Offensive Security for Penetration Testing

Ethical hacking tools and resources for penetration testing and red team operations. Task: Penetration TestingExplore 143 curated tools and resources

Search by name, description, or purpose... (⌘+K)

PINNED

Promoted • 6 tools

Proton Pass

Commercial

Data Protection

NordVPN

Commercial

Network Security

Mandos

Commercial

Consulting

Checkmarx SCA

Commercial

Application Security

Orca Security

Commercial

Cloud Security

DryRun

Commercial

Application Security

Want your tool featured here?

Get maximum visibility with pinned placement

LATEST ADDITIONS

Pentesting Payloads
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Payloads
Sql Injection
Xss
Lfi
Bug Bounty
Web Security
Pentesting Payloads
A web-based payload repository that generates and encodes ready-to-use exploits for SQL injection, XSS, file inclusion, and command injection vulnerabilities.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Payloads
+5
NetSPI Breach and Attack Simulation
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
0
Commercial
Offensive Security
Breach Simulation
Attack Simulation
Mitre Attack
Security Testing
Red Team
Penetration Testing
Security Validation
Ransomware
Cloud Security
Managed Security Service Provider
NetSPI Breach and Attack Simulation
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
0
Commercial
Offensive Security
Breach Simulation
Attack Simulation
Mitre Attack
+7
weSecretFinder
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
0
Free
Offensive Security
Security Scanning
Python
Offensive Security
Security Audit
Security Tools
Penetration Testing
Security Automation
Sensitive Data
Security Assessment
weSecretFinder
A Python script that scans file systems to identify hardcoded credentials, API keys, and other sensitive secrets using configurable regex patterns.
0
Free
Offensive Security
Security Scanning
Python
Offensive Security
+6
PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
2
Commercial
Offensive Security
Ai
Penetration Testing
Automation
Security Testing
Exploitation
Reconnaissance
Reporting
Security Assessment
Offensive Security
Vulnerability Exploitation
PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
2
Commercial
Offensive Security
Ai
Penetration Testing
Automation
+7
Burp Suite Professional
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
1
Commercial
Offensive Security
Penetration Testing
Web Security
Scanner
Proxy
Security Testing
Vulnerability Assessment
Api Security
Burp Suite
Web App Security
Security Automation
Burp Suite Professional
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
1
Commercial
Offensive Security
Penetration Testing
Web Security
Scanner
+7
XAHICO Platform
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
0
Commercial
Offensive Security
Cloud
Penetration Testing
Vulnerability Detection
Command And Control
Web App Security
XAHICO Platform
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
0
Commercial
Offensive Security
Cloud
Penetration Testing
Vulnerability Detection
+2
tryharder
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
0
Free
Offensive Security
Offensive Security
Shellcode
Evasion
Red Team
Penetration Testing
tryharder
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
0
Free
Offensive Security
Offensive Security
Shellcode
Evasion
+2
ffufai
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
0
Free
Offensive Security
Fuzzing
Web Security
Ai
Penetration Testing
Offensive Security
Web Application Security
Automation
Python
Reconnaissance
Vulnerability Scanning
ffufai
An AI-powered wrapper for ffuf that automatically suggests relevant file extensions for web fuzzing based on target URL analysis and response headers.
0
Free
Offensive Security
Fuzzing
Web Security
Ai
+7
Bento Toolkit
A lightweight and portable Docker container for penetration testers and CTF players
0
Free
Offensive Security
Docker
Penetration Testing
Ctf
Gui
Docker Compose
Burp Suite
Bento Toolkit
A lightweight and portable Docker container for penetration testers and CTF players
0
Free
Offensive Security
Docker
Penetration Testing
Ctf
+3
Metasploit
A penetration testing framework for identifying and exploiting vulnerabilities.
0
Free
Offensive Security
Metasploit
Penetration Testing
Vulnerability Management
Incident Response
Siem
Edr
Metasploit
A penetration testing framework for identifying and exploiting vulnerabilities.
0
Free
Offensive Security
Metasploit
Penetration Testing
Vulnerability Management
+3
FDsploit
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
0
Free
Offensive Security
Python
Web Security
Vulnerability Scanner
Penetration Testing
Fuzzing
Exploitation
Lfi
Directory Traversal
File Inclusion
Offensive Security
FDsploit
A Python-based tool that automates the identification and exploitation of file inclusion and directory traversal vulnerabilities in web applications.
0
Free
Offensive Security
Python
Web Security
Vulnerability Scanner
+7
SQLi-Hunter
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
0
Free
Offensive Security
Sql Injection
Proxy
Penetration Testing
Vulnerability Scanner
Web Security
Sql
Offensive Security
Web Application Security
Exploitation
Scanner
SQLi-Hunter
SQLi-Hunter is an HTTP/HTTPS proxy server and SQLMAP API wrapper that simplifies the identification and exploitation of SQL injection vulnerabilities in web applications.
0
Free
Offensive Security
Sql Injection
Proxy
Penetration Testing
+7
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
Security Research
Web Application Security
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
+2
python-builtwith
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
0
Free
Offensive Security
Python
Api
Reconnaissance
Recon
Osint
Web
Intelligence Gathering
Python Library
Attack Surface
Penetration Testing
python-builtwith
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
0
Free
Offensive Security
Python
Api
Reconnaissance
+7
cariddi
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
0
Free
Offensive Security
Reconnaissance
Recon
Penetration Testing
Pentesting
Crawler
Secret Detection
Api
Enumeration
Scanner
Offensive Security
cariddi
An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.
0
Free
Offensive Security
Reconnaissance
Recon
Penetration Testing
+7
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
Penetration Testing
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
+1
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
Penetration Testing
Security Research
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
+2
SSRFmap
Automatic SSRF fuzzer and exploitation tool
0
Free
Offensive Security
Ssrf
Fuzzer
Exploitation
Penetration Testing
SSRFmap
Automatic SSRF fuzzer and exploitation tool
0
Free
Offensive Security
Ssrf
Fuzzer
Exploitation
+1
xsshunter_client
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
0
Free
Offensive Security
Xss
Penetration Testing
Vulnerability Testing
Proxy
Web Security
Offensive Security
Payload
Injection
Web Application Security
Pentesting
xsshunter_client
A correlated injection proxy tool that integrates with XSS Hunter for automated cross-site scripting vulnerability testing and payload tracking.
0
Free
Offensive Security
Xss
Penetration Testing
Vulnerability Testing
+7
s3reverse
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
0
Free
Offensive Security
S3
Aws
Cloud Security
Bug Bounty
Reconnaissance
Penetration Testing
Offensive Security
Enumeration
Security Testing
Aws Security
s3reverse
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
0
Free
Offensive Security
S3
Aws
Cloud Security
+7
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
Burp Suite
Vulnerability Scanning
Http Requests
Penetration Testing
Security Testing
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
Burp Suite
Vulnerability Scanning
Http Requests
+2
ysoserial.net
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
0
Free
Offensive Security
Deserialization
Payload Generation
Dotnet
Net
Exploit
Penetration Testing
Vulnerability Testing
Offensive Security
Payload
Security Testing
ysoserial.net
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
0
Free
Offensive Security
Deserialization
Payload Generation
Dotnet
+7
AWSBucketDump
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
0
Free
Offensive Security
Aws
S3
Penetration Testing
Reconnaissance
Cloud Security
Security Testing
Enumeration
Aws Security
Offensive Security
Cloud
AWSBucketDump
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
0
Free
Offensive Security
Aws
S3
Penetration Testing
+7
ESC
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Red Team
Sql
Database Security
Data Exfiltration
Enumeration
Dotnet
Powershell
Cli
ESC
ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.
0
Free
Offensive Security
Offensive Security
Penetration Testing
Red Team
+7

Offensive Security for Penetration Testing

RELATED TASKS

PINNED

LATEST ADDITIONS

Pentesting Payloads

Pentesting Payloads

NetSPI Breach and Attack Simulation

NetSPI Breach and Attack Simulation

weSecretFinder

weSecretFinder

PTJunior

PTJunior

Burp Suite Professional

Burp Suite Professional

XAHICO Platform

XAHICO Platform

tryharder

tryharder

ffufai

ffufai

Bento Toolkit

Bento Toolkit

Metasploit

Metasploit

FDsploit

FDsploit

SQLi-Hunter

SQLi-Hunter

httprebind

httprebind

python-builtwith

python-builtwith

cariddi

cariddi

tko-subs

tko-subs

DNS Rebind Toolkit

DNS Rebind Toolkit

SSRFmap

SSRFmap

xsshunter_client

xsshunter_client

s3reverse

s3reverse

Turbo Intruder

Turbo Intruder

ysoserial.net

ysoserial.net

AWSBucketDump

AWSBucketDump

ESC

ESC