Offensive Security for Security Testing
Ethical hacking tools and resources for penetration testing and red team operations. Task: Security TestingExplore 32 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 4 tools
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
NetSPI Breach and Attack Simulation as a Service validates security control effectiveness through expert-led attack simulations mapped to the MITRE ATT&CK framework.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A web application security testing platform that combines manual and automated testing tools for conducting comprehensive security assessments and penetration testing.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A collection of payloads and methodologies for web pentesting.
A collection of payloads and methodologies for web pentesting.
A powerful XSS scanning and parameter analysis tool
A cross-platform web fuzzer written in Nim
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
A Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
A simple file format fuzzer for Android that can fuzz multiple readers at once
A simple file format fuzzer for Android that can fuzz multiple readers at once
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
An Android port of the Radamsa fuzzing tool compiled with Android NDK to support Android ABIs for security testing on mobile platforms.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
Repository of tools for testing iPhone messaging by Project Zero
Repository of tools for testing iPhone messaging by Project Zero
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
Adversary emulation framework for testing security measures in network environments.
Adversary emulation framework for testing security measures in network environments.
Chameleon aids in evading proxy categorization to bypass internet filters.
Chameleon aids in evading proxy categorization to bypass internet filters.
Create a vulnerable active directory for testing various Active Directory attacks.
Create a vulnerable active directory for testing various Active Directory attacks.
DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.
DET (extensible) Data Exfiltration Toolkit is a proof of concept tool for performing Data Exfiltration using multiple channels simultaneously.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
A Ruby framework designed to aid in the penetration testing of WordPress systems.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.