Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Explore 455 curated cybersecurity tools, with 16,024+ visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
FeatherDuster is a cryptanalysis tool that automatically identifies and exploits weaknesses in cryptographic systems by analyzing ciphertext files.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
Charlotte is an undetected C++ shellcode launcher for executing shellcode with stealth.
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
OneGadget is a CTF-focused tool that uses symbolic execution to find RCE gadgets in binaries that can execute shell commands through execve('/bin/sh', NULL, NULL).
Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...
Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...
A tool for exploiting HTTP/2 cleartext smuggling vulnerabilities
Sysreptor offers a customizable reporting solution for offensive security assessments.
Sysreptor offers a customizable reporting solution for offensive security assessments.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.
A fuzzing framework for Android that creates corrupt media files to identify potential vulnerabilities
A fuzzing framework for Android that creates corrupt media files to identify potential vulnerabilities
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.
Sysreptor provides a customizable reporting platform for pentesters and red teamers to efficiently document security assessments.
A demonstration of a method to delete a locked executable or currently running file from disk.
A demonstration of a method to delete a locked executable or currently running file from disk.
Comprehensive host-survey tool for security checks in C#.
Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.
Tool for enumerating proxy configurations and generating CobaltStrike-compatible shellcode.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
Stay Updated with Mandos Brief
Get the latest cybersecurity updates in your inbox
TRENDING CATEGORIES
POPULAR
A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.
Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
Weekly cybersecurity newsletter for security leaders and professionals
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Offensive Security Tools - FAQ
Common questions about Offensive Security tools including selection guides, pricing, and comparisons.
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.