Loading...

Popular Free Commercial Categories Tasks Blog

CyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Copyright © 2025 - All rights reserved

LINKS

LEGAL

Terms of services Privacy policy

Offensive Security for Penetration Testing

Ethical hacking tools and resources for penetration testing and red team operations. Task: Penetration Testing
Explore 81 curated tools and resources

Search tools and resources by name, description, or purpose... (⌘+K)

All

Free

Commercial

Task

Home
Categories
Offensive Security
Penetration Testing

RELATED TASKS

analytics (1)anti-forensics (1)antivirus (1)apache (3)api-metadata (1)api-security (2)apktool (1)app-security (1)apparmor (6)applocker (1)

PINNED

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
1
Commercial
Attack Surface Management
Attack Surface Management
Attack Surface
Continuous Monitoring
Dark Web Monitoring
Cloud Security
Vulnerability Management
Compliance
Third Party Risk
Threat Intelligence
Security Monitoring
ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
1
Commercial
Attack Surface Management
Attack Surface Management
Attack Surface
Continuous Monitoring
+7
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
2
Commercial
Resources
Resources
Cybersecurity
Education
Training
Security Professionals
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
2
Commercial
Resources
Resources
Cybersecurity
Education
+2
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
1
Commercial
Application Security
Application Security
Dependency Scanning
Vulnerability Management
Software Supply Chain
Open Source
Sbom
Security Scanning
Devsecops
Vulnerability Detection
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
1
Commercial
Application Security
Application Security
Dependency Scanning
Vulnerability Management
+6
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
1
Commercial
Application Security
Web App Security
Api Security
Cloud Security
Waf
Ddos
Bot Detection
Machine Learning
Api Discovery
Threat Prevention
Zero Day
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
1
Commercial
Application Security
Web App Security
Api Security
Cloud Security
+7
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
0
Commercial
Cloud Security
Cloud Security
Cloud Native
Vulnerability Management
Compliance
Container Security
Cloud Compliance
Api Security
Kubernetes Security
Security Monitoring
Security Automation
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
0
Commercial
Cloud Security
Cloud Security
Cloud Native
Vulnerability Management
+7
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
1
Commercial
Application Security
Application Security
Github
Code Security
Static Analysis
Security Automation
Devsecops
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
1
Commercial
Application Security
Application Security
Github
Code Security
+3

LATEST ADDITIONS

Burp Suite Professional
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
1
Commercial
Offensive Security
Penetration Testing
Web Security
Scanner
Proxy
Security Testing
Vulnerability Assessment
Api Security
Burp Suite
Web App Security
Security Automation
Burp Suite Professional
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
1
Commercial
Offensive Security
Penetration Testing
Web Security
Scanner
+7
OFFODE
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
1
Free
Offensive Security
Automation
Nodejs
Offensive Security
Penetration Testing
Red Team
Authentication
OFFODE
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
1
Free
Offensive Security
Automation
Nodejs
Offensive Security
+3
XAHICO Platform
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
0
Commercial
Offensive Security
Cloud
Penetration Testing
Vulnerability Detection
Command And Control
Web App Security
XAHICO Platform
XAHICO Web Platform is a cloud-based solution for vulnerability detection, penetration testing, and adversary simulation, accessible through web browsers and suitable for various user levels.
0
Commercial
Offensive Security
Cloud
Penetration Testing
Vulnerability Detection
+2
tryharder
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
0
Free
Offensive Security
Offensive Security
Shellcode
Evasion
Red Team
Penetration Testing
tryharder
A C++ staged shellcode loader with evasion capabilities, compatible with Sliver and other shellcode sources, designed for offensive security testing.
0
Free
Offensive Security
Offensive Security
Shellcode
Evasion
+2
Bento Toolkit
A lightweight and portable Docker container for penetration testers and CTF players
0
Free
Offensive Security
Docker
Penetration Testing
Ctf
Gui
Docker Compose
Burp Suite
Bento Toolkit
A lightweight and portable Docker container for penetration testers and CTF players
0
Free
Offensive Security
Docker
Penetration Testing
Ctf
+3
Metasploit
A penetration testing framework for identifying and exploiting vulnerabilities.
0
Free
Offensive Security
Metasploit
Penetration Testing
Vulnerability Management
Incident Response
Siem
Edr
Metasploit
A penetration testing framework for identifying and exploiting vulnerabilities.
0
Free
Offensive Security
Metasploit
Penetration Testing
Vulnerability Management
+3
FDsploit
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
0
Free
Offensive Security
Appsec
Apparmor
Appsec Tool
Directory Traversal
File Inclusion
Fuzzing
Penetration Testing
FDsploit
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
0
Free
Offensive Security
Appsec
Apparmor
Appsec Tool
+4
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
Security Research
Web Application Security
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
+2
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
Penetration Testing
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
+1
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
Penetration Testing
Security Research
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
+2
SSRFmap
Automatic SSRF fuzzer and exploitation tool
0
Free
Offensive Security
Ssrf
Fuzzer
Exploitation
Penetration Testing
SSRFmap
Automatic SSRF fuzzer and exploitation tool
0
Free
Offensive Security
Ssrf
Fuzzer
Exploitation
+1
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
Burp Suite
Vulnerability Scanning
Http Requests
Penetration Testing
Security Testing
Turbo Intruder
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
0
Free
Offensive Security
Burp Suite
Vulnerability Scanning
Http Requests
+2
dref
A DNS rebinding exploitation framework
0
Free
Offensive Security
Dns
Rebinding
Exploitation
Framework
Security Research
Penetration Testing
dref
A DNS rebinding exploitation framework
0
Free
Offensive Security
Dns
Rebinding
Exploitation
+3
racepwn
A framework for testing and exploiting race conditions in software
0
Free
Offensive Security
Blue Team
Red Team
Penetration Testing
Penetration Testing Framework
racepwn
A framework for testing and exploiting race conditions in software
0
Free
Offensive Security
Blue Team
Red Team
Penetration Testing
+1

1
2
3
6
Next