Offensive Security
Ethical hacking tools and resources for penetration testing and red team operations.Explore 338 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Insights on Red Teaming for Pacific Rim CCDC 2016 competition, focusing on preparation, operations plan, and automation.
Insights on Red Teaming for Pacific Rim CCDC 2016 competition, focusing on preparation, operations plan, and automation.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
Python exploitation tool for gaining root access to Sixnet RTUs in SCADA networks by exploiting application-level vulnerabilities.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
A collection of resources for practicing penetration testing
A collection of resources for practicing penetration testing
A cheat sheet providing examples of creating reverse shells for penetration testing.
A cheat sheet providing examples of creating reverse shells for penetration testing.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Emulates Docker HTTP API with event logging and AWS deployment script.
Emulates Docker HTTP API with event logging and AWS deployment script.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
An open-source shellcode and PE packer for creating and managing portable executable files.
An open-source shellcode and PE packer for creating and managing portable executable files.
APT Simulator is a tool for simulating a compromised system on Windows.
APT Simulator is a tool for simulating a compromised system on Windows.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.