (CSP)

File: SWIFT CSP - Claude Skill/swift-csp.skill

The SWIFT CSP skill turns Claude into an expert advisor on the SWIFT Customer Security Controls Framework (CSCF) v2025 — the mandatory cybersecurity programme for all SWIFT network participants. It covers all 31 controls (23 mandatory + 8 advisory), all five architecture types (A1/A2/A3/A4/B), the KYC-SA annual attestation process, and complete cross-framework mappings to ISO 27001:2022, PCI DSS v4.0.1, and NIST CSF 2.0.

What it does:

Determines the correct SWIFT architecture type (A1/A2/A3/A4/B) from a description of the organisation's SWIFT connectivity and produces the full mandatory/advisory control applicability matrix
Conducts structured CSCF v2025 gap assessments with 🔴/🟡/🟢 status per control, evidence requirements, and prioritised remediation roadmaps
Provides deep-dive implementation guidance for all 23 mandatory controls — purpose, requirements, step-by-step implementation, and audit evidence artifacts
Guides the complete KYC-SA attestation process — evidence preparation per control, independent assessor qualification criteria, portal submission steps, and post-submission counterparty visibility
Advises on the CSCF v2024 → v2025 changes: critical patch SLA tightened from 7 to 3 days, hardware MFA token requirement explicitly mandated, log retention clarified (1 year online, 3 years total)
Provides SWIFT-specific incident response guidance — 24-hour initial notification to security@swift.com, 30-day full report, evidence preservation, and IRP content requirements for Control 7.1
Explains Type B (service bureau) responsibilities — the split between bureau and customer obligations, and how to verify your bureau's KYC-SA attestation
Maps CSCF controls to ISO 27001:2022, PCI DSS v4.0.1, and NIST CSF 2.0 — identifying both synergies and SWIFT-specific additions not covered by existing certifications

Trigger phrases: SWIFT CSP, CSCF, KYC-SA, SWIFT security attestation, Alliance Access, SWIFT operator MFA, SWIFT secure zone, SWIFT secure flow zone, CSCF v2025, Control 4.2 SWIFT, Control 6.4 SWIFT, Control 7.1 SWIFT, SWIFT architecture type A1, SWIFT service bureau, Type B SWIFT, SWIFT incident response, SWIFT gap assessment, SWIFT mandatory controls, SWIFT hardware token, SWIFT log retention

16. 🇦🇺 ISM [Australia] — Australian Information Security Manual

File: ISM - Claude Skill/ism.skill

The ISM skill turns Claude into an expert advisor on the Australian Information Security Manual — the whole-of-government cybersecurity framework published by the Australian Signals Directorate (ASD) for Australian federal and state government entities and their supply chains. It covers all 22 guideline chapters, the six-step risk management cycle, control applicability markings (NC/OS/PROTECTED/SECRET/TOP SECRET), the IRAP assessment programme, system authorisation, and the Essential Eight relationship.

What it does:

Applies the ISM's control applicability marking system — determines which NC/OS/PROTECTED/SECRET/TOP SECRET controls apply to a system and explains the stacking rule (higher classifications cumulate all lower-level controls)
Guides the complete system authorisation pathway — defining system boundary, selecting and implementing controls, IRAP assessment, ATO sign-off by the Authorising Official, and ongoing monitoring
Prepares agencies for IRAP assessments — artefact checklists (SSP, network diagrams, asset register, risk register, policy suite, control evidence), what to expect during assessment, and the post-assessment POA&M → ATO pathway
Provides deep-dive guidance across all 22 ISM guideline chapters: system hardening (Ch. 13), patch management SLAs (Ch. 14), logging/monitoring requirements (Ch. 15), cryptographic standards (Ch. 20), email security (Ch. 18), networking (Ch. 19), and more
Explains the Essential Eight as a prioritised ISM subset — maps each of the 8 strategies to their ISM chapters, explains ML0–ML3 maturity levels, and distinguishes between Essential Eight compliance and full ISM compliance
Advises private sector suppliers and cloud service providers on their ISM obligations under government contracts and when IRAP assessments are required even for non-government entities
Covers approved cryptographic standards (AES-256 for PROTECTED+, TLS 1.2 minimum, SHA-256 minimum, prohibited algorithms) and log retention requirements (18 months minimum for OS/PROTECTED systems)
Supports SSP drafting — the System Security Plan structure, required sections, classification, security objectives, and how it feeds the ATO decision

Trigger phrases: ISM, Information Security Manual, ASD cybersecurity, IRAP assessment, IRAP assessor, system authorisation, ATO Australia, PROTECTED system, OFFICIAL Sensitive, NC OS PROTECTED, Essential Eight, ASD compliance, Australian government cybersecurity, ISM controls, ISM gap analysis, ISM chapter, ISM hardening, ISM OSCAL, cyber.gov.au, ASD IRAP

17. 🇪🇺 NIS2 [EU] Directive

File: NIS2 - Claude Skill/nis2.skill

The NIS2 skill turns Claude into an expert advisor on the EU NIS2 Directive (Directive (EU) 2022/2555) — the European Union's overarching cybersecurity framework for essential and important entities. In force since 27 December 2022 (transposition deadline 17 October 2024), NIS2 replaces the original NIS1 Directive and significantly expands scope, strengthens incident reporting obligations, introduces management body accountability, and raises maximum penalties to €10M or 2% of global turnover.

What it does:

Determines entity classification — Essential Entity (Annex I: 11 highly critical sectors) or Important Entity (Annex II: 7 other critical sectors) — and applies size-threshold analysis to confirm scope
Guides compliance with all 10 Art. 21 cybersecurity risk management measures: risk analysis policies, incident handling, BCP/DR/crisis management, supply chain security, secure SDLC and vulnerability management, effectiveness assessment, cyber hygiene training, cryptography, HR security and access control, and MFA/secure communications
Walks through the Art. 23 incident reporting workflow: 24-hour early warning, 72-hour incident notification, and 1-month final report — with content requirements for each stage and guidance on significant incident thresholds
Explains Art. 20 governance obligations — management body approval, mandatory cybersecurity training, and personal liability under Member State transposition law
Performs ISO 27001 gap analysis — maps ISO 27001:2022 Annex A controls to NIS2 Art. 21 measures and identifies gaps where ISO 27001 certification is necessary but not sufficient (Art. 20, Art. 23 timelines, MFA mandate, ENISA supply chain assessments)
Advises on EE vs IE supervision differences — Essential Entities face proactive Art. 32 oversight (on-site inspections, security audits); Important Entities face reactive Art. 33 oversight
Addresses the DORA lex specialis interaction — explains DORA precedence for financial entities under Art. 4, identifies residual NIS2 obligations, and recommends an integrated compliance programme
Calculates penalty exposure (EE: up to €10M or 2% global turnover; IE: up to €7M or 1.4%) and advises on remediation prioritisation to reduce regulatory risk

Trigger phrases: NIS2, NIS 2, Directive EU 2022 2555, essential entity, important entity, NIS2 compliance, NIS2 incident reporting, Article 21 NIS2, Article 23 NIS2, NIS2 gap analysis, NIS2 policy, NIS2 supply chain, NIS2 governance, NIS2 risk management, ENISA NIS2, NIS2 penalties, NIS2 transposition, NIS2 and DORA, NIS2 and ISO 27001, network information security directive

18. CCPA/CPRA [California] Privacy

File: CCPA - Claude Skill/ccpa.skill

The CCPA/CPRA skill turns Claude into an expert advisor on California's comprehensive privacy laws — the California Consumer Privacy Act (CCPA, effective January 1, 2020) and the California Privacy Rights Act (CPRA/Proposition 24, effective January 1, 2023). CPRA significantly expanded CCPA, created the California Privacy Protection Agency (CPPA), introduced Sensitive Personal Information (SPI) as a new category, and added rights to correct PI, limit SPI use, and set retention periods.

What it does:

Determines business applicability — whether an organisation meets the CCPA/CPRA threshold ($25M revenue OR 100K+ consumers/households OR 50%+ revenue from PI sale/sharing) and what obligations follow
Guides consumer rights fulfillment — step-by-step workflows for right to know (access), delete, correct, opt-out of sale/sharing, limit SPI use, portability, and non-discrimination — including identity verification, exceptions, response deadlines (45 days / 15 business days for SPI), and service provider propagation
Classifies ad tech, cookie tracking, and data sharing — determines whether arrangements constitute a "sale" or CPRA "sharing" (cross-context behavioral advertising), advises on Global Privacy Control (GPC) signal compliance and consent management
Identifies Sensitive Personal Information (SPI) — precise geolocation, biometrics, health data, SSNs, credentials, and more — and advises on permitted uses, limitation rights, disclosure requirements, and 15-business-day response SLA
Performs GDPR-to-CCPA/CPRA gap analysis — identifies CCPA/CPRA-specific additions (Do Not Sell or Share link, GPC, SPI limitation, minors' opt-in, financial incentive disclosures) and highlights key structural differences (opt-out vs. opt-in, no lawful basis requirement, household data, private right of action for breaches)
Drafts privacy notices and policies — at-collection notices, comprehensive privacy policies with all required CCPA/CPRA disclosures, and "Do Not Sell or Share" and "Limit SPI" opt-out pages
Assesses CPPA enforcement and penalty exposure — $2,500/unintentional, $7,500/intentional, $100–$750/consumer for breach private actions

Trigger phrases: CCPA, CPRA, California Consumer Privacy Act, California Privacy Rights Act, Do Not Sell or Share, sensitive personal information California, CPPA, California privacy compliance, right to know California, right to delete California, California opt-out, GPC signal, Global Privacy Control, ad tech CCPA, CCPA gap analysis, CCPA vs GDPR, California data privacy, CCPA service provider, CCPA third party, CCPA penalty

19. ITAR [US] — International Traffic in Arms Regulations

File: ITAR - Claude Skill/itar.skill

The ITAR skill turns Claude into an expert advisor on US defense export controls under 22 CFR Parts 120–130, administered by the Directorate of Defense Trade Controls (DDTC) at the US State Department. ITAR controls the export, re-export, and transfer of defense articles, defense services, and related technical data enumerated on the United States Munitions List (USML).

What it does:

Performs USML jurisdiction analysis — applies the enumeration test and specially designed test (22 CFR § 120.41) to determine whether an item falls under ITAR or EAR, and guides Commodity Jurisdiction (CJ) requests for ambiguous cases
Guides DDTC registration under 22 CFR Part 122 — who must register, DS-2032 submission, annual fees, renewal timelines, and Empowered Official (EO) designation
Advises on export licensing — DSP-5 (permanent export), DSP-73 (temporary export), DSP-94 (temporary import), application requirements via D-Trade, licence conditions, Congressional notification thresholds
Drafts and reviews Technical Assistance Agreements (TAA) and Manufacturing License Agreements (MLA) under 22 CFR Part 124, including all mandatory clauses: retransfer prohibition, US government rights, audit rights, and 5-year record retention
Advises on deemed exports — foreign national access to ITAR-controlled technical data inside the US is treated as an export to their home country; covers Technology Control Plans (TCP), screening requirements, and access segregation
Guides brokering compliance under 22 CFR Part 129 — registration, prior approval requirements, and annual reporting obligations
Manages violations and voluntary disclosures — walks through the VSD process under 22 CFR § 127.12, penalty exposure (civil up to $1.369M/violation, criminal up to $1M/20 years), mitigating and aggravating factors, and corrective action planning

Trigger phrases: ITAR, International Traffic in Arms Regulations, USML, United States Munitions List, DDTC, defense export, deemed export, TAA, technical assistance agreement, MLA, manufacturing license agreement, DSP-5, DSP-73, ITAR registration, ITAR violation, voluntary disclosure ITAR, ITAR vs EAR, commodity jurisdiction, defense article, defense service, ITAR compliance, technology control plan, Empowered Official

20. LGPD [Brazil] — General Data Protection Law

File: LGPD - Claude Skill/lgpd.skill

The LGPD skill turns Claude into an expert advisor on Brazil's Lei Geral de Proteção de Dados Pessoais (Law 13,709/2018), the comprehensive Brazilian data protection law enforced by the ANPD (Autoridade Nacional de Proteção de Dados). LGPD applies extraterritorially to any organisation processing personal data of individuals located in Brazil.

Analyses extraterritorial scope (Art. 3) — determines whether LGPD applies to your organisation regardless of country of establishment
Maps legal bases for processing (Art. 7 — 10 bases for regular data; Art. 11 — stricter bases for sensitive data including health, biometric, racial origin)
Drafts LGPD-compliant privacy notices (Art. 9) and consent mechanisms (Art. 8) covering all mandatory elements
Guides data subject rights fulfilment (Arts. 17–22) — access, correction, deletion, portability, consent revocation, automated decision review — with 15-day response workflows
Advises on DPO/Encarregado appointment (Art. 41) — mandatory publication requirements and ANPD Resolution No. 2/2022 SME exemptions
Produces DPIA/RIPD templates (Art. 38) for high-risk processing and RoPA (Records of Processing Activities) structures (Art. 37)
Guides ANPD breach notification (Art. 48 + ANPD Resolution No. 15/2024) — 3 working-day preliminary notification and 20 working-day full report requirements
Analyses international transfer mechanisms (Arts. 33–36) for countries without ANPD adequacy decisions (including the US)
Calculates penalty exposure (Art. 52) — fines up to 2% of Brazilian revenue, maximum R$50 million per violation
Provides LGPD vs. GDPR comparison — key differences in legal bases, DPO obligations, breach timelines, and fine structures

Trigger phrases: LGPD, Brazil data protection, Lei Geral de Proteção de Dados, ANPD, Brazilian privacy law, LGPD compliance, LGPD gap assessment, Encarregado, RIPD, LGPD legal basis, LGPD data subject rights, Brazil data breach, ANPD notification, LGPD vs GDPR, Brazil personal data, LGPD penalty, Brazil privacy policy

21. CSRD [EU] — Corporate Sustainability Reporting Directive

File: CSRD - Claude Skill/csrd.skill

The CSRD skill turns Claude into an expert advisor on EU Directive 2022/2464 (CSRD), which requires approximately 50,000 companies to disclose detailed environmental, social, and governance (ESG) information under the European Sustainability Reporting Standards (ESRS). CSRD came into force on 5 January 2023 and replaces the Non-Financial Reporting Directive (NFRD).

Determines CSRD scope and first reporting year — analyses PIE (>500 employees), large company, listed SME, and non-EU company (>€150M EU turnover) thresholds across all four cohorts (FY 2024–2028)
Guides the Double Materiality Assessment (DMA) — ESRS 1 step-by-step process covering impact materiality (scale, scope, irremediability) and financial materiality (risks and opportunities), with scoring templates
Produces CSRD gap assessments — maps current GRI/TCFD/CDP/SASB disclosures to mandatory ESRS datapoints and identifies priority gaps
Drafts ESRS disclosures — ESRS 2 General Disclosures (GOV-1 to GOV-5, SBM-1 to SBM-3, IRO-1) and all topical standards (E1–E5, S1–S4, G1) for material topics
Advises on ESRS E1 Climate Change — Scope 1, 2, and all 15 Scope 3 GHG emission categories, transition plan (Art. 19a(2)(a)), EU Taxonomy alignment, physical and transition risk financial effects
Supports ESRS S1 Own Workforce disclosures — gender pay gap, CEO pay ratio, LTIFR, collective bargaining coverage, health & safety management systems
Designs Scope 3 GHG emissions programmes — category prioritisation matrix, data collection methods (CDP Supply Chain, spend-based, supplier surveys), proxy methodology disclosure
Plans assurance readiness — limited assurance requirements under Art. 26a, documentation standards, transition to reasonable assurance post-2028
Advises on XBRL/iXBRL digital tagging requirements under ESEF and management report placement obligations
Provides CSRD vs GRI/TCFD/SASB/CDP comparison — framework interoperability, Appendix C mapping, and gap identification for existing reporters

Trigger phrases: CSRD, Corporate Sustainability Reporting Directive, ESRS, double materiality, double materiality assessment, DMA, ESG reporting Europe, sustainability disclosure EU, non-financial reporting, ESRS E1, ESRS S1, ESRS G1, Scope 3 CSRD, transition plan ESRS, CSRD gap assessment, CSRD scope, EU sustainability reporting, ESRS assurance, XBRL sustainability, CSRD vs GRI, CSRD vs TCFD, EU Taxonomy CSRD, NFRD CSRD, ESRS materiality

22. 🛡️ CIS Controls v8 — CIS Top 18 Cyber Hygiene

File: CIS Controls - Claude Skill/cis-controls.skill

The CIS Controls v8 skill turns Claude into an expert CIS Controls advisor covering all 18 CIS Controls and 153 safeguards from the May 2021 v8 release, including explicit cloud and mobile coverage. It applies the Implementation Group (IG) framework — IG1 (56 safeguards, essential cyber hygiene), IG2 (130 safeguards, intermediate), and IG3 (153 safeguards, advanced) — to scope guidance to each organization's risk profile and resource level.

What it does:

Determines the correct Implementation Group for any organization based on IT resources, data sensitivity, regulatory exposure, and threat profile — then scopes all guidance to that IG
Conducts structured CIS Controls gap assessments across all 18 controls and applicable safeguards with 🔴/🟡/🟢 status, IG assignment, asset type, security function, and prioritised remediation roadmap
Provides safeguard-level implementation guidance for all 153 safeguards — practical steps, recommended tools (e.g., Qualys, CrowdStrike, Splunk, Microsoft Defender), and common pitfalls
Delivers a structured IG1 12-week quick-start programme — week-by-week asset inventory, secure configuration, access controls, patch management, backups, and training
Maps CIS Controls v8 to NIST CSF 2.0 (subcategory-level), ISO 27001:2022 Annex A, CMMC 2.0 / NIST SP 800-171, SOC 2 TSC, and PCI DSS v4.0
Advises on vulnerability management SLAs — CVSS-based remediation timelines (Critical: 15 days, High: 30 days, Medium: 90 days) and authenticated scanner deployment
Designs SIEM/log management programmes per Control 8 — what to collect, retention standards (90-day hot, 12-month minimum), and NTP synchronisation
Provides industry-specific guidance — healthcare (HIPAA alignment), finance (PCI DSS alignment), government (CMMC alignment), and education (FERPA alignment)

Trigger phrases: CIS Controls, CIS Top 18, CIS v8, CIS Controls v8, Implementation Group, IG1, IG2, IG3, CIS safeguards, cyber hygiene controls, CIS gap assessment, CIS Controls NIST mapping, CIS Benchmarks, CIS CSAT, asset inventory CIS, vulnerability management CIS, CIS Controls ISO 27001, CIS Controls SOC 2, CIS Controls PCI DSS, CIS Controls CMMC, CIS Controls NIST CSF

23. 📦 EAR — Export Administration Regulations

File: EAR - Claude Skill/ear.skill

The EAR skill turns Claude into an expert Export Administration Regulations advisor with deep knowledge of all 15 CFR Parts 730–774, administered by the Bureau of Industry and Security (BIS). It guides exporters, manufacturers, technology companies, and compliance professionals through the full dual-use export control lifecycle — from item classification to licence analysis to enforcement response.

What it does:

Applies the mandatory Order of Review to determine EAR vs. ITAR jurisdiction — USML check first, then CCL classification or EAR99 confirmation
Classifies items across all 10 CCL categories (0–9) and 5 product groups (A–E) with step-by-step ECCN determination, including when to seek a CCATS or CJ request
Analyses licence requirements using the Commerce Country Chart — RFC × country matrix — and identifies applicable licence exceptions (LVS, GBS, CIV, APP, TSR, TMP, RPL, GOV, TSU, ENC, BAG, AVS, ACE, GFT)
Screens transactions against all restricted party lists: Entity List, Denied Persons List, Unverified List, MEU List, and OFAC SDN — with guidance on the Consolidated Screening List (CSL)
Explains deemed export rules (§ 734.13), the most restrictive nationality rule for dual nationals, and access control obligations for foreign national employees
Covers the Foreign Direct Product Rule (FDPR) — General FDPR, Entity List FDPR (Huawei 2020), Advanced Computing FDPR (2022/2023), and Russia/Belarus FDPR (2022)
Guides through Voluntary Self-Disclosure (VSD) under § 764.5 — initial notification, 180-day full submission, OEE process, and penalty mitigation calculus
Designs a 7-element BIS Export Compliance Programme (ECP) and assesses maturity (Basic/Developing/Proficient/Advanced) against BIS penalty mitigation standards

Trigger phrases: EAR, Export Administration Regulations, ECCN, EAR99, BIS, export control, Commerce Control List, CCL, dual-use export, export licence, Entity List, Denied Persons List, deemed export, FDPR, Foreign Direct Product Rule, licence exception, ENC exception, voluntary self-disclosure, VSD, SNAP-R, export compliance programme, ECP, restricted party screening, export to China, export to Russia, de minimis rule, CCATS, EAR vs ITAR

24. 🏛️ NIST SP 800-53 — Security and Privacy Controls for Federal Systems

File: NIST 800-53 - Claude Skill/nist-800-53.skill

The NIST SP 800-53 skill turns Claude into an expert federal security and privacy controls advisor covering the full SP 800-53 Rev 5 catalog (September 2020) and its companion publications — SP 800-53B baselines, SP 800-53A assessment procedures, and SP 800-37 Rev 2 Risk Management Framework. It serves federal agency teams, cloud service providers pursuing FedRAMP, system owners, ISSOs, and GRC professionals implementing FISMA-mandated controls.

What it does:

Categorises systems using FIPS 199/200 and SP 800-60 — determines C/I/A impact levels, applies the high-water mark rule, and selects the appropriate Low, Moderate, or High baseline from SP 800-53B
Covers all 20 control families (AC, AT, AU, CA, CM, CP, IA, IR, MA, MP, PE, PL, PM, PS, PT, RA, SA, SC, SI, SR) with key controls, baseline assignments, and implementation notes — including the new PT (Privacy) and SR (Supply Chain) families added in Rev 5
Guides tailoring — identifies common/inherited controls, applies scoping considerations, fills in Organization-Defined Values (ODVs) with federal guidance, designs compensating controls, and supplements the baseline for elevated risks
Writes SSP control narratives in the standard format — each covering implementation description, responsible role, inherited/hybrid designation, and testing method for SP 800-53A assessment
Manages POA&Ms (CA-5) — documents OTS findings from assessments, assigns FedRAMP-aligned remediation timelines (Critical: 30 days; High: 90 days; Moderate: 180 days; Low: 1 year), and tracks risk acceptance decisions
Guides all 7 RMF steps (SP 800-37 Rev 2): Prepare → Categorize → Select → Implement → Assess → Authorize → Monitor, including ATO package assembly (SSP + SAR + POA&M) and continuous monitoring (ConMon) strategy
Maps SP 800-53 to peer frameworks — ISO 27001:2022, NIST CSF 2.0, CMMC 2.0, and FedRAMP — for cross-framework compliance programmes
Addresses EO 14028 and OMB M-22-09 phishing-resistant MFA obligations under IA-2(1) and IA-2(2), and FIPS 140-2/3 cryptographic module requirements under SC-13

Trigger phrases: NIST SP 800-53, SP 800-53, NIST 800-53, federal security controls, RMF, Risk Management Framework, FISMA, ATO, Authority to Operate, FIPS 199, FIPS 200, FIPS 140, SP 800-53B, control baseline, Low baseline, Moderate baseline, High baseline, SSP narrative, System Security Plan, POA&M, Plan of Action, ConMon, continuous monitoring, SP 800-53A, security assessment, ODV, organization-defined value, control tailoring, common controls, inherited controls, AC-2, IA-2, SC-8, SI-2, SR family, PT family, supply chain risk, OSCAL, 3PAO, FedRAMP controls, ISSO, system owner, authorizing official

25. 🤖 EU AI Act — Regulation (EU) 2024/1689

File: EU AI Act - Claude Skill/eu-ai-act.skill

The EU AI Act skill turns Claude into an expert EU AI Act compliance advisor covering the full Regulation (EU) 2024/1689 — the world's first comprehensive horizontal AI regulation, in force from 1 August 2024. It serves AI providers, deployers, importers, and authorised representatives operating in or placing AI on the EU market.

What it does:

Classifies AI systems across all four risk tiers — Prohibited (Art. 5), High-Risk (Art. 6 + Annex I/III), Limited Risk (Art. 50), and Minimal/No Risk — using both the Annex I safety component path (Art. 6(1)) and the Annex III listed use case path (Art. 6(2))
Screens for all 8 prohibited practices (Art. 5, applies from 2 February 2025): subliminal manipulation, vulnerability exploitation, social scoring, predictive criminal assessment, untargeted biometric scraping, workplace/education emotion inference, sensitive-attribute biometric categorisation, and real-time RBI in public spaces by law enforcement
Walks through all 8 Annex III high-risk use case areas: biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration/border control, and justice/democracy
Covers provider obligations (Arts. 9–17): risk management (5-step process), data governance, Annex IV technical documentation, automatic logging, transparency to deployers, human oversight design, accuracy/robustness/cybersecurity, 12-item provider checklist, and 13-component QMS
Covers deployer obligations (Art. 26): instructions compliance, staff competence, monitoring, 6-month log retention, worker notification, public authority registration, and GDPR DPIA
Guides conformity assessment and CE marking: Annex VI self-assessment (Areas 2–8) vs. Annex VII notified body (Area 1 biometrics), EU Declaration of Conformity (Art. 47, 10-year retention), CE marking (Art. 48), EU AI database registration (Arts. 49/60)
Covers GPAI model obligations (Arts. 53–55, from 2 August 2025): universal obligations, open-source exception, systemic risk threshold (10²⁵ FLOPs, Art. 51), and systemic risk additional obligations including adversarial testing and AI Office reporting
Maps to peer frameworks: ISO 42001:2023, NIST AI RMF 1.0, and GDPR — showing where obligations overlap and where dual compliance is required
References penalty exposure (Art. 99): €35M/7% for prohibited practices, €15M/3% for provider/deployer violations, €7.5M/1% for misleading authorities

Trigger phrases: EU AI Act, AI Act, Regulation 2024/1689, high-risk AI, prohibited AI, GPAI model, general-purpose AI, AI system classification, AI conformity assessment, CE marking AI, EU AI database, AI Office, AI Board, systemic risk AI, Art. 5 AI, Annex III AI, AI provider obligations, AI deployer obligations, human oversight AI, AI risk management, Art. 50 transparency, chatbot disclosure AI, AI Act compliance, GPAI obligations, open-source AI Act, AI Act penalty, AI Act timeline, AI Act GDPR

26. ♿ Section 508 — US Federal ICT Accessibility

File: Section 508 - Claude Skill/section-508.skill

The Section 508 skill turns Claude into an expert US federal ICT accessibility compliance advisor covering the Revised Section 508 Standards (2018) (36 CFR Part 1194), which incorporate WCAG 2.0 Level A and AA as the technical standard for web content, software, and electronic documents. It supports federal agencies, contractors, and ICT vendors across the full compliance lifecycle — from accessibility audits and VPAT completion to PDF remediation, procurement RFP language, and undue burden determinations.

What this skill covers:

VPAT/ACR completion — VPAT 2.x WCAG Edition structure, all four conformance levels (Supports/Partially Supports/Does Not Support/Not Applicable), three tables (Level A, Level AA, Functional Performance Criteria), required testing methodology disclosure
WCAG 2.0 Level A and AA success criteria — all 38 criteria across the four POUR principles (Perceivable, Operable, Understandable, Robust) with common failure patterns and fixes
Accessibility auditing — automated scanning (axe, WAVE, Lighthouse), keyboard-only testing, screen reader testing (JAWS + Chrome, NVDA + Firefox, VoiceOver + Safari), colour contrast verification
PDF accessibility — Tagged PDFs, tag hierarchy, form field accessible names, Alt text, reading order, document language, Acrobat Pro Full Accessibility Check
Federal procurement — FAR clause 52.239-2, RFP accessibility requirements, VPAT evaluation methodology, common vendor VPAT deficiencies, post-award remediation SLAs
Exceptions — Undue burden (E202.5): written determination process, alternative means of access obligations, re-evaluation triggers; fundamental alteration; legacy ICT

Trigger phrases: Section 508, 508 compliance, WCAG federal, VPAT, ACR accessibility, accessibility conformance report, ICT accessibility, federal accessibility, POUR principles, web accessibility 508, keyboard accessibility audit, screen reader testing, PDF accessibility, accessible federal website, undue burden 508, assistive technology testing, FAR 52.239-2, 508 procurement, JAWS testing, VoiceOver compliance, axe accessibility, colour contrast 508, focus visible 508, alt text federal

27. ♿ WCAG — Web Content Accessibility Guidelines

File: WCAG - Claude Skill/wcag.skill

The WCAG skill turns Claude into an expert advisor on WCAG 2.0, 2.1, and 2.2 — the W3C international standard for digital accessibility developed by the Web Accessibility Initiative (WAI). WCAG underpins accessibility laws worldwide: the EU EAA (EN 301 549), US Section 508 and ADA, UK Equality Act, and Australia's DDA all reference WCAG conformance. Supports developers, designers, product teams, and legal/compliance teams working on web, mobile, and digital content accessibility.

Key capabilities:

POUR principles and all success criteria — comprehensive coverage of WCAG 2.2 including all 9 new criteria (SC 2.4.11–13, 2.5.7–8, 3.2.6, 3.3.7–8) and all 17 criteria added in 2.1 for mobile, low vision, and cognitive accessibility; conformance levels A/AA/AAA; WCAG 3.0 preview
Accessibility audits — colour contrast analysis (SC 1.4.3 and 1.4.11), ARIA patterns and screen reader testing (NVDA+Chrome, JAWS+Chrome, VoiceOver+Safari), keyboard navigation (ARIA APG patterns), focus management (SC 2.4.3, 2.4.7, 2.4.11), live region announcements (SC 4.1.3), reflow testing (SC 1.4.10)
Code review — annotated violations with SC numbers, ARIA corrections, corrected code examples; React/HTML/ARIA pattern guidance aligned with ARIA Authoring Practices Guide
Accessibility statements — full publication-ready statements with conformance status, known issues, SC citations, contact/feedback mechanism, formal complaints procedure per EU Web Accessibility Directive (Decision 2018/1523)
Legal framework mapping — maps WCAG to EN 301 549, EU EAA (June 2025), EU Web Accessibility Directive, US Section 508, ADA Title III, UK PSBAR 2018, UK Equality Act, AODA, and Australia DDA with jurisdiction-specific version requirements

Trigger phrases: WCAG, WCAG 2.1, WCAG 2.2, web accessibility, POUR principles, accessibility audit, colour contrast, screen reader, keyboard accessibility, ARIA, focus visible, reflow, accessibility statement, EN 301 549, European Accessibility Act, WCAG conformance, success criteria, alt text, captions accessibility, SC 1.4.3, SC 4.1.2, NVDA, VoiceOver, JAWS screen reader, WCAG 2.2 upgrade

Potential Use Cases

Scenario	Relevant Skill(s)
Preparing for an ISO 27001:2022 Stage 2 certification audit	ISO 27001
Writing an Information Security Policy mapped to Annex A	ISO 27001
Running a SOC 2 readiness assessment before engaging an auditor	SOC 2
Documenting controls for a SOC 2 Type 2 report	SOC 2
Scoping a FedRAMP Moderate authorization on AWS GovCloud	FedRAMP
Writing SSP control narratives for all 20 NIST 800-53 control families	FedRAMP
Auditing an API for GDPR compliance before product launch	GDPR
Drafting a DPIA for a new AI feature that processes personal data	GDPR
Generating a BAA for a healthcare SaaS vendor relationship	HIPAA
Assessing whether a data incident constitutes a reportable HIPAA breach	HIPAA
Building a compliance program that satisfies both ISO 27001 and SOC 2	ISO 27001 + SOC 2
Responding to a customer security questionnaire covering multiple frameworks	All skills
Onboarding a new compliance engineer who needs framework context quickly	Any skill
Preparing a risk register and treatment plan for an ISMS	ISO 27001
Transitioning from ISO 27001:2013 to ISO 27001:2022	ISO 27001
Preparing for a FedRAMP Rev 4 → Rev 5 transition	FedRAMP
Assessing current cybersecurity posture using NIST CSF 2.0	NIST CSF
Building a CSF organisational profile with Current and Target states	NIST CSF
Advancing from CSF Implementation Tier 1 to Tier 2	NIST CSF
Migrating a cybersecurity programme from CSF 1.1 to CSF 2.0	NIST CSF
Mapping ISO 27001 or SOC 2 controls to NIST CSF subcategories	NIST CSF + ISO 27001 / SOC 2
Writing a Cybersecurity Governance Policy aligned to the CSF GV function	NIST CSF
Scoping a PCI DSS CDE for a cloud-hosted e-commerce platform	PCI DSS
Selecting the right SAQ type for a merchant using a hosted payment page	PCI DSS
Preparing for a Level 1 ROC with a QSA	PCI DSS
Implementing the new PCI DSS v4.0 payment page script integrity requirements	PCI DSS
Extending MFA to all CDE access per Req 8.4.2	PCI DSS
Managing third-party service providers under PCI DSS Req 12.8	PCI DSS
Determining whether your pipeline or rail operation is a TSA covered entity	TSA Cybersecurity
Drafting a Cybersecurity Implementation Plan (CIP) for pipeline OT/SCADA environments	TSA Cybersecurity
Planning and documenting annual IRP testing for TSA directive compliance	TSA Cybersecurity
Responding to ransomware on IT that may spread to OT — reporting obligations to CISA	TSA Cybersecurity
Conducting an Architecture Design Review (ADR) for IT/OT network segmentation	TSA Cybersecurity
Implementing MFA and PAM for legacy OT/HMI systems with limited native controls	TSA Cybersecurity
Understanding what changes if TSA's November 2024 NPRM becomes final regulation	TSA Cybersecurity
Aligning a TSA CRMP to NIST CSF 2.0 and CISA Cross-Sector CPGs	TSA Cybersecurity + NIST CSF
Running an ISO 42001 gap assessment for an AI provider with multiple ML models in production	ISO 42001
Completing an AI System Impact Assessment (AISIA) for an automated hiring tool	ISO 42001
Building a Statement of Applicability (SoA) covering all 38 ISO 42001 Annex A controls (A.2–A.10)	ISO 42001
Drafting an AI Policy and AI Acceptable Use Policy for a financial services firm	ISO 42001
Assessing whether a customer-facing AI system requires high-impact controls under ISO 42001	ISO 42001
Preparing evidence packages for ISO 42001 Stage 1 and Stage 2 certification audits	ISO 42001
Mapping ISO 42001 AISIA requirements to EU AI Act Fundamental Rights Impact Assessment (FRIA)	ISO 42001
Integrating an ISO 42001 AIMS with an existing ISO 27001 ISMS	ISO 42001 + ISO 27001
Governing staff use of public AI tools (ChatGPT, Copilot) under Annex A control A.9.2 and A.9.4	ISO 42001
Running an ISO 27701:2025 gap assessment for a SaaS company acting as both PII controller and processor	ISO 27701
Transitioning from ISO 27701:2019 certification to the 2025 standalone edition	ISO 27701
Drafting a GDPR-aligned Data Processing Agreement (DPA) with all required Article 28 clauses	ISO 27701
Building a Records of Processing Activities (RoPA) covering all processing operations	ISO 27701
Completing a DPIA for a new AI feature that profiles users for targeted advertising	ISO 27701
Implementing a Data Subject Rights handling procedure with response SLAs	ISO 27701
Mapping ISO 27701:2025 controls to GDPR articles for a compliance audit	ISO 27701
Assessing sub-processor management obligations for a cloud-native B2B SaaS	ISO 27701
Integrating a PIMS with an existing ISO 27001:2022 ISMS to avoid duplicating controls	ISO 27701 + ISO 27001
Running a DORA gap analysis for an EU credit institution ahead of a supervisory review	DORA
Classifying an ICT incident against Art. 18 criteria and CDR (EU) 2024/1772 thresholds	DORA
Building a three-stage incident reporting procedure (4h / 72h / 1 month) per Art. 19	DORA
Reviewing ICT vendor contracts against Art. 30(2) mandatory provisions	DORA
Building or validating the Register of Information per CIR (EU) 2024/2956	DORA
Assessing ICT concentration risk for a bank reliant on a single hyperscaler	DORA
Scoping a TLPT programme and evaluating whether the Art. 26 threshold applies	DORA
Drafting an ICT Third-Party Risk Policy satisfying CDR (EU) 2024/1773	DORA
Advising on the interaction between DORA and NIS2 for a financial entity	DORA
Mapping DORA obligations to legacy EBA ICT guidelines and identifying what changed	DORA
Running a DPDPA gap analysis for an Indian SaaS company ahead of the May 2027 compliance deadline	DPDPA
Identifying which GDPR-compliant processing activities need fresh consent or re-mapping under DPDPA	DPDPA + GDPR
Designing a notice compliant with Section 5 and Rule 3, including multi-language obligations	DPDPA
Implementing a 72-hour breach notification pipeline per Section 8(6) and Rule 6	DPDPA
Designing a children's data compliance programme with Rule 12 parental verification (DigiLocker, virtual tokens)	DPDPA
Assessing whether a digital platform must eliminate targeted advertising and behavioural tracking for under-18 users	DPDPA
Advising a global company on its India data transfer obligations — blacklist approach vs. GDPR's whitelist	DPDPA
Preparing for potential Significant Data Fiduciary designation — DPO appointment, DPIA, and audit readiness	DPDPA
Updating Data Processing Agreements with vendors to satisfy Rule 16	DPDPA
Assessing whether a company relying on legitimate interests for analytics must obtain consent under DPDPA	DPDPA
Building a Data Principal rights fulfilment procedure covering access, correction, erasure, and nomination	DPDPA
Determining your CMMC level based on contract DFARS clauses and CUI handling	CMMC 2.0
Running a CMMC Level 2 gap assessment across all 110 NIST SP 800-171 practices	CMMC 2.0
Drafting a System Security Plan (SSP) covering all 110 practices with implementation narratives	CMMC 2.0
Calculating your SPRS score and prioritising the highest-impact gap remediations	CMMC 2.0
Preparing for a C3PAO assessment — evidence packages, critical practices, POA&M rules	CMMC 2.0
Scoping CUI within your organisation and designing an enclave to reduce CMMC scope	CMMC 2.0
Managing DFARS 252.204-7012 incident reporting obligations (72-hour DIBNET reporting)	CMMC 2.0
Flowing down CMMC requirements to subcontractors handling CUI	CMMC 2.0
Building an AI organizational profile using NIST AI RMF Current and Target states	NIST AI RMF
Running a GOVERN gap assessment for an organization starting its AI risk programme	NIST AI RMF
Evaluating a credit scoring model against MEASURE 2.x trustworthiness criteria	NIST AI RMF
Building an AI risk register mapped to NIST AI RMF categories for a deployed ML system	NIST AI RMF
Mapping NIST AI RMF to the EU AI Act Article 9 risk management system requirement	NIST AI RMF + ISO 42001
Assessing bias and fairness of a hiring AI tool (demographic parity, equalized odds, EEOC 4/5ths rule)	NIST AI RMF
Designing a post-deployment AI monitoring programme using MEASURE 3.x and MANAGE 3.x	NIST AI RMF
Integrating NIST AI RMF with an existing NIST CSF programme	NIST AI RMF + NIST CSF
Determining your SWIFT architecture type (A1/A2/A3/A4/B) and getting the full CSCF v2025 control applicability matrix	SWIFT CSP
Running a CSCF v2025 gap assessment for an Alliance Access on-premises deployment	SWIFT CSP
Understanding why software OTP (Google Authenticator) fails Control 4.2 and remediating with hardware tokens before July attestation	SWIFT CSP
Preparing all evidence and completing the annual KYC-SA attestation via swift.com/myswift	SWIFT CSP
Developing a SWIFT-specific incident response plan covering 24-hour SWIFT notification and 30-day report obligations	SWIFT CSP
Verifying your service bureau's (Type B) KYC-SA attestation and understanding split control responsibilities	SWIFT CSP
Mapping existing ISO 27001 or PCI DSS controls to CSCF requirements to identify SWIFT-specific gaps	SWIFT CSP + ISO 27001 / PCI DSS
Remediating common CSCF non-compliance patterns: shared VLAN, stale patches, missing SIEM coverage, token inventory gaps	SWIFT CSP
Understanding which ISM control applicability markings (NC/OS/PROTECTED) apply to an Australian government cloud system	ISM
Preparing artefacts for an IRAP assessment of a PROTECTED-level system	ISM
Hardening a Windows Server 2022 deployment to ISM Chapter 13 requirements with evidence checklist	ISM
Mapping Essential Eight Maturity Level 2 requirements to their ISM guideline chapters	ISM
Understanding ISM compliance obligations for a private sector cloud provider under a government contract	ISM
Drafting a System Security Plan (SSP) for ATO sign-off on an OFFICIAL: Sensitive system	ISM
Understanding approved cryptographic algorithms and log retention periods under the ISM	ISM
Comparing ISM requirements with ISO 27001 controls to identify government-specific gaps	ISM + ISO 27001
Determining whether a European energy company is an Essential or Important Entity under NIS2 and understanding its obligations	NIS2
Walking through the NIS2 Art. 23 incident reporting workflow (24h/72h/1-month) after a ransomware attack	NIS2
Performing a gap analysis between an existing ISO 27001:2022 ISMS and full NIS2 compliance	NIS2 + ISO 27001
Drafting an NIS2-compliant incident response policy covering all 10 Art. 21 measures and Art. 23 reporting timelines	NIS2
Explaining the DORA lex specialis relationship and identifying residual NIS2 obligations for a European bank	NIS2 + DORA
Understanding Art. 20 management body obligations, personal liability, and required cybersecurity training under NIS2	NIS2
Assessing supply chain security obligations under NIS2 Art. 21(2)(d) and Art. 26 ENISA coordinated risk assessments	NIS2
Calculating maximum NIS2 penalty exposure and comparing EE vs IE supervisory regimes (Art. 32 vs Art. 33)	NIS2
Determining whether a US e-commerce business meets any CCPA/CPRA threshold and understanding its core obligations	CCPA/CPRA
Handling a combined right-to-know and right-to-delete request from a California consumer, including identity verification and exceptions	CCPA/CPRA
Assessing whether sharing cookie IDs with an ad tech platform constitutes a CCPA 'sale' or CPRA 'sharing', and implementing opt-out mechanisms	CCPA/CPRA
Performing a gap analysis between an existing GDPR programme and CCPA/CPRA — identifying California-specific additions	CCPA/CPRA + GDPR
Classifying precise geolocation, health, and biometric data as CPRA Sensitive Personal Information and understanding the 15-business-day SPI limitation workflow	CCPA/CPRA
Drafting an at-collection privacy notice and a comprehensive privacy policy meeting all CCPA/CPRA disclosure requirements	CCPA/CPRA
Implementing Global Privacy Control (GPC) signal recognition as a valid opt-out from sale/sharing	CCPA/CPRA
Assessing CPPA enforcement risk and calculating penalty exposure for unintentional vs. intentional CCPA/CPRA violations	CCPA/CPRA
Determining whether a small professional services firm needs IG1, IG2, or IG3 controls — and getting a scoped 12-week quick-start plan	CIS Controls v8
Running a CIS Controls v8 gap assessment for a healthcare organisation and mapping findings to HIPAA Security Rule safeguards	CIS Controls v8 + HIPAA
Implementing all 56 IG1 safeguards across endpoints, user accounts, backups, and training — prioritised by security impact	CIS Controls v8
Deploying MFA across external applications, remote access, and admin accounts (Safeguards 6.3/6.4/6.5) and selecting phishing-resistant options	CIS Controls v8
Mapping CIS Controls v8 to NIST CSF 2.0 subcategories for a cross-framework compliance programme	CIS Controls v8 + NIST CSF
Building a vulnerability management programme with authenticated scans, CVSS-based remediation SLAs, and tracking KPIs	CIS Controls v8
Designing a SIEM and log management programme per Control 8 — what events to collect, retention standards, and NTP synchronisation	CIS Controls v8
Classifying an RF power amplifier under the EAR — ECCN determination and licence requirement analysis for export to Germany	EAR
Assessing deemed export obligations for a Chinese national employee accessing controlled encryption source code	EAR
Responding to a discovered Entity List re-export violation — voluntary self-disclosure process and penalty mitigation	EAR
Determining whether AES-256 cybersecurity software requires a BIS licence for export to France, India, and Brazil	EAR
Designing a 7-element Export Compliance Programme for a semiconductor equipment company with customers in Europe and Asia	EAR
Determining whether a foreign-made chip uses US-origin equipment subject to the Foreign Direct Product Rule (FDPR)	EAR
Applying the ENC licence exception for a commercial encryption product and completing the one-time BIS notification	EAR
Categorising a federal HR system under FIPS 199 and selecting the correct SP 800-53B baseline	NIST SP 800-53
Documenting an AC-2(3) OTS finding from a security assessment and building the POA&M with FedRAMP remediation timelines	NIST SP 800-53
Implementing phishing-resistant MFA under IA-2(1) and IA-2(2) to satisfy EO 14028 and OMB M-22-09	NIST SP 800-53
Writing an SSP control narrative for SC-8(1) Transmission Confidentiality covering TLS 1.2/1.3 with FIPS 140-3 modules	NIST SP 800-53
Performing a gap analysis between ISO 27001:2022 and FedRAMP Moderate baseline and mapping RMF steps to ATO package	NIST SP 800-53
Tailoring a Moderate baseline to remove inapplicable controls, set ODVs, and document compensating controls for a legacy system	NIST SP 800-53
Building a ConMon strategy with monthly vulnerability scan frequencies, annual penetration testing, and POA&M update cadence	NIST SP 800-53
Classifying an AI-powered CV screening tool for European employers under the EU AI Act — risk tier and provider obligations	EU AI Act
Assessing whether a predictive policing AI tool violates EU AI Act Art. 5 prohibited practices	EU AI Act
Determining GPAI model obligations for an open-source LLM with 3×10²⁴ FLOPs training compute	EU AI Act
Navigating dual regulation for an AI diagnostic imaging tool CE-marked under the EU Medical Devices Regulation	EU AI Act
Understanding Art. 50(1) chatbot disclosure obligations and deployer vs GPAI provider obligations for an e-commerce AI	EU AI Act

How to Install a Skill

Download the .skill file for the framework you need:

Framework	Download
ISO 27001	iso27001.skill
SOC 2	soc2.skill
FedRAMP [US]	fedramp.skill
🇪🇺 GDPR [EU]	gdpr-compliance.skill
HIPAA [US]	hipaa-compliance.skill
NIST CSF	NIST Cybersecurity.skill
PCI DSS	PCI-Compliance.skill
🚨 TSA Cybersecurity [US]	TSA-Compliance.skill
🤖 ISO 42001 AI Management System	ISO-42001.skill
🔒 ISO 27701 Privacy Information Management	iso27701.skill
🏦 DORA Digital Operational Resilience	dora.skill
🇮🇳 DPDPA [India] — Digital Personal Data Protection Act	dpdpa.skill
🛡️ CMMC 2.0 Cybersecurity Maturity Model Certification	cmmc.skill
🤖 NIST AI Risk Management Framework	nist-ai-rmf.skill
🏦 SWIFT Customer Security Programme (CSP)	swift-csp.skill
🇦🇺 ISM [Australia] — Australian Information Security Manual	ism.skill
🇪🇺 NIS2 [EU] Directive	nis2.skill
CCPA/CPRA [California] Privacy	ccpa.skill
ITAR [US] — International Traffic in Arms Regulations	itar.skill
LGPD [Brazil] — General Data Protection Law	lgpd.skill
CSRD [EU] — Corporate Sustainability Reporting Directive	csrd.skill
🛡️ CIS Controls v8 — CIS Top 18 Cyber Hygiene	cis-controls.skill
📦 EAR [US] — Export Administration Regulations	ear.skill
🏛️ NIST SP 800-53 — Security and Privacy Controls for Federal Systems	nist-800-53.skill
🤖 EU AI Act — Regulation (EU) 2024/1689	eu-ai-act.skill
♿ Section 508 [US] — Federal ICT Accessibility	section-508.skill
♿ WCAG — Web Content Accessibility Guidelines	wcag.skill

Open Claude and navigate to Customize → Skills.
Click Upload Skill and select the .skill file.
The skill is now active. Start a new conversation and ask your compliance question — Claude will automatically apply the skill.

Tip: You can install multiple skills at once. If you work across several frameworks (e.g., both ISO 27001 and SOC 2), install all of them — Claude will activate whichever is most relevant to each question.

Install via Claude Code Marketplace

If you use Claude Code — the AI-powered CLI for developers — these skills are also available as installable Claude Code plugins through a hosted marketplace. This is the recommended installation path for developers and teams, as it supports version-pinning, automatic updates, and team-wide distribution without any manual file handling.

Add the marketplace and install the skills you need directly from the terminal:

/plugin marketplace add Sushegaad/Claude-Skills-Governance-Risk-and-Compliance
/plugin install iso27001@grc-skills soc2@grc-skills fedramp@grc-skills gdpr-compliance@grc-skills hipaa-compliance@grc-skills nist-csf@grc-skills pci-compliance@grc-skills tsa-compliance@grc-skills iso42001@grc-skills iso27701@grc-skills dora@grc-skills dpdpa@grc-skills cmmc@grc-skills nist-ai-rmf@grc-skills swift-csp@grc-skills ism@grc-skills nis2@grc-skills ccpa@grc-skills itar@grc-skills lgpd@grc-skills csrd@grc-skills cis-controls@grc-skills ear@grc-skills nist-800-53@grc-skills eu-ai-act@grc-skills

Teams can pre-wire the marketplace in .claude/settings.json so every developer gets the skills automatically when they open the project — no manual install required.

📖 Full installation instructions, team setup, and update guide → INSTALLATION.md

Skill Evaluation

These skills were benchmarked using the Claude Skill Creator eval framework. 135 realistic test cases were run across all 27 skills — 5 per framework — covering gap analysis, policy drafting, control deep-dives, edge cases, and compliance advice scenarios. Each test case was evaluated against 5 objectively verifiable assertions by independent grader agents comparing skill-assisted vs. baseline Claude responses.

Configuration	Pass Rate	Assertions Passed
With GRC Skills installed	96%	626 / 650
Without skills (baseline Claude)	83%	538 / 650
Delta	+13 points	+88 assertions

Per-Skill Results

Skill	Test Cases	With Skill	Baseline	Delta	What Was Tested
ISO 27001	5	100%	84%	+16%	Gap assessment; Policy drafting; 2013→2022 transition; Risk assessment; Management review CAP
SOC 2	5	100%	84%	+16%	Type 1 vs 2; CC controls checklist; Availability criteria; Access control policy; Audit exception response
FedRAMP [US]	5	84%	76%	+8%	Authorization pathways; Impact levels; FedRAMP 20x; System boundary; POA&M remediation timelines
GDPR [EU]	5	88%	88%	+0%	US company checklist; Article 28 DPA; Subject access request; Cookie consent; 72-hour breach notification
HIPAA [US]	5	92%	88%	+4%	Covered entity analysis; BAA template; Encryption (addressable vs required); Risk analysis; Workforce violation
NIST CSF	5	96%	84%	+12%	CSF 2.0 overview; Ransomware recovery plan; Profile creation; Control mapping; Board reporting
PCI DSS	5	92%	88%	+4%	SAQ type selection; Req 3 stored data (v4.0); Breach obligations; Penetration testing; Tokenization scope
TSA Cybersecurity [US]	5	100%	96%	+4%	Pipeline directive requirements; CIRP elements; OT/IT segmentation; Airport applicability; TSA vs CIRCIA
ISO 42001	5	92%	80%	+12%	AIMS applicability; Key requirements; AI-specific risks; Third-party LLM management; AI ethics controls
ISO 27701	5	100%	80%	+20%	Extension to ISO 27001; GDPR mapping; Processor controls; PIA methodology; Certification as GDPR evidence
DORA [EU]	5	88%	72%	+16%	Five pillars; ICT incident reporting timelines; TLPT requirements; Third-party contracts; DORA vs EBA
DPDPA [India]	5	96%	80%	+16%	Applicability to foreign entities; Consent vs GDPR; Children's data (18-year threshold); Cross-border transfers; SDF obligations
CMMC 2.0 [US]	5	100%	100%	+0%	Level determination; SPRS scoring; CUI scoping; SSP structure; C3PAO assessment readiness
NIST AI RMF	5	92%	76%	+16%	Four functions overview; Hiring AI risk assessment; Credit scoring risk register; EU AI Act mapping; GOVERN gap assessment
SWIFT CSP	5	100%	48%	+52%	Architecture scoping (A1/A2/A3/A4/B); MFA hardware token requirement; CSCF v2025 gap assessment; KYC-SA attestation process; Incident response obligations
ISM [Australia]	5	96%	52%	+44%	OS control scoping and authorisation; IRAP assessment preparation; Chapter 13 system hardening; Essential Eight to ISM mapping; Supply chain cloud provider obligations
NIS2 [EU]	5	96%	80%	+16%	Energy company EE/IE classification; SaaS provider Art. 21 obligations; Ransomware Art. 23 reporting workflow; ISO 27001 vs NIS2 gap analysis; DORA lex specialis interaction
CCPA/CPRA [California]	5	100%	96%	+4%	E-commerce threshold analysis; Combined right-to-know and delete workflow; Ad tech sale vs sharing classification; GDPR-to-CCPA gap analysis; SPI classification for mobile app
ITAR [US]	5	100%	100%	0%	USML jurisdiction analysis for military laptops; Deemed export for German engineer; DSP-73 temporary export for trade show; Violation and VSD process; TAA mandatory clauses for India
LGPD [Brazil]	5	100%	80%	+20%	Extraterritorial scope for US SaaS with Brazilian customers; Data deletion request across CRM/email/analytics; Sensitive health data marketing restrictions; Breach notification timelines (3 working days vs GDPR 72h); International transfer mechanisms to the US
CSRD [EU]	5	100%	72%	+28%	CSRD scope analysis for German listed manufacturer (PIE Wave 1); Double materiality vs GRI/TCFD; Post-DMA disclosure requirements for E1/S1/G1; GRI+TCFD to ESRS gap assessment; Non-EU company (US parent, €200M EU revenue) obligations
CIS Controls v8	5	100%	80%	+20%	Implementation Group determination; Gap assessment for SaaS startup; MFA safeguard scoping (IG2); CIS v8 to NIST CSF 2.0 mapping; Vulnerability management programme with remediation SLAs
EAR [US]	5	100%	88%	+12%	RF amplifier ECCN classification for Germany export; Deemed export for Chinese/Australian dual national on 5D002; Entity List re-export violation and VSD process; AES-256 software ENC exception for France/India/Brazil; ECP design for semiconductor equipment company
NIST SP 800-53	5	92%	84%	+8%	FIPS 199 categorization for federal HR system; AC-2(3) OTS finding and POA&M documentation; MFA controls and EO 14028 phishing-resistant MFA; SSP narrative for SC-8(1) Transmission Confidentiality; ISO 27001 to FedRAMP gap analysis and RMF steps
EU AI Act	5	100%	88%	+12%	CV screening tool high-risk classification under Annex III Area 4; Predictive policing Art. 5 prohibition analysis; Open-source GPAI model obligations with 3×10²⁴ FLOPs; AI diagnostic imaging tool dual MDR/AI Act regulation; E-commerce chatbot Art. 50(1) disclosure obligations
Section 508 [US]	5	100%	100%	0%	VPAT 2.x ACR completion and testing methodology; Keyboard-only navigation failures and WCAG remediation; PDF forms accessibility remediation (200 PDFs); Federal procurement RFP requirements and VPAT evaluation; Undue burden exception process and alternative access obligations
WCAG [International]	5	100%	89%	+11%	Colour contrast audit (SC 1.4.3) with replacement suggestions; WCAG 2.2 upgrade criteria from 2.1 AA; React modal ARIA code review with corrected implementation; Legal compliance mapping across US/EU/UK; Accessibility statement for e-commerce site

📊 View the full eval results →

Customer Testimonials

"This is awesome, thank you!" — Reddit u/ThePsychicCEO

"This is awesome! Any chance you can build one for ISO 42001?" — Reddit u/ComparisonThink7683

"As a rather new Claude Code user, I'm both impressed and thankful. It's really helpful that you release it publicly. I am at the stage where I understand the need for a well-written CLAUDE.md and skills. This will help me a lot." — Reddit u/bloulboi

"The skills approach is a good entry point — getting Claude to reason about specific frameworks is exactly the right instinct. The gap I kept hitting was that Claude could describe the compliance picture but couldn't act on it... this is a great start." — Reddit u/sensationweb

"Fantastic work. Going to follow this and test it out myself." — Reddit u/Efficient_Bus_923

"I've been doing something similar for the CIS controls and it's been brilliant so far. I'll be using this for ISO and SOC 2. Thanks!" — Reddit u/gpldn

"Hell ya. We just approved Claude for enterprise so I'll go check it out." — Reddit u/AcrobaticWatercress7

"I'll definitely check this out. I have a skill for threat modeling and am working on some other ones, this is super helpful." — Reddit u/lilgreenbite

"Awesome, thanks for sharing. I'm going to play around with this." — Reddit u/DeliciousNet593

Additional feedback from the Reddit community: r/grc · r/ClaudeAI

Support

Reporting Issues

If you find an error, outdated regulatory reference, or missing coverage in any skill, please open a GitHub issue and include:

The skill name (e.g., ISO 27001, FedRAMP)
A description of the issue or incorrect guidance
The correct information with a source reference if possible (e.g., regulatory text, official guidance document)

Requesting New Skills

Have a compliance framework not covered here? Open a GitHub issue with the tag skill-request and describe the framework, your use case, and the audience it would serve. Community suggestions are welcome for frameworks such as NIST CSF, PCI DSS, CCPA, SOX, CMMC, and others.

Author

Hemant Naik LinkedIn · hemant.naik@gmail.com

Built March 2026

Disclaimer

The skills in this repository provide informational guidance based on publicly available regulatory and standards documentation. They do not constitute legal, audit, or professional compliance advice. Outputs should be reviewed by qualified professionals — such as a certified ISO 27001 Lead Auditor, licensed attorney, Data Protection Officer, or HIPAA compliance officer — before being relied upon for formal compliance purposes.

Regulatory requirements evolve. Always verify guidance against the latest official publications from the relevant standards body or regulatory authority.

Licensed under the MIT License.

cipher387/osint_stuff_tool_collection

A collection of several hundred online tools for OSINT

Cyber Detective's OSINT tools collection

Hello! On my Twitter account @cyb_detective I post different services, techniques, tricks and notes about OSINT and more. I collect all the links from my tweets in this collection (already 1000+ services for a wide variety of purposes).

Thank you for following me! @cyb_detective

Don't forget that OSINT's main strength is in automation. Read the Netlas Cookbook for details and examples.

I have been working on this repository since the summer of 2021. Many tools are constantly becoming obsolete, no longer supported or working at all. But I don't remove from the list so you can use their names and descriptions to find analogues.

Most important categories

Section	Link
Maps, Geolocation and Transport	Explore
Social Media	Explore
Domain/IP/Links	Explore
Image Search and Identification	Explore
Cryptocurrencies	Explore
Messengers	Explore
Code	Explore
Search engines	Explore
IOT	Explore
Archives	Explore
Passwords	Explore
Emails	Explore
Nicknames	Explore

Maps, Geolocation and Transport

Social media and photos

Link	Description
Apps.skylens.io	Posts with geotags from five social networks at once on one map (Twitter, YouTube, Instagram, Flickr, Vkontakte)
photo-map.ru	search geotagged photos from VK.com
Snapchat map
YouTube Geofind	view YouTube geottaged video on map
Flickr Photo Map
Flickr Common Map	displays only Flickr photos distributed under a Creative Commons license (250 of the latest for each location)
I know where your cat lives	geottaged photo from Instagram with #cat hashtag
Trendsmap.com	Explore most popular #Twitter trends, hashtags and users on the worldmap
Pastvu.com	View historical photos taken at a particular location on a map.
BirdHunt	A very simple tool that allows you to select a geolocation/radius and get a list of recent tweets made in that place.
WikiShootMe	Worldwide map of geotagged Wikipedia Creative Commons Images. To display more information, log in with your Media Wiki account.
The Painted Planet	Click on a point on the map to get a list of landscapes by famous artists depicting the area.
COPERNIX	Worldwide map of geolocated Wikipedia articles. It's possible to enter the name of a locality to see articles about local streets or attractions.
WikiNearby	Enter geographic coordinates, language, and get a list of Wikipedia articles about streets, towns, stations and other notable places nearby.
Huntel.io	get a list of links to Facebook/Instagram locations linked to geographic coordinates

Nature

Link	Description
Map View NGMDB	map for exploring some geologic maps and articles from the NGMDB (National Geologic Map Database).
WAQI	World's Air Pollution: Real-time Air Quality Index map
GlobalFishingMap	click on a point on the map and get the data on the current fishing effort at that location.
ncei.noaa.gov	Natural Hazards Viewer (worldwide)
Lightingmaps	lightning strikes in real time and also data on thunderstorms that ended months or years ago
Light Pollution World Map	showing the degree of light pollution in different countries. It's possible to see the data over time (since 2013)
Global Wetlands Map	Interactive map of open waters, mangroves, swamps, fens, riverines, floodswamps, marshs, wet meadows and floodplains (unfortunately, there are not all countries in the world)
Fire MAP NASA	online map of fire hotspots around the world (data from VIIRS and MODIS satellites, last 24 hours)
Ocearch Shark Tracker	Click on a shark on the world map and find out its name, size and travel log.
Surging Seas: Risk Zone Map	Map of points where there is a risk of significant sea level rise in the event of melting glaciers.
USA Fishermap	when you click on a freshwater body of water, its detailed map opens, on which the depth at different points is marked
Mindat.org	mineral maps for different countries
Ventusky.com	collection of weather map (wind, rain, temperature, air pressure, humidity, waves etc)
Wunderground	weather history data
Rain Alarm	shows where it is raining on the map. You can enable notification of approaching rain (in the browser and in the mobile app)
Cyclocane	click on the hurricane on the map and get detailed information about it
MeteoBlue	Weather stats data
Zoom.earth	Worldwide map of rains, storms, fires, heats, winds and others natural phenomenas
NGDC Bathymetry map	worldwide detailed interactive bathymetry map
Soar.earth	big collection satellite, drone and ecological maps
Geodesics on the Earth	finding the shortest path between two points
Google Earth	3D representation of Earth based primarily on satellite imagery
Everymountainintheworld	Map of the world showing the mountains (with absolute and relative altitude and links to Peakbagger, Listsofjohn and Caltopo).
Rivermap	Online map with the most detailed information on Europe's rivers (mostly central for the time being, but the data is being updated): direction and speed, water temperature, depth, slope angle, etc.
Global Biodiversity Information Facility	Enter the name of an animal, bird or plant to see a map of where it has been spotted.
Natural Hazards Map (worldwide)	Enter location and assess the risk of flooding, earthquakes and hail in this place on the map.
River Runner Global	Click on any point on the map and trace the path that a drop of rainwater takes from current location to the world's oceans.
Macrostrat's geologic map system integrates over 290 bedrock geologic maps from around the world into a single, multiscale database (c).	Macrostrat's geologic map system integrates over 290 bedrock geologic maps from around the world into a single, multiscale database (c).
Global Flood Database (and interactive map)	Detailed statistics on floods over the last 15 years (worldwide): precipitation levels, flooded area, number of people affected, dates, duration in days, etc.
Gaisma	A site for those who verify the location of a photo by the position of the sun. It is very much inferior in functionality to http://timeanddate.com, but its interface is much simpler.

Aviation

Link	Description
Skyvector	tool is designed for planning private flights. And you can find an incredible amount of data about the current situation in the sky on it
Flight Connections	click on the airport on the map to see the cities from which it's possible fly direct
World Aviation Accident Database 1962-2007
World Aviation Accident Database 2008-2021
Rzjets.net	user updated online database (census) of civilian jet and turbojet aircraft
Globe.adsbexchange.com	tracking flights on a map
Transtats.bts.gov	flight schedules and data on the actual departure/arrival times of flights in the U.S. for more than 30 years (!))
Legrooms for Google Flights	An extension that displays the size of the legroom between the seats next to the flight information.
Flight Status Info	- get a list of airports by city name; - view the flight schedule of a particular airport; - view the flight schedule of a particular airline; - getting detailed information about a flight and more

Maritime

Link	Description
Track Trace	tracking a shipping container by number
Container Tracking	tracking a shipping container by number
Searates container tracking	tracking a shipping container by number
CMA Voyage Finder	search for voyage details by voyage number or ship name
The Shipping Database	comprehensive archive of the world ships. There is even data for 1820!!!!!!!
Submarinecablemap.com	submarine communications cables map
Submarine Vessels Tracking Map
Ports.com	online calculation of travel time between two ports (with optimal path). It's possible to select the speed from 5 to 40 knots. Shows a list of the seas through which it passes.
Live Cruise Ship Tracker	Large catalogue of cruise ship research materials: - map with trackers; - timetables; - webcams on decks and in ports; - elaborate thematic news aggregator

Railway

Link	Description
Amtrak Status Maps Archive Database	find out the train schedule for a station on a particular day that passed many years ago (since 2008)
Europe station maps floor plan
Rasp.yandex.ru/map/trains	Live map of trains for Russia, Belarus, Ukraine, Kazahstan and Abhazia
Chronotrains	A terrific weekend travel planning service for Europeans. It shows how far you can go from a certain station in 5 hours by train.
Direkht Ban Guru	Enter the name of the station to see what cities you can get to by train without changing (+ travel time for each city).
Live Train Tracker	A world map showing real-time train traffic (with route point's exact geographic coordinates) and schedules on the roads of Europe, North and South America and Australia.
Railcabrides	Click on a point on the railway on the world map (railways are marked in orange or red) to see a list of rail cab videos from that location. With this service you can see many places where Google Street View has not yet reached!
ZugFinder	Detailed information on trains, stations and real-time train traffic for European countries

Routes

Link	Description
Ride With GPS
Wandermap	hiking routes world map
Runmap	running routes world map
Bikemap	biking route world map

Politics, conflicts and crisis

Link	Description
Global Terriorism Database	Info about more than 200,000 terrorist incidents from 1970 to 2020 (worldwide): - dozens of advanced search options; - statistical data for each group of incidents; - many details on each incident, with sources;
Freedomhouse.org	map of the world that shows the scores of different countries on the following indicators (on a scale of 1 to 100)
Crimemapping.com	pick a state, a police agency, and what crimes and where were committed in the territory under its control in the last 24 hours, a week, or a month.
Citizen.com	live map of incidents (mainly shooting) that happened in the last hours in major U.S. cities
MARITIME AWARENESS PROJECT	detailed map of maritime borders of states, economic zones with statistical data on ports and many other objects
Monitor Tracking Civic Space Worldwide Map	Civicus (@CIVICUSalliance)
Hungermap	Worldwide Hunger Map
Native-land.ca	click on the point on the map and find out: - what nation this area used to belong to; - what language was once spoken there; - a historical event that resulted in a nation losing their territory.
RiskMap
Liveuamap
Crisisgroup
Hate Map
emmeline.carto.com
Global Conflict Tracker
Acled data crisis map
Frontex Migratory Map	click on a country or region to see how many illegal border crossings have been reported there in the last six months.
Safe Airspace	(Conflict Zone & Risk Database) worldwide map showing the countries where flying over may be dangerous; detailed history of incidents and official warnings for each country
Worldwide Detention Centres Map	This service will help in investigations related to illegal emigration, human trafficking, missing refugees and tourists.

Culture

Link	Description
Taste Atlas	Worldwide online map of national cuisine. There are thousands of dishes typical of countries or regions as a whole, as well as small towns.

Urban and industrial infrastructure

Link	Description
Wheelmap.org	map shows public places that are accessible and partially accessible to #wheelchair users
Pedestriansfirst	Evaluate the pedestrian friendliness of streets in different cities. There is a lot of detailed data that will be useful both for choosing a place to live and for a variety of research
World Population Density Map	Very detailed data. It's possible to look at the density not only by country and city, but also by individual metropolitan areas, towns, and villages
Emporis Buildings Map	world map showing notable buildings. For each object you can find out the height, number of floors, type, and purpose
Osmbuildings.org	world map showing notable buildings. For each object you can find out the height, type, and purpose.
Find Food Support	find places where you can get free food by address (USA)
Aqicn	Air pollution gauges on the map
Average Gamma Dose Rate Map	Shows measurements of environmental radioactivity in the form of gamma dose rate for the last 24 hours. These measurements originate from some 5500 stations in 39 countries
OpenIndoor	A world map where you can see how different buildings look from the inside (number of floors, location of stairways, rooms, doors, etc.). The database of the service is not very large yet, but the project is constantly being developed.
Poweroutage	Map with real-time power outage statistics by country and region.
Open Benches	Worldwide map of 22,756 memorial benches (added by users).
Sondehub	Worldwide map of radiosondes with detailed info (altitude, coordinates, frequency, manufacturer, sonde-type and much more)
The Meddin Bike-sharing World Map	8 million+ bikes in one map. There is information about rental stations that have recently closed or suspended their activities.
Rally Maps	A worldwide map showing thousands of race (regular and one-off) locations. It's possinle to find names of winners, routes, dates and other detailed information (historical data from the 1970s is available).
SKYDB	Worldwide database of skyscrapers and tall buildings.
Street Art Cities	Worldwide street artworks online map: 1,443 cities and counting, 51,510 artworks, 100 countries and 260 verified artists

Worldwide street webcams

Link	Description
Surveillance under Surveillance	World map of surveillance camera locations (mostly Europe and neighbor countries). For some cameras detailed information is given: geo coordinates, type, mount, timestamp etc
Insecam.org
Earthcam
Camstreamer
Webcamtaxi
Skyline Webcams
Worldcam.eu
Worldcams TV
Geocam
Live beaches	Beaches webcam only
Opentopia
MangolinkWorld
FoxMonitor
WEBCAM CSE	Google Custom Search Engine for search in 10 online street webcam catalogs

Tools

Link	Description
Calculator IPVM	A tool that shows how the image from an outdoor camera it will look (based on data from Google Street View). You can specify camera parameters or select a model from a list (9188 cameras).
Osmaps Radius	drawing circles with a certain radius on the map
MeasureTool-GoogleMaps-V3	Measurement tool for #GoogleMaps.
ACSDG	tool allows you to quickly mark a group of points on the map and then export their geographic coordinates to CSV.
MeasureMapOnline	tool for drawing rectangles, circles and complex polygons on a world map to measure their area and perimeter
Map Fight	compare size of two countries
Presto Map lead extractor	Converts information about labels on Google Maps to CSV or XLSX
Gmaps Extractor	Extract data from placemarks
GPS Visualizer	show gpx and tcx files on map
Map Checking	tool for measuring the number of people in a crowd of different area and density.
OSM Finder	A tool for automate work with Overpass Turbo. Upload a photo, mark a line on the map roads, railroads, power lines and get a ready-made query to find sections of the map corresponding to the photo.
OpenStreetMap (OverPass Turbo) TagInfo database	694 tags for different objects (buildings, trees, streams etc), 5684 keys, 45 relations (routes, streets etc)
Python Overpy	Old (but it's still working) and simple command line #python tool for access Overpass Turbo API.
Mapnificent	Choose a city on the world map, then select an address on the map and see what places you can get to by public transport in a certain time interval (range from 1 to 90 minutes)
Cesium ion	scalable and secure platform for 3D geospatial data. Upload your content and Cesium ion will optimize it as 3D Tiles, host it in the cloud, and stream it to any device
OpenSwitchMapsWeb	One of the most powerful map switches I've ever seen. It allows you to see data for the same location in 160+ different services (some of them in Japanese).
OSM Smart Menu	Google Chrome extension to switch between dozens of different types of online maps (based on #OpenStreetMap and NOT only)
Calcmaps	Simple online map tools: Calculate area (triangles, quadrilaterals and complex polygons), Calculate distance (for complex routes), Measure radius, Calculate elevation
Scribble maps	Partly free online tool for creating infographics (images or pdf) based on maps.
Gdal3.js.org	One of the main problems of using geospatial data in investigations is the large number of applications for working with it, which save the result in different formats. This multifunctional online geodata converter will help to solve it.
Google Maps Timeline Exporter	If your Google account has once enabled collecting data about your location (link for checking https://timeline.google.com/maps/timeline), this extension will help you analyze your movement data in depth, and export it to CSV.
Overpass API	This simple online tool shows Open Street Map changes over a certain date range.
localfocus.nl/geokit	geographic toolkit for investigative journalists
Google Maps Scraper	Enter search terms (ex "Boston museum") and scrape adresses, phone, websites and other place info from Google Maps.
FELT	FREE online tool for creating map-based visualizations: - put labels with names and descriptions - draw lines and routes - choose from hundreds of backgrounds - download your work as PDF, image, GeoJSON or share link to online version
Bellingcat OSM Search	A tool for locating photos and satellite images: Specify the objects you see and the distance between them (ex: a 10-story building 80 meters from a park). Select a search area (ex: a district of a city) Get a list of places that fit the description.
Smappen	Online tool to calculate the distance a person can travel from a given point in a given time (on foot, by car, by bicycle, by train, by truck).

Transport

Link	Description
Venicle Number Search Toolbox	search information about car by venicle numbers (14 different countries from one page) - #GreatBritain, #Norway, #Denmark, #Russian and others
Transit Visualisation Client	real time info about public transport in 739 cities and towns in the dozens of countries
Collection of public transport maps	20 online public transport maps (most real-time) for different cities and countries around the world
WorldLicensePlates	graphic index of license plates of different countries of the world
Openrailwaymap	Map of the world with information about the railroad tracks. It's possible to visualize maximum speed, electrification, track gauge, and other parameters.
Waze	Online map (+mobile app) for information about various problems on the roads (accidents, street closures, police parking, etc.) around the world. Waze especially interesting because it stores the marks users left a few days or weeks ago.
OpenStreetMap Public Transport	Select an area on the map (if the square around it is green, then data for that location is available) and download data (buttons on the right) for tram, bus, metro and train routes.

Communications, Internet, Technologies

Link	Description
Opencellid.org	the world's largest Open Database of Cell Towers
CellMapper	Worldwide cell towers map; Cell ID Calculator; Frequency Calculator; LTE Throughput Calculator; Network statistics by countries.
API mylnikov.org	get lattitude and longitude by WiFI BBSID
nperf.com/map	view the coverage area of different #cellular operators in different countries
nperf.com/map/5g	5G coverage #map worldwide
Vincos.it	world social media popularity map
app.any.run	interactive worldwide map of cyber threats statistics (last 24 hour)
Web Cam Taxi	open webcams around the world
Radio Garden	select a local radio station on the world map and listen to what's playing at the moment
TorMap	Worldwide online map of Tor Nodes
GeoWiFi	Search WiFi geolocation data by BSSID and SSID on different public databases (Wigle, Apple, OpenWifi, API Mylnikov).
GPSJam	GPS Interfence Map shows where GPS jamming systems could be operating on a particular day (most often associated with military conflicts).
Infrapedia	Worldwide detailed online map of Submarine Cables, Data Centers, Terrestrial Fibers, Internet Exchanges
OONI Explorer	World biggest open data resource on internet censorship around the world. 1.6+ million measurements in 241 countries since 2012.

Anomalies and "Lost Places"

Link	Description
Argis UFO map	UFO sightings interactive map. USA only
Bigfoot and UFO map	Bigfoot, UFO and other sightings around USA and Europe
The Haunted map	A map of haunted locations where ghost sightings have been reported around the world. Based by data from http://ghostresearchinternational.com
Lost places map	A map of independent research reports on urban spaces that are published in the Lost places Facebook community
Bigfoot Sightings and Density of the US with Biomes	Bigfoot sightings reports density around the USA
BFRO bigfoot sightings database	This comprehensive database of credible sightings and related reports is maintained by an all-volunteer network of bigfoot/sasquatch researchers, archivists, and investigators in the United States and Canada--the BFRO.
Haunted places	Google Earth map of ghost sightings around the world
UFO reporting map	YouMap of UFO sightings reporting around the USA
Australia UFO map 2008	UFO sigthins Google Map Australia 2008
URBEX database map	Europe lost places map based by Urbex database
Lostplace atlas	Google map of lost places in Germany and other Europe countries
Virtual Globe Trotting	Add latitude and longitude to the URL to see the nearby : Unusual and funny images from Google Street View; Interesting parts of the satellite map

Street View

Link	Description
Show My Street	simple tool that simplifies and speeds up your research work with Google Street View. Just click on the map and see street panoramas
Mapillary	street panoramas over the world
360cities.net/map	world map of panoramic (360 degrees) images
Earthviewer360.com	Click on a point on the map to see a 360 degree video panorama (it's possiblle to pause to see some areas in more detail)
Maps Video	Google street view alternative. Online YouTube video driving map for different routes. Worldwide, but most videos in the USA and Europe.

Satellite/aerial imagery

Link	Description
Observer	service allows you to watch data from different orbiting satellites in the record. The data is available in 15-30 minutes after recording.
USGS Earth Explorer	more than 40 years old collection of satellite imagery
Landviewer	satellite observation imagery tool that allows for on-the-fly searching, processing and getting valuable insights from satellite data to tackle real business issues
Copernicus Open Access Hub	ESA's open access portal to Sentinel data
Sentinel Hub EO Browser	complete archive of Sentinel-1, Sentinel-2, Sentinel-3, Sentinel-5P, ESA's archive of Landsat 5, 7 and 8, global coverage of Landsat 8, Envisat Meris, MODIS, Proba-V and GIBS products in one place.
Sentinel Hub Playground	tool for viewing satellite images with different effects and rendering.
NASA Earthdata Search	search in 8555+ collection and photos.
INPE Image Catalog	free satellite images catalogue.
NOAA Data Access Viewer	satellite images of the coastal U.S.(discover, customize, and download authoritative land cover, imagery, and lidar data.)
NASA WorldView	high resolution and high quality satellite images.
ALOS	"Advanced land Observer Satellite" images collection (Japan)
Bhuvan	Indian Geo-platfrom of ISRO.
OpenAerialMap	set of tools for searching, sharing, and using openly licensed satellite and unmanned aerial vehicle (UAV) imagery
OpenAerialMap	Select an area on the map and get a list of freely available aerial images for that area. For some locations available images are many times superior in quality to conventional satellite images.
ApolloMapping Image Hunter	Select an area on the map using a special tool (square and polygon) and get a list of dozens of images obtained from satellites or by aerial photography (from the early 2000s as well as those taken a couple of days ago).
keyhole engelsjk	Experimental visualization tool for 1.3 million+ declassified spy satellite imagery (1960 to 1984 years).
Maxar	Highlight an area on the world map and get dozens of satellite images of that area taken at different times (mostly 2021-2023)
Planet Gallery	A collection of satellite images to compare changes in specific locations before and after any significant events (fires, military actions, floods, animal migrations, etc.). Hundreds of locations around the world.

Military tracking

Link	Description
ADS-b.nl	tracking military aircrafts.
Planefinder Army Live Flight Tracker.
Itamilradar	track military flights over Italy and over the Mediterranean Sea.
MarineVesselFinder	military ship tracking.
BellingCat Radar Interfence Tracker
WEBSDR	online access to a short-wave receiver located at the University of Twente. It can be used to listen to military conversations (voice or Morse code).
Russia-Ukraine Monitor Map	represent open source material such as videos, photos and imagery that have been cross-referenced with satellite imagery to determine precise locations of military activity .
Ukraine liveuamap.com	online tracking of war-related events in Ukraine.
Syria Liveuamap	online tracking of war-related events in Syria.
NATO.int	Explore this interactive map to learn more about NATO, how the Alliance works and how it responds to today's security challenges.
Understanding War Map Room	collection of maps illustrating military conflicts in different countries.
US Military Bases Interactive Worldwide Map	Use the map to find out the number of people at the base, the approximate area, the opening date, and to get links to articles with more information.
Open Source Munitions Portal	Archive of verified images from conflict zones. Search by munition category, condition, characteristics, shapem, mechanical features, wall (thickness)

Military visualisation

Link	Description
Map.Army	Online tool for creating schemes of battles and military operations on the map. Extensive customization possibilities and a huge library of symbols.
MGRS Mapper	Build and share custom maps with standard military graphics using a simple visual interface (paod)
ArgGis Military Overlay	Military Overlay can be used to create overlays with standard military symbols, by using and adapting existing feature templates in ArgGis Pro

Other

Link	Description
Demo.4map.com	3D interactive world map
OldMapsOnline	World aggregator of old maps from various sources (498,908 maps)
Whatiswhere.com	OpenStreetMap based free POI (point of interest) search. 102 types of objects
Collection of cadastral maps	41 countries
WhoDidIt	Click on an area on the OpenStreetMap to get a list of nicknames of users who have made changes on it (with dates).
European World Translator	Enter the word in English to see its translation into different European languages on the map.

Social Media

Twitter

Link	Description
Stweet	Opensource Python library for scraping tweets (by user, by hashtag, by keyword). NO LOGIN OR API KEY REQUIRED.
BirdHunt	A very simple tool that allows you to select a geolocation/radius and get a list of recent tweets made in that place.
Twitter account detector	A simple and fast Chrome extension that finds all Twitter accounts on a site.
Follower Wonk/Compare	this service allows you to find out how many followers two (or three) Twitter accounts have in common.
Tweepsmap Unfollows	displayed unsubscribed accounts (list for the one week available for free)
app.truthnest.com	best tool for Twitter account investigation
Whotwi	A free online tool for analysing your #Twitter account: - shows the mutual following; - search for tweets by calendar; - list of most active readers; - analysis of daily activity, hashtags and more.
Treeverse.app	view dialogs in Twitter as a graph
Hashtagify	compare the popularity of the two hashtags
Scoutzen	search twitter lists by keywords
One Million Tweet Map
Tweet Binder	detailed twitter account analyze
Tweet Sentiment Visualization
Tweet Beaver Friends Following
Tweet Topic Explorer
Twitter Money Calculator
Twitter Analytics	gather detailed infromation about your own account
Twemex	Twitter sidebar with: quick commands for searching your own tweets, lists, users tweets and replies; quick links to quotes of current tweet, user's most liked tweets and conversations.
Vicintias.io	very fast export of information about Twitter account followers to XLSX
Twitter Shadow Ban Checker	If you suddenly notice that your account's tweets have decreased in views and the flow of audience has slowed down, it's worth checking to see if your account has been shadow-banned.
Twitter Mentions Map	A world map that shows the locations of users who mention you in their tweets.
Twitter URL Scraper	A simple tool for analyzing twitter conversations (and other pages). Get profile pictures, user names and the text of the conversation's tweets and replies. Data can be exported to CSV, JSON, XML.
DO ES FOLLOW	quick check if one user is subscribed to another on Twitter
Sleeping Time	determining the approximate sleeping time of a user based on analysis of the timing of a tweet
Tweet Tunnel	tool for quick and comfortable viewing old tweet's of someone account
Twitter users directory
FollowerAudit	In-depth analysis of Twitter followers. Identifies inactive and fake accounts, assesses followers by the number of tweets, profile information (biography, geolocation, links, profile picture).
Foller.me	Twitter account detailed analyze
Get day Twitter Trends
US Twitter Trend Calendar
Followerwonk	search by Twitter bio
Twitter Botometr
projects.noahliebman.net/listcopy	copy a list made by another user to your Twitter account
Unfollower Stats	iOS App that tracking unfollowers and show nofollowersback and unactive followers for your Twitter account
Twish	very simple, quick, comfortable and nicely designed advanced #Twitter search query builder for #GoogleChrome.
Twitter Scraper	Scrape any #Twitter user profile. Creates an unofficial Twitter API to extract tweets, retweets, replies, favorites, and conversation threads with no Twitter API limits.
Twiiter Trending Archive	A wide range of options for analyzing #Twitter trending history: 1. See what was popular on a particular day in a particular country or in the world as a whole. 2. Enter a keyword and find out when it was in the global/particular country trends.
Tweeview	Twitter conversation visualization (beta)
Tweeplers	Trending Twitter users and hashtags (map/list) Top twitted cities and countries Realtime Tweet Map
FlockNet	A tool for finding and filtering your own #Twitter followers. It allows you to find all the people from a certain city or with certain interests. And then quickly view their profiles in a convenient format.
Orbit livasch	A tool for analyzing connections between Twitter accounts (based on the number of likes, retweets, tweet citations, and mentions).
The Twitter Stream Grab	Full archives of tweets in JSON for a particular month (from 2011, but some months are not available).
Twitter 3D	3D viewer of relationships between twitter users.
ExportData.io	(PAID) Download followers & followings, export historical tweets since 2016.
Eight Dollars	Browser extension that shows who really is a verified #Twitter user and who paid $8 for verification.
Twitter Archive Parser	In case your Twitter account is blocked, it's usefull to open settings and download account data. This tool extracts the most important info about tweets from archive and formats it in an easy-to-read way.
removeTweets	In recent weeks, I have been seeing more and more accounts deleting their tweets in whole or in part. You can automate this process with this tool.
TWEEDS	A very easy-to-use Python library that allows you to collect all of a user's tweets into a CSV/JSON file. Also it's possible to collect tweets by hashtag or geolocation.
BirdSQL	New Twitter search tool using OpenAI GPT 3.5. Type queries in simple english language to get lists of tweets or users. For example: most liked tweets abou people followed by Jeff Bezos who don't follow him back total number of users/tweet
Spaces Down	Twitter Spaces download service (available after the broadcast ends). Works for quite a long time. It took about 5 minutes to generate an MP3 file with an audio recording of the 46-minute space.
Twitter Control Panel	A cross-browser extension that allows you to have maximum control over your Twitter feed: Hide retweets, quote tweets, who to follow etc; Reduce "engagement"; Hide UI items; Remove algoritmic content
Wayback Tweets	A tool to quickly view tweets saved on http://archive.org No need to open a link to each tweet in a separate window It's possible to filter only deleted tweets
Twitter Video Downloader	Online (X) Twitter download service to save videos, broadcasts, screenshots and MP3 audio from Twitter
TweetFeed	List of IOCs shared today by the #infosec community at Twitter: domains, URLs, IPs, SHA256/MD5 hashes
Tweet Machine	Simple #bash script which retrieves links to the deleted (and other) tweets and replies of any Twitter user from WayBackMachine.

YouTube

Link	Description
YouTube Whisperer	Transcribe YouTube video
Eightify	ChatGPT YouTube summary
YouTube Unlisted Video	search for videos available only by link on youtube
YouTube Comments Analyze	Download detailed information about YouTube video comments to a .tab or .gdf
Youtube Actual Top Comments	The main drawback of the standard #YouTube comment display is that it does not sort comments by the number of likes, but simply shows popular comments in a random order. This extension solves this problem:
Noxinluencer	youtube channels comparing
YouTube MetaData Viewer
PocketTube	YouTube Subscription Manager
YouTube comment Finder
YouTube comment Sorting
YouTube Comment Downloader	easy to install and fast tool for downloading YouTube comments in txt/json. Does NOT require authorization or API keys.
Montage.meedan.com	Search #YouTube video by date (uploaded or recording) and by geolocation.
Slash Tags	tool for recommending YouTube tags and displaying related statistical data from search keyword(s)
YouTube playlist len	Find out the total time of all the videos in playlist
Anylizer.com	watch frame by frame YouTube and Vimeo)
Improve YouTube	extension with dozens of different tweaks to the standard #YouTube interface
YoTube Channel Search	Tool for searching YouTube channels by keywords in the name and creation date. The result is a table with the channel ID, name, description, date of creation, as well as the number of subscribers, views, and uploaded videos
watchframebyframe.com	watch frame by frame YouTube and Vimeo
Hadzy.com	YouTube comment search)
Ytcs	google chrome extension to search YouTube comments without leaving the site (link to source code)
YouTube Comment Search Chrome Extension
YouTube Transcript API	Get the transcript/subtitles for a given #YouTube video (by ID from adress bar). It also works for automatically generated subtitles and supports translating subtitles.
Jump Cutter	An extension for those who watch university lectures on #YouTube and want to save their time. It identifies chunks where the lecturer writes silently on the board (or is just silent) and plays them back at double speed...
YouFilter – YouTube Advanced Search Filter	An extension that displays #YouTube search results in a table with very detailed information about each video (including quick links to the channel owner's contacts). It's can to download the results in CSV.
YouTube Timestamp Comments	extension finds all the timestamps in YouTube video comments and arranges them in chronological order.
Youtube Actual Top Comments	Fetch all comments to Youtube video (without answers). Sort them by likes and filter by keywords
YouTube channel archiver	Tool for automation downloading video, thumbnails and comments text from target YouTube channel (or channels).
YouTube Scraper	Extract and download channel name, likes, number of views, and number of subscribers. Scrape by keyword or URL.
YouTube Booster	This extension selects frames from videos and generates quick links to find them on Google and TinEye!
YouTube Caption Searcher	Well down tool for searching in #YouTube video subtitles by keyword. Use Enter to move forward and Shift+Enter to move back.
YouTube word search	An extension that helps you find at what second in the video a certain word is heard. It's possible to search not only by one word, but by the loaded list of words (!).
Speak subtitles to YouTube	Subtitle dubbing tool with support for several dozen languages and voice variants. Useful for saving time and for education purposes. Works with glitches, try different settings to get better results.
Youtube Lookup	Simple tool for gathering info about video: Content details, Snippet details, Statistics, Status, Thumbnails
YouGlish	Type a random phrase in English and listen to native speakers pronounce it in YouTube videos.
YouTube Screen Capture	allows you to download a stream in pieces and then merge them
Filmot	YouTube subtitles search engine. Search across 573 million captions/528 million videos/45 million channels.
YouTube_Tool	#Python library for: - extracting subtitles by video ID or link (in different languages); - list all the video's contained in playlist; - list all video's from a channel; - get info about video by ID; - proxy support; and more.
YtGrep	A tool for quick text search of subtitles in YouTube videos. Supports regular expressions and searching across multiple videos.
Find YouTube Video	An online tool that searches for information on YouTube videos by ID in the following sources: Wayback Machine; GhostArchive; #youtubearchive; Filmot
YouTube Channel Crawler	Search across 20, 625,734 channels. Search by name, category, country, number of subscribers, views, videos and creation date.
Return YouTube Comment Username	YouTube has recently stopped showing user names in comments. There is an extension that solves this problem.
YouTube Lookup	A simple online tool to view YouTube video metadata: Snippet Statistics Status Content Geolocation Thumbnails

TikTok

Link	Description
Tiktok Timestamp	determines the time of publication of the video to the nearest second. Just copy the link.
TikStats	detailed statistics on the growth dynamics of subscribers, likes, and video views for the TikTok account
TikTok Scraper	scrapping video from user, trend or hashtag feed, extracting video's or user's metadata, downloading video or music, processing a list of clips or users from a file
TikTok Downloader	TikTok Video Downloader
TikTokD	TikTok Video Downloader
Snaptik.app	TikTok Video Downloader
TikTake.net	TikTok Video Downloader
Exolyt.com	TikTok profile analyze
Tikbuddy	TikTok profile analytics
Mavekite.com	Enter the nickname of the user #TikTok and get the data on likes, comments, views, shares and engagements for his forty last videos
Tiktok Scraper	Extract data about videos, users, and channels based on hashtags, profiles and individual posts.
Tikrank.com	free tool for comparing and analyzing #TikTok accounts. Available ranking of the most popular users by country (there are more than a million accounts with the largest number of subscribers in the database)
TikTok Creative Center Statistics	List of most popular hashtags; songs; creators; videos for different countries and periods.

Protonmail

Link	Description
Prot1ntelligence	Validate ProtonMail email address, Gather info about ProtonMail user email or PGP Key, Search on the dark web target digital footprints, Check IP to belong to ProtonVPN

Facebook

Link	Description
Find my FB ID (randomtools.io)
435,627,630 indexed items from that Facebook dump of recent - ready to be searched upon.
Facebook People Directory
sowdust.github.io/fb-search	search facebook posts, people and groups using URL-filtres
Dumplt Blue	GoogleChrome extension for @Facebook: dump to txt file friends, group members, messenger contacts etc, automate scroll page to bottom (+isolate scrolling), automate expanding comments and replies and much more.
Fdown.net	Facebook video downloader
Facebook Latest Posts Scraper	Scrape #Facebook posts with comments from one or multiple page URLs. Get post and comment texts, timestamps, post URLs, likes, shares, comments count, author ID.
Facebook Latest Comments Scraper	Enter link to the #Facebook post and get comments comments to it (text, timestamp and other info).
Facebook Friend List Scraper	Scrape names and usernames from large friend lists on Facebook, without being rate limited"

Clubhouse

Link	Description
ClubHouse users.db	search users by nickname and keyword in profile
roomsofclubhouse.com	search open and scheduled rooms
clubsearch.io	search open and scheduled rooms
search4faces.com/ch00	reverse image face search by 4 millions 594 thousands #clubhouse avatars.

Link	Description
Freepeoplesseacrhtool.com	find people in Linkedin without registration
CrossLinked	LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Linkedin Datahub	linkedIn's generalized metadata search & discovery tool
Recruitin.net	easily use Google to search profiles on LinkedIn

Xing

Link	Description
XingDumper	The Xing job and networking service has almost 20 million users! Here is a simple script that allows you to get a list of employees registered there for a particular company.

Link	Description
Map of Reddit	an alternative format for interacting with Reddit
Reddit Insvestigator
redditcommentsearch.com	getting a list of all comments by a Reddit user with a certain name
dashboard.laterforreddit.com/analysis	examine popular post trends for a given subreddit
Reddit Timer	Get last week's hourly activity schedule for a specific subreddit
Redditsave.com	Reddit video downloader
Reddit Scraper	Crawl posts, comments, communities, and users without login.
Redditsearch.io	Reddit search tool
Reddloader.com	Reddit video downloader
Camas Reddit Search	Search engines for Reddit with a lot of filtres
Reditmetis	View statistics fot Reddit users's account
Repostsleuth	Reddit trends analyzer
Redetective	Reddit search tool
Unddit.com	Display deleted content in Reddit
Reveddit	Reveal reddit's removed content. Search by username, subreddit (r/), link or domain.
Reddit User Extractor	#python script that allows you to get a complete list of comments by user name on Reddit in CSV format
Better Reddit Search	Reddit search tool for posts and subreddits (with boolean filters by keywords and filters by publication date).
Reddit Post Scraping Tool	Simple #python script for scraping post from #Reddit (by keywords and subreddit name)
Subreddit Stats User-Overlap	A tool to find similar subreddits. The higher the score of a subreddit in the list, the higher the probability that users of the original subreddit (in our case r/osint) are active in it too.
Reddit User Analyzer	Registration date; Activity stats; Kindness Meter; Text readability; Top subreddits; Most frequently used words; Submission and comment activity over time; Submission and comment karma over time; Best and worst comments

Onlyfans

Link	Description
fansmetrics.com	Search in 20 millions #OnlyFans accounts
Onlysearch.com	Onlyfans users search engines
onlyfinder.com	OnlyFans profiles search engine (search by people, images and deals)
hubite.com/onlyfans-search/	OnlyFans profiles search engine with price filter
SimilarFans	A tool to find OnlyFans profiles with many filters (by country, price, category, age, etc.).
FanSearch	Search OnlyFans profiles by countries, price or category.

Snapchat

Link	Description
Bitmoji Avatar History Enumerator	BACKMOJI takes a Bitmoji ID, version (usually the number 5), and a maximum value. Press the “Grab Images!” button and your browser will make “maximum value” requests for the images of that user’s Bitmoji. Those images will be displayed below.

Twitch

Link	Description
Twitch Tools	downloas full followers list of any Twitch account in CSV
Twitch Tracker	detailed analysis of #Twitch streamer stats
Sully Gnome	detailed analysis of #Twitch streamer stats
Twitch Stream Filter	Search streams and filter results by title, game, language, number of viewers.
Untwitch.com	Twitch video downloader
Twitch Overlap	shows the viewer and audience overlap stats between different channels on Twitch. Currently tracks all channels over 1000 concurrent viewers. Data updates every 30 minutes.
Justlog	Enter the username and the name of the channel to see all of the user's messages in that channel. The results can be downloaded as TXT
Pogu Live	Tool that allows you to watch sub only or deleted VODs for free. It works because when a streamer deletes a video, iit is not deleted from Twitch's servers immediately.
Twitch Recover	Twitch VOD tool which recovers all VODs including those that are sub only or deleted.
Twitch Database	Following List + Channel Metadata + Role Lookup
Twitch Insights	Account stats; Game ranking; Extensions stats; List of all Twitch bot; Check user status by nickname or ID; List of Twitch team (history before 2020)
Twitch Followage Tool	Enter the Twitch username and get a complete list of channels he/she follows (with start dates)

Fidonet

Link	Description
Fidonet nodelist	search by node number, sysop name and sysop location

4chan

Link	Description
archive.4plebs.org	4plebs is an unofficial archive of certain boards of 4chan.org, including 11 boards. It offers a large number of searchable discussions with many different parameters.

Usenet

Link	Description
NZBFRIENDS	usenet search engine

Tumblr

Link	Description
Tumblr Tool	collected posts tagged with a specific term from Tumblr and export to .tab file (opens in Excel) and .GDF (opens in Gephi)

Flickr

Link	Description
Flickr Photopool Contact Network	Analyzes Flickr groups and makes a list of nicknames of participants for further graph analysis in Gephi

Spotify

Link	Description
Zspotify	Spotify track downloader. Download mp3 by link or by keywords
Chosic.com	analyze the playlist on Spotiify, calculate the prevailing mood, genres, decades and favorite artists
Spotify downloader	download spotify playlist in mp3 from YouTube
chartmasters.org/spotify-streaming-numbers-tool/	report of the number of streams of a particular artist's tracks on Spotify

Discord

Link	Description
ASTRAAHOME	14 #Discord tools (including a RAT, a Raid Tool, a Token Grabber, a Crash Video Maker, etc) in one #python tool.
Discord History Tracker	A tracking script will load messages from the selected channel and save them in .txt file.
Serverse	Search for Discord servers by keyword.
Disboard	Discord servers search engine. Search across a few hundred thousand servers.

Mastodon

Link	Description
MASTO	Masto searches for the users Mastodon by name and collects information about them (profile creation date, number of subscribers and subscriptions, bio, avatar link and more).
Fedifinder	Tool for finding Twitter-users in Mastodon. You can search among those who follow you, those who follow you, as well as in your lists! Results can be exported to CSV.
MastoVue	More and more #osint and #infosec bloggers are creating Mastodon profiles these days. This tool will help you find accounts that match your interests by hashtag.
Debirdify	This tool automatically finds Fediverse/Mastodon accounts of people you follow on Twitter
Search.Noc.Social	Good alternative to the standard Mastodon search. This service allows you to search for users on different servers by hashtags and keywords.
Instances.Social	A tool for searching across full list of instances in #Mastodon. It can help you choose the right instance to register (matching your views on spam, advertising and pornography) and in finding illegal content to investigate crimes.
Fediverse Explorer	Search Mastodon users by interests
Trunk	200+ thematic lists of accounts in Mastodon. Python, JavaScript, Vim, Ruby, Privacy, Linux... There are even nudists and Tarot. The Pytrunk tool can be used to automatically following this lists https://github.com/lots-of-things/pytrunk
What goes on Mastodon	Interactive real time visualisation which shows the number of new users and posts on Mastodon Instances in the last 6 hours, 24 hours, 72 hours or the entire last month.
IMAGSTON	A tool that searches for users by name on different #Mastodon servers and collects information about them (profile picture, account type, date of account creation, bio).
Movetodon	Get a list of your Twitter followings in Mastodon. With the ability to sort by date of registration, date of last activity, and buttons for quick subscriptions.
Followgraph for Mastodon	Enter any #Mastodon Handle and get a list of accounts followed by the people this profile follows. It helps to find connections between people or just interesting accounts followed by many people interested in a certain topic.
Kirbstr's Mastodon search	Google CSE for some of the most popular and open mastodon instances.

Yandex

Link	Description
YaSeeker	Get information about http://Yandex.ru account by login

Instagram

Link	Description
IMGINN	This service allows you to do the following without logging in to Instagram account: - search for accounts containing a keyword in the profile name; - view all of the user's photos; - view photos in which the profile has been tagged by other users
Instahunt	Click on the point on the world map Click "Find places" Click "Get Instagram Place Data" Copy and paste the "Place Data" into the box View Insta locations on the map with links to photos!
Instagram Location Search	Get the names and links to all the locations on Instagram tied to specific geographic coordinates
Inflact Instagram Search	Instagram profiles search tool with the ability to filter results by number of subscribers, number of posts, gender, categories (personal blog, artist, product/service etc.)
Terra	Collect information about twitter and Instagram accounts
Instagram analyzer and viewer
Sterraxcyl	Tool for export to excel someone's #Instagram followers and/or following with details (Username, FullName, Bio, Followers and Following count, etc)
Storysaver.net	download Instagram stories.
Instagram Scraper	Scrape info about accounts, posts, stories and comment
Instagram Hashtag Scraper	Enter hashtag name and scrape all post tagged it. Get caption, commentsCount, photo dimensions, URL, other hashtags and other details in CSV, JSON or XLS table.
Tenai	Simple tool that uncover some followers of a private #Instagram account
TrendHero	An Instagram profile search tool with a huge number of filters and the ability to view profile statistics.
INSTALOADER	Allows to download Instagram posts, photos, stories, comments, geolocation tags and more from #instagram
InsFo	The ultimate simple tool for saving followers/following an Instagram account to a table.
Inflact	Another online tool that allows you to watch Instagram, without logging in: - search users by nickname; - view last posts; - analyze profile;
Imginn	Free service to view Instagram profile posts without registration
Instagram Explorer	Click on a point on the map. Follow the instructions on the left. Get a link to view Instagram posts made at this location on a specific date range

Google

Link	Description
GHunt	google account investigation tool
Ghunt Online Version	Get info about Google account by email: - name - default profile and cover pictures; - calendar events and timezone; - Google Maps reviews; - Google Plus and Google Chat data;

Patreon

Link	Description
Graphtreon.com	patreon accounts earnings stats

Github

Link	Description
Star History	simple tool that shows how the number of stars a repository on #Github has changed over the past three months.
Commits.top	Current list of the most active @Github users by country
Gitstar Ranking	Unofficial GitHub star ranking for users, organizations and repositories
Github Rater	rates GitHub profile upon data received from GitHub API
Github Trending Archives	Github trending archive for a specific date.
GitHub Repository Size	simple google chrome extension to view Github repo size
Gitcolombo	simple and fast tool that collects information (edit statistics and contacts) about repository contributors on Github
Coderstats	enter Github username and get detailed statistics of profile: languages, issues, forks, stars and much more
GitHub-Chart	it shows a visual representation of the temporal distribution of user changes in the repositories. You can visually see "productivity peaks" and see which days of the week a person is most active
Zen	Tool for gathering emails of #Github users
GithubCompare	When searching for OSINT tools on #Github, you will often come across several repositories with the same name. This service will help to visually compare them, determine which one was created earlier, which one has more forks and stars.
DownGit	Create GitHub Resource Download Link
Profile Summary for Github	Get detailed stats by Github username
Github Hovercard	Displays a block of detailed information about the repository or user when the mouse pointer is placed over it. Save time for those who look through dozens of pages of #Github search results in search of the right tool for their tasks.
SEART Github Search	Search engine for #Github with a dozen different filters. It has slightly fewer features than the standard Github advanced search, but more user-friendly.
Repos Timeline	Enter #Github username and click Generate to see a timeline with all of the user's repositories and forks they have made.
Gitvio	A tool to quickly and easily view detailed information about a user's Github profile: the most popular repositories, number of commits, issues and , statistics of languages used, and more.
OSGINT	A simple #python tool to collect information about a Github user. It can be used to gather: all available emails avatar_url twitter_username number of followers/following date of profile creation and last update and more.
gitSome	A tool for gathering information from #Github: - extract all emails from commits of a particular user (top of the pic); - gathering info about repository (with forks); - search info by domain name
Open Source Software Insight	Amazing service that allows to analyze developers and repositories data based on more than 5 billion (!) Github Events.
Map of Github	Enter the name of the repository, see its links to other projects, and its place on the map of all Github repositories. Notice how small 1337 island is.
Github Release Stats	Estimate popularity of Github repo. Tool displays the number of downloads for each project release + some additional information.

Wikipedia

Link	Description
WikiStalk : Analyze Wikipedia User's Activity
Wikipedia Cross-lingual Image Analysis	A simple tool that allows to evaluate the content of different language versions of an #wikipedia article about the same subject or concept in one glance.
WikiMedia Cloud Page Views	The tool shows how many times a particular page on WikiPedia has been visited within a certain period of time. It also allows you to compare 2 or more pages with each other. Who is more popular?
WikiWho	Database of edits made to #Wikipedia using IP ranges of organizations, government agencies and companies (FBI, NATO, European Parliament, etc.) You can view both the edits history of a single article and the edits history of organization.
WIKIT	A tool for searching and reading #Wikipedia articles from the #CLI. The main benefit of it is fewer distractions from work. You don't have to open browser (with Facebook, YouTube and other time eaters) to find out about something.

Parler

Link	Description
Parler archive

Pornhub

Link	Description
Sn0int framework module for Pornhub

Bluesky

Link	Description
BlueSky users stats

Steam

Link	Description
steamdb.info/calculator	shows how much money has been spent on games in Steam by a particular user
Steam Osint Tool	Enter the link to the user's Steam profile to get a list of his or her closed "friends" and a list of his or her public comments.

Minecraft

Link	Description
MineSight	Minecraft #osint tool. By nickname, it checks the presence of users on different servers and collects information about them (date of registration, links to social networks, history of nickname changes, etc.).

Xbox

Link	Description
Xboxgamertag	search Xbox Live users by nickname (gamertag). It's possible to view gamer's stats and his playing history.

VK

Link	Description
Vk.city4me.com	tracking user online time

Office365

Link	Description
Oh365UserFinder	A simple tool that shows if an #Office365 account is tied to a specific email address. It's possible to check an entire list of emails from a text file at once.
o365chk	simple #Python script to check if there is an #Office365 instance linked to a particular domain and gathering information about this instance.

OneDrive

Link	Description
Onedrive Enumeration Tool	A tool that checks the existence of OneDrive accounts with certain usernames (from the users.txt file) in the domain of a certain company.

Udemy

Link	Description
Udemy Video Playback Speed	A simple extension that changes the speed of playing video courses on #Udemy.

Duolingo

Link	Description
duolingOSINT	The language learning platform Duolingo has more than 570 million+ users worldwide. This tool collects information about Duolingo users by nickname or email.

Universal

Link	Description
Gallery-dl	Quick and simple tool for downloading image galleries and collections from #flickr, #danbooru, #pixiv, #deviantart, #exhentai
Kribrum.io	searchengine for different social media platforms with filters by author and time period
Auto Scroll Search	automatically scrolls the page down (and loads the ribbon) until the specified keyword appears on it.
Social Blade	help you track YouTube Channel Statistics, Twitch User Stats, Instagram Stats, and much more
ExportComments	Export comments from social media posts to excel files (Twitter, Facebook, Instagram, Discord etc), 100 comments free
Social Media Salary Calculator	for YouTube, TikTok, Instagram
Chat-downloader	download chats messages in JSON from #YouTube, #Twitch, #Reddit and #Facebook.
FindMyFBID	Toolkit for collecting data from social networks
Social Analyzer	extension for Google Chrome that simplifies and speeds up daily monitoring of social networks. Create your own list of keywords and regularly check what's new and related to them.
Khalil Shreateh Social Applications	More than 20 tools to extend the standard functionality of #Facebook, #TikTok, #Instagram, #Twitter (information gathering, random pickers for contests, content downloaders etc.)
SNScrape	Tool for search posts and gathering information about users in Twitter, Reddit, Vkontakte, Weibo, Telegram, Facebook, Instagram, Telegram and Mastodon.
TalkWalker	You can enter a tag (keyword and brand name) and then see which people have used it most often: - gender; - age; - language; - profession; - interests.
Kworb	A lot of different statistics on views and listens collected from #YouTube, #iTunes, #Spotify. Ratings by country, year, music type, and more.
Amazing Hiring	An extension for Chrome that allows you to find a link to Linkedin, Facebook, VK, StackOverflow, Instagram... by user Github (or other) profile
RUBY	Simple tool for searching videos by keyword in Rumble, BitChute, YouTube and saving results (author, title, link) to CSV file.
The Visualized	visualize profile tweets to see the most popular from the last month; get info about the use of a particular hashtag (popular tweets, related hashtags, profiles that frequently use this hashtag); lists of #Twitter and #YouTube trends by country;
CommentPicker	Facebook profiles/posts ID finder Export Facebook like and comments YouTube Tag Extractor Instagram profile analyzer Twitter account data export

Downloaders

Link	Description
Wenku	download documents from Baidu Wenku without registration
Slideshare Downloader	A very simple and fast tool for downloading Slideshare presentations in PDF format (recommend to choose High quality at once)
Gdown	When downloading files from Google Drive curl/wget fails (because of the security notice). But this problem is easily solved
Waybackpack	download the entire #WaybackMachine archive for a given URL. You can only download versions for a certain date range (date format YYYYMMDDhhss)
Chat-downloader	download chats messages in JSON from #YouTube, #Twitch, #Reddit and #Facebook.
Gallery-dl	Quick and simple tool for downloading image galleries and collections from #flickr, #danbooru, #pixiv, #deviantart, #exhentai
Spotify downloader	download spotify playlist in mp3 from YouTube
Zspotify	Spotify track downloader. Download mp3 by link or by keywords
Snaptik.app	TikTok Video Downloader
TikTok Scraper	scrapping video from user, trend or hashtag feed, extracting video's or user's metadata, downloading video or music, processing a list of clips or users from a file
YouTube Comment Downloader	easy to install and fast tool for downloading YouTube comments in txt/json. Does NOT require authorization or API keys.
Storysaver.net	download Instagram stories
Fdown.net	Facebook video downloader
Untwitch.com	Twitch video downloader
Redditsave.com	Reddit video downloader
DownGit	Create GitHub Resource Download Link
SaveFrom.net	download video from YouTube, Vimeo, VK, Odnoklassniki and dozen of others services
Gdown	When downloading files from Google Drive curl/wget fails (because of the security notice). But this problem is easily solved.
Download Sorter	simple tool that will help set up the distribution of files with different extensions into different folders in a minute and permanently put "Downloads" folder in order.
Z History Dump	Open chrome://history/ and download all links from browser history in json. This provides tremendous opportunities for visualization and analysis of information.
Slideshare Downloader	A very simple and fast tool for downloading Slideshare presentations in PDF format (recommend to choose High quality at once)
Megatools	The http://Mega.nz file exchange contains links to many files, including various databases of leaked data. You can use the megatools command-line tool to automate your work with this file-sharing service.
You Get	Universal content downloader: - download video from popular sites like #YouTube or #TikTok - scrape webpages and download images - download binary files and other non-html content from sites
SoundScrape	Download tracks and playlists from SoundCloud, Bandcamp, MixCloud, Audiomack, Hive com.
Stream Downloader	Download streams from different sites
Chat Downloader	Python tool for extracting chat messages from livestreams and broadcast. Supported sites: YouTube Twitch Reddit Zoom Facebook

Messengers

Link	Description
Telegago	Telegram search engine
Commentgram CSE	search by Telegram comments
Telegram Message Analyzer	Export #Telegram chat (with Windows version of Telegram app) and get detailed analyze of it (message count, average message count per day, word frequency etc)
@SangMataInfo_bot	forward a message from the user and find out the history of their name in Telegram
@tgscanrobot	telegram bot to show which telegram groups a person is member of.
@telebrellabot	telegram bot to show which telegram groups a person is member of (users in DB: 4019357, groups in DB: 1745).
Telegram Nearby Map	Discover the location of nearby Telegram users on OpenStreetMap
Telescan	search users in groups (and in which groups is the user) by id, username or phone number (if it's in your contacts)
Tgstat	one of the largest directories of Telegram channels, which has detailed information about the growth of the audience, its engagement and mentions of a particular channel in various sources.
Telescan	search users in groups (and in which groups is the user) by id, username or phone number
Telegcrack.com	search in telegra.ph
@VoiceMsgBot	telegram bot to which you can send voice messages and it converts them into text
@transcriber_bot	telegram bot, which can convert to text voice messages in 24 languages (view pic)
Telegramchannels.me	Ratings of the 100 largest (by number of subscribers) #Telegram channels for different languages
@YTranslateBot	type text or resend messages to Telegram bot for translate it.
TeleTracker	Simple #Python scripts for working with Telegram API: send message to a channel, download content from channel and gathering info about channel or chat.

Link	Description
whatsanalyze.com	analyzes #WhatsApp group message statistics (world cloud, timeline, message frequency)
chatvisualizer.com	another #WhatsApp chat analyzer.
Watools.io	download whatsapp profile picture
WAGSCRAPER	Scraps Whatsapp Group Links From Google Results And Gives Working Links (with group names and images)

Kik

Link	Description
Kikusernames.com	Kik messenger username search

Slack

Link	Description
Slack Pirate	tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack workspace given an access token

Skype

Link	Description
vedbex.com/tools/email2skype	finding a Skype account by email
SkypeHunt	A tool for finding Skype users by nickname. Shows a list of users with date of birth, year of account creation, country, avatar link, and other information.

Domain/IP/Links

Dorks/Pentest/Vulnerabilities

Link	Description
OWASP Amass	The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Investigator Recon Tool	web based handy-#recon tool that uses different #GoogleDorking techniques and some open sources service to find juicy information about target websites. It helps you quickly check and gather information about the target domain name.
AORT	All in one domain recon tool: portscan; email services enumeration; subdomain information gathering; find info in Wayback Machine and more.
Site Dorks
Google (universal) Dork Builder	Quick create queries with advanced search operator for Google, Bing, Yandex etc. Copy dorks from Google Hacking Database. Save dorks in your own database
Hakrawler	Extreme(!) fast crawler designed for easy, quick discovery of links, endpoints and assets within a web application.
0xdork	Very light and simple #Python tool for Google Dorking
FilePhish	Simple online Google query builder for fast and easy document file discovery.
Snyk.io	Website Vulnerabilities Scanner
dorks.faisalahmed.me	online constructor of google dorks for searching "sensitive" wesite pages
Fast Google Dorks Scan	Search the website for vulnerable pages and files with sensitive information using 45 types of Google Dorks.
GO DORK	Fast (like most #osint scripts written in #golang) tool for automation work with Google Dorks.
Dork Scanner	NOT support Google. Only Bing, ASK and http://WoW.com (AOL) search engines. Can work with very long lists of queries/documents (in .txt files)
Google Bug Bounty Dorks Generator	Generate Google Dorks for searching juicy extensions, open redirects, code leaks, cloud storages, file upload endpoints and more.
ixss.warsong.pw	very old service for making XSS (Cross Site Scripting) faster and easier
ReconFTW	tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
LFITester	Tool which tests if a server is vulnerable to Local File Inclusion (LFI) attack
Oralyzer	Script that check website for following types of Open Redirect Vulnerabilities
RobotTester	Simple Python script can enumerate all URLs present in robots.txt files, and test whether they can be accessed or not.
SickNerd	tool for researching domain lists using Google Dorking. You can automatically load fresh dorks from GHDB and customize the maximum number of results
CDNStrip	Very fast #go tool, that sorts the list of IP addresses into two lists: CDN and no CDN.
H3X-CCTV	A simple command line tool with a Google Dorks list to find vulnerable CCTV cameras
nDorker	Enter the domain name and get quick links to Google Dorks, Github dorks, Shodan dorks and quick links to get info about domain in Codepad, Codepen, Codeshare and other sites ("vendor dorking")
Scan4all	15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzzing and many many more
Intezer Analyzer	Online tool for finding code injections, malware, unrecognized code and suspicious artifacts in: Files (up to 150 mb), URL, Memory dumps, Endpoints
WEBOSINT	Simple #python tool for step-by-step collection of domain information using HackerTarget and whoisxmlapi APIs.
KnockKnock	A very fast script written in #go that queries the ViewDNSInfo API (free, 500 results limit) and gets a list of domains related to target domain (which could theoretically belong to the same person or company)
SQLI Dorks Generator	python script generates Google Dorks for SQL Injections for sites from the list.
Dorks Hunter	A simple script to analyze domain using Google Dorks. It saves in file the results of checking the following categories Backup files, Database files, Exposed documents, Sub-subdomains, Login pages, SQL/PHP errors
xnLinkFinder	Tool for discover endpoints for a given target. One of the most versatile tools of this type, with dozens of different settings.
DATA Surgeon	A tool for extracting various sensitive data from text files and web pages. For example: - emails - phone numbers - API keys - URLs - MAC addresses - Hashes - Bitcoin wallets and more.
JSLEAK	Extreme fast #Go tool to find secrets (emails, API keys etc), paths, links in the source code during domain recon.
FUZZULI	Url fuzzing tool written on #go that aims to find critical backup files by creating a dynamic wordlist based on the domain. It's using 7 different methods for creating wordlists: "shuffle", "regular", "reverse", "mixed" etc
DorkGenius	AI tool that generates "dorks" to find vulnerable sites and sensitive information for Google, Bing and DuckDuckGo based on their descriptions. It doesn't work perfectly, but it's an interesting idea.
DorkGPT	Describe what you want to find in human language and get a Google query using advanced search operators. Suitable for "juicy info" and vulnerable sites, as well as for any other search tasks.
XURLFIND3R	Find domain's known URLs from: AlienVault's, Open Threat Exchange, Common Crawl, Github, Intelligence X, URLScan, Wayback Machine
LogSensor	#Python tool to discover login panels, and POST Form SQLi Scanning. Support multiple hosts scanning, targeted SQLi form scanning and proxies.
SOC Multi Tool	Chrome Extension for quick: IP/Domain Reputation Lookup IP/ Domain Info Lookup Hash Reputation Lookup (Decoding of Base64 & HEX using CyberChef File Extension & Filename Lookup and more
PyDork	Tool for automation collecting Google, Bing, DuckDuckGo, Baidu and Yahoo Japan search results (images search and suggestions). Note the huge(!) number of options for customizing search results.
CVE Binary Tool	#Python tool to find known vulnerabilities in software, using data from the NVD), list of CVEs, Redhat, OSV and GAD. 200+ checkers in one tool
CVE MAP	Simple #go command line tool for getting information about CVEs: by ID, by vendor, by product, by severity, by cvss score and much more.
Tiny Scan	Free URL inspection online tool: ip, location, desktop/mobile screenshots, number of links, javascript files and stylesheets, technology profile, number of request and bytes transferred and more.
CVECrowd	Alternative to Cvetrends (stopped working due to Twitter API restrictions). Shows the most popular CVEs in Fidverse for the last 24 h.
Nmap Formatter	A tool to convert NMAP scan results into different formats: html, csv, Markdown, json, svg (Graphviz), sqlite

Wordlists generators

Link	Description
HakListGen	A simple tool written in #Go that allows you to generate a wordlist from any text (from a file or link).
Repolist	A very fast and simple tool that allows to generate wordlists for different CMS and frameworks (using Github repos).
MKSUB	A simple #go tool that generates multi-level subdomain names based on wordlists. Used in combination with subdomain brute-force tools (Sublist3r, Amass, Gobuster etc).
MKPATH	A simple #go tool that generates multi-level file paths based on wordlists. Used in combination with brute-force tools (GoBuster, Dirbuster etc) to find files with sensitive information on target website.

Searchers, scrapers, extractors, parsers

Link	Description
Scrappy!	One of the easiest to learn web scrapers I've seen (and quite fast at that). It allows you to extract all URLs, table fields, lists and any elements matching the given criteria from a web page in a second.
find+	Regex Find-in-Page Tool
Google Chrome webpage Regexp search
Regex Checker	Search and highlight (in webpage): Emails, Phone numbers, Dates, Prices, Addresses
moarTLS Analyzer	addon which check all links on the webpage and show list of non-secure links
Scrape API	Proxy API for Web Scraping
Try.jsoup.org	online version of HTML pasrer http://github.com/jhy/jsoup
Investigo	A very simple and fast (written in #go) tool that searches for active links to social network accounts by username (or multiple usernames)
REXTRACT	This extreme simple tool extracts the strings corresponding to a certain #regex from the html code of the list of URLs.
Extract images	Extract pictures from any webpage. Analyze, sort, download and search in them by keywords.
Contacts Details Scraper	Free contact details scraper to extract and download emails, phone numbers, Facebook, Twitter, LinkedIn, and Instagram profiles from any website.
linkKlipper	The easiest extension to collect links from an open web page: - select links with Ctrl/Command key or download all; - filter links by extension or using Regular Expressions; - download in CSV/TXT.
Listly	An extension that allows to collect all the data from a website into a table, quickly filter out the excess, and export the result to Excel/Google Sheet.
EmailHarvester	A tool to collect emails registered on a certain domain from search results (google, bing, yahoo, ask) and save the results to a text file. Proxy support.
Email Finder	Another tool to collect emails registered on a certain domain from search results (google, bing, baidu, yandex). Can be used in combination with EmailHarvester as the two tools produce different results.
USCRAPPER	Simple #python tool for extracting different information from web pages: - email addresses - social media links - phone numbers
Auto Scroll Search	A simple extension for Chrome that automatically scrolls a web page until a certain word or phrase appears on it (or until the stop button is pressed).
GoGetCrawl	Search and download archived web pages and files from Common Crawl and Wayback Machine.
ASSAY	URL inspection toolkit: live web requests monitor, subdomains/connected domains, scam, phishing, malware detection, WHOIS, Geo IP, SafeFrame view and more.

Redirect lookup

Link	Description
Redirect Detective	tool that allows you to do a full trace of a URL Redirect
Wheregoes.com	tool that allows you to do a full trace of a URL Redirect
Spyoffers.com	tool that allows you to do a full trace of a URL Redirect

Cookies analyze

Link	Description
Determines if website is not comply with EU Cookie Law and gives you insight about cookies installed from website before the visitors consent
Audits website cookies, online tracking and HTTPS usage for GDPR compliance
Webemailextractor.com	extract email's and phone numbers from the website or list of website
cookieserve.com	detailed website cookie analyze
What every Browser knows about you	This site not only shows what information your browser provides to third-party sites, but also explains how it can be dangerous and suggests what extensions will help to ensure your anonymity.
User Agent Parser	User Agent String can be found, for example, in the logs of your site (or someone else's), in the source code of some CLI tools for #osint and many other places.

Website's files metadata analyze and files downloads

Link	Description
Metagoofil	finds pdf/xlsx/docx files and other documents on the site/server, analyzes their metadata, and outputs a list of found user names and email addresses
MetaDetective	A simple tool that analyzes the metadata of files in a specific directory and extracts important information from them (names of document creators, names of users who made changes, etc.).
Aline	a very simple tool that simply downloads files of a certain type, located on a certain domain and indexed by Google.
Goblyn	tool focused to enumeration and capture of website files metadata. It will search for active directories in the website and so enumerate the files, if it find some file it will get the metadata of file
DORK DUMP	Looks for Google-indexed files with doc, docx, ppt, pptx, csv, pdf, xls, xlsx extensions on a particular domain and downloads them.
VERY QUICK and SIMPLE metadata online editor and remover
AutoExif	A simple script to read and delete metadata from images and ACVH videos.
DumpsterDiver	Tool can analyze big volumes of data and find some "secrets" in the files (passwords and hardcoded password, SSH, Azure and AWS keys etc)
HACHOIR	One of the most powerful tools for work with files metadata with the most detailed settings.
Metadata Parser	A simple #Python library to help retrieve website metadata by URL (description, location, keywords, keywords, images, content author names, and more).
MetaFinder	At first glance, it seems like just another tool that searches for documents on a company's website in search engines and analyzes their metadata. But. It searches Baidu and that makes it quite effective.
JSLUICE	#go library for extracting juicy info from JavaScript files: urls, paths, API secrets etc.

Backlinks analyze

Link	Description
SEO Spyglass Backlink checker
Neilpatel backlinks analyzer	find out how many sites are linking to a certain web page
Webmeup	Service for collecting information about backlinks to the site. Without registering an account it shows not everything, but a lot. To see more data (full text of link anchors, etc) for free, use the View Rendered Source extension:

Website analyze

Link	Description
AppSumo Content Analyzer	Enter the name of the domain and find out for free its three most popular publications in social networks (for six months, a quarter, a month, or the last day)
OpenLinkProfiles	Get backlinks by website URL. Filter and sort backlinks by anchor, context, trust, LIS and industry.
Lookyloo	Webapp allowing to scrape a website and then displays a tree of domains calling each other (redirects, frames, javascript, css, fonts, images etc)
Core SERP Vitals	adds a bit of information from CrUX API to the standard Google search results
BGPView	web-browsing tool and an API that lets you gather information about the current state and structure of the internet, including ASNs, IP addresses, IXs, BGP Downstream & Upstream Peers, and much more
Terms of Service Didn't Read	find out what interesting privacy and confidentiality clauses are in the license agreements of popular websites and apps
analyzeid.com	find websites with the same owner by domain name. Checking for email, Facebook App ID and nameserver matches
MMHDAN	Calculate a fingerprint of a website (HTML, Favicon, Certificate in SHA1, SHA256, MD5, MMH3) and create the quick links to search it in IOT search engines

| FavFreak | #python tool for using favicon.ico hashes for finding new assets/IP addresses and technologies owned by a company. | | Hackertarget | 14 tools for gathering information about domain using Hackerarget API (http://hackertarget.com) | | AnalyticsRelationships | command line #tool for to search for links between domains by Google Analytics ID | | UDON | #go tool to find assets/domains based by Google Analytics ID | | Pidrila | Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer | | Adsense Identiicator Finder | this service finds other sites belonging to the same owner or company by Google Adsense ID | | Smart ruler | Simple #GoogleChrome extension (200 000 users) for those who like to explore the design of different sites | | SourceWolf | A tool for analyzing #javascript files. It finds all the variables, endpoints and social media links mentioned in the code in just a few seconds. | | Stylifyme | Tool for analyzing the style characteristics of a particular website. In the context of #osint, it will help when analyzing links between two sites (common rare design features may indicate common owner) | | Content Security Policy (CSP) Validator | Online service for checking the headers and meta tags of websites for compliance with security standards. It can help determine if a site is vulnerable to common vulnerabilities (XSS, clickjacking, etc). | | Nibbler | Free tool for comprehensive website analysis on more than ten different parameters. | | WebHackUrls | The simplest tool for URl recon with filter by keyword and saving results to file. | | Visual Site Mapper | A free online tool for generating site maps in graph form. Allows you to visually see the links between the pages of a website and estimate their number. | | WEBPALM | Command-line tool that traverse a website and generate a tree of all its webpages. Also it can scrape and extract data using #regex. |

Favicon search

Link	Description
Favhash	Simple script to calculate favicon hash for searching in Shodan.
Favicon Hasher	Favicon.ico files hashes is a feature by which you can find domains related with your target. This tool generates hashes for all favicon.ico on the site (+ quick links to find them in Shodan, Censys, Zoomeye)
FAVIHUNTER	Generate search queries by URL for searching favicons in FOFA, ZoomEye, Shodan, Criminal IP, Censys, ODIN

Domain/IP investigation

Link	Description
@UniversalSearchBot	telegram bot finding information about email, russian phone number, domain or IP
Domain Investigation Toolbox	gather information about domain with 41 online tools from one page.
GoFindWhois	More than 180 online tool for domain investigaions in one. What's not to be found here: reverse whois, hosting history, cloudfare resolver, redirect check, reputation analyze.
Spyfu	tool to collect seo information about the domain, which provide a lot of data partly for free
Spyse.com	domain investigation toolbox
Spyse CLI	command line client for Spyse.com
Domaintracker	webapp and mobile app, which helps you keep track of payment deadlines (expired dates) for domains (sends push notifications and notifications to email)
Sputnik	Chrome extension for quick gathering info about IP, domain, hash or URL in dozens of different services: Censys, GreyNoise, VirusTotal, Shodan, ThreatMiner and many others.
Whois Domain Search Tool	A tool that allows you to query whois data for a site name in several domain zones at once.
IP Neighbors	Find the hosting neighbors for a specific web site or hostname
The Favicon Finder	Instantly finds the favicon and all .ico files on the site, and then generates links to download them quickly.
HostHunter	Tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames
Tor Whois
Dnstwister	The anti-phishing domain name search engine and DNS monitoring service
EuroDNS	Free whois data search service for long lists of domains (250 can be searched at a time, total number unlimited). The results show the status of the domain and a quick link to the full whois data.
Source code search engine (315 million domains indexed). Search by title, metadata, javascript files, server name, location and more.	Source code search engine (315 million domains indexed). Search by title, metadata, javascript files, server name, location and more.
Dnstwist	Command line anti-phishing domain name search engine and DNS monitoring service
Ditto	Dsmall tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered
RADB	Provides information collected from all the registries that form part of the Internet Routing Registry
IPinfo map	paste up to 500,000 IPs below to see where they're located on a map
Whois XML API Whois history database
Hakrawler	discover endpoints and assets
Passive DNS search
Talos Intelligence Mail Server Reputation
netbootcamp.org/websitetool.html	access to 74 #tools to collect domain information from a single page
HTTPFY	A fast #nodejs tool for gathering information about a domain or a list of domains. Response time, main page word count, content type, redirect location and many other options (view pic).
Hussh	shell script for domain analyzing
OPENSQUAT	Search newly registered phishing domain by keywords; Check it with VirusTotal and Quad9 DNS;
Check any website to see in real time if it is blocked in China
@iptools_robot	univsersal domain investigation Telegram bot
Raymond	Framework for gathering information about website
Pulsedive	A partially free website research tool. Collects detailed information about IP, whois, ssl, dns, ports, threats reports, geolocation, cookies, metadata (fb app id etc). Make screenshots and many others
Striker	Quick and simple tool for gathering information about domain (http headers, technologies, vulnerabilities etc).
SiteBroker	Domain investigation #python tool
DNSlytics	find out everything about a domain name, IP address or provider. Discover relations between them and see historical data
FindMyAss (HostSpider)	Domain investigations toolkit
Drishti	Nodejs toolkit for OSINT
passivedns.mnemonic.no	DNS history search by IP-adress or by domain name
Gotanda	Google Chrome extension. 56 tools for domain, ip and url investigation in one
Ip Investigation Toolbox	type ip-adress once and gather information about it with 13 tools
Crab	Well done and well designed port scanner, host info gatherer (include whois).
MayorSecDNSScan	Identify DNS records for target domains, check for zone transfers and conduct subdomain enumeration.
Cert4Recon	Very quick and simple subdomain enumeration using http://crt.sh.
Miteru	Experimental phishing kit detection tool. It collects phishy URLs from phishing info feeds and checks each phishy URL whether it enables directory listing and contains a phishing kit (compressed file) or not
Web Check	Get detailed report about IP or domain: Location SSL Info Headers Domain and host names Whois DNS records Crawl riles Cookies Server Info Redirects Server status TXT Config
CheckPhishAI	An online tool that finds registered domain typosquats and analyzes them for suspicious activity.
CloakQuest3r	Tool to uncover the IP address hidden by Cloudflare (or alternatives): - IP address History, - SSL Certificate Analysis, - Subdomain Scanning
WEBCOPILOT	All in one toolkit for subdomain enumeration, extract titles and take screenshots, crawl all the endpoints of the subdomains, search vulnerabilities
DNS History	A tool to track the history of DNS servers associated with a particular domain. Data since 2002 year for 2.2 billion nameservers.
Chismodon	Command line #osint toolkit for domain information gathering. Search by domain name, Google Play Store ID, CIDR/ASN, email/username/password. Partly free.

Subdomains scan/brute

Link	Description
SubDomainsBrute	Very(!) fast and simple tool for subdomain bruteforce. It find 53 subdomains, scanned 31160 variations in 31 seconds.
Anubis	Subdomain enumeration and information gathering tool
Turbolist3r	An improved and accelerated version of famous sublist3r. Looks for subdomains in 11 sources (see picture). It's possible to apply bruteforce (flag -b)
DomE	Fast and reliable #python script that makes active and/or passive scan to obtain subdomains and search for open ports. Used 21 different #OSINT sources (AlienVault, ThreatCrowd, Urlscan io etc)
CloudBrute	Tool to find target infrastructure, files, and apps on the popular cloud providers
dnsReaper	TwiSub-domain takeover tool
ALERTX	Very fast #go tool for search subdomains. For example, it fin 111 http://tesla.com subdomains in 0.003 seconds.
Columbus Project	A fast, API-first subdomain discovery service with advanced queries.
Seekolver	#python tool for searching and filtering subdomains using different APIs: SecurityTrails, AlienVault, VirusTotal, SpyOnWeb, Crt sh

Cloudfare

Link	Description
Cloudmare	Simple tool to find origin servers of websites protected by #Cloudflare, #Sucuri or #Incapsula with a misconfiguration DNS
CloudUnflare	Reconnaissance Real IP address for Cloudflare Bypass

Databases of domains

Link	Description
RansomLook	"Yet another Ransomware gang tracker" (c) Group profiles, recent updates, forums and markets list + some stats. A real treasure cybercrime researchers.
Whois Freaks	API which allows you to search Whois-database (430M+ domains since 1986) by keyword, company name or owner name
Expireddomains.net	lists of deleted and expired domains (last 7 days)
InstantDomainSearch	search for domains for sale
WhoisDS.com	database of domains registered in the last day
API Domaindumper	An interesting tool for researchers of IT history and data journalists. Just an FREE API that shows how many sites were registered in each domain zone on a given day (since January 1, 1990)
ptrarchive.com	search by 230 billion DNS records retrieved from 2008 to the present.
PeeringDB	Freely available, user-maintained, database of networks, and the go-to location for interconnection data.
IQWhois	Search whois data by address, city, name, surname, phonenumber

Website traffic look up

Link	Description
SimilarWeb	Detailed website traffic analyze
Alexa	Keyword Research, Competitive Analysis, Website Ranking
HypeStat Analyzer Plugin	Shows estimate daily website traffic, Alexa rank, average visit duration and used techhologies.
vstat.info	Getting detailed info about website traffic (sources, keywords, linked sites etc)
w3snoop	Getting detailed information about website: - general domain info; - valuation ($); - popularity; - traffic; - revenue; - security (WOT rating, McAfee WebAdvisor Rating etc) and more.

Website technology look up

Link	Description
WhatRuns	extension, which discover what runs a website: frameworks, Analytics Tools, Wordpress Plugins, Fonts.
Built With
w3techs
Hexometer stack checker
Web Tech Survey
Awesome Tech Stack
Netcraft Site Report
Wappalyzer
Larger.io
CMLabs Tools
Snov.io technology checker	type name of #webdev technology (jquery, django, wordpress etc) and get the list of websites, which used it.

Find directories

Link	Description
Dirhunt	Tool for search and analyze directories, can find interesting things if the server has the "index of" mode enabled (also useful if the directory listing is not enabled).

Source Code Analyzes

Link	Description
CARBON14	A simple Python tool that helps you determine when (approximately) some content was published. It find the Last-Modified header of linked images on a particular web page.
View Rendered Source	The standard browser source code view did not display the actual source code. View Rendered Source extension solve this problem. It shows the html code after all JavaScript functions (full page load, page scrolling, and other user actions) are executed
Retire.js	GoogleChrome extension for scanning a web app for use of vulnerable JavaScript libraries
OpenLink Structured Data Sniffer	GoogleChrome extension which reveals structured metadata (Microdata, RDFa, JSON-LD, Turtle, etc.) embedded within HTML documents.
SIngle File	GoogleChrome, Firefox and MicrosoftEdge addon to save webpage in single html file
Dirscraper	OSINT scanning tool which discovers and maps directories found in javascript files hosted on a website
Ericom Page Risk Analysis	Get a detailed report with links to CSS, Javascript, Fonts, XHR, Images and domains web pages
SecretFinder	Tool for find sensitive data (apikeys, accesstoken,jwt,..) or search anything with #regexp on #javascript files
Copy all links and image links to CSV or JSON	Download all links from current webpage in CSV (for open in #Excel) or JSON
ArchiveReady	OSINT specialists most often use various web archives to analyze other people's sites. But if you want your descendants to be able to find your own site, check whether the code of its pages is understandable for crawlers of web archives.
Talend API Tester Free Edition	tool that allows to quickly test requests to different APIs directly in the browser, send requests and inspect responses, validate API behavior
uMatrix	Shows all the domains to which the site connects at runtime and allows you to block different sources at will. Useful for ad blocking, tracking, data collection, and various experiments.
Open Link Structured Data Sniffer	View webpage details info in Google Chrome: RDFa linked data (http://rdfa.info) POSH (Plain Old Semantic HTML) Microdata RSS
REGEXPER	A simple and free online tool for visualizing regular expressions. Just copy the regular expression to the site and convert it into a detailed and understandable graphical scheme.
LinkFinder	Simple tool discover endpoints and their parameters in JavaScript files. It's possible to discover individual URLs, groups of URLs and directories. Supports regular expressions.

Broken Links Checkers

Link	Description
Broken Link Hijacker	Crawls the website and searches for all the broken links (in "<a href" and "<img src").
Broken Link Checker	shows which links on the page are giving out errors. It helps to find sites that have been working recently but are no longer working.
Open Multiple Links ☷ One Click
Check my links	Old and large lists of tutorials or tools often have many inactive links. This extension will help mark inactive links in red and save you time checking them out.

URL unshorteners

Link	Description
Get Link Info
Unshorten.me
Urlxray
Unshorten.it

Text Analyze

Link	Description
Headlines.Sharethrough.com	analyzes headlines according to four indicators (strenghts, suggestions, engagement, impression) and gives a score from 1 to 100
Wordtune.com	Provide a link to the text of the article or upload a PDF document. In response, the service will give a brief retelling of the main ideas of the text.

Sound indefication and analyze

Link	Description
Online Loudness Meter	allows to estimate the volume of noises in the room or to analyze the volume of sounds in a recording file.
Voice Stress Test	tool analyzes the voice and determines a person's stress level.
AHA Music	A very simple tool that helps you determine what track is playing in the current browser tab. What I like best about it is that it works when the sound is turned OFF (albeit with a slight delay)
MP3 Spectrum Analyzer

Sound search and analyze

Link	Description
soundeffectssearch.com	find a sound library
Vocal Remover	An AI-based service that removes vocals from a song, leaving only the music. It works amazingly well.

Video editing and analyze

Link	Description
Scene detection	Determine the timecodes on which there is a change of scenery in the video and significantly save time watching it
Get text from video	Transcribe uploaded video file
EfficientNetV2	DeepFake Video Detector
Downsub	Extract subtitles from video
Subtitlevideo	Extract subtitles from video
FlexClip	Get video metadata
Pix2Pix-Video	Edit video by prompt
unscreen.com	remove the background from an uploaded video
TextGrab	Simple #Chrome extension for copying and recognizing text from videos (#YouTube, #GoogleMeetup etc.)
Lossless Cut	#javascript #opensource swiss army knife for audio/video editing.
Movio.la	Create spoken person video from text
Tagrum	Upload a video file to the site or leave a link to the video. Wait a few minutes. Get a subtitled version of the video in English (other languages will probably be available later).
Scene Edit Detection	A tool to help speed up and automate your video viewing. It highlights the frames where a new scene begins and allows you to quickly analyze the key semantic parts of the video.

Image Search and Identification

Reverse Image Search Engines and automation tools

Link	Description
News Myseldon	from the photo looks for famous and little-known (like minor officials) people
Ascii2d.net	Japanese reverse image search engine for anime lovers expose image properties, EXIF data, and one-click download
Searchbyimage.app	search clothes in online shops
Aliseeks.com	search items by photo in AliExpress and Ebay
lykdat.com	clothing reverse image search services
IQDB.org	reverse image search specially for anime art
pic.sogou.com	chinese reverse image search engine
Same Energy	reverse image search engine for finding beautiful art and photos in the same style as the original picture
Revesearch.com	allows to upload an image once and immediately search for it in #Google, #Yandex, and #Bing.
Image Search Assistant	searches for a picture, screenshot or fragment of a screenshot in several search engines and stores at once
Pixsy	allows to upload pictures from computer, social networks or cloud storages, and then search for their duplicates and check if they are copyrighted
EveryPixel	Reverse image search engine. Search across 50 leading stock images agencies. It's possible to filter only free or only paid images.
openi.nlm.nih.gov	Reverse image search engine for scientific and medical images
DepositPhotos Reverse Image Search	tool for reverse image search (strictly from DepositPhoto's collection of 222 million files).
Portrait Matcher	Upload a picture of a face and get three paintings that show similar people.
Image So Search	Qihoo 360 Reverse Images Search
GORIS	Command line tool for Google reverse image search automation. It can find links to similar pictures by URL or by file.
Pill Identifier	How to know which pill drug is pictured or accidentally found on the floor of your home? Use a special online identifier that suggests possible variations based on colour, shape and imprint.
Logobook	help to see which companies have a logo that looks like a certain object. You can use the suggested variants to geolocate photo.
Immerse Zone	Reverse Image Search Engine. Search by uploaded image or URl; Search by sketch (it can be drawn directly in the browser); Search by quote (can be selected from the catalog)
Lexica	Download the image to find thousands Stable Diffusion AI artworks that are as similar to it as possible. You can also search by description and keywords.
Numlookup Reverse Image Search	The results are very different from Yandex Images and Google Lens search results, as the service only searches for links to exact matches with the original picture.
Google Reverse Image Search Fix	Google lens is not too user friendly for investigations. But this tool will help you get back to the old Google Image Search. (in case of problems, upload images to http://Postimages.org)
LingoLens	Simple based on Streamlit self-hosted web app to automate the download of Google Lens results for different languages and countries (results may vary greatly depending on location settings).

Image editing tools

Link	Description
Theinpaint	One of the best (and free) online photo object removal tools I've ever seen. Just highlight red on the photo and press Erase. Then do it again, and again, and again (until you get the perfect result).
GFPGAN	Blind face restoration algorithm towards real-world face images. Restores blurry, blurred and damaged faces in photos.
Remini AI Photo Enhancer	Tool allows to restore blurry faces to photos.
Letsenhance	Online #AI tool to increase image resolution (x2, x4, x8) without quality loss. 100% automatic. Very fast.
Media IO Watermark Remover	Select the area and mark the time frame in which you want to remove the object. Works for barely visible watermarks as well as for bright and large objects.
Remove.bg	Remove background from image with AI
Watermarkremover	Remove watermark from image with AI
Instruct Pix2pix	Image editing with prompt

Other Image Search Engines

Link	Description
SN Radar VK Photo Search
BBC News Visual Search	Enter the name of the item and the service will show in which news stories and at what time interval it appeared

Image Analyze

Link	Description
Aperislove	Online steganography tool: PngCheck,Strings,Foremost,Binwalk,ExifTool,Outguess,Steghide,Zsteg,Blue/Green/Red/Superimposed
Sherloq	open source image #forensic toolset made by profesional photograph Guido Bartoli
Image Color Picker	pick color (HEX or RGB) from image or website screenshot
Find and Set Scale From Image
Image Forensic (Ghiro Online)
compress-or-die.com/analyze	get detail information about images (exif, metatags, ICC_Profile, quantanisation tables)
aperisolve.fr	Deep image layers (Supperimposed, Red, Green, Blue) and properties (Zsteg, Steghide, Outguess, Exif, Binwalk, Foremost) analyze tool.
Dicom Viewer	view MRI or CT photo online (.DCM files)
Caloriemama	AI can identify the type of food from the photo and give information about its caloric value.
BetterViewer	#Google Chrome extension for work with images. Right click on the picture and open it in new tab. You will get access to the following tools: Zoom, Flip, Rotate, Color picker, Extract text, Reverse image search, QR code scanner and much more
PhotoOSINT	A simple extension that checks in a couple of seconds if a web page contains images that have not had their exif data deleted.
Perceptual image analysis	Chrome extension for quick access to image #forensic tools: Metadata Levels Principal Component Analysis Slopes Error Level Analysis
Plate Recognizer	Online tool to recognise number plates on blurred pictures. Sometimes it may not work accurately, but it is valuable for identifying the country when the flag is not visible.
Street clip	AI, which determines from a photo the likelihood that it was taken in a particular country. (don't forget to change the list of countries for each photo⚠️)

Exif Analyze and editing

Link	Description
EXIF-PY	get exif data of photos thrue command line
Exif.app	Press "Diff check button", upload two graphical images and get a comparison table of their metadata. The differences are highlighted in yellow
Image Analyzer Addon	View all images on a page and expose image properties, EXIF data, and one-click download
Online metadata viewer and editor	High-quality and well-made. Support docx, xlsx, msg, pptx, jpeg, vsd, mpp.
Scan QR Code	While determining the location of the photo, sometimes the research of QR codes on the road poles, showcases and billboards helps a lot. This service will help to recognize a QR-code by a picture
Identify plans
Forensicdots.de	find "yellow dots" (Machine Identification Code) in printed documents
Image Diff Checker
Vsudo Geotag Tool	tool for mass geotagging of photos
exifLooter	Quick #go tool to automate work with EXIF data
PYMETA	A tool that searches (using Google, Bing etc.) for documents in the domain, analyses their metadata and generate a report in CSV format.

Face recognition and search

Link	Description
Face Recognition	facial recognition api for Python and the command line
Facial composite (identikit) maker
Search4faces.com	search people in VK, Odnoklassniki, TikTok and ClubHouse by photo or identikit
Telegram Facemath bot	searching for a face among the archive of photographs from public events in Kazakhstan

Font Indenfication

Link	Description
WhatTheFont
WhatFontIs
Font Squirrel
Font Spring
Identifont.com
LikeFont.com

Cryptocurrencies

Link	Description
Wallet explorer	bitcoin wallet transaction history
Blockpath.com	viewing bitcoin wallet transactions as a graph
Cryptocurrency alerting	track spending and deposits in Bitcoin and Ethereum wallets
Learnmebitcoin.com	find transactions between two Bitcoin adresses
Coinwink.com	allows you to set up email notifications in case Bitcoin (or other #cryptocurrency) rate rises (falls) above (below) a certain value
BlockCypher	Blockchain explorer for Bitcoin, Ethereum, Litecoin, DogeCoin, Dash. Getting into about address, transactions and block hashes, block number or wallet name.
Bitcoin Abuse Database	A simple tool to check whether a Bitcoin address has been used for ransomware, blackmailers, fraudsters and view incident reports.
BreadCrumbs	Enter your BTC or ETH wallet number to see a graph of associated wallets (with transaction history and lot of other details).
A TON of Privacy	Tool for OSINT investigations on TON NFTs. Search info (balance, scam status etc) by Telegram nickname, phone number or domain.
Wallet Labels	Search across more than 7.5M #Ethereum addresses labeled to easily identify wallets and exchange

Code

Link	Description
Grep.app	regExp search in Github repositories
Searchcode.com	Search engine for @github, @gitlab, @bitbucket, @GoogleCode and other source code storages
Code Repository Google CSE	Google CSE for search 15 code repository services
Libraries.io	search by 4 690 628 packages across 32 different package managers
The Scraper	Simple tool for scrapping emails and social media accounts from the website's source code.
CloudScraper	Scrape URL's of the target website and find links to cloud resources: Amazonaws, Digitaloceanspaces, Azure (windows net), Storage.googleapis, Aliyuncs
Complete Email Scraper	Paste the link to the site and the bot finds the sitemap. The bot then goes through all the links on the site looking for email addresses (strings contains @).
Python Code Checker	quick find errors in code
Github Search	collection of Github investigation command line tools. Explore users, employes, endpoints,surveys and grab the repos
Sploitus	exploit and hacker's tools search engine
Leakcop	service that monitors in real-time the illegal use of source code from certain repositories on Github
Github Artifact Exporter	provides a set of packages to make exporting Issues easier useful for those migrating information out of Github
PublicWWW	webpages source code search engine
SayHello	#AI Search engine for developers. Type a question (e.g. how to do something) in normal human language and get code examples in response.
SourceGraph	universal code search engine
NerdyData	html/css/code search engine
YouCode	Add free, privacy source code search engine with popular tech sites snippets in search results: Mozilla Developer Network; Github; W3 Schools; Hacker News; Read the Docs; Geek for Geeks
De4js	HTML/JS deobfuscator
TIO RUN	Run and test code written in one of 680 programming languages (260 practical and 420 recreational) directly in your browser
Explain Shell	this site will help you quickly understand terminal commands-lines from articles, manuals, and tutorials
Codesandbox	Great online environment for creating, testing, and researching written JavaScript tools (and #OSINT has many: social-analyzer, opencti, rengine, aleph).
shellcheck.net	analyzes command-line scripts and explains in detail the errors found in them
Regular Expression Analyzer	super tool for those who forget to leave comments on their code or have to deal with someone else's code.
Developer search tool	Take the art of copy and paste from Stack Overflow to a new level of speed and productivity
HTTP Cat	free #API to get pictures with cats for different HTTP response codes
Run PHP functions online
HTTPIE.IO	command-line HTTP client
The Missing Package Manager for macOS (or Linux)
Gitpod.io	run code from repositories on Github directly in a browser
Thanks	A simple script that analyzes the #opensource products used in your project and displays a list of links to pages for financial support for their developers.
The Fuck	Simple app which corrects your previous console commands.
API Guesser	Enter the API key or token to find out which service it can be used by.
Cheat․sh	Timesaving tool that allows cheat sheets to be loaded directly into the command line (or Sublime Text/IntelliJ IDEA) using the curl command (run after installation).
NGINXconfig	Online tool to configure stable and secure #nginx server. Select the options and then download the config files.
SPF Explainer	Simple online tool that explain in details Sender Policy Framework (email authentication standard) record of target domain.
TLDR	A tool that is a great time-saver when working with the command line. Enter "tldr command name" and get a brief description with examples of how to use it.
AWK JS	AWK (script language) is a powerful command line tool for extracting data from texts and auto generating texts. For those who don't use CLI yet (or just want to solve some problem without leaving browser) a good alternative is an online version of awk.
PLDB	A huge knowledge base of 4050 programming languages. For each language you can see its place in the ranking, the number of users and repositories, the history of creation, linguistic features + huge lists of books and articles

Search engines

Link	Description
fnd.io	alternative search engine for the AppStore and iTunes
GlobalSpec Engineer Search Engine
URVX	Based by Google Custom Search tool for searching in popular cloud storages service
Mac Address Search Tool	search by full Mac adress, part of Mac adress (prefix), vendor name or brand name
Hashatit.com	hastag searchengine. Search in twitter, instagram, facebook, youtube, pinterest
Goo.ne.jp	beautiful japanese search engine
Peteyvid	search engine for 70 video hosting sites
3DFindit	tool for searching 3D models by 3560 3D CAD (computer aided design) and BIM (Building Information Model) catalogs.
Filechef	tool for searching different type of files (videos, application, documents, audio, images)
Find Who Events	Google CSE for finding events by location (keywords) in #Facebook, #Eventbrite, #Xing, #Meetup, #Groupon, #Ticketmaster, #Yepl, #VK, #Eventective, #Nextdoor
Listennotes	Podcast Search Engine
thereisabotforthat.com	search by catalog of 5151 bots for 17 different apps and platforms
BooleanStringBank	over 430+ strings and 3553+ keywords
Google Unlocked	browser extension uncensor google search results
Iconfinder.com	Icons Search Engine
Google Datasets Search
Gifcities.org	GIF Search Engine from archive.org
Presearch.org	privately decentralized search engine, powered by #blockchain technology
milled.com	search engine for searching through the texts of email marketing messages
Orion	open-Source Search Engine for social networking websites.
PacketTotal	.pcap files (Packet Capture of network data) search engine and analyze tool. Search by URL, IP, file hash, network indicator, view timeline of dns-queries and http-connections, download files for detailed analyze.
SearXNG	Free internet metasearch engine which aggregates results from more than 70 search services. No tracking. Can be used over Tor
Yeggi	3D printer model search engine. There are more than 3 million 700 thousand objects in the database. There are both paid and free.
Memegine	A search engine to find memes. Helps you find rare and obscure memes when Google fails.
ChatBottle	A search engine to find the weirdest and most highly specialised chatbots for all occasions. There are over 150,000 bots in the database. Of these, 260 are chatbots related to cats for Facebook Messenger.
search3	New privacy search engine (no trackers + just a little bit of ads). With NFT search tab and cryptocurrencies realtime info tab
DensePhrase	This tool searches phrase-level answers to your questions or retrieve relevant passages in real-time in 5 million Wikipedia articles.
metaphor systems	A search engine with a new and unusual search method. This AI "trained to predict the next link (similar to the way GPT-3 predicts the next word)". Enter a statement (or an entire dialog) and Metaphor will end it with the appropriate link.

Open directories search engines

Link	Description
EyeDex	Open directory search engine: 1.3 PB, 21,178,766 files, 5,229,942 directories, 161 servers

Universal search tools

Link	Description
S	Search from command line in 106 different sources
searchall.net	75 fields for quick entry of queries to different search services on one page
Query-server	A tool that can send queries to popular search engines (list in picture) and return search results in JSON, CSV or XML format.
Search Engines Scraper	Collects search results in text files. It's possible to search Google, Bing, DuckDuckGo, AOL and other search engines.
Trufflepiggy (Context Search)	Search selected text in different search engines and sites from Google Chrome context menu.
Search Patterns	A tool that analyzes autosuggest for #Google and #YouTube search queries (questions, prepositions, comparisons, and words starting with different letters of the alphabet).
Searcher	A very fast and simple #go tool that allows you to collect search results from a list of keywords in the following search engines: Ask Bing Brave DuckDuckGo Yahoo Yandex
Startpage Parser	Startpage.com search engine produces similar (but not identical) results to Google's, but is much less likely to get banned. This #python tool allows to scrape big amounts of results without using proxies.
BigSearch	Google Chrome and Firefox addon for quick access to dozens of online search tools: general search engines, video hosts, programming forums, translators and much more.
AI Search Whisper	Enter your problem and get a list of links to Google and Bing queries (using advanced search operators) that will help you solve it.

Darknet/deepweb search tools

Link	Description
Onion Search
TheDevilsEye	Search links in #darknet (.onion domain zone) from command line without using a Tor network.
Onion Search Engine (+maps, mail and pastebin)
KILOS Darknet Search Engine
Ahmia Link Graph	Enter the name of the site in the .onion domain zone and see what other sites in the #onion domain zone it is associated with.
Pasta	Pastebin scraper, which generates random paste addresses and checks if there is any text in them.
Dark Web Scraper	Specify the start link and depth of crawl to research the .onion website for sensitive data (crypto wallets, API keys, emails, phone numbers, social media profiles).
Pastebin-Bisque	Command line #python tool, which downloads all the pastes of a particular #Pastebin user.
Dark Fail	List of several dozen services in the .onion domain (marketplaces, email clients, VPN services, search engines) with up-to-date links and status (online/offline)
Darkweb archive	Free simple tool that allows you to download website files in the .onion domain zone as an archive with html, css, javascript and other files.

Public buckets search tools

Link	Description
buckets.grayhatwarfare.com	Amazon Public Buckets Search
osint.sh/buckets	Azure Public Buckets Search

Bugbounty/vulnerabilities search tools

Link	Description
Firebounty	Bug bounty search engine
BugBountyHunting	Bug bounty hunting search engine
Leakix	A search engine for web services where common types of vulnerabilities have been found.
Network Entity Reputation Database (NERD)	database of malicious entities on the Internet) It's possible to search by IP, domain, subdomain, and other parameters, including even the country code (useful for large-scale research)
Inventory Raw Pm	Search by best #cybersecurity tools, resources, #ctf and #bugbounty platforms.
RFC.fyi	Browseable, searchable RFC index
Hacker News Algolia	Hacker News search engine with filters. Useful for finding all mentions of a product or person.
Control Validation Compass	Database of 9,000+ publicly-accessible detection rules and 2,100+ offensive security tests, aligned with over 500 common attacker techniques.
Hacking the Cloud	Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on cloud exploitation (#AWS, #Azure, #GoogleCloud, #Terraform,)
ExploitAlert	One of the largest searchable databases of information on exploits (from October 2005 to October 2022). Updated daily.
Bug Bounty Hunting Search Engine	Bugbounty write ups search engine. A large collection of articles with examples of finding different types of vulnerabilities: XSS, SSRF, SQLI, RCE, IDOR.

Filesharing Search Engines

I strongly recommend to use it strictly for research purposes and to search for files that cannot be legally purchased anywhere else. Respect the copyrights of others.

Link	Description
Napalm FTP Indexer
Cloud File Search Engine	search music, books, video, programs archives in 59 file-sharing sites (#meganz, #dropark, #turbotit etc)
Filesearching	old FTP servers search engine with filter by top-level domain name and filetype
Snowfl.com	torrent aggregator which searches various public torrent indexes in real-time
Torrents.me	torrent aggregator with search engines and list of new torrents trackers
Open Directory Finder	Tool for search files based by Google CSE
Mamont's open FTP indexer
Orion Media Indexer	Lightning Fast Link Indexer for Torrents, Usenet, and Hosters
Library Genesis	"search engine for articles and books, which allows free access to content that is otherwise paywalled or not digitized elsewhere" (c)
Sunxdcc	XDCC file search engine
Xdcc.eu	XDCC search engine
URVX.com	File storage search engine based by Google CSE
DDL Search	search engine for Rapidshare, Megaupload, Filefactory, Depositfile, Fileserve and a lot of other file sharing sites
Sharedigger	search files in popular file hosting services
Xtorx	fast torrents search engine
Torrent Seeker	torrents search engine
FreeWare web FTP file search	ftp servers search engine
Search 22	access to 10+ ftp search tools from one page
Heystack	Service for finding public files in Google Docs, Google Sheets and Google Slides. It's possible to filter results by topic group and creation date.

Tools for DuckDuckGo

Link	Description
DuckDuckGo !bangs	extension that add DuckDuckGo bang buttons to search results and search links in the context menu
DDGR	Search in DuckDuckGo via the command line: - export the results to JSON; - bangs support - location setting

Tools for Google

Link	Description
Google Search Scraper	Crawls Google Search result pages (SERPs) and extracts a list of organic results, ads, related queries and more. It supports selection of custom country, language and location
Googler	command line google search tool
goosh.org	online google search command line tool
Web Search Navigator	extension that adds keyboard shortcuts to Google, YouTube, Github, Amazon, and others
Overload Search	Advanced query builder in #Google with the possibilities: change the language and country of your search, disable safe search,disable personalization of search results ("filter bubble")
Google Autocomplete Scraper	One of the best ways to learn more about a person, company, or subject is to see what people are more likely to type in a search engine along with it.
SDorker	Type the Google Dork and get the list of the pages, that came up with this query.
XGS	allows you to search for links to onion sites using Google Dorks (site:http://onion.cab, site:http://onion.city etc)
Google Email Extractor	Extract emails from Google Search Results
SEQE.me	online #tool for constructing search queries using advanced search operators simultaneously for five search engines
Bright Local Search Result Checker	shows what #Google search results look like for a particular query around the world (by exact address)
Auto Searcher	One by one types words from a given list into the search bar of #Google, #Bing, or another search engine
2lingual.com	google search in two languages simultaneously in one window
I search from	allows you to customize the country, language, device, city when searching on Google
Anon Scraper	Search uploaded files to AnonFile using Google
Search Commands	Google Chrome extension provides a Swiss-knife style commands tool inside your browser's address bar to enhance your search experience
Boolean Builder theBalazs	Google Sheet to tool for constructing Google X-Ray search queries.
Yagooglesearch	"Simulates real human Google search behavior to prevent rate limiting by Google and if HTTP 429 blocked by Google, logic to back off and continue trying" (c)
Google Word Sniper	Simple tool to make easier Google queries with the advanced search operator AROUND().
OMAIL	An online tool that extracts and validates emails from Google and Bing search results (by keyword or domain). Partly free (200 extracts per search)

IOT (ip search engines)

Link	Description
Greynoise.io
fofa.so
Thingful.net
TheLordEye	Tool that searches for devices directly connected to the internet with a user specified query. It returns results for webcams, traffic lights, routers, smart TVs etc
Netlas.io	Search engine for every domain and host available on the Internet (like Shodan and Censys): - search by IP, domain DNS-servers, whois info, certificates (with filtering by ports and protocols) - 2500 requests/month free; - API and python lib "netlas".
CriminalAPI	Search engine for all public IPs on the Internet. Search by (for ex): html title, html meta tags and html keyword tags; whois city and country; ssl expired date; CVE id and MANY more
FullHunt	Attack surface database of the entire Internet. Search info by domain, ip, technology, host, tag, port, city and more.
Hunter	Search engine for security researchers (analog Shodan, Censys, Netlas). Search by domain, page title, protocol, location, certificates, http headers, ASN, product name and more.

Archives of documents/newspapers

Link	Description
UK National Archives	search in the catalogue of United Kingdom "The National Archives"
Directory of Open Access Journals	Search by 16 920 journals, 6, 588, 661 articles, 80 lanquages, 129 countries
National Center for Biotechnology	unique tool to search 39 scientific databases (Pubmed, SRA, OMIN, MedGen etc) from one page
industrydocuments.ucsf.edu	digital archive of documents created by industries which influence public health (tobacco, chemical, drug, fossil fuel)
Offshor Leaks	Search through various databases of leaked documents of offshore companies
Vault.fbi.gov	Vault is FOIA Library, containing 6,700 documents that have been scanned from paper
Lux Leaks	— the name of a financial scandal revealed in November 2014 by a journalistic investigation. On this site you will find documents related to more than 350 of the world's largest companies involved in this story
RootsSearch	Quick search service for five sites with genealogical information (as well as births, weddings and deaths/burials)
Newspaper navigator	Keyword search of a database of 1.5 million newspaper clippings with photos from the Library of Congress database. It's possible to filter results by year (1900 to 1963) and state.
Anna's Archive	Search engine of shadow libraries: books, papers, comics, magazines (IPFS Gateway, Library Genesis etc).
World Cat	Enter the name of the paper book and find out which public libraries near you can find it. Works for the USA, Australia and most European countries.
DailyEarth	Worldwide catalog of daily newspapers (since 1999). 52 USA states. 73 countries.
visLibri	World’s largest search engine for old, rare & second-hand books. Search across 140+ websites worldwide.(Ebay, Amazone, Booklooker, Catawiki, Antiqbook etc)
FACTINSECT	Free online tool for automating #factchecking. In order to confirm or deny some information, the service provides several arguments with references to information sources.
DocumentCloud	5 million + publicly available documents. Search by user, organization, project, creation date and many other parameters. There are many documents from government organizations and large corporations.

Science

Link	Description
ConnectedPapers	A tool for gathering information about academic papers. It shows a large graph of references to other articles that are present in the text and clearly see the connections between different authors.
AcademicTree	A tool for finding links between scientists (including little-known ones). 150000+ people in database (in all sections combined). Select a field of science. Enter a person's name. See a tree of their teachers and students
clinicaltrials.gov	433,207 research studies in 221 countries. For people who have a difficult-to-treat disease, this registry will help them learn about recently developed drugs and treatments and get contacts of organizations that are researching a particular disease.
Elicit	AI research assistant. Find answers to any question from 175 million papers. The results show a list of papers with summaries + Summary of the 4 most relevant papers.
ExplainPaper	AI is a tool to make reading scientific articles easier. Highlight a phrase, sentence or whole paragraph to get its simple and detailed explanation with #AI.
Bielefeld Academic Search Engine	Search across 311 million 481 thousands documents (most of them with free access). Search by email, domain, first/last name, part of address or keywords.
Scite.ai	Enter the article title or DOI to get a list of publications that cite it. Results can be filtered by type (book, review, article), year, author, journal and other parameters.
Scholarcy	AI papers summarizer. Upload the file or copy the access URL to the article to get: Key concepts; Abstract; Synopsis; Highlights; Summary; Links to download tables from paper in Excel.
Research Rabbit	Find articles and view its connections - similar works, references, citations and more
Trinka	A partly free online tool to help you prepare a research paper for publication: AI Grammar; Checker (made especially for scientific papers); Consistency checker; Citation checker; Plagiarism checker; Journal founder
Zendy.io	Discover academic journals, articles, & books on one seamless platform. Search keyword, authors, titles ISBN, ISSN etc
Scinapse.io	Academic Search Engine. Search by 48000 journals
Argo Scholar	A tool for analysing connections between research articles
INCITEFUL	Enter paper title, DOI, PubMed URl, arXiv URL to build a graph of links between the research article and other publications (who it cites and who cites it)
PaperPanda	In recent years it has become increasingly difficult to find scientific articles. To download their full versions, websites require registration or payment. This extension finds freely available PDF versions of articles in one click.

Datasets

Link	Description
Afrobarometer	huge database of the results of sociological surveys conducted in African countries over the last 20 years
Arabbarometer	database of the results of sociological surveys conducted in the Arab countries of Africa and the Middle East in 2007-2018
dataset.domainsproject.org	dataset of 616 millions domains (16GB!)
Stevemorse.org	Searching the Social Security Death Index
UK Census Online	Database of deaths, births, and marriages. From 1841 to the beginning of the 21st century. Only the first and last names can be searched.
IPUMS Variable Search	A service for finding variables in data from sociological surveys in 157 countries from 1960 to 2022. You can find completely rare and surprising things there, like a survey to count the number of bananaboat owners in Zambia.

Passwords

Link	Description
CrackStation.net	password hash cracker
Leak peek	by pasword search part of email and site, where this password is used
Reference of default settings of different router models (IP, username, password)
Many Passwords	Default passwords for IoT devices and for web applications (for ex. MySQL and PostgreSQL admin panels)
PassHunt	Command line tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords
BugMenot	login and passwords for public accounts in different services
Search-That-Hash	Python tool for automating password hash detection (based on Hashcat). It can work with single strings as well as with long lists of hashes from a text file. Useful for investigating data leaks
Dehashed	Tool for searching for data leaks (search by email, password, phone, username, domain etc)
DeHashed API tool allows to automate this process and search large lists of input data.

IDs

Link	Description
KD6-3.7	Python tool for getting additional information about ID holders from different countries

Emails

Link	Description
geeMail User Finder	A simple tool to check the validity of a Gmail account. You can check a single email or a list of emails.
Breachchecker.com	history of data leaks associated with a particular email address
Metric Sparrow email permulator
snov.io email finder	find emails of company employees by domain name.
Mailfoguess	tool create a lot of possible local-part from personal information, add domain to all local-part respecting the conditions of creation of mail of these domains and verify these mails
Hunter.io	can link to an article to find its author and his email address
Mailcat	find existing email addresses by nickname in 22 providers, > 60 domains and > 100 aliases
H8mail	email OSINT and breach hunting tool using different breach and reconnaissance services, or local breaches such as Troy Hunt's "Collection1" and the infamous "Breach Compilation" torrent
MailBoxLayer API	free api for email adress checking
EmailHippo	Simple free online tool for check the existence of a particular email address and evaluate its reliability on a 10-point scale.
Spycloud.com	check for a particular email in data leaks. Shows how many addresses registered on a particular house have been scrambled
Gravatar check	Just enter email and see what the person's Gravatar avatar looks like.
Email Permutator	Google Sheet table that generate 46 variants of user email by first name, last name and domain
Have I Been Sold?	The service checks if the e-mail address is included in one of the databases, which are sold illegally and are used for various illegal activities such as spamming.
mailMeta	Simple tool to analyze emails headers and identify spoofed emails.
EmailAnalyzer	Tool for analyzing .eml files. It analyzes and checks with VirusTotal links, attachments and headers.
Avatar API	Enter email address and receive an image of the avatar linked to it. Over a billion avatars in the database collected from public sources (such as Gravatar, Stackoverflow etc.)
Email Finder	Enter a person's first and last name, domain name of a company or email service, and then get a list of possible email addresses with their status (free).
Defastra	Assesses the reliability of a phone or email on a number of different parameters. Displays social network profiles registered to the number or email. Partially free
OSINT Industries	Enter emai/phonel and get a list of accounts that may be associated with it (accounts for which this email was used to register or those where the email in the profile description)
What Mail?	Simple #python tool for email headers analyze and visualize them in a table.
ZEHEF	A simple #Python tool that collects information about an email. It checks its reputation in different sources and finds possible accounts in different social networks (some functions may not work properly, the tool is in development).
Castrickclues	Online tool to get Google and Skype account information by email, phone number or nickname (free). + search for accounts in other services (paid).

MBOX files

Link	Description
MAILTO ANALYZER	.mbox files analyzer will show your email address exposure on various services. Helps you find all the sites you are registered. The tool does not transfer data to third-party servers.

Nicknames

Link	Description
@maigret_osint_bot	check accounts by username on 1500 sites. Based on maigret CLI tool
Analyzeid.com Username Search	view "Summary" of accounts found: list of names used, locations, bio, creations dates etc.
NEXFIL	Search username by 350 social media platforms
Spy	Just another very quick and simple account checker by username (210 sites in list).
Profil3r	search for profiles in social networks by nickname
Aliens eye	Find links to social media accounts in 70 websites by username
Thorndyke	Checks the availability of a specified username on over 200 websites
Marple	It collect links contains nickname/name/surname in url from Google and DuckDuckGo search results.
Holehe	check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function
UserFinder	tool for finding profiles by username
Snoop	Search users profile by nickname
Pyosint	Search for usenames form a list of 326 websites. Scrap a website to extract all links form a given website. Automate the search of subdomains of a given domain from diffrent services
Alternate Spelling Finder	When searching for information by name, remember that the same name can be recorded in documents and files very differently, as people of different nationalities perceive sounds differently.
Translit.net	Sometimes it happens that a person's name is written in Cyrillic, but you can find a lot of info about him in Google if you type his transliteration "Ivan Ivanov". This tool will come in handy when working with Russian, Belarusian, Ukrainian, Armenian names
NAMINT	Enter first, middle (or nickname) and last name, and press Go! to see possible search patterns and links (Google, Yandex, Facebook, Twitter, Linkedin and others social media)
Username Availability Checker	Simple online tool that checks if a user with a certain nickname is present on popular social networks. Very far behind Maigret/WhatsMyName in terms of number of services, but suitable for a quick check.
BlackBird	- Search username across 200+ sites; - API username check (Protonmail, PlayerDB, Hackthebox etc); - Check archived Twitter accounts.
Nameberry	When you are looking for mentions of a person on social media, remember that one name can have dozens of different spelling variations. Ideally, you should check them all, or at least the most popular ones.
WhatsMyName	With Holehe and Maigret, WhatsMyName is one of the most powerful Username enumeration tools.
Go Sherlock	#GO version of Project Sherlock (https://github.com/sherlock-project/sherlock…). It's quite fast. Checks if a user with a certain nickname exists on a thousand sites in a few tens of seconds.
User Searcher	User-Searcher is a powerful and free tool to help you search username in 2000+ websites.
Digital Footprint Check	Similar to WhatsMyName but with options to extend search into email, phone and social handles.
Unavatar	Simple free online tool for finding avatars. Replace john in link to nickname, email or domain name

Phone numbers

Link	Description
USA Telephone Directory Collection	3512 of paper "yellow" and "white" pages available for download in PDF published from 1887 to 1987
Oldphonebook	USA phonenumbers database from 1994 to 2014
Phomber	Get information about phone number with command line.
Numverify API	free api for global phone number lookup and validation
FireFly	Get information about phone number using Numverify API
PhoneNumber OSINT	Simple tool for gathering basic information about phone numbers (country code, timezone, provider)
Phunter	Phone number #osint command line #python tool. Gather different info: operator, possible(s) location(s), line type, reputation, various scraped information, spammer or not, connect to amazon or not

Universal Contact Search and Leaks Search

Link	Description
DaProfiler	Get emails, social medias, adresses of peoples using web scraping and google dorking
SingleHire	Tool for search contacts by full name, location and job title. Shows phones, emails, #Linkedin, #Facebook, #Twitter and other social media profile
Social Analyzer	tool for searching nickname profiles on more than 300 sites
SovaWeb	web version of a famous Russian bot in Telegram for searching by email, nickname, IMSI, IMEI, MSISDN, BTS, IP, BSSID
BehindTheNames	when conducting an in-depth search for information about a person, it is important to check the different pronunciations of their name and diminutives. This service will help you find them
My CSE for search in 48 pastebin sites
Psbdmp.ws	search sensitive user data by 25 759 511 pastebins
Cybernews RockYour2021	check if your data has been leaked
GoFindWho People Search	More than 300 tools for gathering information about people in one. Search by name, username, phone, adress, company name.
That's them people search
Anywho	Search for people in #USA. Enter first and last name to get age, address, and part of phone number (free)
Usersearch.org	search people by nickname, phone or email
Ellis Island	online searchable database of 65 million arrivals to #NewYork between (late 19th and early 20th century).
recordsearch.naa.gov.au	National archives of #Australia
SpyDialer	Free search contact information by phone number, name, address or email
Decoding Social Security Numbers in One Step
Inmate Database Search
Scamdigger.com	search in #scammers database by name, IP-adress, email or phone
Cloob.com	Iranian people search
SlaveVoyages.org	the Trans-Atlantic and Intra-American slave trade databases are the culmination of several decades of independent and collaborative research by scholars drawing upon data in libraries and archives around the Atlantic world.
FEI Database Person Search	If the person you are researching is related to equestrian sports, check the FEI database for information about him or her. There you can find cards of riders, horse owners, grooms and fans around the world.
Name Variant Search	Type in a name and get a list of possible spelling options (+ quick links to Google, DuckDuckGo and Facebook searches for each option)
LEAKEY	#bash script which checks and validates for leaked credentials (45 types).

Sock Puppets

Link	Description
Rug	Extreme simple tool for generating random user data.
Face Generator	Face Generator for creating #sockpuppets. Customize gender, age, head position, emotions, hair and skin color, makeup and glasses.
2,682,783 free AI generated photos
VoiceBooking	fake voice generator
ThisXDoesNotExist	collection of more than 30 services that generate various items using neural networks.
TheXifer	add fake metadata to photo
GeoTagOnline	add fake geotags to photo
Fake ID Identity Random Name Generator	generate a random character with a fake name for games, novels, or alter ego avatars of yourself. Create a new virtual disposable identity instantly.
@TempMail_org_bot	telegram bot for quick creation of temporary email addresses (to receive emails when registering on different sites)
Text2img	text to image AI generator
Face Anonimyzer	Upload a face photo and get set of similar AI generated faces.
AI video generator	Type the text (video script). Choose a character and script template. Click the "Submit a video" button. Enter your registration data and wait for the letter with the result
Movio.la	Create spoken person video from text
AI Face maker	Just draw a person face (note that there is a separate tool for each part of the face) and the neural network will generate a realistic photo based on it.
SessionBox	multi-login browser extension
MultiLogin	multi-login browser extension
FreshStart	multi-login browser extension
BoredHumans	Another tool for creating non-existent people. AI was trained using a database of 70,000 of photos of real humans. I like this service because it often makes very emotional and lively faces.
Deepfakesweb	Create deepfake videos ONLINE
Deep Face Live	Real-time face swap for streaming and video calls
Fakeinfo	Online screenshot generator of fake YouTube channels, posts/profiles on Facebook, Instagram, TikTok, Twitter, chats on Telegram, Hangouts, WhatsApp, Line, Linkedin.
ThisPersonDoesNotExistAPI (unofficial)	#Python library that returns a random "doesnotexist" person picture generated by AI (with site http://thispersondoesnotexist.com)
This Baseball Player Does Not Exist	A non-existent personality generator that generates people who look amazingly natural.
Cardgenerator.org	tool for generating valid bank card numbers (useful for registering accounts to use free trial versions or to create sock puppets)
VCC Generator	tool for generating valid bank card numbers (useful for registering accounts to use free trial versions or to create sock puppets)
CardGuru	tool for generating valid bank card numbers (useful for registering accounts to use free trial versions or to create sock puppets)
CardGenerator	tool for generating valid bank card numbers (useful for registering accounts to use free trial versions or to create sock puppets)
Faker	Python tool for generating fake data in different languages. Generate addresses, city names, postal codes (you can choose the country), names, meaningless texts, etc.
Generate Data	Free tool for generating fake data. Useful for testing scripts and applications. The result can be downloaded in CSV, JSON, XML, SQL or JavaScript (PHP, TypeScript, Python) arrays.

NOOSINT tools

Link	Description
Annotely	Perfectly simple tool for putting an arrow on a screenshot, highlighting some detail or blurring personal data.
Pramp	The service allows you to take five free (!) online #coding and #productmanagement interview training sessions with peers
RemindWhen	Simple app that reminds you on email if your favorite country opens for tourists from your country.
Web--proxy	free web proxy
Google Docs Voice Comments	simple trick to save time. Voice comments in GoogleDocs, Sheets, Slides, and Forms.
Text to ASCII Art Generator (TAAG)	This site will help you make atmospheric lettering for your command line tool or README.
Snow	A very simple add-on that speeds up and simplifies the formatting of #GoogleDocs. "Show" shows non-printable characters (spaces, tabs, page breaks, indents, etc.)
Wide-band WebSDR	Online access to a short-wave receiver located at the University of Twente. It can be used to listen to military conversations (voice or Morse code)
Crontab guru	Online "shedule expression" editor (for setting task times in Crontab files).
Chmod calculator	Calculate the octal numeric or symbolic value for a set of file or folder permissions in #Linux servers. Check the desired boxes or directly enter a valid numeric value to see its value in other format
Ray So	A simple tool that allows you to beautifully design code as a picture (for social media post or article).
Windows Event Collection	A tool to help you understand #Windows, #SharePoint, #SQLServer and Exchange system security logs.
Hack This Page	A simple extension that allows you to edit the text of any web page.
Soundraw	AI music generation
Screenshot - Full Page Screen Capture	record a video of part of the screen using a very easy-to-use browser extension
Chepy	Python command line version of CyberChef
Typeit	If the text in the picture is not recognised using Google Lens or other OCR tools, try just typing it character by character using the online keyboard. This website has these for 25 different languages.
Transform Tools	This tool is worth knowing for developers and anyone who has to work with different data formats. It can convert: JSON to MySQL, JavaScript to JSON, TypeScript to JavaScript, Markdown to HTML
Autoregex	AI regular expressions generator. Generates a pattern by verbal description. It does not work perfectly (see picture with bitcoin wallet, there is an error, it does not always start with 13). But in general the service is very impressive!
MARKMAP	A simple and free online tool to convert Markdown to Mindmap (SVG or interactive HTML). Formatting options are not too many, but enough to create an informative and clear visualization.
Xmind Works	Online tool for open and editing .xmind files
CLIGPT	The simplest tool possible (with as few settings as possible) for working with ChatGPT API at the command line and using in bash scripts.
MarkWhen	Free online tool that converts Markdown to graphical timeline. It will come in handy for investigations where you need to investigate time-bound events, or simply for quick project planning. Export results in .SVG, .PNG, .MW or share link.
MALWOVERVIEW	Get maximum information about potentially malicious files and links from: Virus Total, Hybrid Analysis, URLHaus, PolySwarm, Mal Share, Alien Vault, Malpedia, ThreatFox, Triage, InQuest
LADDER	A tool to enhance web browsing experience: bypass paywalls and remove ads, no tracking and logs, modify URL parameters, http-headers and HTML code of web pages and more.
LemmeKnow	Tool for "identifying mysterious text or analyze hard-coded strings". Identifies API keys, cryptocurrency wallet numbers, encrypted strings, YouTube channel IDs, IPs, credit card numbers and much more.
	Retrieve proxies from popular proxy sources, officiently validate proxies, save the list of validated proxies to a file

Visualization tools

Link	Description
Jsoncrack	Online tool for visualizing, editing and searching for text in JSON files. With the ability to save, export and share results via a link.
Jsonvisio	Well-made JSON file renderer. Allows you to quickly understand the structure of even the most complex #JSON files.
Time graphics	Powerful tool for analytics of time-based events: a large number of settings for the visualization of time periods, integration with Google Drive, YouTube, Google Maps, 12 ways to export results (PNG, JSON, PPTX etc.)
Gephi	fast and easy to learn graph analytics tool with a lot of modules (plugins)
Tobloef.com	text to mind map
Cheat sheet maker	simple tool for creating cheat sheets
JSONHero	Free online tool for visualizing data in JSON format. With tree structure display, syntax highlighting, link preview, pictures, colors and many other interesting features.

Routine/Data Extraction Automation

Link	Description
Scrapersnbots	A collection of a wide variety of online tools for #osint and not only: search for users with a specific name on different sites, one domain #Google Image search, YouTube tags viewer, url-extractor and much more
Manytools	Collection of tools to automate the repetitive jobs involved in webdevelopment and hacking.
Webdext	An intelligent and quick web data extractor for #GoogleChrome. Support data extraction from web pages containing a list of objects such as product listing, news listing, search result, etc
CloudHQ	A collection of several dozen extensions for #Chrome that allow you to extend the functionality of the standard #Gmail interface and maximize your #productivity. Tracking, sorting, sharing, saving, editing and much more.
Magical. Text Expander	Create shortcuts in Google Chrome to reduce text entry time. For example: email templates, message templates for messengers, signatures and contact information, the names of people with complex spelling (lom -> Lomarrikkendd)
Online tools	55 tools for calculation hash functions, calculation file checksum, encoding and decoding strings
CyberChef	collection of more than a hundred online #tools for automating a wide variety of tasks (string coding, text comparison, double-space removal)
Shadowcrypt Tools	24 online tools for OSINT, network scanning, MD5 encryption and many others
pyWhat	Python tool to help identify different text strings like wallet numbers, API keys, emails, and more. It is convenient for working with .pcap and other files and has many customization options.

Browser analyze

Link	Description
Web history stat	detailed statistics of your browser history
coveryourtracks.eff.org	can tell a lot about your browser and computer, including showing a list of installed fonts on the system.
Webmapper	Extension that create a map-visualization based by browser history. A visual representation of the most visited sites in 10, 20, 50 or 100 days. Zoomable and searchable.
Export Chrome History	A simple extension for Googlechrome that allows you to save detailed information about links from browser history as CSV/JSON. Useful for both personal archives and investigations using other people's computers.

Files

Link	Description
Grep for OSINT	simple toolkit that helps to quickly extract "important data" (phone numbers, email addresses, URLs) from the text / file directory
Diffnow.com	Compares and finds differences in text, URL (html code downloaded by link), office documents (doc, docx, xls, xlsx, ppt, pptx), source code (C, C++, C#, Java, Perl, PHP and other), archives (RAR, 7-zip etc).
CompressedCrack	Simple tool for brute passwords for ZIP and RAR archives
Encrytped ZIP file creator	Create ZIP archive online
PDFX	get meta data of PDF files thrue command line
@mediainforobot	telegram bot to getting metadata from different types of files
Mutagen	get meta data of audiofiles thrue command line
voyant-tools.org	analysis of particular words in .TXT, .DOCX, .XLSX, .CSV and other file types.
Analyze file format online
ToolSley: analyze file format online
RecoveryToolBox	recovery tools for corrupted Excel, CorelDraw, Photoshop, PowerPoint, RAR, ZIP, PDF and other files
Google Docs to Markdown online converter	just copy text to the site
Binvis	lets you visually dissect and analyze binary files. It's the interactive grandchild of a static visualisation online tool
Gdrive-copy	The standard functionality of #GoogleDrive does not allow you to copy an entire folder with all subfolders and files. But it can be done using third-party applications
Siftrss.com	tool for filtering RSS feeds
JSON to CSV
Textise.net	convert the HTML code of a page to TXT

IMEI and serial numbers

Link	Description
Checking MI account
Contex condoms serial number lookup
iPhone IMEI Checker	Get information about #iPhone by International Mobile Equipment Identity
SNDeepInfo	Find information about devices (phones, smartphones, cameras, household appliances) by - IMEI; - MEID; - ICCID; - serial number; - Apple Part Number.

NFT

Link	Description
Nonfungible.com	help to analyze the NFT market, find out which tokens were sold most actively (week, month, year, all time)
Numbers	Search NFT by Content ID, Commit hash, keywords or uploaded photo.
Fingble Nftport	One of the most accurate search engines for finding NFT by uploaded image. Works well with faces. Also it's possible to search by keyword or Token ID.

Keywords, trends, news analytics

Link	Description
Wordstat.yandex.ru	the estimated number of Yandex searches in the coming month for different keywords
Trends Google
Keywordtool.io	keyword matching for Google, YouTube, Amazon, Ebay, Bing, Instagram, Twitter
Google Books Ngram Viewer
News Explorer BlueMix
Pinterest Trends
PyTrends	Simple #python library for automatically collecting data from Google Trends.
KeyWordPeopleUse	Type in a keyword and see what questions mentioning it are being asked on Quora and Reddit. The service is also able to analyse Google Autocomplete and "People also ask"

Apps and programs

Link	Description
Google Play Scraper	get the most detailed
App Store Scraper	get the most detailed metadata about the app from AppStore

Real estate

Link	Description
Homemetry	Large USA real estate registry with lots of information on homeowners and residents, including full names, phones, part of emails, job, and education.

Company information search

Link	Description
Lei.bloomberg.com	search information about company by Legal Identify Number
990 finder	Enter the company name and select the state to get a link to download its 900 form.
Open Corporates Command Line Client (Occli)	Gathering detailed information about company through cli.
NewsBrief	Looking for recent mentions of the company in online media around the world
Related List	find company-related contacts and confidential documents leaked online
Investing.com	View a detailed investment profile of the company
FCCID.IO	seacrh by FCC ID, Country, Date, Company name or Frequency ( in Mhz)
Tradeint	Quick access for more than 85 tools for gathering information about company and company website, location and sector
Corporative Registry Catalog	worldwide catalog of business registries (63 countries)
LEI search	can help find "who owned by" or "who owns"
openownership.org	Wordwide beneficial ownership data.
opensanctions.org	Open source data on sanctioned people and companies in various countries from 35 (!) different sources.
Oec World	A tool for detailed analysis of international trade. It will show clearly which country sells which products, to which countries these products are sold and in what trade value (in $)
Skymem	A free tool to search for employees' emails by company domain. Partially free (only 25 emails can be viewed)

Bank information search

Link	Description
FDIC search	Search banks by FDIC (Federal Deposit Insurance Corporation) certificate number and get detailed information about it
Iban.com	Check the validity of the IBAN (International Bank Account Number) of the company and see the information about the bank where it is serviced
Freebin Checker	easy-to-use API for getting bank details by BIN. 850,000+ BIN records in FreeBinChecker's database
Credit OSINT	A very simple #python tool to gather information about bank cards and validate them.

Brand/trademark information search

Link	Description
WIPO.int	Global Brands Database (46,020,000 records)
TMDN Design View	Search 17 684 046 products designs across the European Union and beyond
TESS	Search engine for #USA trademarks

Tender/shipment information search

Link	Description
TendersInfo	Search tenders around the world by keywords.
Barcode lookup
Panjiva.com	search data on millions of shipments worldwide
en.52wmb.com	Search information about worldwide buyers and suppliers by product name, company name or HS code.

Amazon

Link	Description
Amazon Scraper	scraped detail information about list of items
Amazon ASIN Finder
Sellerapp.com. Amazon Reverse ASIN search

Movies

Link	Description
Reelgood.com	search engine for more than 300 free and paid streaming services (Netflix, Amazon Prime Video, HBO, BBC, DisneyPlus)
IMCDB	Internet Movie Cars Database
Sympsons screencaps search
Search Futuruma screencaps
Rick and Morty screencaps search
Subzin.com	by one phrase will find the movie, as well as the full text of the dialogue with the timing
Doesthedogdie	This is an ingenious site that lets you find out if a movie (video game) has scenes that might upset someone (death of dogs, cats and horses, animal abuse, domestic violence etc).
PlayPhrase	Search across 7 million + phrase from movies and watch fragments in which this3 phrase is spoken.

Netflix

Link	Description
Unogs.com	Netflix search without registration
flixable.com	alternative way to find anything interesting on Netflix
flixwatch.co	alternative way to find anything interesting on Netflix
flicksurfer.com	alternative way to find anything interesting on Netflix
flixboss.com	alternative way to find anything interesting on Netflix
flickmetrix.com	alternative way to find anything interesting on Netflix
whatthehellshouldiwatchonnetflix.com	alternative way to find anything interesting on Netflix
netflix-codes.com	alternative way to find anything interesting on Netflix

TV/Radio

Link	Description
Radion.net	view list of all radiostations near your location and search radiostations by keywords
American Archive of Public Broadcasting	Discover historic programs of publicly funded radio and television across America. Watch and listen
LiveATC	Archive of audio recordings between pilots and dispatchers. Useful for investigating incidents and for foreign language comprehension skills (if you learn to understand pilots' conversations, you will be able to understand everything).
Wideband shortware radio receiver map	Online map of shortwave radio receivers available for listening in your browser at the moment.
IPTV org	Search by 28 813 IP television channels in 196 countries. Get detailed information about channel in HTML/JSON (sometimes with link to livestream).

Tools collections/toolkits

Link	Description
Vortimo	An online tool for quickly searching hundreds of different sources and then processing the information found. As an entry point you can use email, domain, hash, phone number, image and more. Now rebrended as Ubikron.
Osint Search Tools	Several hundred links for quick search in Social Media, Communties, Maps, Documents Search Engines, Maps, Pastes...
Scrummage	Ultimate OSINT and Threat Hunting Framework
Mr.Holmes	osint toolkit for gathering information about domains, phone numbers and social media accounts
SEMID osint framework	Search user info in Tiktok, Playstation, Discord, Doxbin,Twitter, Github
NAZAR	universal Osint Toolkit
E4GL30S1NT	ShellScript toolkit for #osint (12 tools)
Recon Spider	Advanced Open Source Intelligence (#OSINT) Framework for scanning IP Address, Emails, Websites, Organizations
Hunt Osint Framework	Dozens of online tools for different stages of #osint investigations
GoMapEnum	Gather emails on Linkedin (via Linkedin and via Google) + User enumeration and password bruteforce on Azure, ADFS, OWA, O365 (this part seems to be still in development)
ExtendClass	One of my favorite sites for #automating various routine tasks. Among the many analogues, it stands out for its quality of work and variety of functions (view pic).
FoxyRecon	44 osint tools in one add-on for #Firefox
S.I.G.I.T.	Simple information gathering toolkit
GVNG Search	Command line toolkit for gathering information about person (nickname search, validate email, geolocate ip) and domain (traceroute, dns lookup, tcp port scan etc).
Owasp Maryam	modular open-source framework based on OSINT and data gathering
Ghoulbond	Just another all-in-one command line toolkit for gathering information about system (technical characteristics, internet speed, IP/Mac address, port scanner)+some features for nickname and phone number #osint.
Metabigoor	Simple and fast #osint framework
Geekflare Tools	39 online free tools for website testing
Oryon OSINT query tool	Construct investigations links in Google Sheet
Discover	Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing and listeners with metasploit (16 tools in one)
one-plus.github.io/DocumentSearch	Document Search osint Toolkit
Telegram HowToFindBot
Harpoon
ResearchBuzz	Google Sinker Search queries constructor (view pic), Google News Search queries constructor, Quick twitter account historical navigation in http://archive.org, Blogspace Time Machine and more tools
Profounder	searching users by nickname and scrapping url's from website
Moriarty Project
Osintcombine Tools
OSINT-SAN
Mihari
One Plus OSINT Toolkit
Vichiti
Sarenka
Vedbex.com
Synapsint.com
Ashok	Swiff knife for #osint
IVRE	framework for network recon
SEARCH Investigative and Forensic Toolbar	extension with quick access to dozens of online tools for osint, forensics and othef investigations goals.
Tenssens	osint framework
Collector	Universal Osint Toolkit
Randomtools	Several dozen online tools for a variety of purposes. Including to facilitate gathering information on #Facebook, #Twitter, #YouTube, #Instagram
Infooze	User Recon, Mail Finder, Whois/IP/DNS/headers lookup, InstaRecon, Git Recon, Exif Metadata
ThreatPinch Lookup	Helps speed up security investigations by automatically providing relevant information upon hovering over any IPv4 address, MD5 hash, SHA2 hash, and CVE title. It's designed to be completely customizable and work with any rest API(c)
Osint tool	A universal online tool for searching various services and APIs with more than a dozen different inputs (phone number, email, website address, domain, etc.).
Hackers toolkit	An extension for quick access to dozens of tools for decoding/encoding strings as well as generating queries for popular types of web attacks (#SQLi,#LFI,#XSS).
BOTSTER	A huge collection of bots for gathering, monitoring, analysing and validating data from Instagram, Twitter, Google, Amazon, Linkedin, Shopify and other services.
Magnifier	#osint #python toolkit. 15 scripts in one: - subdomain finder; - website emails collector; - zone transfer; - reverse IP lookup; and much more.
Wannabe1337 Toolkit	This site has dozens of free online tools (many of which will be useful for #osint): - website and network info gathering tools; - code, text and image processing tools; - IPFS and Fraud tools; - Discord and Bitcoin tools.
BazzellPy	Unofficial(!) #Python library for automation work with IntelTechniques Search Tools https://inteltechniques.com/tools/
BBOT	Toolkit of 51 modules (for collecting domain/IP information - cookie_brute, wappalyzer, sslcert, leakix, urlscan, wayback (full list in the picture)
SLASH	Universal #cli search tool. Search email or username across social media, forums, Pastebin leaks, Github commits and more.
How to verify?	Visual fact checking mind maps for verification video, audio, source, text. Detailed workflows descriptions with tools, tips and tricks.
Cyclect	Ultimate OSINT Search Engine + list of 281+ tools for information gathering about": IP Adress, Social Media Account, Email, Phone, Domain, Person, Venicle and more.
ShrewdEye	Online versions of popular command line #osint tools: Amass, SubFinder, AssetFinder, GAU, DNSX
OSINT Toolkit	Self-hosted web app (one minute Docker installation) for gathering information about IPs, Domains, URLs, Emails, Hashes, CVEs and more.
OSINTTracker	A simple and free online tool to visualize investigations and collect data about different entry points (domains, email addresses, crypto wallet numbers) using hundreds of different online services.
Analytics research tools	Online #osint tools: People Search (USA🇺🇸 and International), Email Search, Phone Number Search🇺🇸, Username Permutator, Email Permutator, Vehicle License Plate Search🇺🇸, Vehicle,VIN No. Search🇺🇸, Facebook User/Page/Posts Search

Databases and data analyzes

Link	Description
Cronodump	When searching for information about citizens of Ukraine, Russia and other CIS countries, often have to deal with leaked databases for the Cronos program (used in government organizations). This simple utility generates Cronos files in CSV.
Jsonvisio	Well-made JSON file renderer. Allows you to quickly understand the structure of even the most complex #JSON files.
1C Database Converter	1C is a very popular program in CIS countries for storing data in enterprises (accounting, document management, etc.). This tool allows you to convert 1C files into CSV files.
Insight Jini	Extreme quick, extreme simple and free online tool for data visalization and analysis
DIAGRAMIFY	generates flow charts from the text description. Branching and backtracking are supported
OBSIDIAN CLI	Very simple #go tool that let to interact with the Obsidian using the terminal. Open, search, create and edit files. Can be combined with any other #cli #osint tools to automate your workflow.

Online OS Emulators

Link	Description
Windows 10 Online Emulator
Parrot Security OS Online Emulator

Virtual Machines/Linux distributions

Link	Description
Offen Osint
BlackArch Linux
Kali Linux
CSI Linux
Fedora Security Lab
Huron Osint
Tsurugi Linux
Osintux
TraceLabs OSINT VM
Dracos Linux
ArchStrike
Septor Linux
Parrot Security
osintBOX	Parrot OS Home edition modified with the popular OSINT tools: Dmitry, ExifTool, Maltego, Sherlock, SpiderFoot and much more.
Pentoo Linux
Deft Linux
BackBox
Falcon Arch Linux
AttifyOS	Linux distro for pentesting IoT devices.

My Projects

Link	Description
Python OSINT automation examples	In this repository, I will collect quick and simple code examples that use Python to automate various #osint tasks.
Worldwide OSINT Tools Map
Quick hashtags and keywords search
Quick geolocation search
Phone Number Search Constructor
Domain Investigation Toolbox
IP adress Investigation Toolbox
Quick Cache and Archive search
Grep for OSINT	Set of very simple shell scripts that will help you quickly analyze a text or a folder with files for data useful for investigation (phone numbers, bank card numbers, URLs, emails
5 Google Custom Search Engine for search 48 pastebin sites
CSE for search 20 source code hosting services
Dorks collections list	List of Github repositories and articles with list of dorks for different search engines
APIs for OSINT	List of API's for gathering information about phone numbers, addresses, domains etc
Advanced Search Operators List	List of the links to the docs for different services, which explain using of advanced search operators
Code understanding tools list	Tools for understanding other people's code
Awesome grep	List of GREP modifications and alternatives for a variety of purposes
Maltego transforms list	list of tools that handle different data and make it usable in Maltego

Command line cheat sheet for this collection made by Coordinat Cat:

OSINT TOOLS CLI

(Under development, In progress)

Thank you for following me! @cyb_detective

github/opensource.guide

📚 Community guides for open source creators

Open Source Guides

Open Source Guides (https://opensource.guide/) are a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to an open-source project.

Background

Open Source Guides were created and are curated by GitHub, along with input from outside community reviewers, but they are not exclusive to GitHub products. One reason we started this project is that we felt that there weren't enough resources for people creating open-source projects.

Our goal was to aggregate community best practices, not what GitHub (or any other individual or entity) thinks is best. Therefore, we used examples and quotations from others to illustrate our points.

Contributing

This site is powered by Jekyll. Check out our contributing guidelines for ways to offer feedback and contribute.

Licenses

Content is released under CC-BY-4.0. See notices for complete details, including attribution guidelines, contribution terms, and software and third-party licenses and permissions.

Acknowledgments

The initial release of these guides was authored by @nayafia, @bkeepers, @stephbwills, and @mlinksva.

Thanks to @aitchabee, @benbalter, @brettcannon, @caabernathy, @coralineada, @dmleong, @ericholscher, @gr2m, @janl, @jessfraz, @bluesomewhere, @kfogel, @kytrinyx, @lee-dohm, @mikeal, @mikemcquaid, @nathansobo, @nruff, @nsqe, @orta, @parkr, @shazow, @steveklabnik, and @wooorm for lending their valuable input and expertise leading up to the initial release, and to @sophshep and @jeejkang for designing and illustrating the guides.

Disclaimer

While we've got advice about running an open source project, we're not lawyers. Be sure to read our disclaimer before diving in.

windmill-labs/windmill

Open-source developer platform to power your entire infra and turn scripts into webhooks, workflows and UIs. Fastest workflow engine (13x vs Airflow). Open-source alternative to Retool and Temporal.

Open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Self-hostable alternative to Retool, Pipedream, Superblocks and a simplified Temporal with autogenerated UIs and custom UIs to trigger workflows and scripts as internal apps.

Scripts are turned into sharable UIs automatically, and can be composed together into flows or used into richer apps built with low-code. Supported languages: Python, TypeScript, Go, Bash, SQL, GraphQL, PowerShell, Rust, and more.

Try it - Website - Docs - Discord - Hub - Contributor's guide

Windmill - Developer platform for APIs, background jobs, workflows and UIs

Windmill is fully open-sourced (AGPLv3) and Windmill Labs offers dedicated instances and commercial support and licenses.

https://github.com/user-attachments/assets/d80de1d9-64de-4d89-aacd-6df23fa81fc4

Windmill - Developer platform for APIs, background jobs, workflows and UIs

Main Concepts

Define a minimal and generic script in Python, TypeScript, Go or Bash that solves a specific task. The code can be defined in the provided Web IDE or synchronized with your own GitHub repo (e.g. through VS Code extension): provided Web IDE or synchronized with your own GitHub repo (e.g. through VS Code extension):

Your scripts parameters are automatically parsed and generate a frontend.

Make it flow! You can chain your scripts or scripts made by the community shared on WindmillHub.

Build complex UIs on top of your scripts and flows.

Scripts and flows can be triggered by schedules, webhooks, HTTP routes, Kafka, WebSockets, emails, and more.

Build your entire infra on top of Windmill!

Show me some actual script code

//import any dependency  from npm
import * as wmill from "windmill-client";
import * as cowsay from "cowsay@1.5.0";

// fill the type, or use the +Resource type to get a type-safe reference to a resource
type Postgresql = {
  host: string;
  port: number;
  user: string;
  dbname: string;
  sslmode: string;
  password: string;
};

export async function main(
  a: number,
  b: "my" | "enum",
  c: Postgresql,
  d = "inferred type string from default arg",
  e = { nested: "object" }
  //f: wmill.Base64
) {
  const email = process.env["WM_EMAIL"];
  // variables are permissioned and by path
  let variable = await wmill.getVariable("f/company-folder/my_secret");
  const lastTimeRun = await wmill.getState();
  // logs are printed and always inspectable
  console.log(cowsay.say({ text: "hello " + email + " " + lastTimeRun }));
  await wmill.setState(Date.now());

  // return is serialized as JSON
  return { foo: d, variable };
}

Local Development

Windmill supports multiple ways to develop locally and sync with your instance:

Tool	Description
CLI	Sync scripts from local files or GitHub, run scripts/flows from the command line
VS Code Extension	Edit and test scripts & flows directly from VS Code / Cursor with full IDE support
Git Sync	Two-way sync between Windmill and your Git repository
Claude Code	AI-assisted development with Claude for scripts, flows, and apps

https://github.com/user-attachments/assets/c541c326-e9ae-4602-a09a-1989aaded1e9

You can run scripts locally by passing the right environment variables for the wmill client library to fetch resources and variables from your instance. See local development docs.

Stack

Database: Postgres (compatible with Aurora, Cloud SQL, Neon, Azure PostgreSQL)
Backend: Rust - stateless API servers and workers pulling jobs from a Postgres queue
Frontend: Svelte 5
Sandboxing: nsjail and PID namespace isolation
Runtimes:
- TypeScript/JavaScript: Bun (default) and Deno
- Python: python3 with uv for dependency management
- Go, Bash, PowerShell, PHP, Rust, C#, Java, Ansible

Fastest Self-Hostable Workflow Engine

We have compared Windmill to other self-hostable workflow engines (Airflow, Prefect & Temporal) and Windmill is the most performant solution for both benchmarks: one flow composed of 40 lightweight tasks & one flow composed of 10 long-running tasks.

All methodology & results on our Benchmarks page.

Security

Sandboxing: nsjail for filesystem/resource isolation, and PID namespace isolation (enabled by default) to prevent jobs from accessing worker process memory
Secrets: One encryption key per workspace for credentials stored in Windmill's K/V store. We recommend encrypting the Postgres database as well.

See Security documentation for details.

Performance

Once a job started, there is no overhead compared to running the same script on the node with its corresponding runner (Deno/Go/Python/Bash). The added latency from a job being pulled from the queue, started, and then having its result sent back to the database is ~50ms. A typical lightweight deno job will take around 100ms total.

Architecture

How to self-host

For detailed setup options, see Self-Host documentation.

Docker compose

Deploy Windmill with 3 files (docker-compose.yml, Caddyfile, .env):

curl https://raw.githubusercontent.com/windmill-labs/windmill/main/docker-compose.yml -o docker-compose.yml
curl https://raw.githubusercontent.com/windmill-labs/windmill/main/Caddyfile -o Caddyfile
curl https://raw.githubusercontent.com/windmill-labs/windmill/main/.env -o .env

docker compose up -d

Go to http://localhost - default credentials: admin@windmill.dev / changeme

Using an external database: Set DATABASE_URL in .env to point to your managed Postgres (AWS RDS, GCP Cloud SQL, Azure, Neon, etc.) and set db replicas to 0.

Kubernetes (Helm charts)

helm repo add windmill https://windmill-labs.github.io/windmill-helm-charts/
helm install windmill-chart windmill/windmill --namespace=windmill --create-namespace

See windmill-helm-charts for configuration options.

Cloud providers

Windmill works on AWS (EKS/ECS), GCP, Azure, Ubicloud, Fly.io, Render.com, Hetzner, Digital Ocean, and others. Rule of thumb: 1 worker per 1vCPU and 1-2 GB RAM.

OAuth, SSO & SMTP

Configure OAuth and SSO (Google Workspace, Microsoft/Azure, Okta) directly from the superadmin UI. See documentation.

License

The Community Edition is free to use internally. For commercial redistribution or managed services, contact sales@windmill.dev. See LICENSE and Pricing for details.

The "Community Edition" of Windmill available in the docker images hosted under ghcr.io/windmill-labs/windmill and the github binary releases contains the files under the AGPLv3 and Apache 2 sources but also includes proprietary and non-public code and features which are not open source and under the following terms: Windmill Labs, Inc. grants a right to use all the features of the "Community Edition" for free without restrictions other than the limits and quotas set in the software and a right to distribute the community edition as is but not to sell, resell, serve Windmill as a managed service, modify or wrap under any form without an explicit agreement.

The binary compilable from source code in this repository without the "enterprise" feature flag is open-source under the LICENSE-AGPLv3 License terms and conditions.

To re-expose directly any Windmill parts to your users as a feature of your product, with the exception of iframed public Windmill "apps", or to build a feature on top of "Windmill Community Edition" that you sell commercially or embed in a distributable product or binary, you must get a commercial license. Contact us at sales@windmill.dev if you have any questions. To do the same from the binary compiled from the source code in this repository without the "enterprise" feature flag, you must comply with the AGPLv3 license terms and conditions or get a commercial license from Windmill Labs, Inc.

To use Windmill "Community Edition" as is internally in your organization, or to use its APIs as is, you do NOT need a commercial license.

Integrations

In Windmill, integrations are referred to as resources and resource types. Each Resource has a Resource Type that defines the schema that the resource needs to implement.

On self-hosted instances, you might want to import all the approved resource types from WindmillHub. A setup script will prompt you to have it being synced automatically everyday.

Environment Variables

Environment Variable name	Default	Description	Api Server/Worker/All
DATABASE_URL		The Postgres database url.	All
WORKER_GROUP	default	The worker group the worker belongs to and get its configuration pulled from	Worker
MODE	standalone	The mode if the binary. Possible values: standalone, worker, server, agent	All
METRICS_ADDR	None	(ee only) The socket addr at which to expose Prometheus metrics at the /metrics path. Set to "true" to expose it on port 8001	All
JSON_FMT	false	Output the logs in json format instead of logfmt	All
BASE_URL	http://localhost:8000	The base url that is exposed publicly to access your instance. Is overriden by the instance settings if any.	Server
ZOMBIE_JOB_TIMEOUT	30	The timeout after which a job is considered to be zombie if the worker did not send pings about processing the job (every server check for zombie jobs every 30s)	Server
RESTART_ZOMBIE_JOBS	true	If true then a zombie job is restarted (in-place with the same uuid and some logs), if false the zombie job is failed	Server
NATIVE_MODE	false	Enable native mode: sets NUM_WORKERS=8, rejects non-native jobs (nativets, postgresql, mysql, etc.)	Worker
SLEEP_QUEUE	50	The number of ms to sleep in between the last check for new jobs in the DB. It is multiplied by NUM_WORKERS such that in average, for one worker instance, there is one pull every SLEEP_QUEUE ms.	Worker
KEEP_JOB_DIR	false	Keep the job directory after the job is done. Useful for debugging.	Worker
LICENSE_KEY (EE only)	None	License key checked at startup for the Enterprise Edition of Windmill	Worker
SLACK_SIGNING_SECRET	None	The signing secret of your Slack app. See Slack documentation	Server
COOKIE_DOMAIN	None	The domain of the cookie. If not set, the cookie will be set by the browser based on the full origin	Server
DENO_PATH	/usr/bin/deno	The path to the deno binary.	Worker
PYTHON_PATH		The path to the python binary if wanting to not have it managed by uv.	Worker
GO_PATH	/usr/bin/go	The path to the go binary.	Worker
GOPRIVATE		The GOPRIVATE env variable to use private go modules	Worker
GOPROXY		The GOPROXY env variable to use	Worker
NETRC		The netrc content to use a private go registry	Worker
PY_CONCURRENT_DOWNLOADS	20	Sets the maximum number of in-flight concurrent python downloads that windmill will perform at any given time.	Worker
PATH	None	The path environment variable, usually inherited	Worker
HOME	None	The home directory to use for Go and Bash , usually inherited	Worker
DATABASE_CONNECTIONS	50 (Server)/3 (Worker)	The max number of connections in the database connection pool	All
SUPERADMIN_SECRET	None	A token that would let the caller act as a virtual superadmin superadmin@windmill.dev	Server
TIMEOUT_WAIT_RESULT	20	The number of seconds to wait before timeout on the 'run_wait_result' endpoint	Worker
QUEUE_LIMIT_WAIT_RESULT	None	The number of max jobs in the queue before rejecting immediately the request in 'run_wait_result' endpoint. Takes precedence on the query arg. If none is specified, there are no limit.	Worker
DENO_AUTH_TOKENS	None	Custom DENO_AUTH_TOKENS to pass to worker to allow the use of private modules	Worker
DISABLE_RESPONSE_LOGS	false	Disable response logs	Server
CREATE_WORKSPACE_REQUIRE_SUPERADMIN	true	If true, only superadmins can create new workspaces	Server
MIN_FREE_DISK_SPACE_MB	15000	Minimum amount of free space on worker. Sends critical alert if worker has less free space.	Worker
RUN_UPDATE_CA_CERTIFICATE_AT_START	false	If true, runs CA certificate update command at startup before other initialization	All
RUN_UPDATE_CA_CERTIFICATE_PATH	/usr/sbin/update-ca-certificates	Path to the CA certificate update command/script to run when RUN_UPDATE_CA_CERTIFICATE_AT_START is true	All

Run a local dev setup

We recommend using Nix. See ./frontend/README_DEV.md for all options.

Frontend only

Uses the backend of https://app.windmill.dev with local frontend (hot-reload):

cd frontend
npm install
npm run generate-backend-client  # or generate-backend-client-mac on Mac
npm run dev

Windmill available at http://localhost/

Backend + Frontend

See the ./frontend/README_DEV.md file for all running options.

Start a local Postgres database using for instance the start-dev-db.sh script which will make a database available at postgres://postgres:changeme@localhost:5432/windmill Then run the migrations using the following command:
```
cargo install sqlx-cli
env DATABASE_URL=<YOUR_DATABASE_URL> sqlx migrate run
```
This will also avoid compile time issue with sqlx's query! macro.
(optional, linux only) Install nsjail and have it accessible in your PATH
Install bun, deno and python3 (+ any languages you want to use), have the bins at /usr/bin/bun,/usr/bin/deno, and /usr/local/bin/python3 or set the corresponding environment variables.
(optional) Install the lld linker
Go to frontend/:
1. npm install, npm run generate-backend-client then REMOTE=http://localhost:8000 npm run dev
2. You might need to set some extra heap space for the node runtime export NODE_OPTIONS="--max-old-space-size=4096"
3. Create an empty frontend/build folder using mkdir frontend/build
Go to backend/:
1. env DATABASE_URL=<YOUR_DATABASE_URL> RUST_LOG=info cargo run
2. You can specify any feature flag you want to enable, for example cargo run --features python to enable the python executor.
Windmill should be available at http://localhost:3000

Link	Description
Quick Cache and Archive search	quick search website old versions in different search engines and archives (21 source)
Trove	australian web archive
Vandal	extension that makes working with http://archive.org faster, more comfortable, and more efficient.
TheOldNet.com
Carbon Dating The Web
Arquivo.pt
Archive.md
Webarchive.loc.gov
Swap.stanford.edu
Wayback.archive-it.org
Vefsafn.is
web.archive.bibalex.org
Archive.vn
UKWA	archive of more than half a billion saved English-language web pages (data from 2013)

Link	Description
The Time Machine	Tool for gathering domain info from WayBackMachine: - fetches subdomains from waybackurl; - search for /api/JSON/Configuration endpoints and many more (view pic)
Web Archives	extension for viewing cached web page version in 18 search engines and services
EasyCache	quick search website old versions in different search engines and archives
cachedview.b4your.com	quick search website old versions in different search engines and archives
Internet Archive Wayback Machine Link Ripper	Enter a host or URL to retrieve the links to the URL's archived versions at http://wayback.archive.org. A text file is produced which lists the archive URLs.
Waybackpack	download the entire #WaybackMachine archive for a given URL. You can only download versions for a certain date range (date format YYYYMMDDhhss)
TheTimeMachine	Toolkit to use http://archive.org to search for vulnerabilities
Waybackpy	If you want to write your own script to work with http://archive.org, check out the #python library Wayback Machine API. You can use it to quickly automate the extraction of all sorts of website data from the webarchive.
Archivebox	Create your own self-hosted web archive. Save pages from browser history, bookmarks, Pocket etc. Save html, js, css, media, pdf and other files
WaybackPDF	Collects a list of saved PDFs for the given domain from http://archive.org and downloads them into a folder.
Archive-org-Downloader	A simple #python script for downloading books from http://archive.org in PDF format. You can adjust image resolution to optimize file size and work with link lists.
WayMore	Search archived links to domain in Wayback Machine and Common Crawl (+ Urlscan and Alien Vault OTX).
Wayback Keywords Search	A tool that allows you to download all the pages of a particular domain from http://archive.org for a particular month or day, and quickly do a keyword search on those pages.
Web Archive Google Chrome Extension	Simple Chrome Extensions for getting information about current URL using http://archive.org CDX API
WAYBACK GOOGLE ANALYTICS	A tool that finds all Google Analytics ID in URL (including old ones from Web Archive).
GAU	Simple #golang tool to fetch all known website URLs from: WayBackMachine, AlienVault's Open Threat Exchange, Common Crawl, URLScan

Link	Description
Warcat	My favorite (because it's the easiest) tool for working with Warc files. It allows you to see the list of files in the archive (command "list") and unpack it (command "extract").
Replayweb	If the warc file is small, you can view its contents with this extreme simple online tool. Also it's possible to deploy ReplayWeb on your own server
Metawarc	Allows you to quickly analyze the structure of the warc file and collect metadata from all the files in the archive
Webrecorder tools	Archiving various interesting sites is a noble and useful activity for society. To make it easier for posterity to analyze your web archives, save them in Warc format with an online tool
GRAB SITE	Af you need to make a Warc archive out of a huge site with a lot of different content, then it is better to use this #python script with dozens of different settings that will optimize the process as much as possible.
har2warc	Convert HTTP Archive (HAR) -> Web Archive (WARC) format