Offensive Security
Ethical hacking tools and resources for penetration testing and red team operations.Explore 313 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
A collection of Python scripts for conducting penetration testing activities against Amazon Web Services (AWS) environments.
Insights on Red Teaming for Pacific Rim CCDC 2016 competition, focusing on preparation, operations plan, and automation.
Insights on Red Teaming for Pacific Rim CCDC 2016 competition, focusing on preparation, operations plan, and automation.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
A collection of resources for practicing penetration testing
A collection of resources for practicing penetration testing
A cheat sheet providing examples of creating reverse shells for penetration testing.
A cheat sheet providing examples of creating reverse shells for penetration testing.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Emulates Docker HTTP API with event logging and AWS deployment script.
Emulates Docker HTTP API with event logging and AWS deployment script.
A tool for testing Cross Site Scripting vulnerabilities
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
An open-source shellcode and PE packer for creating and managing portable executable files.
An open-source shellcode and PE packer for creating and managing portable executable files.
APT Simulator is a tool for simulating a compromised system on Windows.
APT Simulator is a tool for simulating a compromised system on Windows.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
Full-featured C2 framework for stealthy communication and control on web servers.
Full-featured C2 framework for stealthy communication and control on web servers.
Preparation process for participating in the Pacific Rim CCDC 2015.
Preparation process for participating in the Pacific Rim CCDC 2015.