Offensive Security
Ethical hacking tools and resources for penetration testing and red team operations.Explore 338 curated tools and resources
Search by name, description, or purpose... (⌘+K)
RELATED TASKS
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Preparation process for participating in the Pacific Rim CCDC 2015.
Preparation process for participating in the Pacific Rim CCDC 2015.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
A security testing framework for assessing container environment security across AWS and GCP cloud platforms.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
KeeFarce extracts cleartext password database information from KeePass 2.x processes in memory using DLL injection and .NET runtime manipulation.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
A blog post discussing the often overlooked dangers of CSV injection in applications.
A blog post discussing the often overlooked dangers of CSV injection in applications.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A tool for automated security scanning of web applications and manual penetration testing.
A tool for automated security scanning of web applications and manual penetration testing.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
An open-source security tool that simulates network breaches by self-propagating across data centers to test organizational resilience against lateral movement attacks.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.
A powerful enumeration tool for discovering assets and subdomains.
A powerful enumeration tool for discovering assets and subdomains.
Tool for attacking Active Directory environments through SQL Server access.
Tool for attacking Active Directory environments through SQL Server access.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
A dynamic redirect rules generator that creates custom redirect configurations for penetration testing and security assessment scenarios.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
Weaponizing Kerberos protocol flaws for stealthy attacks on domain users.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
A proxy aware C2 framework for penetration testing, red teaming, post-exploitation, and lateral movement with modular format and highly configurable payloads.
A unified repository for different Metasploit Framework payloads.
A unified repository for different Metasploit Framework payloads.
A comprehensive collection of SQL injection syntax references and payloads for testing various database management systems during penetration testing and security assessments.
A comprehensive collection of SQL injection syntax references and payloads for testing various database management systems during penetration testing and security assessments.
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A guide to bypassing RFID card reader security mechanisms using specialized hardware