Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Explore 454 curated cybersecurity tools, with 14,784+ visitors searching for solutions
FEATURED
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to accelerate sales and compliance
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
A guide to brute forcing DVWA on the high security level with anti-CSRF tokens
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
A suite for man in the middle attacks, featuring sniffing of live connections, content filtering, and protocol dissection.
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
A backend agnostic debugger frontend for debugging binaries without source code access.
A backend agnostic debugger frontend for debugging binaries without source code access.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
A Python utility that identifies and exploits domains vulnerable to AWS name server takeover attacks by detecting misconfigured DNS settings.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
A fast and flexible HTTP enumerator for content discovery and credential bruteforcing
A fast and flexible HTTP enumerator for content discovery and credential bruteforcing
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A tool for enumerating information via SNMP protocol.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A payload creation framework designed to bypass Endpoint Detection and Response (EDR) systems.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A proof-of-concept toolkit for fingerprinting and exploiting Amazon Web Services cloud infrastructures using the boto library.
A featured networking utility for reading and writing data across network connections with advanced capabilities.
A featured networking utility for reading and writing data across network connections with advanced capabilities.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
Dnscan is a DNS reconnaissance tool that performs DNS scans, DNS cache snooping, and DNS amplification attack detection.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
nudge4j is a tool to control Java applications from the browser and experiment with live code.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A full-featured reconnaissance framework for web-based reconnaissance with a modular design.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
