Offensive Security for Security Testing
Task: Security Testing
Browse 80 security tools
FEATURED
RELATED TASKS
Red team exercises simulating real-world attacks to identify vulnerabilities
Red team exercises simulating real-world attacks to identify vulnerabilities
Simulated adversarial attack service to test organizational defenses
Simulated adversarial attack service to test organizational defenses
Red team service simulating nation-state threats to test defenses.
Red team service simulating nation-state threats to test defenses.
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
AI agent that autonomously discovers, exploits, and documents vulnerabilities.
A collection of XSS payloads designed to turn alert(1) into P1
A collection of XSS payloads designed to turn alert(1) into P1
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A tool for testing and exploiting Cross-Site Scripting (XSS) vulnerabilities.
A collection of payloads and methodologies for web pentesting.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
A tool for identifying and exploiting SSRF vulnerabilities in modern cloud environments by filtering host lists to find viable attack candidates.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A format conversion tool for S3 buckets designed to assist bug bounty hunters and security testers in standardizing bucket data during reconnaissance activities.
A tool for testing subdomain takeover possibilities at a mass scale.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A brute force parameter discovery tool for identifying hidden GET and POST parameters in web applications during security assessments.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A payload generator that creates malicious deserialization payloads for testing .NET applications against insecure deserialization vulnerabilities.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A command-line tool that replaces all query string parameter values in URLs with a user-supplied value for security testing purposes.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A security tool for discovering and analyzing interesting files in AWS S3 buckets across multiple regions and bucket types.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A framework for testing and exploiting race condition vulnerabilities through concurrent request analysis and timing attack automation.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A collection of three tools for extracting, dumping, and scanning exposed .git repositories on websites to identify sensitive information and security vulnerabilities.
A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.
A command-line tool for capturing automated screenshots of websites and mobile applications with support for multiple browsers and device emulations.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A malicious DNS server that executes DNS Rebinding attacks on-demand to bypass same-origin policy restrictions and access internal network resources.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A Python library that simplifies testing and exploiting race conditions in web applications using concurrent HTTP requests.
A simple Python script to test for a hypothetical JWT vulnerability
A simple Python script to test for a hypothetical JWT vulnerability