Offensive Security
Ethical hacking tools and resources for penetration testing and red team operations.Explore 281 curated tools and resources
RELATED TASKS
PINNED
Promoted • 6 tools
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
A lightweight and portable Docker container for penetration testers and CTF players
A lightweight and portable Docker container for penetration testers and CTF players
A penetration testing framework for identifying and exploiting vulnerabilities.
A penetration testing framework for identifying and exploiting vulnerabilities.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A collection of payloads and methodologies for web pentesting.
A collection of payloads and methodologies for web pentesting.
A tool for recursively querying webservers
A powerful XSS scanning and parameter analysis tool
A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.
A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.
A login cracker that can be used to crack many types of authentication protocols.
A login cracker that can be used to crack many types of authentication protocols.
Automatic tool for DNS rebinding-based SSRF attacks
A tool for security researchers and penetration testers to automate the process of finding sensitive information on a target domain.
A tool for security researchers and penetration testers to automate the process of finding sensitive information on a target domain.
A tool for Local File Inclusion (LFI) exploitation and scanning