Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
Browse 458 offensive security tools
FEATURED
RELATED TASKS
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
A template-driven framework for creating custom evasion techniques to test Anti-Virus and EDR detection capabilities.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
The Proxmark III is a versatile device for sniffing, reading, and cloning RFID tags with strong community support.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
A multi-threaded, feedback-driven evolutionary fuzzer that uses low-level process monitoring to discover security vulnerabilities in software applications.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A high-level C++ library for creating and decoding network packets with a Scapy-like interface.
A cheat sheet providing examples of creating reverse shells for penetration testing.
A cheat sheet providing examples of creating reverse shells for penetration testing.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
Open source penetration testing tool for detecting and exploiting command injection vulnerabilities.
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets.
An API for constructing and injecting network packets with additional functionality.
An API for constructing and injecting network packets with additional functionality.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
ezXSS is a testing framework that helps penetration testers and bug bounty hunters identify Cross Site Scripting vulnerabilities, especially blind XSS attacks.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
Exploiting WordPress With Metasploit, containing 45 modules for exploits and auxiliaries.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
An open-source shellcode and PE packer for creating and managing portable executable files.
An open-source shellcode and PE packer for creating and managing portable executable files.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
DOS attack by sending fake BPDUs to disrupt switches' STP engines.
Preparation process for participating in the Pacific Rim CCDC 2015.
Preparation process for participating in the Pacific Rim CCDC 2015.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
Sysreptor offers a customizable reporting solution for penetration testers and red teamers to streamline their security assessments.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
A Python utility that calculates RSA cryptographic parameters and generates OpenSSL-compatible private keys from prime numbers or modulus/exponent pairs.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
CrossC2 is a cross-platform payload generator that extends CobaltStrike's capabilities to Linux and macOS environments for red team operations.
Offensive Security Tools - FAQ
Common questions about Offensive Security tools including selection guides, pricing, and comparisons.
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
