Loading...

Popular Free Commercial Categories Tasks Blog

CyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS

LEGAL

Terms of services Privacy policy

Offensive Security for Security Research

Ethical hacking tools and resources for penetration testing and red team operations. Task: Security ResearchExplore 20 curated tools and resources

Search by name, description, or purpose... (⌘+K)

Home
Categories
Offensive Security
Security Research

RELATED TASKS

active-directory (3)ai (2)analytics (1)android (3)android-security (2)anti-forensics (2)antivirus (4)apache (3)api (3)api-security (2)

PINNED

Promoted • 6 tools

Commercial

Data Protection

Commercial

Network Security

Commercial

Consulting

Commercial

Application Security

Commercial

Cloud Security

Commercial

Application Security

Want your tool featured here?

Get maximum visibility with pinned placement

LATEST ADDITIONS

httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
Security Research
Web Application Security
httprebind
Automatic tool for DNS rebinding-based SSRF attacks
0
Free
Offensive Security
Dns Rebinding
Ssrf
Penetration Testing
+2
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
Penetration Testing
tko-subs
A tool for detecting and taking over subdomains with dead DNS records
0
Free
Offensive Security
Dns
Subdomain Takeover
Security Research
+1
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
Penetration Testing
Security Research
DNS Rebind Toolkit
A front-end JavaScript toolkit for creating DNS rebinding attacks
0
Free
Offensive Security
Dns
Rebinding
Attack Tool
+2
Sudomy
A subdomain enumeration tool for bug hunting and pentesting
0
Free
Offensive Security
Subdomain Enumeration
Bug Hunting
Pentesting
Security Research
Sudomy
A subdomain enumeration tool for bug hunting and pentesting
0
Free
Offensive Security
Subdomain Enumeration
Bug Hunting
Pentesting
+1
dref
A DNS rebinding exploitation framework
0
Free
Offensive Security
Dns
Rebinding
Exploitation
Framework
Security Research
Penetration Testing
dref
A DNS rebinding exploitation framework
0
Free
Offensive Security
Dns
Rebinding
Exploitation
+3
Singularity
A DNS rebinding attack framework for security researchers and penetration testers.
0
Free
Offensive Security
Dns Rebinding
Penetration Testing
Security Research
Web Application Security
Network Security
Singularity
A DNS rebinding attack framework for security researchers and penetration testers.
0
Free
Offensive Security
Dns Rebinding
Penetration Testing
Security Research
+2
Tugarecon
A subdomain enumeration tool for penetration testers and security researchers.
0
Free
Offensive Security
Subdomain Enumeration
Penetration Testing
Security Research
Search Engine
Database
Enumeration
Tugarecon
A subdomain enumeration tool for penetration testers and security researchers.
0
Free
Offensive Security
Subdomain Enumeration
Penetration Testing
Security Research
+3
WayMore
A tool that finds more information about a given URL or domain by querying multiple data sources.
0
Free
Offensive Security
Url Scanning
Subdomain Discovery
Ip Address
Security Research
Penetration Testing
WayMore
A tool that finds more information about a given URL or domain by querying multiple data sources.
0
Free
Offensive Security
Url Scanning
Subdomain Discovery
Ip Address
+2
ParamSpider
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
1
Free
Offensive Security
Bug Bounty
Bug Hunting
Fuzzing
Security Research
Web Application Security
Web Scraping
ParamSpider
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
1
Free
Offensive Security
Bug Bounty
Bug Hunting
Fuzzing
+3
Gato
A tool for enumerating and attacking GitHub Actions pipelines
0
Free
Offensive Security
Github
Security Research
Penetration Testing
Gato
A tool for enumerating and attacking GitHub Actions pipelines
0
Free
Offensive Security
Github
Security Research
Penetration Testing
hakrawler
A simple, fast web crawler for discovering endpoints and assets in a web application
1
Free
Offensive Security
Crawler
Web Crawler
Web Security
Vulnerability Scanning
Penetration Testing
Security Research
hakrawler
A simple, fast web crawler for discovering endpoints and assets in a web application
1
Free
Offensive Security
Crawler
Web Crawler
Web Security
+3
MagSpoof
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
0
Free
Offensive Security
Hardware
Security Research
Educational
Penetration Testing
Physical Security
Research
Proof Of Concept
MagSpoof
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
0
Free
Offensive Security
Hardware
Security Research
Educational
+4
HackSys Extreme Vulnerable Driver (HEVD)
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
0
Free
Offensive Security
Windows
Kernel
Vulnerability
Educational
Exploit Development
Windows Security
Exploitation
Security Research
Training
Vulnerable App
Pentesting
Offensive Security
HackSys Extreme Vulnerable Driver (HEVD)
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
0
Free
Offensive Security
Windows
Kernel
Vulnerability
+9
InvalidSign
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
0
Free
Offensive Security
Offensive Security
Evasion
Bypass
Endpoint Security
Edr
Signature
Hash Calculator
Security Research
Exploit
Payload
Security Testing
Penetration Testing
Red Team
Malware Research
InvalidSign
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
0
Free
Offensive Security
Offensive Security
Evasion
Bypass
+11
Evilginx2
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
0
Free
Offensive Security
Phishing
Penetration Testing
Security Research
Attack Vector
Evilginx2
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
0
Free
Offensive Security
Phishing
Penetration Testing
Security Research
+1
Shadow Workers
A free and open source C2 and proxy for penetration testers
0
Free
Offensive Security
C2
Proxy
Penetration Testing
Xss
Security Research
Shadow Workers
A free and open source C2 and proxy for penetration testers
0
Free
Offensive Security
C2
Proxy
Penetration Testing
+2
Darkarmour
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
0
Free
Offensive Security
Evasion
Antivirus
Windows
Obfuscation
Penetration Testing
Security Research
Anti Forensics
Open Source
Mit License
Github
Darkarmour
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
0
Free
Offensive Security
Evasion
Antivirus
Windows
+7
Dendrobate
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
0
Free
Offensive Security
Dotnet
Code Injection
Security Research
Dendrobate
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
0
Free
Offensive Security
Dotnet
Code Injection
Security Research
Domain Hunter
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
0
Free
Offensive Security
Phishing
C2
Security Research
Domain Hunter
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
0
Free
Offensive Security
Phishing
C2
Security Research
SharpSploit
A comprehensive .NET post-exploitation library designed for advanced security testing.
0
Free
Offensive Security
Post Exploitation
Penetration Testing
Security Research
Csharp
Dotnet
Library
SharpSploit
A comprehensive .NET post-exploitation library designed for advanced security testing.
0
Free
Offensive Security
Post Exploitation
Penetration Testing
Security Research
+3

1