Ethical hacking tools and resources for penetration testing and red team operations. Task: Security ResearchExplore 20 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
Automatic tool for DNS rebinding-based SSRF attacks
A tool for detecting and taking over subdomains with dead DNS records
A tool for detecting and taking over subdomains with dead DNS records
A front-end JavaScript toolkit for creating DNS rebinding attacks
A front-end JavaScript toolkit for creating DNS rebinding attacks
A subdomain enumeration tool for bug hunting and pentesting
A DNS rebinding attack framework for security researchers and penetration testers.
A DNS rebinding attack framework for security researchers and penetration testers.
A subdomain enumeration tool for penetration testers and security researchers.
A subdomain enumeration tool for penetration testers and security researchers.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool that finds more information about a given URL or domain by querying multiple data sources.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
A tool for enumerating and attacking GitHub Actions pipelines
A simple, fast web crawler for discovering endpoints and assets in a web application
A simple, fast web crawler for discovering endpoints and assets in a web application
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
MagSpoof is a hardware device that emulates magnetic stripe cards using electromagnetic fields for security research and educational purposes.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.
A free and open source C2 and proxy for penetration testers
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
A tool that checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names.
A comprehensive .NET post-exploitation library designed for advanced security testing.
A comprehensive .NET post-exploitation library designed for advanced security testing.